Overview

overview

7

Static

static

3

DS423_65.exe

windows7-x64

7

DS423_65.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/11/2024, 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DS423_65.exe

  • Size

    9.4MB

  • MD5

    61cdf84e22a19e961c451ce041b2ef75

  • SHA1

    90dd9cf111d9b75cb2b73170043bd77fa4440320

  • SHA256

    4df7b5a13fd2c88904bb20acf5fdf724a7d8a2a9e697696988ad03a4818d1ab6

  • SHA512

    1e22048274b242848d1ee8629dc4a20831a8d63cd16fd58c3e8bb8264ab6121e728f8b969b1f5b23cadc87c52182fa6a4ff7521776eb34f713211af6e8470124

  • SSDEEP

    196608:w7xFg7R+B6LxZRP64wZqhmLPrhz1c4acZSwPLr5280na:VMBL4EwO1gcZSysHa

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DS423_65.exe
    "C:\Users\Admin\AppData\Local\Temp\DS423_65.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Users\Admin\AppData\Local\Temp\is-129GH.tmp\DS423_65.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-129GH.tmp\DS423_65.tmp" /SL5="$60214,9004490,832512,C:\Users\Admin\AppData\Local\Temp\DS423_65.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:5056
      • C:\Windows\SysWOW64\setup16.exe
        "c:\temp\DS423_65\MFP\Setup\setup.exe" -m "c:\temp\DS423_65\MFP\Setup\setup.exe" /QT
        3⤵
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1272
        • F:\~MSSETUP.T\~msstfqf.t\acmsetup.exe
          F:\~MSSETUP.T\~msstfqf.t\acmsetup /T setup.stf /S c:\temp\DS423_65\MFP\Setup\ /QT
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:4480
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\DS423_65\nomopc.pdf"
        3⤵
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2644
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3336
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8A3878F05FEA1411802B9B1928C06D9B --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            PID:4812
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8844F66061B4C971CCCC37538D493EA0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8844F66061B4C971CCCC37538D493EA0 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
            5⤵
            • System Location Discovery: System Language Discovery
            PID:5060
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4714CC1B3709BC3DD16593B0519BA3C9 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1296
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ED3A414DAE5CDA5B6B459720763AD9C4 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            PID:3396
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A71E0666D1776618B3B31D2105CDF24B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A71E0666D1776618B3B31D2105CDF24B --renderer-client-id=6 --mojo-platform-channel-handle=2100 --allow-no-sandbox-job /prefetch:1
            5⤵
            • System Location Discovery: System Language Discovery
            PID:940
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=69208417B2AC68EFF31B890371C00293 --mojo-platform-channel-handle=2708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            PID:4176
      • \??\c:\DS423_65\Buget.exe
        "c:\DS423_65\Buget.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2540
  • C:\Windows\System32\CompPkgSrv.exe
    C:\Windows\System32\CompPkgSrv.exe -Embedding
    1⤵
      PID:4564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\DS423_65\BUGET.EXE
      Filesize

      646KB

      MD5

      2a556a5abfa066c27e02bf9cd1b431de

      SHA1

      dd8bec121ef2780d2d57d568fd40776fedd5d772

      SHA256

      e66660babee2414cc9e52f69ff8bccc7701e1a4ce4f1ff249794f94f5f3db691

      SHA512

      0d929d8fa7c1aa1b48950486daf44264edbe363703859c5d04d1c4b7a6aebaa23093c3e18b4dd23df499ea4322177ce7be9de0e3d4d64cdb31d87a66a3f60005

      Download Submit

    • C:\DS423_65\COREL.CDX
      Filesize

      251KB

      MD5

      59d8512c9387d9c917e5e14bac2c6c32

      SHA1

      0a6442e59b6baa4caa8b1458e66143569372f1ca

      SHA256

      8b9a13b1e91c7c79b3462989bcfa44f4d9f8967bb34beb287ad780dcda970ec3

      SHA512

      a610fe6fc15b10df214e9f6c4eb8b87a5f760669a9d7a0ae591e57ed5b81403304d9fb3127cfdd2193fbe62422aa813c63af40b4f9cfaa97aac5d44b3e149cfc

