Overview

overview

8

Static

static

1

New Text Document.bat

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250313-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2025, 04:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Text Document.bat

  • Size

    420B

  • MD5

    a70e4c8ecd39f86f9571017f40f7385d

  • SHA1

    c43b7b293d3d98aead16ad7f5f318fc6cd28fcef

  • SHA256

    c98b9d1f92f5676de11a1ef22d70c925799c39f094c9be771114b49fe7506897

  • SHA512

    76e8925caa776e9c5dd674851562b9339c62ae4f4111ff1d1cb4354ba4a72d3ab323e8ac12d311faa54801b9c9229b395a78310b1ccdfa9860ad9b3de513941b

Score
8/10
discoveryexploitpersistence

Malware Config

Signatures

  • Drops file in Drivers directory 64 IoCs
  • Manipulates Digital Signatures 1 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Possible privilege escalation attempt 2 IoCs
    exploit
  • Boot or Logon Autostart Execution: Print Processors 1 TTPs 1 IoCs

    Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Drops file in System32 directory 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.bat"
    1⤵
    • Drops file in Drivers directory
    • Manipulates Digital Signatures
    • Boot or Logon Autostart Execution: Print Processors
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:5404
    • C:\Windows\system32\takeown.exe
      takeown /F C:\Windows\system32 /R /D Y
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      • Suspicious use of AdjustPrivilegeToken
      PID:2504
    • C:\Windows\system32\icacls.exe
      icacls C:\Windows\system32 /grant:r Administrators:F /t
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      PID:5624
  • C:\Windows\system32\backgroundTaskHost.exe
    "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:6100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\310091\cc5f9ade666f4964be08884e6d5a282c_1
    Filesize

    7KB

    MD5

    080159d1b84c328222e7b29edd98a1f3

    SHA1

    b22db2f615fea71f5c7bb57a33c14fab1e7d8854

    SHA256

    52ce5ad8a1a404b65d1c450125bc9b360e8494f45bab17ab35b95145c71f6928

    SHA512

    4c6c6b85b6110ba555f4b688e419edf4cef6eff292244e38a6300243e2bdd01ba9f7193205b046a670a150b99909d2f3d3178e564e6af9ce033398f88a79aab5

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338387\2f971a58fdc74b28bea790cd52d77660_1
    Filesize

    9KB

    MD5

    f3cddfd87166ed34fd8cda64c7b84a5e

    SHA1

    a50c59776f259d737b199c684a0f5eef1dcf56f8

    SHA256

    cc17ccb1e3a1df60db6386d45617c85710373807794e93b385c029988c16a70f

    SHA512

    087ab220a0ef6b83222b5c4eccc3e5be0285689adf092f7b02200815da2744ae1c75c863a98ecfc838f2216b35f9e2bbb3094c51129bb9d33bcc9c794f72104d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338387\42b93769257d467a914d26e415f9cb0c_1
    Filesize

    9KB

    MD5

    1ed22cd74e7b0348fcdc6afe48faa1d3

    SHA1

    e761949b42e6f75a928e282221b6ba9efd0705ef

    SHA256

    25afbebcb030fe873df698894599b25f72d7a44ce605312587fa967e2717b958

    SHA512

    a8e4c87c4631bdfcf5a86c4494fd7b0e3f1ffc638908074a341b9bd29f671ecae12c49c38653eb005bc02dad4e3a92a3e6d8bae462065dc68c4a5cd56ee3c30f

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338387\f1157c7159064f509fa53f3635d2ccb9_1
    Filesize

    9KB

    MD5

    15842258af4a164f062eb3bb40b7c2a5

    SHA1

    437cb0aa32cc647000b2de0c1e4b89b6c7084da8

    SHA256

    40964eef5c62e5829f36b99ab33687c17bff706398353ba2e7a14ddd45e004c7

    SHA512

    4498651a13ba5e43a152da0fea241ce2a0658668949d0f8350b0dc9900ac74296de7af6b71ad85b87ee0680b94400e3f0c55e7f721b38a25eb572635e51152a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000045\67ddd75c32934230b77585ebb834ad7c_1
    Filesize

