49066be6efe8eb7be603f476422e41d4ee041791b81b49aa7d836c5a4df20e88

Analysis

max time kernel
120s
max time network
116s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Size

9.7MB
MD5

3b1cd5d4161fb80b4d89cc267a65c6d0
SHA1

07d3a65e89cc922ae3b2fa7e74c27c80677f7296
SHA256

49066be6efe8eb7be603f476422e41d4ee041791b81b49aa7d836c5a4df20e88
SHA512

f93108a654b3f1baead06be043f685866d234fafa5f2ab3b9460f309a4afbfabcba1339b8f3ffa4095004a16412c3214ff7b6219315cf422b01f0af2a21e2743
SSDEEP

196608:rNqnhgJuP3LAhCiVXOWvd6A1oMuWr45hrr2u:KS+LJYeJWGhrr2u

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2200	microsofttranslation.exe
316	toolstools.exe
448	wab32ressystem.exe
2988	updaterspelling.exe

Loads dropped DLL 16 IoCs

pid	Process
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2200	microsofttranslation.exe
2200	microsofttranslation.exe
2200	microsofttranslation.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
316	toolstools.exe
316	toolstools.exe
316	toolstools.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
448	wab32ressystem.exe
448	wab32ressystem.exe
448	wab32ressystem.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2988	updaterspelling.exe
2988	updaterspelling.exe
2988	updaterspelling.exe

Adds Run key to start application 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\VisualVisualStudio = "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument\\toolstools.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BCSSync = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\MicrosoftVisual = "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\visualvstoee.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ObjectMsAddnDr = "c:\\program files (x86)\\common files\\designer\\addindesignerobject.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\EngineSource = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b1cd5d4161fb80b4d89cc267a65c6d0N.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\DictionariesOffice = "c:\\program files (x86)\\common files\\microsoft shared\\translat\\fren\\microsofttranslation.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\WindowsSystem = "c:\\program files (x86)\\common files\\system\\wab32ressystem.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\EngineOffice = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b1cd5d4161fb80b4d89cc267a65c6d0N.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AdobeAdobe9.0.0.2008061200 = "c:\\program files (x86)\\adobe\\reader 9.0\\reader\\plug_ins\\updaterspelling.exe"	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ntdll.dll.dll	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	microsofttranslation.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	toolstools.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	wab32ressystem.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	updaterspelling.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\MicrosoftTranslation.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Program Files (x86)\Common Files\DESIGNER\AddInDesignerObject.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\WAB32resSystem.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\RCXB9C3.tmp	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\RCXA1DB.tmp	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\Visualvstoee.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\RCXA288.tmp	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\EngineMicrosoft.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\DESIGNER\RCXB84A.tmp	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\UpdaterSpelling.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\EngineMicrosoft.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Program Files (x86)\Common Files\System\WAB32resSystem.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\MicrosoftTranslation.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\Visualvstoee.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\RCXA21A.tmp	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\ToolsTools.exe	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\RCXB8C8.tmp	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	toolstools.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wab32ressystem.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updaterspelling.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	microsofttranslation.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	microsofttranslation.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wab32ressystem.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	toolstools.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	toolstools.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	toolstools.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	wab32ressystem.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	microsofttranslation.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	updaterspelling.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	microsofttranslation.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	wab32ressystem.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	updaterspelling.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	updaterspelling.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2200	microsofttranslation.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
316	toolstools.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
448	wab32ressystem.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2988	updaterspelling.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2200	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	31
PID 2096 wrote to memory of 2200	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	31
PID 2096 wrote to memory of 2200	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	31
PID 2096 wrote to memory of 2200	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	31
PID 2096 wrote to memory of 2200	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	31
PID 2096 wrote to memory of 2200	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	31
PID 2096 wrote to memory of 2200	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	31
PID 2096 wrote to memory of 316	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	33
PID 2096 wrote to memory of 316	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	33
PID 2096 wrote to memory of 316	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	33
PID 2096 wrote to memory of 316	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	33
PID 2096 wrote to memory of 316	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	33
PID 2096 wrote to memory of 316	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	33
PID 2096 wrote to memory of 316	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	33
PID 2096 wrote to memory of 448	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	34
PID 2096 wrote to memory of 448	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	34
PID 2096 wrote to memory of 448	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	34
PID 2096 wrote to memory of 448	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	34
PID 2096 wrote to memory of 448	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	34
PID 2096 wrote to memory of 448	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	34
PID 2096 wrote to memory of 448	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	34
PID 2096 wrote to memory of 2988	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	35
PID 2096 wrote to memory of 2988	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	35
PID 2096 wrote to memory of 2988	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	35
PID 2096 wrote to memory of 2988	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	35
PID 2096 wrote to memory of 2988	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	35
PID 2096 wrote to memory of 2988	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	35
PID 2096 wrote to memory of 2988	2096	3b1cd5d4161fb80b4d89cc267a65c6d0N.exe	35

C:\Users\Admin\AppData\Local\Temp\3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
"C:\Users\Admin\AppData\Local\Temp\3b1cd5d4161fb80b4d89cc267a65c6d0N.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2096
- \??\c:\program files (x86)\common files\microsoft shared\translat\fren\microsofttranslation.exe
  "c:\program files (x86)\common files\microsoft shared\translat\fren\microsofttranslation.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- \??\c:\program files (x86)\common files\microsoft shared\vsta\appinfodocument\microsoft.visualstudio.tools.office.appinfodocument\toolstools.exe
  "c:\program files (x86)\common files\microsoft shared\vsta\appinfodocument\microsoft.visualstudio.tools.office.appinfodocument\toolstools.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:316
- \??\c:\program files (x86)\common files\system\wab32ressystem.exe
  "c:\program files (x86)\common files\system\wab32ressystem.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- \??\c:\program files (x86)\adobe\reader 9.0\reader\plug_ins\updaterspelling.exe
  "c:\program files (x86)\adobe\reader 9.0\reader\plug_ins\updaterspelling.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\RCXB8C8.tmp

Filesize
9.7MB

MD5
8758fd0c45017250339463c21d483db2

SHA1
a6b1a81a38f669323904efcbe11dc4be8f6aa1df

SHA256
d3914d984e35e1b8bfed757f12e65759a8df5f95792dce32a809b116b2e114ec

SHA512
76bfad4f275f2f4727500dc576c411eb84fdd712536a8efcdbaf2306317e2afd9696351eebd4364e36f2a96a0570002c74cf72d8ee80b5f3b7d057ce92e61477

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\MicrosoftTranslation.exe

Filesize
9.7MB

MD5
3b1cd5d4161fb80b4d89cc267a65c6d0

SHA1
07d3a65e89cc922ae3b2fa7e74c27c80677f7296

SHA256
49066be6efe8eb7be603f476422e41d4ee041791b81b49aa7d836c5a4df20e88

SHA512
f93108a654b3f1baead06be043f685866d234fafa5f2ab3b9460f309a4afbfabcba1339b8f3ffa4095004a16412c3214ff7b6219315cf422b01f0af2a21e2743

Download Submit