      Download Submit

    • C:\DS423_65\nomind.DBF
      Filesize

      19.5MB

      MD5

      4398cf92f8187d76a99f2163af4b5d43

      SHA1

      69fdf3aaa3f0262d330a67a2fbe5aab70a9db833

      SHA256

      930519b1bd38c16bcf0a3f7c75222ccbd6b9d24dbd29fd8e8409271030b650f1

      SHA512

      48a29002e2782d312bd28299e246da2d3d56daad98ebc0f1852ed1a8def417cb3449bf1d47b593ab31c4132a45896c1f426dfd0034b10c2bfc2c0f69e3f607c8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
      Filesize

      36KB

      MD5

      b30d3becc8731792523d599d949e63f5

      SHA1

      19350257e42d7aee17fb3bf139a9d3adb330fad4

      SHA256

      b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

      SHA512

      523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
      Filesize

      56KB

      MD5

      752a1f26b18748311b691c7d8fc20633

      SHA1

      c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

      SHA256

      111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

      SHA512

      a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
      Filesize

      64KB

      MD5

      59601f4076dd090529d3560f2e5d3cfc

      SHA1

      fd64b3ef3e793dfe7ce054405dc697c6975fc59b

      SHA256

      da11a25ce8cd68a114c4b66279199a73b8f812409403f3124897f56931fc9308

      SHA512

      7887b2d8a91f57b86092becee127b27190642206c3d2c10dea8b82d813fd0a33b4fb4e730ad8a92f7481eee69243dfe7c4def3cfe03209a9dded1f00948ad766

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-129GH.tmp\DS423_65.tmp
      Filesize

      3.0MB

      MD5

      05a8f2e41e497c09db87fc3ef09f6c17

      SHA1

      723c5611d14bb1f036241fc370766899a50f504c

      SHA256

      e7e44b5191da0af08b0be05792354b5d405ec408b6162796831a0d642e75699a

      SHA512

      55b6399055437073450932bdaba906ce4a957e1c2ee739a6c386647614f760fc39de90e9ac6954b83c3452fe1561abd63275152ee11945b87aff0f8ca351aa01

      Download Submit

    • C:\Windows\SysWOW64\VFP6R.DLL
      Filesize

      3.2MB

      MD5

      324b9907267786f9b3794b680bb19d92

      SHA1

      99597defb1fadf979b6d27d8f2137dbf2f40a4ee

      SHA256

      9d483af774265a1a3b936294875ba55c2d972461d4b15f8dc4a8d300f3cbb559

      SHA512

      7a5528622c2130c00b85a530b4530a682c2541661b893e6a1644b421304416609deaf5520e69fddcd9a87c666c2f857faac1bcbbc91894ac3f7c00b8c00fff44

      Download Submit

    • C:\Windows\SysWOW64\VFP6RENU.DLL
      Filesize

      855KB

      MD5

      dc77cf2c6be98f900eab5514e025ea00

      SHA1

      2b1850025d7350b10d5cd7f5d7224734b7a831c5

      SHA256

      a725d053f436c1184333124989faa9acc957a78f20a47940344a1ac499f268be

      SHA512

      2b977234f401fd4fb990812d4e3c18c5bac441e5b806526543fb74a9e929f30e1d4aa9dc6a12c3c770a6a36b9987636edb107e79bad37f048425c7581457e876

      Download Submit

    • C:\temp\DS423_65\MFP\Change\NOMOPC.CDX
      Filesize

      6KB

      MD5

      d699fab9d7204e23440e71672273ccf6

      SHA1

      76ea0290c9da0490e24483f4700787475b231a51

      SHA256

      a7f61d48a71b2a6e9e86165d9a8a53523847e16329ff955feb61ba941ddb5199

      SHA512

      5f74fd077f3d830581b860ad758f9b247d7730eef5f6e0b0112adcef8352ba8b925ba75c523a9fc157a7648915a844e2b3a7c37c977eb712aba91a661c6e0dbc

