Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24-08-2024 00:09

General

  • Target

    Celemony.Melodyne.Studio.4.v4.0.4.001-R2R/setup.exe

  • Size

    82.5MB

  • MD5

    2b408f64508f89f31eea20586050fd85

  • SHA1

    8f26ee1f0d9714dbadd99ca6d26751a35dca3dcd

  • SHA256

    7c7b22145b0d6b10576d358a3eb903b642b71dcf374cb58d8a372aa23b3e4baa

  • SHA512

    cfa073a656dadb8455c6b9ef535858f87c747a42021b23a83596c71220e304ea61bfe4880f7f0df96f88d2ecca22d6d3b7b9a8dfbc01bd620fb9100ffe9b9290

  • SSDEEP

    1572864:m2n1DWpbcQb+1hekC/0LQJzBNEcxOrIP/YpUIHdwDVKdj0nnodsYAWbjZk:m2tWNkekDLqNEAAU4wha29sjZk

Malware Config

Signatures

  • Detects Strela Stealer payload 1 IoCs
  • Strela stealer

    An info stealer targeting mail credentials first seen in late 2022.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 19 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Modifies registry class 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Celemony.Melodyne.Studio.4.v4.0.4.001-R2R\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Celemony.Melodyne.Studio.4.v4.0.4.001-R2R\setup.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:408
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x57c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2936
  • C:\Program Files\Celemony\Melodyne Studio 4\Melodyne.exe
    "C:\Program Files\Celemony\Melodyne Studio 4\Melodyne.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://services.celemony.com/cgi-bin/WebObjects/LicenseApp.woa/wa/Melodyne4Service/downloadUpdate?token=118d85c1171a40b484f21b4e2cead698&trk=238398e73df948f88b3457434516a0ed
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1492
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1492 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2232
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1172

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5a18633e3669da346d9df9b45b371b85

      SHA1

      8d84e3d7d59b42092aad401340263607c33be013

      SHA256

      e0efe364646a25d29808b2c4d70ff199dcbaeaa475991629200926183c7a2112

      SHA512

      704b1887e5c00a5ef4576798dd0c0358cbe9d31da8403a87cef419f9acde864be911b6b192810730aecb07d717141742f29529847da5a545ddbf71714e1ddbc3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0a6d6cee7b4ecd4cee9baf572a268a47

      SHA1

      98fe6ef2333517d05dc1de54e63f5e39e9b27334

      SHA256

      33b16a9dcb6805228141db93d4886f067304b09f60bff69c25634fd9925492ae

      SHA512

      2fc93c35e6482804c40eca760f74827a332447a3235c54bc03c9f954daf97bf436685cc67293bac0e37f9bdf68155ab4b355bebf3b61a399e1b0df82e1d4d988

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3e3f548858c0608606ddb1ebfedab90

      SHA1

      9de04d8f99b281f0d515ba6e883cd4ae857e1430

      SHA256

      b63e495788839e6d73d0da0425b3b3d462a6ae6e086d55344649801bfcf383fe

      SHA512

      bd8b1dd6ce15cf868aeb149128ab6a35eb8dccafc2d88f831d57a6163c48cf9b3447ccdb7541bcd3e9a2de89f8c86309764cfc2c38e88c70f6d01103c89f7f90

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5ab69c49ddab99d2a80b0ac83c57f323

      SHA1

      1e7c509f7d58db61f8f36b1d4f61940bc509daba

      SHA256

      f7be2e1af9e27c67ad0ae4ad002d502a3130c4587fc17064afb5380ae3c327ea

      SHA512

      6370058089f9d45d28ee3404cd31f00066e19740ce08945b8ebdfc5f301828cf496dca7c0e1fe1ba02528d82e40c1b5c3c4ae83ab94e0a070694b5e87dc67727

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f025221e3d0c2c0dcaca5c4e9d4c5478

      SHA1

      742682f5f41556f589d3f50a0a8f967911e837c6

      SHA256

      4eecc4bfe4d3c98ea57483a8b4c9efc431beb0c0f7fc6736162c0a3fa61ac7e5

      SHA512

      e6d8324dc1d7ba26070ad08e28998eb48f8c5bf928e806d82f58f978d2f619fe78a30024fee361bfda3a6d1ca08e2cd1de46b09317ba62aa9c106d418699b4d8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c0b89fa8c7ca840b4392173027dbfc3a

      SHA1

      12d9c14a2aa434a9e1fb121253e63b51e438a752

      SHA256

      f721e9bea31d0ba8090ed041edb6aeecec6920a6404e4791392eac6b3c90cddf

      SHA512

      88cf7ad5934932adb3b11e539e6038536610c4df3a0aefcdfb5464553045a18e34697e0c95404ebf3583ec5eca09742c637dcfaaaef78061c31350f7b73ed6ea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3882b4ee6401c0938cc75f85e08bb48

