575ee8bd597cf9c966f6709b06fa14ad9f1c68f409567a0d79251b444dbbfdad

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bug24.exe
Size

5.6MB
MD5

cb37f386265bb3ff2cf8b3f2357d136c
SHA1

9b9a9bc102dc8712b6ac353824e9eac9ff6447dc
SHA256

575ee8bd597cf9c966f6709b06fa14ad9f1c68f409567a0d79251b444dbbfdad
SHA512

d8e8572104ac3d1d6b682e74d9c4ed465a1348d5197dc0cb8196b3e7b4d8deff7615962e16272d5d2978a2bc94db5767dbe5391ad0130aa5085ff8fc2a75a772
SSDEEP

98304:7kLcgAWVhsTh05DKGcVYv0rXH8YOym/+BhNxrHkOFGs1x55ljq:wtGTi1YVY8bHjOysehNpfxnO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2816	Bug24.tmp
2140	acmsetup.exe
760	BDEF2024.EXE

Loads dropped DLL 6 IoCs

pid	Process
1996	Bug24.exe
2140	acmsetup.exe
2816	Bug24.tmp
2816	Bug24.tmp
760	BDEF2024.EXE
760	BDEF2024.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 20 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	setup16.exe
File opened (read-only)	\??\R:	setup16.exe
File opened (read-only)	\??\P:	setup16.exe
File opened (read-only)	\??\M:	setup16.exe
File opened (read-only)	\??\K:	setup16.exe
File opened (read-only)	\??\J:	setup16.exe
File opened (read-only)	\??\W:	setup16.exe
File opened (read-only)	\??\S:	setup16.exe
File opened (read-only)	\??\G:	setup16.exe
File opened (read-only)	\??\O:	setup16.exe
File opened (read-only)	\??\N:	setup16.exe
File opened (read-only)	\??\I:	setup16.exe
File opened (read-only)	\??\Z:	setup16.exe
File opened (read-only)	\??\Y:	setup16.exe
File opened (read-only)	\??\X:	setup16.exe
File opened (read-only)	\??\V:	setup16.exe
File opened (read-only)	\??\U:	setup16.exe
File opened (read-only)	\??\Q:	setup16.exe
File opened (read-only)	\??\L:	setup16.exe
File opened (read-only)	\??\H:	setup16.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ta02140	acmsetup.exe
File created	C:\Windows\SysWOW64\VFP6R.DLL	acmsetup.exe
File created	C:\Windows\SysWOW64\VFP6RENU.DLL	acmsetup.exe
File created	C:\Windows\SysWOW64\VFP6RUN.EXE	acmsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bug24.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bug24.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup16.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acmsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BDEF2024.EXE

