bf066388ba859d290970a6011de59455dcaa6059b0ca120213b0b601ffe59369

Resubmissions

01-12-2024 18:15

241201-wwd19axqbx 10

01-12-2024 18:07

241201-wqgj7axpct 10

Analysis

max time kernel
97s
max time network
148s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01-12-2024 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KiPoypXaweM/Requirements/Visual-C-Runtimes-All-in-One-May-2024/vcredist2005_x86.exe
Size

2.6MB
MD5

ce2922f83fb4b170affce0ea448b107b
SHA1

b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847
SHA256

4ee4da0fe62d5fa1b5e80c6e6d88a4a2f8b3b140c35da51053d0d7b72a381d29
SHA512

e94b077e054bd8992374d359f3adc4d1d78d42118d878556715d77182f7d03635850b2b2f06c012ccb7c410e2b3c124cf6508473efe150d3c51a51857ce1c6b0
SSDEEP

49152:rqGRIgg2SirwkF9xdtb43lyGKCafpKkiwnaDahmPzpY4FPyaza:rxxLFfY/KCCpKk9aWMzZyau

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1884	MsiExec.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	vcredist2005_x86.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\Sysprep\ActionFiles	TiWorker.exe
File opened for modification	C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml	TiWorker.exe
File opened for modification	C:\Windows\System32\Sysprep\ActionFiles\Specialize.xml	TiWorker.exe
File opened for modification	C:\Windows\System32\Sysprep\ActionFiles\Cleanup.xml	TiWorker.exe
File opened for modification	C:\Windows\System32\Sysprep\ActionFiles\Respecialize.xml	TiWorker.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\InstallTemp\20241201181748878.0\mfc80KOR.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db0129000000c007e00a_mfc80esp.dll	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\513873561d44db0152000000c007e00a\513873561d44db0153000000c007e00a_manifest	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_49f31fd71413cdc6.manifest	TiWorker.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748706.0\mfc80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748988.0\8.0.50727.6195.policy	msiexec.exe
File created	C:\Windows\WinSxS\Temp\InFlight\adf38b551d44db010f000000c007e00a\adf38b551d44db0110000000c007e00a_msvcr80.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80FRA.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\5ee078551d44db0108000000c007e00a.Specialize.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241201181748644.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0117000000c007e00a\73419a551d44db0119000000c007e00a_mfc80u.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012b000000c007e00a_mfc80deu.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\d802b081436da1cc95f13b9d5567a6233bb5f82fae9297e23e967d449e70260d.cat	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\37bf9b561d44db0162000000c007e00a.Cleanup.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\356fac561d44db0166000000c007e00a\356fac561d44db0167000000c007e00a_manifest	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\4b4d48561d44db0147000000c007e00a.x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4de39e0d118f2d3f.manifest	TiWorker.exe
File created	C:\Windows\Installer\e57f211.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF656.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748644.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748706.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b.manifest	msiexec.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0115000000c007e00a\73419a551d44db0116000000c007e00a_manifest	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\a59d18561d44db013d000000c007e00a.x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774.manifest	TiWorker.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748956.0\8.0.50727.6195.cat	msiexec.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0115000000c007e00a\77a39c551d44db011c000000c007e00a_catalog	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\332822561d44db013e000000c007e00a.Generalize.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3.cat	TiWorker.exe
File opened for modification	C:\Windows\Installer\MSIFC91.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748706.0\mfcm80u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748878.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789.manifest	msiexec.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.cat	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\db8ee01212450d7d7a787865f7df29ec48f12ebb1264df17afa2c4cae12224ef.cat	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\34c8e1551d44db0127000000c007e00a_mfc80chs.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\f5227f561d44db0158000000c007e00a.Cleanup.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\2396b3561d44db016c000000c007e00a.Cleanup.xml	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012e000000c007e00a_mfc80jpn.dll	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012b000000c007e00a_mfc80deu.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\332822561d44db0140000000c007e00a.Cleanup.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\219a75561d44db0155000000c007e00a.x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_49f31fd71413cdc6.manifest	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\bf39559e406fa59f9e7b0ba2902cd016800e24198d53d97943c97f1b5716b8ba.cat	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0117000000c007e00a\77a39c551d44db011b000000c007e00a_mfcm80u.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\513873561d44db0152000000c007e00a\513873561d44db0154000000c007e00a_catalog	TiWorker.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748941.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920.cat	msiexec.exe
File created	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.manifest	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\adf38b551d44db010d000000c007e00a\21568e551d44db0113000000c007e00a_catalog	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012e000000c007e00a_mfc80jpn.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\a48a05561d44db0135000000c007e00a.Respecialize.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.manifest	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012a000000c007e00a_mfc80enu.dll	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\ced813561d44db0138000000c007e00a\e53a16561d44db013c000000c007e00a_catalog	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774.manifest	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\5ee078551d44db0107000000c007e00a.Generalize.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80u.dll	TiWorker.exe