      Download Submit

    • C:\temp\DS423_65\MFP\Change\NOMOPC.DBF
      Filesize

      7KB

      MD5

      98435b3ca0062f1d055823eb6c31cdab

      SHA1

      d5e5c66e1f2b9b38ce6f5abfe227842ee0103b7d

      SHA256

      02ef32570c8f8a5434063534f3e3c950e949e04cd1040ff4b0ddd35e869e833b

      SHA512

      c7518c9225ceba5988560c8e914cb2a6ea526e71461980eba05076a16f579a4dad6d7e758bcd2ab4d0b14fdf423b032fc15a541e0fb4cc1b1cef6f945af539f4

      Download Submit

    • C:\temp\DS423_65\MFP\Change\Nota-subcap2023.doc
      Filesize

      36KB

      MD5

      50732dba246e75fd917ef89baf6b64f2

      SHA1

      e26def4339469d2991a21e5f6b36781bd953d1fe

      SHA256

      ac5cebdfe7c31b8b2dc8ff2e2ebe48691c077c46e9c6cff3f7e13d8c143a0ca5

      SHA512

      484eff67528c9dcdfbaad3f70fc8466050ff9778e8998e016af8edc13069a1a513fe722bcf5ee70e6ca8f02cd0725371f4dfa7b9feaf4b43bd4fcf38636bd5fd

      Download Submit

    • C:\temp\DS423_65\MFP\Change\corel.DBF
      Filesize

      8.5MB

      MD5

      9d231e50a97efbeb69e04597d9d30a4a

      SHA1

      9524e09940d8aaa8f2182193ec4e4a34cfefa79f

      SHA256

      8b19448ae836a8f4ec6003d5217bab2e16fd8d39f8542a54095cc2c4c0ac2143

      SHA512

      2937810651502965ee13d31d0dd90c74ba275eaf773d99b31e6046f935918e6355ba41e986df494fa036600bf5f7ae3030e8bd46667d401d9d5ad8f1c4e01cc7

      Download Submit

    • C:\temp\DS423_65\MFP\Change\dfi02.CDX
      Filesize

      684KB

      MD5

      4a759ae0f94961a099861664d80d8f54

      SHA1

      8781f52b57007b73dab7c8d00f3318ea67b41744

      SHA256

      23fc2113dcb5034f5f2aa13a3de42b2f9a11e615e8ce827386083731f2a70e5e

      SHA512

      0cacdf4a8c051c434a7af5b2e20424b0e31cee3a932760539b7b72d07b344b334be1f0c865456e45a1a27fd1173475bfadea1b12449a44f77543e70abcc49a00

      Download Submit

    • C:\temp\DS423_65\MFP\Change\dfi02.DBF
      Filesize

      2.0MB

      MD5

      733d5f4ea7919bd316057e21c2f54348

      SHA1

      aceb033b24180c18baa80704645a5a69bc57c7bd

      SHA256

      ba3c1abf1d179d47ae5979d0ba202e05fd191963c384d266d44f742c93ac685c

      SHA512

      160557cd3f070c529a398de18c39407fb91674c3d3f2d5a8098c92e7db6b68492e0a89f0cd11e8d01133974c9ebd149c4fa06798802cb506d8f8d7bb3eae457d

      Download Submit

    • C:\temp\DS423_65\MFP\Change\lot9902.CDX
      Filesize

      1.2MB

      MD5

      f62e1adba14aabf8dc1459a1b4459aa2

      SHA1

      ff02d7416bfbc7651265c8c468dc8adb27f45a54

      SHA256

      05d757b7e34095f2b624d9d0f66d1553ca7cdaa8d65c922b9237a4d2741a86f9

      SHA512

      84d53456a9f2ba127a391583eb346781830b34099b71a4c8e096d5c18c05bb891182804b1ce2f30e9afe1f8207acc058572c25275b94ecf26f667095d1dd6688