Modifies registry class 29 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime.6\CLSID\ = "{008B6021-1F3D-11D1-B0C8-00A0C9055D74}"	acmsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "7"	acmsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)	setup16.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	acmsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "2"	acmsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "Running"	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\foobar	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime	acmsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime\CLSID\ = "{008B6021-1F3D-11D1-B0C8-00A0C9055D74}"	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime\CurVer	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}\VersionIndependentProgId	acmsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}\InProcServer32\ = "C:\\Windows\\SysWow64\\VFP6R.DLL"	acmsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime\CurVer\ = "VisualFoxpro.Runtime.6"	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}\ProgId	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}\InProcServer32	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime\CLSID	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime.6	acmsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper	setup16.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level	setup16.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}	acmsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}\ProgId\ = "VisualFoxpro.Runtime.6"	acmsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\foobar	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualFoxpro.Runtime.6\CLSID	acmsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level	setup16.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}\VersionIndependentProgId\ = "VisualFoxpro.Runtime"	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)	setup16.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper	setup16.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "Running"	setup16.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	acmsetup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	Bug24.tmp
2816	Bug24.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1028	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2816	Bug24.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
760	BDEF2024.EXE
1028	AcroRd32.exe
1028	AcroRd32.exe
1028	AcroRd32.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2816	1996	Bug24.exe	30
PID 1996 wrote to memory of 2816	1996	Bug24.exe	30
PID 1996 wrote to memory of 2816	1996	Bug24.exe	30
PID 1996 wrote to memory of 2816	1996	Bug24.exe	30
PID 1996 wrote to memory of 2816	1996	Bug24.exe	30
PID 1996 wrote to memory of 2816	1996	Bug24.exe	30
PID 1996 wrote to memory of 2816	1996	Bug24.exe	30
PID 2816 wrote to memory of 2720	2816	Bug24.tmp	31
PID 2816 wrote to memory of 2720	2816	Bug24.tmp	31
PID 2816 wrote to memory of 2720	2816	Bug24.tmp	31
PID 2816 wrote to memory of 2720	2816	Bug24.tmp	31
PID 2816 wrote to memory of 2720	2816	Bug24.tmp	31
PID 2816 wrote to memory of 2720	2816	Bug24.tmp	31
PID 2816 wrote to memory of 2720	2816	Bug24.tmp	31
PID 2720 wrote to memory of 2140	2720	setup16.exe	32
PID 2720 wrote to memory of 2140	2720	setup16.exe	32
PID 2720 wrote to memory of 2140	2720	setup16.exe	32
PID 2720 wrote to memory of 2140	2720	setup16.exe	32
PID 2720 wrote to memory of 2140	2720	setup16.exe	32
PID 2720 wrote to memory of 2140	2720	setup16.exe	32
PID 2720 wrote to memory of 2140	2720	setup16.exe	32
PID 2816 wrote to memory of 1028	2816	Bug24.tmp	33
PID 2816 wrote to memory of 1028	2816	Bug24.tmp	33
PID 2816 wrote to memory of 1028	2816	Bug24.tmp	33
PID 2816 wrote to memory of 1028	2816	Bug24.tmp	33
PID 2816 wrote to memory of 760	2816	Bug24.tmp	34
PID 2816 wrote to memory of 760	2816	Bug24.tmp	34
PID 2816 wrote to memory of 760	2816	Bug24.tmp	34
PID 2816 wrote to memory of 760	2816	Bug24.tmp	34

C:\Users\Admin\AppData\Local\Temp\Bug24.exe
"C:\Users\Admin\AppData\Local\Temp\Bug24.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\is-BEPE0.tmp\Bug24.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BEPE0.tmp\Bug24.tmp" /SL5="$4010A,5016627,832512,C:\Users\Admin\AppData\Local\Temp\Bug24.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Windows\SysWOW64\setup16.exe
    "c:\temp\Bug24\MFP\Setup\setup.exe" -m "c:\temp\Bug24\MFP\Setup\setup.exe" /QT
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - F:\~MSSETUP.T\~msstfqf.t\acmsetup.exe
      F:\~MSSETUP.T\~msstfqf.t\acmsetup /T setup.stf /S c:\temp\Bug24\MFP\Setup\ /QT
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2140
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\MFBug24\nomopc.pdf"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1028
- - \??\c:\MFBug24\BDEF2024.EXE
    "c:\MFBug24\BDEF2024.EXE"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MFBUG24\UFIEDT.DBF

Filesize
968B

MD5
423c3e8280a18f941204ba6a918df772

SHA1
d336bba2078ce58e638ae94b3e0aea3c23c84a51

SHA256
87ad9066f0a93020ee054497af50a945f7a8ac42a6dfdd099abd0ef1c3598aac

SHA512
d32452d639dc4f3c30536b86146e31a8acbb90ad8b0069b32eadf913edce4a1162258f0c63eb9028c35e5496c3f30b0833ed1dfbcd1fbf9b9bf61c72bc78ef35

Download Submit
C:\MFBug24\NOMOPC.CDX

Filesize
6KB

MD5
d699fab9d7204e23440e71672273ccf6

SHA1
76ea0290c9da0490e24483f4700787475b231a51

SHA256
a7f61d48a71b2a6e9e86165d9a8a53523847e16329ff955feb61ba941ddb5199

SHA512
5f74fd077f3d830581b860ad758f9b247d7730eef5f6e0b0112adcef8352ba8b925ba75c523a9fc157a7648915a844e2b3a7c37c977eb712aba91a661c6e0dbc

Download Submit
C:\MFBug24\NOMOPC.DBF

Filesize
7KB

MD5
98435b3ca0062f1d055823eb6c31cdab

SHA1
d5e5c66e1f2b9b38ce6f5abfe227842ee0103b7d

SHA256
02ef32570c8f8a5434063534f3e3c950e949e04cd1040ff4b0ddd35e869e833b

SHA512
c7518c9225ceba5988560c8e914cb2a6ea526e71461980eba05076a16f579a4dad6d7e758bcd2ab4d0b14fdf423b032fc15a541e0fb4cc1b1cef6f945af539f4