File created	C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db0129000000c007e00a_mfc80esp.dll	TiWorker.exe
File created	C:\Windows\WinSxS\InstallTemp\20241201181748878.0\mfc80ITA.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241201181748628.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f.manifest	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f.cat	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingRenames\37bf9b561d44db0163000000c007e00a.Respecialize.xml	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\pending.xml	TiWorker.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
1676	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist2005_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a5e5b942d58f332b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a5e5b9420000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a5e5b942000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da5e5b942000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a5e5b94200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 45 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\c1c4f01781cc94c4c8fb1542c0981a2a	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AA5D9C68C00F12943B2F6CA09FE28244	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\PackageName = "vcredist.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\3 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\5 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\9 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\10 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.CRT,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e005f006a0030002c0059005d007300210053006f00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\c1c4f01781cc94c4c8fb1542c0981a2a\VC_Redist	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AA5D9C68C00F12943B2F6CA09FE28244\c1c4f01781cc94c4c8fb1542c0981a2a	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\2 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\4 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Clients = 3a0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e00700052005e007000580049006000510075006f00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.MFC,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e003d0024006b00600049004e005d00490038004300650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.MFCLOC,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e006600720038005f006c0028006d0032004e004400650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\1 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\6 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\7 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\11 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\ProductName = "Microsoft Visual C++ 2005 Redistributable"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\PackageCode = "84067013B7B56744BA0F51892982BC09"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Version = "134278729"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.ATL,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e0036006b007d00700048004c004800240053004400650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\AdvertiseFlags = "388"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.OpenMP,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e0035006f00300068002c0070004d0076004e003d00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.CRT,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e0061005a004f002c0048002a004b00320060004500650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Language = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.MFC,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e0021004d00210026005a005a006300300025006e00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.OpenMP,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e00370030002d0054002400210028002a0026004e00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\c1c4f01781cc94c4c8fb1542c0981a2a\Servicing_Key	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\8 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.MFCLOC,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e006900450024005b004d00310025002e0064002700650038004d006b0062004900640046007700550000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3876	msiexec.exe
3876	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	3876	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeMachineAccountPrivilege	1676	msiexec.exe
Token: SeTcbPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeLoadDriverPrivilege	1676	msiexec.exe
Token: SeSystemProfilePrivilege	1676	msiexec.exe
Token: SeSystemtimePrivilege	1676	msiexec.exe
Token: SeProfSingleProcessPrivilege	1676	msiexec.exe
Token: SeIncBasePriorityPrivilege	1676	msiexec.exe
Token: SeCreatePagefilePrivilege	1676	msiexec.exe
Token: SeCreatePermanentPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeDebugPrivilege	1676	msiexec.exe
Token: SeAuditPrivilege	1676	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1676	msiexec.exe
Token: SeChangeNotifyPrivilege	1676	msiexec.exe
Token: SeRemoteShutdownPrivilege	1676	msiexec.exe
Token: SeUndockPrivilege	1676	msiexec.exe
Token: SeSyncAgentPrivilege	1676	msiexec.exe
Token: SeEnableDelegationPrivilege	1676	msiexec.exe
Token: SeManageVolumePrivilege	1676	msiexec.exe
Token: SeImpersonatePrivilege	1676	msiexec.exe
Token: SeCreateGlobalPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	956	vssvc.exe
Token: SeRestorePrivilege	956	vssvc.exe
Token: SeAuditPrivilege	956	vssvc.exe
Token: SeBackupPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe
Token: SeTakeOwnershipPrivilege	3876	msiexec.exe
Token: SeRestorePrivilege	3876	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1676	msiexec.exe
1676	msiexec.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 1676	4424	vcredist2005_x86.exe	83
PID 4424 wrote to memory of 1676	4424	vcredist2005_x86.exe	83
PID 4424 wrote to memory of 1676	4424	vcredist2005_x86.exe	83
PID 3876 wrote to memory of 4032	3876	msiexec.exe	92
PID 3876 wrote to memory of 4032	3876	msiexec.exe	92
PID 3876 wrote to memory of 1884	3876	msiexec.exe	94
PID 3876 wrote to memory of 1884	3876	msiexec.exe	94
PID 3876 wrote to memory of 1884	3876	msiexec.exe	94