      Download Submit

    • C:\temp\DS423_65\MFP\Change\lot9902.DBF
      Filesize

      10.9MB

      MD5

      07755398b949791bbda5ad9e9fc04e21

      SHA1

      ed4a11928f415d71c7f0a940115e9c1bb709c815

      SHA256

      58d94bc33bfce7421b8df321b869ed56b7f30b10ac4cc6f7828d4530724e65b3

      SHA512

      18e8fc2388f2a481f2cfc6496ebc82841b7f21337502af98205ceb9e2a2b2ff9c414ffc54837c4f96561649da7ad8bdc3ff069a267b012e3fa8970241da17750

      Download Submit

    • C:\temp\DS423_65\MFP\Change\nomind.CDX
      Filesize

      4.8MB

      MD5

      6c856c659ea5a8e8f11c9ea417189c2f

      SHA1

      fbc916796711720da5d57de4ddf6b93e255253af

      SHA256

      4da3942bccf445838eb0f26ebfd547dd6415cc90b4b5f2a4e0b807ae7a325a26

      SHA512

      f198e24a6c2e234dd538b6e4e610e06c53c6a3ddbaea35a92c4a53f80d91ecc78d545cd85e98d0c0a9a9cdc403f6f70596bd58acef67e7b388692c8cfe5df024

      Download Submit

    • C:\temp\DS423_65\MFP\Change\nomind.DBF
      Filesize

      19.5MB

      MD5

      be8d2be73f67f1529ff18ff69f662e31

      SHA1

      97918c5ae328780109ed54e9423f3b1e3fbabff3

      SHA256

      cd7f200e718f20de51c8db067936c3c1580aac84eac80faf8a3e1c5def8e0f99

      SHA512

      d062afd84256b04425e66e76865aad271f574aa8b85459733e6a03819755cde703502af8af97ef03dcf4bd9caab331b99637a9a0b6b1be26bd4cddb0ae6d09e5

      Download Submit

    • C:\temp\DS423_65\MFP\Change\nomopc.pdf
      Filesize

      7KB

      MD5

      13555bca25f0acf9ac47753ef7af5592

      SHA1

      f7c53b3f26a0dfeb316694008a2e2e9973a0710c

      SHA256

      cceb9a3f92d2588473ff36c8f7b35672c3006fa93b2626f0405fec593b802377

      SHA512

      380c5e7ef3d802b2eb3d16fd74177ebefc0eb04e774a0390ced24641e17d7b361e6fc7bdb3dbc5c774c68dd708ea9273106dccb8dc5589e73fe57d4c8ba9d8a0

      Download Submit

    • C:\temp\DS423_65\MFP\Setup\ODBCKEY.INF
      Filesize

      3KB

      MD5

      caec3c61db20de9db97a5a3501d4e7f7

      SHA1

      3e8a0cd30b1904a38188f81fdfe895d863d6b71f

      SHA256

      0871015697e9661353380be0279c128313873a5cb820e3922eac588148a2a39b

      SHA512

      a33dea6a9b9a0c0131edcf47f3022b6e4c7dd1f8fc41fc5fb3ec9284252eb5cb88de3ae60da58d9a71713a3cacac53397188b6c7ab7da02ad022b373212cda52

      Download Submit

    • C:\temp\DS423_65\MFP\Setup\ODBCSTF.DLL
      Filesize

      28KB

      MD5

      0aab0244fa047b9464c1aced50b6efb7

      SHA1

      eba4fcb9e77ef0e0440790f36278c8727cf26ed7

      SHA256

      6539248a03f5c14d3e76731cc0abf8d57009091502fe47923ad01ba862e7ce3f

      SHA512

      cfbd227d3038061744e93ca4408d7cd335131aa737be75cc8bad9b70456db8f558a749510b4779d2999637c63ef0d166588ceb22cf7550c3252ffef83dc96a34

      Download Submit

    • C:\temp\DS423_65\MFP\Setup\setup.exe
      Filesize

      72KB

      MD5

      575436cb236e86d0f4e932c76a317019

      SHA1

      c0e259ab69c43dc07831a401890c4c7d83a51b37

      SHA256

      960e235a299af4f1c961c33ab353932163b374938b4976ce83af044a151de281

      SHA512

      13c2d5682b4800178150111b0e112606bdafbe885165f89b6512f6f739fba2a7da4a7b82a53f6562f3065c2c6c6e024d1025557ba2d24a69833a9295594eb8a7