      SHA1

      934301a141f3a031c946ae760d1e0feafc43d95b

      SHA256

      f0a5b3ae9e3268845bb75d9223a5bd5e67813009f7c46a5f17c395595216256f

      SHA512

      e10758f00af670dae1b67869c89aaf423bbce3049018882d5152e425b78d33d3e583f533cf3392a3856e00da261fe6a024c2e8c19e3991701b11410446d612f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      529e1d0dc7ab6cbdc745ad39f804795e

      SHA1

      83ceff4e269ab539f14107c98756d2d23c0cac5f

      SHA256

      0acd85885c4756b0dcf2338536e59bc804e65e2e0c56fa01b6b72befc75f9f34

      SHA512

      ad242c7f044967e3fa9a6a688984c0cf921d71c1d3c3db9a61790e1bdf3eb9e31d44f525bcde8e41675248dfa7d3271c9ed3c8ae3efe1255d4361420a07da6a6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d0d873c7d7b87d52b6c11b5fd2f521d9

      SHA1

      6429ec057c57d0c13ebd7713c09f0533d869a463

      SHA256

      08bcfc1e16014717f119f7235f422c5fff6dcc529afae21d951efc11dfe2ee20

      SHA512

      bca4988cdd87e3e7207c3d683aadf4f62043f4f5db971bf07283d8811ab939ad127f1878f26aa6f76e5f71a3a35028dd7308a74bf4686a23100133c65c3b832c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aa52fef8064433c9ea98f230f2a7c7ea

      SHA1

      c77e5f8ecd2f9de4bc3e78c7864be72a2e3b574f

      SHA256

      a9ebb7a7d883cf77c9ffc15d4e67da41dc7eea91075218e38c6829716fc3f6b7

      SHA512

      cfade7263c2179db0fdbacb0695b79fcf78c1c059198ce9c62031a2c81d51a867f374f7cb4c57812da8b3d91beef58dd5a046001ab58cfbefbcbdab9df370df3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3975a5a9be1bcb8f72cb58a695414ff0

      SHA1

      ab7df16ae992cef76a241e027dd1e989b2706322

      SHA256

      f8430f1f2386a639b953d7a697718316ab1dbf561d192b0a7f39eaffc482a0a5

      SHA512

      d0084d41c494c6ec090038b2783651a6ca53cb48d9506f9c8b8c8681efa20b6ddf7c6e972aee98d3166923a37f8dec20b5cca4221182331eeccd7762ce7a687c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      034790f6a9ba6dd03921b4d134ae0981

      SHA1

      a182fd3f6ba5ba0d2b7b33d5cbb48e8612468c6b

      SHA256

      15f3b5c9480d96227c38bc822db01b2f097c7e7e139029b5296620bf1ccbacc2

      SHA512

      0442c6100c4e600bf98728f7fa9e2702133ece10319bcc864907283482203628b089a41b7098ec9ef3692d46d083e1aede8205cd131007439b1f77ff8a4cf6e3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6998fab29ae2b73ef62a05ab6e1976e8

      SHA1

      57126ec9e633d72b9dcc6fa118681e11632b6c28

      SHA256

      632747ffbdc10c8316ab4ef4e6bffc0e270272280e0a26762414ba4e2d8cf77e

      SHA512

      596913a5fea84ada90dd7d46e4866a4a5905a6dfa11aeb79a26366699d2902dfb13ef06b4ee40be4bd4fcb468897165114a1b7a5da6e0c19f7f16739802004f7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9e5e068b1420ca5f938829c7ca70339a

      SHA1

      be5d2849315c21cbf49cf613a0a932eeec9be7b0

      SHA256

      3f153c6b6c6c9226d62cc34acd99422eb39e62505e90eb3129aa58615adda242

      SHA512

      bf39c029f26dfc6f17470010e884783297b78b4fc399df0e6e9a172561b1c474868eb66b080f4eb0d425e5a6260a00c45e568e021c3c28890b80606f1dee613e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      764c976c7eb23271b9b45471f976d150

      SHA1

      62ebf03c13002d861a32b95bcd02123dcbbedc99

      SHA256

      c41684f185f88b013962eedd99f8dfc0a669d8755dab86c66a9df1fbb621dbca

      SHA512

      5dd3b877752b3a1dc982cbf66699c12dd09bbfbd09d8fb5421490d96229b5e3c05ebd27dde98f9387ad063029f788a1386e341d234cb5b84d167e5a06bbba49a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9e762f118ae48f001cad3d1d6dff2c17