    1KB

    MD5

    8eac76703421f5834641cc497d604ac7

    SHA1

    53e9736bbaec8f64e4f3ceb33a1e468ad920ca97

    SHA256

    9f07ad7ed9eca43b6fb50928ca945f7db724a8a2a53ec204695aa4226bd254dc

    SHA512

    fda11244e2384a156aa04c4b6f0ec91a6314df17314cc10ed9b81d2c58a7406be653324482dc880856fbfdaa8f2deaf589b35f129ac6388863c48697185082bc

    Download Submit

  • C:\Windows\System32\IPHLPAPI.DLL
    Filesize

    224KB

    MD5

    567a217405f41caea18f4bab50d480fd

    SHA1

    90f870f43852b3fd62110692030bd20887777c0e

    SHA256

    41f7a696a02b5dcba85e12a4999423bdebb1215662059adae955f8081e3ffa78

    SHA512

    a63fb148b5db3a5738142254840e007ffab7139ed2e7a672446f613e83ee8731bcad830c860e5523f69113fea938f8bb5a59147ea641bc799aff16200d90cb00

    Download Submit

  • C:\Windows\System32\KernelBase.dll
    Filesize

    2.8MB

    MD5

    957a7c72c0ad30d568e04fce3313082f

    SHA1

    1919c89186b1e3b4da4aea812ea43f02eac28cd6

    SHA256

    79eadbc61d0762e6931ee5e49007898596ece6bc2a61c080ada7a2c70992d6e6

    SHA512

    cbdf38944b7d7132e7c7448bc715e1e94b1a9a97a6108d90c44fd5637c19dbf39969ee69a170525a2c920b6cb67941f79e8ca818c3e4e2ffbbe3ea90fa0f7d7b

    Download Submit

  • C:\Windows\System32\MrmCoreR.dll
    Filesize

    976KB

    MD5

    dccfefcfc583aed573452b4168363620

    SHA1

    3422aeb088d5eaba6d616313d8c5fe0c8f58c376

    SHA256

    50822375d13f39dfbb3528025d9faa98f22836f97d11f6e0e7b447ef9e4534df

    SHA512

    a3ea0279add3964f2166af0963e7edb5a298afef7b03006ee55433cef774f1fef82d0545c2bf04ea7ebf9d1d7fa17f845b73ecba483cac5ba2f891e6c54f0d6c

    Download Submit

  • C:\Windows\System32\OnDemandConnRouteHelper.dll
    Filesize

    72KB

    MD5

    1f009de6a013a282d07436241512c056

    SHA1

    f0d37e1e76a199135e00c0a36b154b191a0950a9

    SHA256

    c897c345c3bcf3e96589a0feeea8b6d26cf33c091ac3ee2162dd27f8a79c3ff5

    SHA512

    57971d5df5bd9fad066378b280898e1f6e074805cc765448b99409550f97d74bf5bbd11e48e28e53f22be69cd9cd0ff58caa1e92f94fed7cbb4cd45c8f0c4d37

    Download Submit

  • C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
    Filesize

    7.6MB

    MD5

    5af757db7d611890257f5066af309e9d

    SHA1

    d0d1371afd887a1646131c70964fb2d735904519

    SHA256

    503ef212dbb78c886aacd2ea956004bf213061761d0174e3711a626f9d774471

    SHA512

    13f3430bb5d331f879cbaeea3e2ebe67bdec53dafe35596c828063e98d137786149bcd09c16f4911b430ad7ce697ae2c40fdcf2f9e6cc9bede52adc1ce82bde0

    Download Submit

  • C:\Windows\System32\SHCore.dll
    Filesize

    686KB

    MD5

    ab4b87457d2b08b7c51b136c05bfed27

    SHA1

    3fab36a2f84c75232115d3f253c1a9e7f087e7b5

    SHA256

    79e0e627e4e8b0a34375db8c71592977538e9743cc67adf88c615157a0e86b00

    SHA512

    37e8d142ecb1112b25e54cdd10a56b972a435397f2c6dfbb209331181eab68db997a3d2a781581d4b59a66d87ccd22e02300a4112a6223f29fe72e860cd2c4aa

