metasploit | 811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2025, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
Size

4.0MB
MD5

5903c117f48011c0df6606003e47c4f5
SHA1

16c49da798dc08bdf567a08454bcbbb790920441
SHA256

811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94
SHA512

e10c2aadc80d928aef0d377ea8b226eea519d757ba04b0326a1e0830282b98851f5d1e82e1a2f5391021e8292c0aade9a7b69c983f38eca5936228daf859da8b
SSDEEP

98304:4gqIctyETh4cCpI0kwJF4vY5SK63dzBEZht5f/LyXtcH/:Pqtyih9Cawjr/6NAjyX

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

10.0.0.137:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe

Executes dropped EXE 1 IoCs

pid	Process
916	Windows10UpgraderApp.exe

Loads dropped DLL 1 IoCs

pid	Process
916	Windows10UpgraderApp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ar-sa.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_bg-bg.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_sl-si.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_fr-ca.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\marketing.png	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_da-dk.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_el-gr.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_gl-es.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_zh-cn.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\ui-dark.css	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default_sunvalley.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_cs-cz.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_es-es.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_uk-ua.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\js\ui.js	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentRollback.EXE	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ca-es.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_hr-hr.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_lt-lt.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ja-jp.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_nb-no.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_sr-latn-rs.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\pass.png	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\loading.gif	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File opened for modification	C:\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_eu-es.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_pt-br.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\eula.css	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_en-us.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_sk-sk.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentOOBE.dll	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default.css	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_sv-se.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\logo.png	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_th-th.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\oobe-desktopRS2.css	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentDeploy.dll	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_de-de.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_fi-fi.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_fr-fr.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_lv-lv.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\oobe-desktop.css	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\WinDlp.dll	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\downloader.dll	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\bullet.png	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_en-gb.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_germany_region.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File opened for modification	C:\Program Files (x86)\WindowsInstallationAssistant\Configuration.ini	Windows10UpgraderApp.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\ESDHelper.dll	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ru-ru.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_es-mx.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_it-it.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ko-kr.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ro-ro.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_tr-tr.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\js\base.js	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_hu-hu.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_nl-nl.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_pl-pl.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_zh-tw.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\block.png	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
File created	C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_et-ee.htm	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3752	916	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Windows10UpgraderApp.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	Windows10UpgraderApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Windows10UpgraderApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Windows10UpgraderApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\IESettingSync	Windows10UpgraderApp.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeBackupPrivilege	5072	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
Token: SeRestorePrivilege	5072	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
916	Windows10UpgraderApp.exe
916	Windows10UpgraderApp.exe
916	Windows10UpgraderApp.exe
916	Windows10UpgraderApp.exe
916	Windows10UpgraderApp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 916	5072	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe	83
PID 5072 wrote to memory of 916	5072	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe	83
PID 5072 wrote to memory of 916	5072	811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe	83

C:\Users\Admin\AppData\Local\Temp\811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe
"C:\Users\Admin\AppData\Local\Temp\811edb26190197000a40a52e71b197551ef444fa600836d117852f91e44a0a94.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe
  "C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /SkipSelfUpdate /SunValley
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 1828
    3⤵
    - Program crash
    PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 916 -ip 916
1⤵
PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WindowsInstallationAssistant\Downloader.dll

Filesize
197KB

MD5
49b42f4e7c5f4b290aba92258fb81348

SHA1
41bbe19d3af1e62b9c85bee3b6232de4db1a3231

SHA256
9de477066c8ac228f050892e1ddc6e2ecbc8ead0d82e0f3be9c8e9caae8b581c

SHA512
18a7860eec7a2c1bf7c13fa7edb95f775614ecb19eccea5a3dd246093b83eca534da7083b85d51e174902e3dc1b13fb10d1bbcc68003f3a92d677e10b907304e

Download Submit
C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

Filesize
3.5MB

MD5
45d00e80581a224f60ee62e5a0a9f253

SHA1
a1016580c15d3eaffce1dd548db1dd927f9f8422

SHA256
a3dcca311b836b0644a465ed48ef726217ef530ffdb296cedeb8069776281c01

SHA512
1c1365bbf018caae353f511ca2bb4fdd404c28d3de29141325e0b52751b040729ef2f21a7c845f4708e64d8a7946bcc649f0489a6b58bd8ac86253246a7d4e35

Download Submit
C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA.css

Filesize
82B

MD5
b81d1e97c529ac3d7f5a699afce27080

SHA1
0a981264db289afd71695b4d6849672187e8120f

SHA256
35c6e30c7954f7e4b806c883576218621e2620166c8940701b33157bdd0ba225

SHA512
e5a8c95d0e9f7464f7bd908cf2f76c89100e69d9bc2e9354c0519bf7da15c5665b3ed97cd676d960d48c024993de0e9eb6683352d902eb86b8af68692334e607

Download Submit
C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default.css