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\KiPoypXaweM\Requirements\Visual-C-Runtimes-All-in-One-May-2024\vcredist2005_x86.exe
"C:\Users\Admin\AppData\Local\Temp\KiPoypXaweM\Requirements\Visual-C-Runtimes-All-in-One-May-2024\vcredist2005_x86.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\msiexec.exe
  msiexec /i vcredist.msi
  2⤵
  - Enumerates connected drives
  - Event Triggered Execution: Installer Packages
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1676

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3876
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:4
  2⤵
  PID:4032
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding FBD064944023B73EA1AA3107D80113DA
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1884

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:956

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57f214.rbs

Filesize
73KB

MD5
8fd5d5a4ffbaa73b338ecab136b45699

SHA1
06054fb587e78373ab8ccd4d24259b077806d55e

SHA256
b0ff66f6bf4e24d89d9f8905b0bcce0bbbc461a3e556cd1fac18274c07fdefc3

SHA512
e45a8d22eda64a8abf35e64f2393f2d21505137d493cda7327efa15de42a1ef17e410ea9e519b69791b0ce7d2a98fd91092de3d7e4df9cef4ee52c61efa5a4bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredis1.cab

Filesize
247KB

MD5
cc064d4b81619991de8131a86ad77681

SHA1
88d80d86cc20c27d7d2a872af719300bd2bb73f9

SHA256
913ee5a1cae3e5a1872b3a5efaaa00c58e4beb692492b138f76967da671b0477

SHA512
5aff0eb26cfc187bf58721b2b6d73357d9f1e66d1ac5340ad9ddc08b40ad0eda27a144cb3b650604637a7476c282ded83ed890de98a73ccaf0cc021da3a9eb25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredist.msi

Filesize
2.6MB

MD5
b20bbeb818222b657df49a9cfe4fed79

SHA1
3f6508e880b86502773a3275bc9527f046d45502

SHA256
91bdd063f6c53126737791c9eccf0b2f4cf44927831527245bc89a0be06c0cb4

SHA512
f534bc7bf1597e728940e6c3b77f864adfaa413bb1e080458326b692b0f96bddf4fbd294eeed36d7764a3578e6c8e919488bbf63b8fe2d4355ab3efd685424a4

Download Submit
C:\Windows\Installer\MSIF656.tmp

Filesize
28KB

MD5
85221b3bcba8dbe4b4a46581aa49f760

SHA1
746645c92594bfc739f77812d67cfd85f4b92474

SHA256
f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f

SHA512
060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d

Download Submit
C:\Windows\System32\Sysprep\ActionFiles\Cleanup.xml

Filesize
12KB

MD5
296b359c3619f6f180a8ef989aea3b21

SHA1
35c67178b7cc3bf3c2e59bfefe5e4f2ae5af94de

SHA256
7f56c3cc359aa2e0a23fe8bd849a5b5daec3917d62ecd883ea0bc7f741807cf7

SHA512
440899a43ac980ea212bbbb2b1b4ee9c1111619e7143dd9742dbf4d366b3c2ad4a24ea4dc5a0f1ba81f6ada645d6e1b28d789ec0a17565f772645e14c9957c36

Download Submit
C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml

Filesize
32KB

MD5
59b37f5621fee0a6921a072a7907fb80

SHA1
46a87791d63bc683631c5939d01c16d6c01617ce

SHA256
ff55642502218ef2577dd4882bf85893e617ce2c8778375da403a7384ac29732

SHA512
c80546f63b55ee56dd62813752dd3c7807a4e2980f6a5746d58ff30e671e4f906eeee7689cdd11b67869393ae12e1b055935c5cfc86387c3a6bf627148ed2e44

Download Submit
C:\Windows\System32\Sysprep\ActionFiles\Respecialize.xml

Filesize
416B

MD5
1284256a218ce90dfc01e4c8b8c80144

SHA1
c2fd19e83bf04de35ebf2d94f22682f52631e482

SHA256
1ae7609bea7ad9dbb3dafb75c02b6db17d292b328a31efde93c5982b1b31c4dd

SHA512
2752918105d2636acbace3902e1a3faf1ba4083210cf31325b275965722fbd97c750feb15c9ab48c30a8151570b584eada538f69ed86580e7984a5416dfb01b0

Download Submit
C:\Windows\System32\Sysprep\ActionFiles\Specialize.xml

Filesize
19KB

MD5
e5caf8c8b79799a1c0b000e6a5203723

SHA1
e805dbd8cdf629d1485281affe3bbbf6ecf140e3

SHA256
8a534ebd54a7e193df2e605c493ebdd902652e489f08ed7fdf1e6b2b2590d9f8

SHA512
3f0eca05073782486d6467ff8a7f2f0dd3c3015f198dee205d007ffb7497bac08af883b55f81fb6750ab59f5be6571a0323c8f8be079e7a5dcaa7b7d430c3619