Download Submit
C:\MFBug24\nomopc.pdf

Filesize
7KB

MD5
13555bca25f0acf9ac47753ef7af5592

SHA1
f7c53b3f26a0dfeb316694008a2e2e9973a0710c

SHA256
cceb9a3f92d2588473ff36c8f7b35672c3006fa93b2626f0405fec593b802377

SHA512
380c5e7ef3d802b2eb3d16fd74177ebefc0eb04e774a0390ced24641e17d7b361e6fc7bdb3dbc5c774c68dd708ea9273106dccb8dc5589e73fe57d4c8ba9d8a0

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
2060b7c480f7f33373cb50d5f322e69e

SHA1
2ecce4234c34e3f684c26134334573d3a43f41e7

SHA256
e2bda52b333822cacddf1da61a5f4e0fa8ae09686daa820006e2e72042960a09

SHA512
5ffb37335e7cd30325fc25468a1e0c38eb6dff24349f17f78ddaa9defe0c38e74dfa769dde6d5b5282f0fe6ff062b1583726d57d007e96a9b4870af6cee8981e

Download Submit
C:\Windows\SysWOW64\VFP6RENU.DLL

Filesize
855KB

MD5
67c5fd2305af277134e00c76f3e5bce5

SHA1
682679e87a1a8a01d841afb9b28afaf9fa9ddcbb

SHA256
fb89f70273870d5baa75be62f2905a0a87453c915d5173f2231da37783441b3b

SHA512
dd7c47e33338b9c3b57c54d983d58b6a7654790c0d17ad793f9f4f6d5f881033ca61c5ea496159c45ab6c8a60105d0cd4444fdcee2364cf693abed237ec4672d

Download Submit
C:\temp\Bug24\MFP\Change\Ldef2024.doc

Filesize
91KB

MD5
ebd66482014cc853e1b9c1ac16437601

SHA1
84511bc468e2a7628d4b5324ccd2e77baf7ba9fe

SHA256
1c6814840f432319c19e1be7fe8699ed2b1cd95be66948c32a20eea806803cfe

SHA512
73f93bf8ce7737f8f6138f533d603aa873bd069794a23e84ba7a520229d75b1ae0870c0c489ce6f802179cfa9ff6b42a99e95e741cd58cca68ea50b471475862

Download Submit
C:\temp\Bug24\MFP\Setup\ODBCKEY.INF

Filesize
3KB

MD5
caec3c61db20de9db97a5a3501d4e7f7

SHA1
3e8a0cd30b1904a38188f81fdfe895d863d6b71f

SHA256
0871015697e9661353380be0279c128313873a5cb820e3922eac588148a2a39b

SHA512
a33dea6a9b9a0c0131edcf47f3022b6e4c7dd1f8fc41fc5fb3ec9284252eb5cb88de3ae60da58d9a71713a3cacac53397188b6c7ab7da02ad022b373212cda52

Download Submit
C:\temp\Bug24\MFP\Setup\ODBCSTF.DLL

Filesize
28KB

MD5
0aab0244fa047b9464c1aced50b6efb7

SHA1
eba4fcb9e77ef0e0440790f36278c8727cf26ed7

SHA256
6539248a03f5c14d3e76731cc0abf8d57009091502fe47923ad01ba862e7ce3f

SHA512
cfbd227d3038061744e93ca4408d7cd335131aa737be75cc8bad9b70456db8f558a749510b4779d2999637c63ef0d166588ceb22cf7550c3252ffef83dc96a34

Download Submit
C:\temp\Bug24\MFP\Setup\setup.exe

Filesize
72KB

MD5
575436cb236e86d0f4e932c76a317019

SHA1
c0e259ab69c43dc07831a401890c4c7d83a51b37

SHA256
960e235a299af4f1c961c33ab353932163b374938b4976ce83af044a151de281

SHA512
13c2d5682b4800178150111b0e112606bdafbe885165f89b6512f6f739fba2a7da4a7b82a53f6562f3065c2c6c6e024d1025557ba2d24a69833a9295594eb8a7