    Download Submit

  • C:\Windows\System32\WinTypes.dll
    Filesize

    1.3MB

    MD5

    67970fe93f3437104cded90945141539

    SHA1

    e2fbcbb3a26ffad184727275fe2753a8c1ca30e6

    SHA256

    62a4076211bae3db99472ceb1b0af23dfca8aacd618a3b72420182bb0c7ab2c2

    SHA512

    43896a744ef8321ed3161bbf55117206eddbb0948e551d112ef028759ebc5b56b78012458dcb98a324bd6ba52c2ab5b063ddc7417bf2b92179e829898c724487

    Download Submit

  • C:\Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
    Filesize

    120KB

    MD5

    b545f628ae337cacfda5e7f38e48e7a6

    SHA1

    6bc66eda8965d09e38045a4a89dd82b3c7d5e328

    SHA256

    0cdde06debce58a818f30b8a65d811806f3f35bd4604b3f889551e9f43ff6b3c

    SHA512

    f10a62dc9adde5e13fd17691e110a5bdf4dc135ae8c20e668f537e37c91dcd4d339375c6441ba5aa5c7ab54ecb01746c462e045423921eeb7e3152aa2f5e76e4

    Download Submit

  • C:\Windows\System32\Windows.ApplicationModel.Background.TimeBroker.dll
    Filesize

    30KB

    MD5

    32077f294a6bc945b17b1c4b4023b5eb

    SHA1

    1ee57a45cb75a124adf1f065b34a22dfd33a7ce8

    SHA256

    301afe61eaaa186d757781b72ea0632f735932e343b03d836927dca3c2ceca2d

    SHA512

    3ed2b8320a192d7d116439fe69995fedad82fcb19e1a11c81d642e29241bfff20b9f0365f03d2831902e7a7f7ff409153385d990fa3014b0cc39576e07ccedb8

    Download Submit

  • C:\Windows\System32\Windows.Services.TargetedContent.dll
    Filesize

    1.2MB

    MD5

    f9a5fbcf0af5f280e5e66bb76961cd2f

    SHA1

    78a7b1ceb6cbd72e06d48a0bef9d3facf028d8bf

    SHA256

    073703495bf52dbd3e5b174bb5a2ab02f36b8b73ff387fd7c5d2879a829fec00

    SHA512

    3e8cde5ea4883a47f6ed0f08c8e093859896cef776eee552acbc17e4b34395c007e3be875f67eda1cc4aa9ccd12d286a417a9aa4fdf4629a212c983ea5e29a72

    Download Submit

  • C:\Windows\System32\Windows.StateRepositoryCore.dll
    Filesize

    57KB

    MD5

    33ec12ec93e56828f391399b70c313cc

    SHA1

    d3517663c67a63872da7ddcd93c13909d7a8d384

    SHA256

    25970a13ecb42814709f5a17c3e41f389dc27f33e0e7a46300e47f5af2fa0f5c

    SHA512

    4b1314c365f92c5e9881afe27f49b8ec9251c3810aaf34202ef6839bd74a31d8c20545ad414f9eae239a43bbd0d1f3a9deadcf08f83e45ecce54455885b62758

    Download Submit

  • C:\Windows\System32\Windows.Storage.ApplicationData.dll
    Filesize

    381KB

    MD5

    7bc1a26dd9bd33c8849559fd0d2f7239

    SHA1

    42e6793f073211ab3921756358df719c104516cd

    SHA256

    febb8ae767b2e5d305f4af6a15ea54aedbf0901dac925382b387eda187cf596d

    SHA512

    43ad5a310a73651581faad312cf83909ea1e9b43b4cb0f8a9a787b3791433c980133ad68e04be029991eaaf8803a6ef3f3f00c9a512ca54168692a336d995f1e