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748628.0\ATL80.dll

Filesize
95KB

MD5
d5e459bed3db9cf7fc6cc1455f177d2d

SHA1
e2847abaf79ac97b5d530e0e1a2da74e7dc67bf5

SHA256
fcab2130fab57b6728c50d5b9e9924f001c43538de4f675de03537ff0d9b84bd

SHA512
f8a090bfe74b5fd112ded3f1269ada31f94aa00816cb345f96de68948e4759082d43185852b9e061a5ded4d8e3fa66d4bdf0f5c89cb3148918b0580aa644390d

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748628.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa.cat

Filesize
7KB

MD5
ba3d94dfab205d6fc0fbbed6940842c0

SHA1
5d8bf309358910af9fa6e2954e9ff9e08742f35f

SHA256
d4106aa2a6eb6fb48440cd9728d01cd829d94a69da0a493ec2a4364f835f8695

SHA512
32840d8074732771cab7d4f49f8c4b19b9147f6fd9f889dbe8a8f1027aa5eaa47beacad82a020f6ecbf2323bd45976550afaab20aa2701fe9297bebb4be24390

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748628.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa.manifest

Filesize
466B

MD5
8f90207a9e223214ec04ccf005f097f1

SHA1
daf891d9782593a0a05d5ff83e1f6dfab7a6ec3f

SHA256
d00269babdb5f3eb1cdd535260124b4b5fa599f2af8605ba468949d64f6eacbf

SHA512
ef4615354860e4ddfa2dd4aa3a2ebbf34568c416246bebb6b4c03509e17ced071aa725704b8d4edc18950c851879beb8ec1ad09843f3b4d18a5bc3152be5918d

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748644.0\msvcm80.dll

Filesize
468KB

MD5
1d109ed0d660654ea7ff1574558031c4

SHA1
04c690eb322e236a9bed2937a04430c6fda3b13d

SHA256
7dcb3c45938d31854e46b5e5b0e16d538e29230d1bc81086d40c8db3bdf510bc

SHA512
806cb75368b38ad6e7de3c41e600f537dadf11c2def3b5171818945f2ee5a495cb143198e4eb80d0df5f964d8bbae09630869a8a6cdacf67d2c3690df457275a

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748644.0\msvcp80.dll

Filesize
541KB

MD5
0b3595a4ff0b36d68e5fc67fd7d70fdc

SHA1
973614ac9622d5ea9cdd68febce3258d196408b6

SHA256
372af797353f9335915cd06d4076bab8410775dcaf2dac0593197d7c41bbffb2

SHA512
e191de0236e05e0bb198c51e2f630b56b833b868383e7ab0bbfd91010fa57a9402364e1082c0f267b1e24789f6d7e6d0253d2a932369f469588eec6ada3f48be

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748644.0\msvcr80.dll

Filesize
617KB

MD5
c9564cf4976e7e96b4052737aa2492b4

SHA1
43851fe4644c0a1eb31fe80f427777f1f0015efa

SHA256
c3ac989c8489a23bb96400b1856f5325ffc67e844f04651ea5d61bc20a991c6d

SHA512
8e9817ab398a86af6982d39fed018ff5282f60c5330dbef6417cfbe73731d8503c63da32107d948cc1eba14dd30aab614c7c858300e4f79ca418dc42d353f9c8

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748644.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86.cat

Filesize
7KB

MD5
18e56040841c2096b1af7107943d15bf

SHA1
c0fdaf3e13ecd412c584fe574a8a18c16b45a1ea

SHA256
ef5447e606a2355c0bb9fd9a9af318b45359a7bf6ecebecdd09517e67239c599

SHA512
db587a4fb1acd0aa219b87046c7c4801ac9e1a1837e330261409580c310e940438e60fbd2311b2ce1438da48bff293bb8311c605bbc9078b975cfaca4e72ddc1

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748644.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86.manifest

Filesize
1KB

MD5
188e68005ed62f32248032c65cb4de96

SHA1
52eb6b2490a1d60a0dbf9f92334937ba196bae44

SHA256
aa8e944adfeed4b29cc9262c63f43ed752f8ef44d52fd868e41bdf1ea974d1b0

SHA512
9ef823bf26a08b2d697f2d88abd92d7c54b25be8d65f6f3a832e9d53472d1252b62ef5e04bca0534fa6f8586633e9e73f91feca07d11728cf7b07e7434cf20d9