      Download Submit

    • F:\~MSSETUP.T\~msstfqf.t\MSSETUP.dll
      Filesize

      276KB

      MD5

      d5d072540f69cdcae1ddec6f116ea65a

      SHA1

      0e105e6968d868ba23b13d9eb1e83a34c2015aea

      SHA256

      b9b3abb404481d98b0cb8ec3dd728f12a3f2505d4cc7e4c59e8509abfa694710

      SHA512

      64748600aa32181d7ce5ad82238bc84606931275aff58858578fd9bc5c01fa7809c095195939c3811e91362f2470abeebccd93ed7921bd3342f7fe13a96fac66

      Download Submit

    • F:\~MSSETUP.T\~msstfqf.t\acmsetup.exe
      Filesize

      362KB

      MD5

      9b658a7e2ce494d53e79392ed7400f68

      SHA1

      78ce8f8bb29268ca096b3a4b8b5a983b5cfe24e1

      SHA256

      65ec6d4ffef9bca6883943ab44b28033f2abf1646cf49b3ae3aeb8bb699f3af2

      SHA512

      9fe33ad422ef66b1c6f2cb66a51acfad6410960795aa52653c9f6b2d8ba62200321d49890890a6ceca2b961a9bde234e8217029a741525130f775b62db7c9159

      Download Submit

    • F:\~MSSETUP.T\~msstfqf.t\wizset32.dll
      Filesize

      59KB

      MD5

      711e412d34486090d5248b034c308f43

      SHA1

      a3933d2dd430046aa4fc53bdf5b3f5931e8e1399

      SHA256

      1ce8a04dceb95927ed8370aa83d5a268647105b98870bc662dec2b01bcd450bf

      SHA512

      ac116b29f2a24844ff6f61e725ecb8c41a77c50fd127b01bf722bbdc7cca3852d9cf90504e8f87c9a32399dded6422db6c6a40f05d91cc8923f18aae866d3337

      Download Submit

    • \??\c:\DS423_65\FOXUSER.DBF
      Filesize

      12KB

      MD5

      356f625fdfe7ea28df0ac4b75c08fa8a

      SHA1

      fadfc8cd9365a8937205963366d80b327cdd5f38

      SHA256

      1748886cfb29e6a29d0ca77ea2da194d6d743dd9af3064d15bd8b22ba6ec0d18

      SHA512

      4fc81670853952e4f12f933f48c0e812ede4262d7c2710f35f366cbeff1f1898635c1953caaa11a34ab7aff9d87a0615ed9a5bd78be74a0061d98bdd295c6487

      Download Submit

    • \??\c:\DS423_65\FOXUSER.FPT
      Filesize

      347KB

      MD5

      99e2bef019380af83f33248ce6c981fe

      SHA1

      1ff28877c6b49eb3ca6a11a4bf086f3dc9f471bd

      SHA256

      2e63159bac03d8103ed8fb3d1950e1149eba71f611f1d6473392d070d6e1edd0

      SHA512

      d74b31393b469657526bf5db35867e90171351683ce2a5bda6290671ed58f8127253c3f895749c87a270983b3af4e8843607e274116ad9d1204cacb6ff11074f

      Download Submit

    • \??\c:\temp\DS423_65\MFP\Setup\SETUP.INI
      Filesize

      149B

      MD5

      fa989ef5ac1bef560ef661521311898a

      SHA1

      7f8f366728f5051e6dd5d10d64b12de88d5773db

      SHA256

      7df27fa71d9f06e7fe45fa40d1d2bf8c9527abe9d2f6db281c1a249dcca0f792

      SHA512

      739630b18d359dfb068a4455de4797b45ccd6faf9775d295e7f6ea456316464d39b6427b1ca677167f7ebfbcaed27b1fa9b47c613faf9b4a9dfd72a02033f930