    Download Submit

  • C:\Windows\System32\Windows.Web.dll
    Filesize

    756KB

    MD5

    0e96fbf3f55bb988eda407e868c17ed3

    SHA1

    cd9ecc3a8b2984eb543cd1f7e10c9578b61619f4

    SHA256

    c5dbbfa0ff7d1c08ec9698e3e2d59634168c497dbda63a3734fb68973b999ac8

    SHA512

    493eec4a6da4678eb145beca6b9d6f78a3a9068ff20c428428331c635a1c25a2d21f204718a029f33a01c4a2bb702b29210acaab8dcb73b1d477749fdd35e6c7

    Download Submit

  • C:\Windows\System32\advapi32.dll
    Filesize

    673KB

    MD5

    e70a1568a400e71a8e644652fca4c925

    SHA1

    6cc13f29c70b41326832b2145e134568e5d9a3a7

    SHA256

    e92f9f71ba5a405c5d1a51bd03d6f830f004aca05b80b5bcf525514eca4480ef

    SHA512

    55863e94e2215b3016df306915bfdbf85486948cd6b1f08e924b7f14539f1ad8fe9a8bd88226fb73f2ce2811196bf48cbff05ecdb8fb3e6ca7cf22f28451fa67

    Download Submit

  • C:\Windows\System32\backgroundTaskHost.exe
    Filesize

    19KB

    MD5

    da7063b17dbb8bbb3015351016868006

    SHA1

    c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09

    SHA256

    20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50

    SHA512

    16a8e5aad8900cb2da6d2e06258563eff56b4022092a750c16da50496ec490d1b761d630135cdf313c0ef96d6f30cce09df9ebca0de96e854f2f901b34fd9d1f

    Download Submit

  • C:\Windows\System32\bcryptprimitives.dll
    Filesize

    517KB

    MD5

    5204c0caa08dfe32b8423136f5f5668b

    SHA1

    ab5211d347e77cbbc1e732106f32de3de8307bef

    SHA256

    cfbfc6e742fbba525b49fc1d650003ca4fea1ae632c3d265ea008f3d6eae5d0d

    SHA512

    943d0406ed16b0cf4b34d47188988d7c8235e431a4cf17e1f5fa11c032f66ea575e54c404fb944f7edc595ead9487934333e5db8c10a494437356820d2c24dbd

    Download Submit

  • C:\Windows\System32\biwinrt.dll
    Filesize

    338KB

    MD5

    7c2e41da3cebbce1706bf883c1a55a0b

    SHA1

    16b3fd17ee2ad8d3abe161735e972babdd76fdb5

    SHA256

    3b7c5fd6920f53c0aabf31e990c4274a98f094ab2d304a0a46329e2fcca16b43

    SHA512

    e6a0f16a8e555dad01c5424de8617211acacfd1673660bc9004dff06e674f28ba88e3fe0a7ee8ddccee0eb713de16beea820fe066a894c648d6c82fa933a6609

    Download Submit

  • C:\Windows\System32\cdp.dll
    Filesize

    4.6MB

    MD5

    6517f92fb018d4ad823ac6f468129ebd

    SHA1

    6975e2a549127ac9016ec4697213fddfff518db2

    SHA256

    e88d8f8c3a4d1e836e1b8bc802dae6acd04c655f371ae9976e1ca7e45faf5921

    SHA512

    47458c9d20218c21a841ae32d418a3a038cad355a3fc779e1ec950c618acaa68b13cb3c2d79d5f34bd1c46eff5aa3494fac0eadb1faf8b9730fba0edaee38f56

    Download Submit

  • C:\Windows\System32\cfgmgr32.dll
    Filesize

    298KB

    MD5

    1aeb3524cc1162f97a87ee77810d0c1f

    SHA1

    bae55961b55a36ff0b74edced581219c1d0d9c0b

    SHA256

    cb82c3b7c8734e891ddcb08c7890599e563498bcb645bb15cbf819fe8a88e3d4

    SHA512

    8afeb136712197a3285c96caccb0e6aff53fc7bb25e82f3cc31911b6d14e4fe5f72418d69ae88c3b3da36759a1c00c54afc6c01b7536f5033dfbea76ea7bcbf0