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748706.0\mfcm80u.dll

Filesize
56KB

MD5
26aafee5c30020c99120ee113d751f7e

SHA1
828b8da62b265d99a2be741ed54d4ab7de61f833

SHA256
ab8bb84e0131a72114b3eb399f120b9cedd0250fb91a6cd528b4e3e98ef913cd

SHA512
b9fe5a19749147aa2406c0780360d871fa95ee06692354a8c6866959d888aa7c051c41b3f07162adbf95919308b4c83764a1a1323ee888bc34f99b190bd2999e

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748878.0\mfc80CHS.dll

Filesize
40KB

MD5
4a3acbde55eb9bb30895b06f21650614

SHA1
2b763bd66e3a3de4eb331155445e08798f120087

SHA256
83b6804e66e0be5dae2e948988fb269777ec91234f5a508c3fe830d79e6876fb

SHA512
9c50ad27160037f98c0b68a6d037431614632d631048570c8c8ae9679b1494bb35db5564d03868da0d78225b320d7740117e97f4f3aba7bc69386b9ac993734d

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748878.0\mfc80CHT.dll

Filesize
44KB

MD5
dc4091ea96ce9e94f291aa7fff7f2db6

SHA1
a5924abcfe23187d5316f995fe7b618b1eaed3f4

SHA256
6a4a6b2293e306040609f42b07afd251c80e8c33800cc4c9a04b51630226d8f0

SHA512
0c5aecd8c0070c8b298bf3a4a6c3cc11cb73cc7d84fca868be5ecbcbc6d8bff6c56028e2ba534b5f61432761ee368885d7d2a0e99be85e39ea60ffdbbc1b6869

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748878.0\mfc80ESP.dll

Filesize
60KB

MD5
d07aac2bc04602d886c3a925eb209d15

SHA1
d7f2f3eb4d854e84481229a7cf5b7bbc27e1ae8c

SHA256
a28eecf6002085273575e887832b8b77fb5321a19412fb7eba580ebdaec1044f

SHA512
593b8a3810f81b8e705de1b7d07a9c3c602e53c9b8246d67e70e218b4bbd3f4e3e0c347893b4cf65490d8387310690b37fe643bfa935c50eda9bd0989b42ff4b

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748878.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789.manifest

Filesize
1KB

MD5
a96c1a792597529a4252a12fce28d71c

SHA1
b2e2e51a6fcfa607b13764e88d1db1beb9e5062f

SHA256
7fdc0b814cae706a97f75df902e07d5e95a2da216dad20d3cb5a2be8d248468e

SHA512
dceffc6842b50e8eb0762a386a0ef6540d5bc568b8d209a23bb97bffce763cb436ea05692a4f53e6cd61f4624cdf9481012e52f99297457e64bea81b98873a72

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748941.0\vcomp.dll

Filesize
64KB

MD5
73dbaa64d589f3262615550dd6881fee

SHA1
bd0f7710e18e27a61d6b98a476e2048813f9e63b

SHA256
24025f2734201fe69a679194c6611a1603c4e7592809b6a185334e7d8bcc038a

SHA512
aa4b2aa582a5cfdb2d19dd5db777d70656b577e72abb198ceba03603b37b2d1204e4bf5a29cf039ff9f6f191da80e08e9f75d0ae1047f40edb1a15b5a5b72cff

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748941.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920.cat

Filesize
7KB

MD5
a518b9698bff3816caf1e2d7412a629c

SHA1
6d6b9c1b4923136be88789bd02b3d2935b59bbdd

SHA256
d802b081436da1cc95f13b9d5567a6233bb5f82fae9297e23e967d449e70260d

SHA512
4356e355267ec7c42a354e17d6e298c883fb8adacde94ee2188ea1f62e67c2b75e6430f7203caaf097ccb42a7e4847c00ccc0a95b2de0cff457235125d5a88c9

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748941.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920.manifest

Filesize
469B

MD5
984eabf1f9878aaaca749d547d700ad9

SHA1
1de0c54f06e9ed3f0dc7cee2bcd2c4a9ddba109e

SHA256
f3f918af785d0c497c93ca1959541bfd65040bb4c8934d419a689e331b94a0c7

SHA512
447df7555ded851e946ab0bfac3d86f3c666bae4ee8f6ee1686b610f3ccf34ed6b1b4ef25ff8930b70b5a1ccff9d35b5e92454f65c8a37a2078eae5925195a6e

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748956.0\8.0.50727.6195.cat

Filesize
7KB

MD5
2ec75e994bc827ba135ba24aacdc8351

SHA1
6fd68c5f7554a8af565ae70e7f2aa7974ec0ebee

SHA256
dedb067d2d11f8f1007365f028cfaf2a0b2c3f61c8d6c9c51810c4ec6c11f511

SHA512
58eea8bbdae1e3aaeebdbec8249494f052a0429fdd55315dca5d56dad2ba7096d07ddf30fc2bbd572af6c1e23f045cb03fd4d2f8aea7f5215d410e19dfaf620c