      Download Submit

    • \??\c:\temp\DS423_65\MFP\Setup\setup.LST
      Filesize

      1KB

      MD5

      7ce5968a712490b7c721e363d2bb1610

      SHA1

      e0c92ff5f0898632037a3da9f82f7b3d076040ff

      SHA256

      3d0cb88ce9b079855ebd1441e0586c81efa60ea46fcba115ef7447d765b991a1

      SHA512

      d4ea74989ab6d4b69b5cfdc2deae6b710dd49b8359f11e2455efa090eeda7605aee1f59ca7c25d640fde4fa52999912ed78496549c6e8ce30b7b7bad455d6384

      Download Submit

    • \??\c:\temp\DS423_65\MFP\Setup\setup.inf
      Filesize

      20KB

      MD5

      c35c3b59a99797712319922d7c77a07f

      SHA1

      5fb653d0fc9326a2e784a4fe4f844349fc4d73ea

      SHA256

      355d2b0a8f8d3239c3dd73dc4473c61a9ac8e798013fb4bd799fa000fd6b3fef

      SHA512

      fd85367e76f70bdb262e061cb3f1b777e7e3d19c75fa0b7087084e0e39ba97212a3c33a461371361a674e21c940f19b73edeaf137f9b61ca4b6a6a54c5cfc5ff

      Download Submit

    • \??\c:\temp\DS423_65\MFP\Setup\setup.stf
      Filesize

      3KB

      MD5

      3644f8597b9a55e3ac6ef34aae245cef

      SHA1

      52a104bbbdc1c5b8e38bf801ca82e52ae7b51185

      SHA256

      d09d14638c354405d86d59cd30999dc453bb769bdd18f518942ef19cb3dc9a9e

      SHA512

      4a77a947ac4d74b8f67832d7d611553d46d275d64bf149c291ba8de2e3216d5aa35c68f92b7cf0cab087b1005e9109a5346b622e75fa88df70c084696fa44c2a

      Download Submit

    • \??\c:\temp\DS423_65\MFP\Setup\setup.tdf
      Filesize

      84B

      MD5

      e27933ca7510080b0a454d58808e77b2

      SHA1

      c484a679479ad0e81041f7f0c232d54e3bdff01f

      SHA256

      ebe75cdd0c27ee779ddacf8677adb251aa98fb9d721846bb8e341d59d8f4d62d

      SHA512

      ab26d487dc0ae2a1c3c5b9fc2a8e9f891a6ca9890a7cdfa68d184c9d977b9d215d020e77c3633c9c89ad57d799c59a730210ba760059d0d45f1217eb2cec8409

      Download Submit

    • \??\c:\temp\DS423_65\MFP\Setup\setup.tdf
      Filesize

      84B

      MD5

      0d579374051ae3960d6f477d4ec81aac

      SHA1

      2eafe42840b0b4b73691be9a3e296c9d70b4911c

      SHA256

      034c0682cc1350746ec1d1d9a91c4d89f251ed2584f5201a53fbf3460fc8cdff

      SHA512

      de4c3089551b617469969123ddab52aa359eb881d6582a3d4e070c1be0f84ba36a2f5874d146274411cd9b0b90c52d791e4361236c3194b940a22854dd0b0aea

      Download Submit

    • memory/4432-439-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/4432-0-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/4432-459-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/4432-2-0x0000000000401000-0x00000000004B7000-memory.dmp

      Filesize

      728KB

      Download

    • memory/4480-374-0x0000000000400000-0x0000000000460000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4480-109-0x0000000001F60000-0x0000000001F73000-memory.dmp

      Filesize

      76KB

      Download

    • memory/4480-375-0x0000000010000000-0x000000001004C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/5056-440-0x0000000000400000-0x000000000071B000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5056-457-0x0000000000400000-0x000000000071B000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5056-446-0x0000000000400000-0x000000000071B000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5056-6-0x0000000000400000-0x000000000071B000-memory.dmp

      Filesize

      3.1MB

      Download