      SHA1

      457097f1ac1f020e2af205794dfdf8f99e8de2cc

      SHA256

      cd0e7b239d9427cc0ab137090d0a7bc9f8636d8022c580eb7d4005c57a3d6a85

      SHA512

      a33e83a68660a653b45bae7707fdfc0c71411b538c955ace8c1d670e4473361422b9dd4f7a01b6a5cbe47f2b6457707387775412beb1a169f6831c1b53a28ed0

    • C:\Users\Admin\AppData\Local\Temp\Cab6DB2.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar6DB5.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\nsp6D27.tmp\bass.dll

      Filesize

      107KB

      MD5

      c0b11a7e60f69241ddcb278722ab962f

      SHA1

      ff855961eb5ed8779498915bab3d642044fc9bb1

      SHA256

      a8d979460e970e84eacce36b8a68ae5f6b9cc0fe16e05a6209b4ead52b81b021

      SHA512

      cb040aca6592310bffb72c898b8eb3ca8a46ff2df50212634c637593c58683c8ab62e0188da7aea362e1b063ae5db55cf4bf474295922af0ab94a526465cc472

    • C:\Users\Admin\AppData\Local\Temp\nsp6D27.tmp\page_component.ini

      Filesize

      1022B

      MD5

      82edd9e616566a8fd0962b7d19a1065a

      SHA1

      2ea1c11cde7429a0410e65ba1292ad30c6c01a2a

      SHA256

      b126ed724a1e5c6905f4568ffd6fb2cfd62199b1c5cd78d0ad3c74ad97ff7e7a

      SHA512

      3046b72aab08c3f9e87a572d4812ef994bc3984936a5b49a581a90303c7df2bc6f724bf2334192fcdb8fc81f5afcce1fb0864cc2dfec84dbc12d5fe2675883b9

    • C:\Users\Admin\AppData\Local\Temp\nsp6D27.tmp\page_component.ini

      Filesize

      787B

      MD5

      75a65577d878c0238f7be2611246a061

      SHA1

      7858cbb53edef3a9f8e8ba5f95961fce883245cf

      SHA256

      58b69f563c8b84334e45884ff00c295fab7ce5b45bde2b8ffc4c4a74513645eb

      SHA512

      e64298cc12d9a780a4f67be9f7d869e730c3580c449cdd4e0756f339874dca12ccb5ac3d8c7f2a6afe6419505d84028442acaa55aaaded7ddd4497b13abcffe0

    • C:\Users\Admin\AppData\Local\Temp\nsp6D27.tmp\page_component.ini

      Filesize

      877B

      MD5

      4021204f7afd17ecebebc4877cae176f

      SHA1

      856b70f55376ee6df343e9628bdb0d485dd67e61

      SHA256

      cee6f6ed728e515527643090354f1dff88f181078deadd304e956f382c901cd2

      SHA512

      7876497410fca9d0bd7db680e330bac76bfe27f20dca0b621fcc096c6f7371c3ee9be850d49f5b69d9fd8f64b7617eb910d6cc1e493dc0e61b09601f39b65a16

    • C:\Users\Admin\AppData\Local\Temp\nsp6D27.tmp\page_image.ini

      Filesize

      179B

      MD5

      847a724b1c3107254f23a55c97aabb59

      SHA1

      bca1113beec74ffbd49c3908313dd0973ba79577

      SHA256

      a83fedb5fa17776a883b8d3451f7903f2bda7ba1a15930b35f936c3f591a442a

      SHA512

      b4a0b6bd217bb5b39fdd939b32476bb0d65ba3e4bb202b4913f45bef6d00008a6635987d840e1f5826187820570246db4c3519cfa580f3ab99d20b8bb4eca466

    • C:\Users\Admin\AppData\Local\Temp\nsp6D27.tmp\page_image.ini

      Filesize

      157B

      MD5

      103c8aed5d58cc0be55f8c25d4a4d412

      SHA1

      dd9a0362563b96339c2726d0ed14b64eb035ba34

      SHA256

      ddd3c625130877b2bfac254d9873939166388ae1e6d97791ef2e46a17a962f9f

      SHA512

      ff01782beb5aac7adb0f4525ed9b849aea08fa10856efb125fca66d2dacd4fba537a4a6cdeb02c50adc4c426dd04a32aa3e07c4f5daa7ca3687ddb7889652eda

    • C:\Users\Admin\AppData\Roaming\Celemony Software GmbH\com.celemony.melodyne.plist

      Filesize

      675B

      MD5

      b02dd56be1467dc1020bc139e064c625

      SHA1

      e59223dcf96fbf3c9f7655928d49041cc1a0f05a

      SHA256

      eba424fe56de31313e42599426215d6cf380e79a882f876074e4daf2f4dab5ef

      SHA512

      74b55bf23c135df495bcb6dd20fab49e147a561f4af2673adc7de9aaad95030ab21cf73f98d06f5d892b57453cc069a99ee63fcd85023c8cf45b5619592445e6