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748956.0\8.0.50727.6195.policy

Filesize
804B

MD5
c42fb80cf323059a678a0699819bfcd7

SHA1
ae3a29d768e42d9fe560883959257a5db6c32645

SHA256
33550e0ab4cf946411e934a46d922bb996dda93668554d4de024c98c14f15b70

SHA512
6a396fc24d5e0bcaee09673e0d86e99d066d32e66c6bd1dd8bcbd32f66233fcabf007cfec2aef39d8aeaf070eda1f88acb78c29bafaeef788a104ba6d0cd3239

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748972.0\8.0.50727.6195.cat

Filesize
7KB

MD5
a0b91c5271c038ee9cc9c7d5437cde91

SHA1
d986dc5a1d979f453aea7241ac94aa6866fdc668

SHA256
04349a39eef3bd9d4b1de9b5bda2bd6fc4f517ccb57c0ceaeb7291d5b68a401e

SHA512
179f532dada3f7bf89498678b7cc30ea766ea8109fca9a015856ffad5774c2a01ecd9e55c7ded27de85f85af017f4336893a3bd4a9cd6b43713755e76e1bc228

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748972.0\8.0.50727.6195.policy

Filesize
804B

MD5
506d067f2c986c31d26ca54a106dc0f1

SHA1
0683162b9f08c75a9aee8ab4626ba11a74c48ef5

SHA256
e446fc3432a5d83eb96142ce40f4cc8ed417872539893ace445f7236ff4dd187

SHA512
79f87d44ea7c3de16ba0d395bc07e4f870ed03c6fe87f75651f7a3d823470fa44f8b500a4487b2bd283f67b7ed91c2e082e26785ccb174f420f61429eb1ec860

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748972.1\8.0.50727.6195.cat

Filesize
7KB

MD5
7d6e726f120320f4821ebdbdbd3c85ed

SHA1
cd9bc7f950da33bafe152c2122c797854cfd75d8

SHA256
bf39559e406fa59f9e7b0ba2902cd016800e24198d53d97943c97f1b5716b8ba

SHA512
bcc321efd17b3151901d438f6c8ed3dc745f846dce9c2058374a380285c70e93f70e8133c1a3a57614b96afa8bb7469f8fe1651288808b2162c20b2fa9e8ab3f

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748972.1\8.0.50727.6195.policy

Filesize
804B

MD5
a5e87aac0f9748c664c5538ade2c40d5

SHA1
b232e6a8ee62f94ca7f92c0dae4297f7db877b0f

SHA256
957fca4d0bfbca1660436f7812d6f6e803b237e9dce651f1f6bb856fa3077a71

SHA512
856d9fd9a8db20f3f0668e3d51090c5e61d1f6333e6cb2a4a3148c424c7342ebf1dbf6df78fc640d0039e89afcbc562421cac674e20e45d62ebc66fca549d1dd

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748988.0\8.0.50727.6195.cat

Filesize
7KB

MD5
43a69419b31545cdd4a3505f3b3b192c

SHA1
70c124d5ac7bd4e12d4b5d1cb002da6b5bdd5eec

SHA256
754510064b4349644326f5c9633aaa980db143c46bbdd44e9d64a7ba3c524882

SHA512
b31c9bd8d4f0df1f3947d8f33a36cbeb7e50147966fac776ee11934104016e93aa1fb06f1e42106e28be3ce38433b74e8d88f0c04ee1127c5d1b16f9084ec2d9

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748988.0\8.0.50727.6195.policy

Filesize
810B

MD5
1c27a7f7d8ec9d6787dd79ddb1f7ad96

SHA1
e15e0910658808476ffb3fd73b17c18cb9cf6bad

SHA256
7a27ac14852d08d8df398b4edd656ff260492d5e113c1bfae9de119a5ae7b374

SHA512
3112b2c7350aac8b7ea0efaef4b68be737e0bdc81d485783e12118751f70c1a2dc11392f28b86371be73fff2a9e36a5bbd0211c2928dfc022b1370ecb8528d93

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748988.1\8.0.50727.6195.cat

Filesize
7KB

MD5
25147ad0e140e1a5d1571959fd18e337

SHA1
9f3714c6a901034897e4f0a633de2e4c1a0b9ad8

SHA256
bd3a30be9bfcfbe814a1d495b2692faf9a3a98560d1431cbe60a64af3b69326f

SHA512
736250d3b1abd9c3f459d18d442676bd477167ac7df25e734a74cd327fbfcecbcee664ee9fbba983b2861356fcfdb13aca2a64dc66eb9e9cc4468767b178df73