Filesize
5KB

MD5
7f5fcac447cc2150ac90020f8dc8c98b

SHA1
5710398d65fba59bd91d603fc340bf2a101df40a

SHA256
453d8ca4f52fb8fd40d5b4596596911b9fb0794bb89fbf9b60dc27af3eaa2850

SHA512
b9fb315fdcf93d028423f49438b1eff40216b377d8c3bc866a20914c17e00bef58a18228bebb8b33c8a64fcaaa34bee84064bb24a525b4c9ac2f26e384edb1ff

Download Submit
C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default_sunvalley.htm

Filesize
54KB

MD5
66b63e270cc9186f7186b316606f541f

SHA1
35468eeefc8d878f843bbf0bb0b4b1d43b843cdf

SHA256
00f8f3e4534146858326d6d2524f3360dfc9e5d149e207d61cabac17ad7a5f9f

SHA512
b9d1b4b201cabf087a44d958584ecb1c110807b9bd9865f1e76bf9d989d7d000ee84f07558bcae5e05d11f7121fe2c402fcf916b00ff5d8eac7eaf05e21a29f2

Download Submit
C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\loading.gif

Filesize
16KB

MD5
1a276cb116bdece96adf8e32c4af4fee

SHA1
6bc30738fcd0c04370436f4d3340d460d25b788f

SHA256
9d9a156c6ca2929f0f22c310260723e28428cb38995c0f940f2617b25e15b618

SHA512
5b515b5975fda333a6d9ca0e7de81dbc70311f4ecd8be22770d31c5f159807f653c87acf9df4a72b2d0664f0ef3141088de7f5aa12efc6307715c1c31ba55bb6

Download Submit
C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\logo.png

Filesize
2KB

MD5
afeed45df4d74d93c260a86e71e09102

SHA1
2cc520e3d23f6b371c288645649a482a5db7ccd9

SHA256
f5fb1e3a7bca4e2778903e8299c63ab34894e810a174b0143b79183c0fa5072f

SHA512
778a6c494eab333c5bb00905adf556c019160c5ab858415c1dd918933f494faf3650e60845d557171c6e1370bcff687672d5af0f647302867b449a2cff9b925d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WXU7D00.tmp\appraiserxp.dll

Filesize
364KB

MD5
9d4f6fc6fd8dbe8e7b498651e0af16c7

SHA1
29cb40c374a35220b72bfa3ea9ed4ffa1b76efc3

SHA256
2acab73e737e9eafa7c74ca3c9b0762a9386016be7cc1ce0c090b00b793a7157

SHA512
7db4d7e0d4ca4c6cc2e2d1bb21915cc240656e94547bb3c3363bc068c0ce490f9e0916bb8745762053e05f1f7e8752a8cb1d83916a71e3a098333b32ede504fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\WXU7D00.tmp\resources\ux\EULA\EULA_en-gb.htm

Filesize
68KB

MD5
05627bc6899f8853de9a63f304d1937a

SHA1
11ccb451025a9b3d1f58b44b730521a7652fdb74

SHA256
49aa5fe536281681d0bf933c59622910753c0ee4eb26d96f548cf4b2d752129f

SHA512
2a0c6569b1dbf7a6754cb870325eefc028f69a758ca44c78da9ac77b03f60feba862e1bdd230ab6b78efb64e0da056917a50b18dd9adadd7e79f1fbb164eef9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WXU7D00.tmp\resources\ux\EULA\EULA_es-es.htm

Filesize
78KB

MD5
75c32dd12eb6a303f16b4561aa4a3720

SHA1
628b9c1504abc72296821575f769a14d4635841f

SHA256
2cd165a4c0828c814c27b1ce07c3e4d8f254cda4eb2e91cf87b242c53002f312

SHA512
b6759d223f0bef67f36ca74bd519e3f2cbf8dbb97ff218fb2f236cf41facaa08cdd6e8949adb4e22c75a00dd19e048c7d2fb68ef3d9d7f790ab7b49ba44b42f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WXU7D00.tmp\resources\ux\EULA\EULA_fr-ca.htm

Filesize
82KB

MD5
b0bbf69d2d7a34f86e0acea9bd678ea7

SHA1
c0343796308bdfe623eb1f0caf99538eb58b76fb

SHA256
531ae3e6ae92c7d173415fb7a3a95fdf61fb3e3fcb703a4606c9590225f03aca

SHA512
7bc0b314cf4eb625aa56e6134f1cd544ce1f38b84c7a478ba2f34a484ab41328f820a1601a8d0f5ee602a59ace1e496f69c2820ce472b8d57a5dfa5fc8be69be

Download Submit
C:\Users\Admin\AppData\Local\Temp\WXU7D00.tmp\resources\ux\Microsoft.WinJS\css\oobe-desktop.css

Filesize
39KB

MD5
5ad8ceea06e280b9b42e1b8df4b8b407

SHA1
693ea7ac3f9fed186e0165e7667d2c41376c5d61

SHA256
03a724309e738786023766fde298d17b6ccfcc3d2dbbf5c41725cf93eb891feb

SHA512
1694fa3b9102771eef8a42b367d076c691b002de81eb4334ac6bd7befde747b168e7ed8f94f1c8f8877280f51c44adb69947fc1d899943d25b679a1be71dec84

Download Submit
memory/5072-335-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/5072-0-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download