    • \Program Files (x86)\Celemony\Melodyne Studio 4\Melodyne.exe

      Filesize

      1.1MB

      MD5

      d32422e914e189bfb2ba4a549fb1c0b5

      SHA1

      903c8156b20f49b90aef282dafc5ec9d91cfc3e6

      SHA256

      467f6eecc90e22bf114d55acb5a68f7ff25798e341bb08fd418182c9a7c03b9e

      SHA512

      b9ea71a67976cda6c856d4a49465f90a02a27aa551a722d13887ca42191441b5e279c18d29e6e4b8542301b28c07dd6e9eee925a1be80f84df6c8bee08228c1f

    • \Program Files\Celemony\Melodyne Studio 4\Melodyne.exe

      Filesize

      1.4MB

      MD5

      b4aeae270498dc2b7f9a4589dfb9d17f

      SHA1

      c5d45fa9e59b7566ee4aa6af648974969a0d133f

      SHA256

      4776e30359f5aa2f32660579afeb014daab0dfe91e7a3bbdbbbe9ceb83b91368

      SHA512

      00bca96406f4fec76a42c7097cee9347eb2961b09cbeeb017d65412e628208954322a0c975bc4c2e8516de7e4e9adaf16e7b22c8881457e9069123ad1230067c

    • \Users\Admin\AppData\Local\Temp\nsp6D27.tmp\InstallOptions.dll

      Filesize

      15KB

      MD5

      89351a0a6a89519c86c5531e20dab9ea

      SHA1

      9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

      SHA256

      f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

      SHA512

      13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

    • \Users\Admin\AppData\Local\Temp\nsp6D27.tmp\NSIS_SkinCrafter_Plugin.dll

      Filesize

      5.8MB

      MD5

      2e13e03b7cf2d8c8338bbc3d29fd3e07

      SHA1

      173e6e67c5315474765dcd303b3214d5600c48ea

      SHA256

      ea1552de423ed1768bace344d9a07bf529845c75fe6fc6ce3c4ba91d4aae5409

      SHA512

      94220a07aea2f4a45ef6b7566baba5a9ce73e70236bf97fc2489bee50b662f3fd05824d7804dd544eef85d73e69091aaae5de3094f0866bf51521024eb3d168d

    • \Users\Admin\AppData\Local\Temp\nsp6D27.tmp\SkinCrafter.dll

      Filesize

      792KB

      MD5

      8fea8fd177034b52e6a5886fb5e780bd

      SHA1

      99f511388a2420d53b8406baed48ba550842eaad

      SHA256

      546dddc7a31609b5bc3dc8ecef6f6782b77613853c54171fc32314c08a69e8de

      SHA512

      5d82a3b9cf9d69049e6278a6d835b8a9a386c97ae9a69cf658675b0a8751a344d0da1ee704e9bb9023dab7cd77fdca684bdc90837960b583eef0bb4324498696

    • \Users\Admin\AppData\Local\Temp\nsp6D27.tmp\System.dll

      Filesize

      11KB

      MD5

      bf712f32249029466fa86756f5546950

      SHA1

      75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

      SHA256

      7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

      SHA512

      13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    • \Windows\SysWOW64\mfc71.dll

      Filesize

      1.0MB

      MD5

      1fd3f9722119bdf7b8cff0ecd1e84ea6

      SHA1

      9a4faa258b375e173feaca91a8bd920baf1091eb

      SHA256

      385ea2a454172e3f9b1b18778d4d29318a12be9f0c0c0602db72e2cce136e823

      SHA512

      109d7a80a5b10548200d05ab3d7deb9dc2ae8e40d84b468184895eb462211078ecdcb11f01eb50c91c65a924f8e592cd63b78e402dcaea144ff89c11f2ab07d6

    • \Windows\SysWOW64\msvcr71.dll

      Filesize

      340KB

      MD5

      ca2f560921b7b8be1cf555a5a18d54c3

      SHA1

      432dbcf54b6f1142058b413a9d52668a2bde011d

      SHA256

      c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

      SHA512

      23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

    • memory/408-264-0x00000000003D0000-0x00000000003E8000-memory.dmp

      Filesize

      96KB

    • memory/408-44-0x0000000004C90000-0x0000000004D5C000-memory.dmp

      Filesize

      816KB

    • memory/408-17-0x0000000075281000-0x00000000752A7000-memory.dmp

      Filesize

      152KB

    • memory/408-13-0x00000000003D0000-0x00000000003E8000-memory.dmp

      Filesize

      96KB

    • memory/408-14-0x0000000075280000-0x00000000752D0000-memory.dmp

      Filesize

      320KB