    Download Submit

  • C:\Windows\System32\combase.dll
    Filesize

    3.3MB

    MD5

    b1e221f0f19f7a1e56cddc254e8ca5c7

    SHA1

    490c54ab441f11b64dda968bba5523b9cf87176e

    SHA256

    4d4f893a1e260c4e9e286eb9ab4ac3e9b356495da05b691fc40e65056767a7ab

    SHA512

    58134ac9cffbb08b24efea681138d53489f7d511ec4098d33bb7b003968e851b5bf17b84f85b83b56407682ca0bc2354a8e388f05da1a9a24435490fda5b3977

    Download Submit

  • C:\Windows\System32\crypt32.dll
    Filesize

    1.3MB

    MD5

    b7c42e5bcdc5bf82b294171a22654473

    SHA1

    3b0075817ac0a6c38b403d5b19ddf919f96a19f2

    SHA256

    751b8a2acedbc7c735146272e985d121e17936383c5ca1f326cca3bd64113b01

    SHA512

    263337d0d3b4d2fb58b91ea3563d06b322a4c369f0c0500e2a19c370a9dc0463d67d57857a28dc0e15f81635af17503285aa4fb08a5d8b40199610e4eae5f503

    Download Submit

  • C:\Windows\System32\cryptsp.dll
    Filesize

    81KB

    MD5

    a26d9bd5fe9f31f2d47f81ef95876749

    SHA1

    03aaa61cfdd8c9830383dee534fc984ef0b815f7

    SHA256

    82027b8c6ce412f9c9731af5e904291dae944c3845ebfef2af86c8543c8ad5a7

    SHA512

    8fbe40e851826646bef6e3becc5a5a8ad64bf0e1f3c4c77c133a76491401fc0906d442f41a0c609b7f6c5ffb8cd2a8c9eddd63c135ed38de7d6b81b7d288b2c5

    Download Submit

  • C:\Windows\System32\dhcpcsvc.dll
    Filesize

    99KB

    MD5

    912357f8e08213ba9cea37721b5ed46b

    SHA1

    9ac131aba943b6e80ee4b9ce9b39f943d82be583

    SHA256

    691a7aff42d558fac26f2a9de6b47d7596b130e730597dc3aff6025cb484d4a1

    SHA512

    7b87471adea7a0ca01097d0520c6f62c2e56fc7519fc436e5b48ab9c51df108834040ac15079a9a23e478c486ce7cb21b1b92a02f4c1ffe7b5ace6839437b253

    Download Submit

  • C:\Windows\System32\dhcpcsvc6.dll
    Filesize

    71KB

    MD5

    394fb739c0f202fd65b0fea640d192f6

    SHA1

    bee425e28c99fe5b27faf3aaed0be0ea582ef7a5

    SHA256

    ced3c74f4960e26b648ec5360fe6b1ce47ed4f7a203d8c9798b450e8346b698e

    SHA512

    86660097ce8f692c7eae9555a90983e9f8f9463b469286e2d0f3fc7a628370196f60ff9a639ec9bd0eada1c94ca9ce39a714df3cf1c985b23e5f23d2f2034667

    Download Submit

  • C:\Windows\System32\dsreg.dll
    Filesize

    1.2MB

    MD5

    820b56add74a9ed99409a93f36796f3f

    SHA1

    04de71d9696c72d559c7203bda715aed223e9a31

    SHA256

    7fdba9b0590474274895252dc78675b7f8eacda80baf211f45a7d9ab9801b42e

    SHA512

    63417d78ca32b2e94973ce97d2d9ca08f192411be758823c7a2cac4980dfdffa0150c94b442d484f3c5d65eb5937cd0b5d60a14dbea84248da1e973e1fc7292b

    Download Submit

  • C:\Windows\System32\gdi32.dll
    Filesize

    162KB

    MD5

    f1590bdb1c95293cd3b487ffc97353e0

    SHA1

    9b3c7713828bda35bb3e4f30a56d61a2c19811dc

    SHA256

    de75aea74bf6453f42f02b949a6a3dc00ecef4ae16310fc4a0acb6d869e1fd2a

    SHA512

    5be29ebe010ee79508f806680fb60851d90262877c3f9c24ab56aea3e3d5e0428764f364b0ec592fd7c3daabdf82976ee4f6530902c99eacef4a3c396952fbab