Download Submit
F:\~MSSETUP.T\~msstfqf.t\MSSETUP.dll

Filesize
276KB

MD5
d5d072540f69cdcae1ddec6f116ea65a

SHA1
0e105e6968d868ba23b13d9eb1e83a34c2015aea

SHA256
b9b3abb404481d98b0cb8ec3dd728f12a3f2505d4cc7e4c59e8509abfa694710

SHA512
64748600aa32181d7ce5ad82238bc84606931275aff58858578fd9bc5c01fa7809c095195939c3811e91362f2470abeebccd93ed7921bd3342f7fe13a96fac66

Download Submit
F:\~MSSETUP.T\~msstfqf.t\_MSSETUP._Q_

Filesize
814B

MD5
9da4be120d5b377eff30498603bbd2be

SHA1
b9bd285fbf7b37bee531082270f5312760fc0f7e

SHA256
8847011da30b2e0be6d1952268d04e8b1db1821a62835cb5ecdd69af55af2423

SHA512
89186344abc652d917ed58679fddf9159dd4ad2c4cc6face82a8d7b9c3b529c91b22239cbca6d40f870179097ae49d7d66a178681e907218ca774c0e4b8628fa

Download Submit
F:\~MSSETUP.T\~msstfqf.t\acmsetup.exe

Filesize
362KB

MD5
9b658a7e2ce494d53e79392ed7400f68

SHA1
78ce8f8bb29268ca096b3a4b8b5a983b5cfe24e1

SHA256
65ec6d4ffef9bca6883943ab44b28033f2abf1646cf49b3ae3aeb8bb699f3af2

SHA512
9fe33ad422ef66b1c6f2cb66a51acfad6410960795aa52653c9f6b2d8ba62200321d49890890a6ceca2b961a9bde234e8217029a741525130f775b62db7c9159

Download Submit
F:\~MSSETUP.T\~msstfqf.t\wizset32.dll

Filesize
59KB

MD5
711e412d34486090d5248b034c308f43

SHA1
a3933d2dd430046aa4fc53bdf5b3f5931e8e1399

SHA256
1ce8a04dceb95927ed8370aa83d5a268647105b98870bc662dec2b01bcd450bf

SHA512
ac116b29f2a24844ff6f61e725ecb8c41a77c50fd127b01bf722bbdc7cca3852d9cf90504e8f87c9a32399dded6422db6c6a40f05d91cc8923f18aae866d3337

Download Submit
\??\c:\temp\Bug24\MFP\Setup\SETUP.INI

Filesize
149B

MD5
fa989ef5ac1bef560ef661521311898a

SHA1
7f8f366728f5051e6dd5d10d64b12de88d5773db

SHA256
7df27fa71d9f06e7fe45fa40d1d2bf8c9527abe9d2f6db281c1a249dcca0f792

SHA512
739630b18d359dfb068a4455de4797b45ccd6faf9775d295e7f6ea456316464d39b6427b1ca677167f7ebfbcaed27b1fa9b47c613faf9b4a9dfd72a02033f930

Download Submit
\??\c:\temp\Bug24\MFP\Setup\SETUP1.CAB

Filesize
35.2MB

MD5
e32be2f83b7fc59a232013f4155f289f

SHA1
fb8f68bc5ba2fa7b541aac68d32ebca3a82c712d

SHA256
d2e1e8b3d5baa03d6ee993939dd4eb67c22de18902611a6cc4658d53d83875ea

SHA512
628e7a862e0b196a26708e0e057e560192615e7387f5fb86301e2220fd795288073c5b8cb577ac2d28b88901acc7f1c3688b939b7b04a073b9d164f601ab8295

Download Submit
\??\c:\temp\Bug24\MFP\Setup\setup.LST

Filesize
1KB

MD5
e8618b2892135fa0bad0640a113cb488

SHA1
23a95a9f288641971f540091dfaedf854952473e

SHA256
39073cef633f967397a20acd1e6660e62db21d56e0bd3a4bccefb5b3511861ec

SHA512
866da03c49fc10a3481f38613d742958ec8586600a3b132a99968fc137625fac3f1871c0fc24ea1685c1e7a237c9b8b421fac306e811e60b8a4ae69669d60c1b