Download Submit
C:\Windows\WinSxS\InstallTemp\20241201181748988.1\8.0.50727.6195.policy

Filesize
810B

MD5
6daea6599188c59d5dcab27d6959b31d

SHA1
112689776ac072aac8ca474adc40a148d928d772

SHA256
04b850adae1d1e58e980e4faee571f5d76155206d6abf542937a7eefe1d42e05

SHA512
e7b07b5b13f0c62180d8fefa99d3952b2f07017434d8ca21034c055384c103f2b21adf698ebc50d4fae664eab216baffc59c478a7f2f99fae7c99e859dc9437a

Download Submit
C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0124000000c007e00a\9d29e4551d44db0130000000c007e00a_catalog

Filesize
7KB

MD5
d14805929182d6dbe0026c166f5ac457

SHA1
50753b5772f25269940f5f7dcaa9cc68c35d2b55

SHA256
ec631dae1d6f771523bf6af2e0751649563281982d902bb6bf59364209f16e64

SHA512
e037d42c4e1fc65b6cd1360292dfbf466f22eb71d50bb1fde33fadc20bc21a4ed29ec59395d3bf6488ca93e114a62037c4960b4cc68e9b73f686231ad16e1d76

Download Submit
C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012a000000c007e00a_mfc80enu.dll

Filesize
56KB

MD5
28a09777d2d952122567a8a82f1a2c7b

SHA1
af2e9cd4a0321f310c87deaf9170dbc32c4b3f94

SHA256
772260df36ae85a0619c51402de416e0c329976b724c8e9c4f8c013cbb7c7289

SHA512
669df5234bb735649f839715c2dc3fb2206cd27ee639821c25730d3800abc9dbc9ee764d9f7a8cd639a23affaad09cc0f97000513ffddf95e3995f7a06f66681

Download Submit
C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012b000000c007e00a_mfc80deu.dll

Filesize
64KB

MD5
4e8b1e9567b3cd76ca628c9026ae1125

SHA1
c3dcf34c6ea0111034a4d903310ba5b3e7b181aa

SHA256
fd39ab4518de31a44563c68c2a84e3c94594c1d53edaa0a15f6148043e4300cb

SHA512
02215a72be80a6b428434ff86d04797fcb8c77cb4520a149c1123eb35d1e56a4633b53b01a6c78376d60fb92977a93fa6144275e0518f461c8f6dd71f98f82ff

Download Submit
C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012c000000c007e00a_mfc80fra.dll

Filesize
60KB

MD5
6a8e515791acb27f18d08a895974e953

SHA1
e4fe0c307beb45180b0327575eb3d824af20f5e0

SHA256
269229464378ef4de681739ae57e4e6f8c5d23f06ac701ddca0e3580b5d2fc72

SHA512
68b3defd72f014b3ed804ce0c2249f56d8a081e2def5e818142c386510ee85b0803b9b5ee72b11b4c8872e247e07dbdbaa5b229eadae69af06886dbb3ced09df

Download Submit
C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012d000000c007e00a_mfc80ita.dll

Filesize
60KB

MD5
5225673e3f28a251cc8449efa7c82f03

SHA1
27f132e5490ae64921a601162e21eb613726bac2

SHA256
4e7467582d0d22366de5bcd73e8bfb15dcd28d7a6a8dcbda78e81fd175f6176f

SHA512
11ac795790b39eb5b831fda432b518b8a6609f7a52bfe28c5ba3bb7370f3d30f8aefb6872f5560403d75e39a23052534225e2136ec63528701d93a59f20c3536

Download Submit
C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012e000000c007e00a_mfc80jpn.dll

Filesize
48KB

MD5
194d495897dd9d46a3c9befef6cf863d

SHA1
c7adb52b5f3d9033f1cf58c95c3c967c4d670b5b

SHA256
9dcb5eb5fbf87ab36bc26f2e5feb14f5911c08bb52487a135cc41b2160abd10d

SHA512
ca9c19bf4ed4b31e29fc763bc3af58d2fe723604b96ed57a2c922cd99aac5010d6d8ff6204de7dd1d52888710638d554ff4371864f0ba1c910ab72f1fc7cb431

Download Submit
C:\Windows\WinSxS\Temp\InFlight\34c8e1551d44db0126000000c007e00a\9d29e4551d44db012f000000c007e00a_mfc80kor.dll