    Download Submit

  • C:\Windows\System32\gdi32full.dll
    Filesize

    1.0MB

    MD5

    35e1a13f6a0902b4c89f59c89b355c86

    SHA1

    0375b9e121f10c2d201c2f49c1c014723ccfcacd

    SHA256

    f2f28c7195557af1e6d50016b41839514ea2dcd4716c5c5bb87dd2c200e5499e

    SHA512

    de155aceace2ebd4a4421eca43a4787faef8371ff0349a3861c480ab7ee56ae43169e34600ad1d52d0342c71dd247d0a589f6ee96cf93c77394c92e88f58cc78

    Download Submit

  • C:\Windows\System32\imm32.dll
    Filesize

    181KB

    MD5

    669d9741e74156425354ddab8bcc581e

    SHA1

    3384654e76559fc6900e58296967ed89757ba8c9

    SHA256

    00053aa7be3825828ad7c8c1c9f9ad29df07f5538107479886d8427df86bb4f0

    SHA512

    b520fdae3489202e532e11c73309f5b2a960f202a5872d25377ee2622846066eaff54fca61930426250787e55f243e30430dd6d3ffad004e318c6e6ed597921e

    Download Submit

  • C:\Windows\System32\kernel.appcore.dll
    Filesize

    59KB

    MD5

    af68fddb20df61ece812b542176949e4

    SHA1

    cdba1cc8fd390b4f8101b5a22b0aa0ba5605c7db

    SHA256

    7d6c60195dfb05eec27377ae25d9ad259d7fdf85fa71d2aa855fd4129c2aadc2

    SHA512

    dbc0b91ac07a640f2c8e6bbb76d95b29199970d282be1aaf9d31e965a3d071440da55862d5f949349a92f86cd3e7a69d9b3cc346fae7fb67089af99f3b038bee

    Download Submit

  • C:\Windows\System32\kernel32.dll
    Filesize

    752KB

    MD5

    1b6d9bd5677f3fe825a7c393ec60dc64

    SHA1

    095de4ddb7bb0b3a20918ce78083382ca2eef872

    SHA256

    e5988a4597838f07fff021dd6c1653a8a459ed6caf2a63da95ec42ab49d37e0d

    SHA512

    9f1869acd9437f74f1b581e5256a2186b9e24c4e68984e58493224c0e575865d48175f14ec2255948d1dc0c79212c272b9ad514466f21bdcfe98b1d7d5f25798

    Download Submit

  • C:\Windows\System32\logoncli.dll
    Filesize

    254KB

    MD5

    5bb04a7a8c4035ec97eb0acc36e6fee4

    SHA1

    16cb991a12c1a1d93eb5ff5293b6048c2350e04a

    SHA256

    b84469293584b8ff2c0340f48535227d4c383d558bcc30d6e16a292d26f51cb5

    SHA512

    b8d6f3baa6d7694d4c730f36e236c5ee5606479116e86177d36ab22bae460a85e26239a4619c0f1622b2bb6ebe2918f3a85844a043dd868709918c19e871d0b5

    Download Submit

  • C:\Windows\System32\msvcp110_win.dll
    Filesize

    547KB

    MD5

    f084efcd67d2deee55137ee8fdfce0a9

    SHA1

    b6313cbcf5a220efae747eb19ecc5f116cdeeeda

    SHA256

    625cf50cd7fcd0e16d0e28514e92919b6ebfb9cb07cd1803110fdb0f5368aca4

    SHA512

    11dc12e31838a05dfab4bd0f8e3a07e5ab6a1950ff780049ea7cefdceb14df92b6de2c9e8c8153f036b7bb19ff96a3da343a7ae9d97c5479ff3e07d47ff022d0