Download Submit
\??\c:\temp\Bug24\MFP\Setup\setup.inf

Filesize
32KB

MD5
010c03261b0b63c442c8f9f5b8f94f9b

SHA1
4c6c3d3e7c3094e72266ae5f58507555391ab490

SHA256
d247e7c76362e41266600a09b978643c7e8f2810a6d4e14c6e8dbb51fa23be95

SHA512
089d6729ba470183a2c4cff49b9e7ad17324712222bdd3febfd2d32f3100949289eae384dcf5c38997abecdf909520c3b82865fb8b0d0a8f2a944686d09ddec1

Download Submit
\??\c:\temp\Bug24\MFP\Setup\setup.stf

Filesize
3KB

MD5
271c9ce10611498351abc3e46355799a

SHA1
4a161e701ad249dee47d51123a44ceb138eb0e27

SHA256
e0befe68515b6a1f577fc03468c3e27670575745e930c70e9f936a9d0f5c4009

SHA512
7b3adae9a0241df47fba0adcad0d11a8758424945751d5d2b869721f36e11333a7ea23f7535822a323f3b2c1eba1358929d8fdac9100f371d18ecd1187dea55b

Download Submit
\??\c:\temp\Bug24\MFP\Setup\setup.tdf

Filesize
84B

MD5
e27933ca7510080b0a454d58808e77b2

SHA1
c484a679479ad0e81041f7f0c232d54e3bdff01f

SHA256
ebe75cdd0c27ee779ddacf8677adb251aa98fb9d721846bb8e341d59d8f4d62d

SHA512
ab26d487dc0ae2a1c3c5b9fc2a8e9f891a6ca9890a7cdfa68d184c9d977b9d215d020e77c3633c9c89ad57d799c59a730210ba760059d0d45f1217eb2cec8409

Download Submit
\??\c:\temp\Bug24\MFP\Setup\setup.tdf

Filesize
84B

MD5
b6815e3b560ab0b421a50fd48756f333

SHA1
94e145e18dab1aae70c44f716fa411b2e948b819

SHA256
0c883aea323d50e9f7793777e0640f1517c421ab56d878df506284557dcc6fe4

SHA512
81a4093e972ba33a882757446803d326e4e7bc7dac9d325278fbae279a5801b109011e4cbf1daadea06f19982fda4de6c7949629b8e7f1450bd61b03bcd773d1

Download Submit
\MFBUG24\BDEF2024.EXE

Filesize
562KB

MD5
9916ceb6cdc3b94ad02c4eb6058f5e2c

SHA1
3d86dcbc455d8a4090c550447880abdca0530006

SHA256
ac3cb9a908520ebe4c805559f3d77196a5bfe6b1e54df71d3e083474e518d3b0

SHA512
1fda62f9b5c164cd2e1bc610bc5ff67a9ffea5a70d9bd46fc8e7580878d7ea12fef0b389ebcce79fc3d444d64d8457ad450bb44403b40d2093ef39130b6c945e

Download Submit
\Users\Admin\AppData\Local\Temp\is-BEPE0.tmp\Bug24.tmp

Filesize
3.0MB

MD5
c99012320b0836ba738f55ba8efb1de6

SHA1
574802cd648b3e91881902ab52e94a967c804500

SHA256
2a569c134bfbdf7e9710d661ccb9c9816e26904d77d49dd5e36b047a9c7e10d7

SHA512
9d5f91b7f695871f569372d39956ce9264899a929bda7b950b00d13135d49888d324c90a56b52d330ea1f66fbc7137581228c410ba8d81a1c70e358d019f2766

Download Submit
\Windows\SysWOW64\VFP6R.DLL

Filesize
3.2MB

MD5
02b892076244e5bae12fc62297ed0502

SHA1
de635394748bb9bc484f9a0840529816574bfe35

SHA256
2f12d7cc09d1b966991010d098a20d6b39b400525eec98ff90316569bf22542a

SHA512
6f4a23f9a238b989ab74c8a9eb502070bf74427b7c25bcf7088a3f1a0a94e94cd2bf3ae55ec2cc667e4f90c5938bed63647a67ae1b672ddb576e13f33cfbb5d2

Download Submit
memory/1996-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1996-553-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1996-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2140-513-0x0000000010000000-0x000000001004C000-memory.dmp

Filesize
304KB

Download
memory/2140-512-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/2140-106-0x0000000000120000-0x0000000000133000-memory.dmp

Filesize
76KB

Download
memory/2816-550-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2816-9-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download