Filesize
48KB

MD5
adc1e6a231011cb4a4322061f2b13800

SHA1
976889857a64171713029a86538b6a2aa5e6c449

SHA256
e0d59fe3c09dc18151486ccdbb64c8158d0d4911b59cc90e0760f0fe5b8b2631

SHA512
b218e913be1e0883050349556541d27431a05282872b99ea05098e3e8fae1ed185517a76998677715d43b343dbbe7a5e203fd68962df23d19481294e8e205518

Download Submit
C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0115000000c007e00a\73419a551d44db0116000000c007e00a_manifest

Filesize
2KB

MD5
f79c2e87aefedb361fe85b75d147d02f

SHA1
125dc6c2f4845375c2d4e25ed0ff609a0cbfd572

SHA256
e424ef35e909c5863c2668b34f316e9ba507a29c924dfd0970219b0f1898c619

SHA512
851bc6f4497bfa4b133fb1a7a3d0e806aeb8f4a5852439f632c128c9387ba4c769fa18dc2bf1bae6adab9e917e1bd9e42ba9aaca92e64f28a0fb82feceabb02a

Download Submit
C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0115000000c007e00a\77a39c551d44db011c000000c007e00a_catalog

Filesize
7KB

MD5
b0ee1be78206c74429a021688bb34c58

SHA1
f0951dbc13499134373a17aaa0a242759824edbc

SHA256
db8ee01212450d7d7a787865f7df29ec48f12ebb1264df17afa2c4cae12224ef

SHA512
4d82ed69f600bd33e1caf583996ebcab596f7791b3511b3ff29bc8418efc4ea59ce9762c240b4d590778bd9e29e16153abf16125b00cb8cf5ebec5721dfeabaa

Download Submit
C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0117000000c007e00a\73419a551d44db0118000000c007e00a_mfcm80.dll

Filesize
68KB

MD5
83362ee950ad18adb85b54409155c378

SHA1
74d11bbf3da8aa217d1e83425a67621b126371c5

SHA256
be1faa17b466e56da8259cdc1f1b02ee0deb4c5e022e6eb3b82643ef508c8bea

SHA512
7b657edb50d8e4b634c0961040cc951cb0feaa5d1d22d8aadf0620e469d64e7c2bd623fc82ce2c8ca3daf438fba8ccedaca878e2c019c6d4fe993669e6764af2

Download Submit
C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0117000000c007e00a\73419a551d44db0119000000c007e00a_mfc80u.dll

Filesize
1.0MB

MD5
e2c48cd0132d4d1dc7d0df9a6bef686a

SHA1
a091b626be276c742e8d8f86988ed07f1e9083d4

SHA256
52d1a8aa992af2f727da4b16522d604648d700997b1620ccb67d05838c127674

SHA512
8cc0186b55168de98df803cbb999a5de22fa47b9276ec89a67cb932bba924def18d8241f194fa0f75d92a8d106b3b39de57722d36e3c7452b5c7384f26caaf11

Download Submit
C:\Windows\WinSxS\Temp\InFlight\73419a551d44db0117000000c007e00a\77a39c551d44db011a000000c007e00a_mfc80.dll

Filesize
1.1MB

MD5
1f5afd468eb5e09e9ed75a087529eab5

SHA1
b69201b0705139f025a583034436d761c1e62e09

SHA256
8204dbcc054c1e54b6065bacb78c55716681ad91759e25111b4e4797e51d0aa3

SHA512
3c21730b4dff6fa22ab273b2987d8cb5c9c01bca4657734e793bf37b5b94106cf1043d7ce6cdb51ec6f3d4e9d6799e0c844a07976da47882432cae18b3406d76

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.9MB

MD5
d7087531e44237fd5c1ff6482ec9a480

SHA1
d07a3c1f1287de4521677396b82ab6d164cb1517

SHA256
f9409c8f16c527111e9a762e5ff7528c12587f6ec27d0b560be7d178555bc32a

SHA512
2fb071f716b0a96ca700658b79041e24747269e396ff54b0018685ec2beceb8e8223f9c67e506d37560ddee018941cb51bfbf5de99a037ee5e0da045ae8b9de4

Download Submit
\??\Volume{42b9e5a5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{7a792de1-0af5-4978-8a6c-95bc19fc0205}_OnDiskSnapshotProp

Filesize
6KB

MD5
bd61086c714a553143f7aaaa77b67e82

SHA1
96345ff88354f2b3a0def0b7870b271f3b2a5a6a

SHA256
44c4f198941f528d8c448e4cd1271960732cf55d372127d3036831ae3d96ab33

SHA512
65bfa3cbf429ae10f001e04c28f6a9dd3808da2954a664d852d95214c7ebecd28f6cad24556594f00662cc6896e816d546e7ffb959aa6edc04c683b72fb74c7f

Download Submit