    Download Submit

  • C:\Windows\System32\msvcp_win.dll
    Filesize

    619KB

    MD5

    34692d0bde33641b576c32165fbaaf6d

    SHA1

    09c6a238c7b2936207f261562079a327aa9ff34e

    SHA256

    fd1d0cc8a5ac8bf20af9e1a7ec360dd76dc022dfe992556948df1c17f7a714d2

    SHA512

    7d65519f50fd61b08fe7f676ff98a526c469dfc045c15a92c13d2e2227d41cf2c5fd4bbff4d15a6da22840be4bd7ed02fc03bf96905787e7356eaa0066bbbe47

    Download Submit

  • C:\Windows\System32\msvcrt.dll
    Filesize

    622KB

    MD5

    a4f2d5942fb447cd48a5cee414983e85

    SHA1

    5aff4cfdee689f127df3c555281dc629d4d62318

    SHA256

    dd7c8bc34cdbe30ef921395e874909bbf6be53803822164f75f7207e9f085650

    SHA512

    c464ddc6aee00721fac488256f4ad643634c439558b9ab5f974be9633961a69c99830a308aabeb91e930ddf0d527cd0d328a9aebf1fc2e807dfa2cf02abec3bd

    Download Submit

  • C:\Windows\System32\mswsock.dll
    Filesize

    408KB

    MD5

    89ca286e36756dd0dde53acd953f44dc

    SHA1

    cbd9fd0961f47398df85ae5d89d895c3737106db

    SHA256

    055f34466511dbeba4f082b110216ce9c1c7f056d4f1440d62d5442971a7b1cc

    SHA512

    341051e1353eb7ea8e8b2bd2783ff1da76922fa3513db524114bb52925550dc5c4ca92c59938de498514ad696310f7e7105ba34e8340efcd2fb2f3d80cf09410

    Download Submit

  • C:\Windows\System32\netprofm.dll
    Filesize

    223KB

    MD5

    fb9d4949ca739ff6ae9ff9e43809ad7d

    SHA1

    59f3d1cbd504170a0de4f6ae4b5e31b7beedb8f0

    SHA256

    d8e0e9f86c41f8b926e5e6f9ff2952a994b24f5cb36d4fc4ae9badd06ef6dc90

    SHA512

    b1ef2f4913033519771d8b75953e93ac3249ac8b3f5028eb7f65d8d0b8a3f0e11aab0da7454d463459e1c7517211d8fe0dbf1c68bd8e47807f921b82c504642c

    Download Submit

  • C:\Windows\System32\npmproxy.dll
    Filesize

    46KB

    MD5

    4476ab6612b200ceb6957ff436e10877

    SHA1

    d56614e23a02d7939b165f44c8802b7da7196a40

    SHA256

    7ca45c539218d4a186ee520c4afc29a931a34b2ed83fe10e3b8b23132e2ce520

    SHA512

    3b12e9265ae3b57193ca678612b1c7e2004077bdef8fda1b050a451f53bb612baeba6f89aa1327a7bc4614d66b67ffc14475f4e41204d8cc3947fa51f0ef8c29

    Download Submit

  • C:\Windows\System32\nsi.dll
    Filesize

    24KB

    MD5

    3bacc52f844ea1b30b8ef8ba0d08bf0d

    SHA1

    031070c5ae780472e409f1e49ddde124849dfa45

    SHA256

    21293c3d3ba83ccc45135f33d2c70bffae7a347e9f0b9fd556622cef99291923

    SHA512

    c8befa3d89234a68754683299e3c63f7b0c4465743d07ed48cecc5e0c34b9c4756f71ab29695790b7cacc382f7f9cca4b3111f9717694e4518567300920b30b8

    Download Submit

  • C:\Windows\System32\ntdll.dll
    Filesize

    1.9MB

    MD5

    47ccb0e28d73f695c5d5266ffbb300ec

    SHA1

    63e6167944df951ad2d279d0b64e37bf2f604c07

    SHA256

    12d1bac765448db638adc8327de1101e5e2eb5829b8da7edd5b216a45c717eec

    SHA512

    8219f5cfd7a6bf28b8880529240e0b49a2fd78c0c5227cf6471cbf153fd32b2664ae31396d4b6897c2686e5b7826b9f9dad434e82e7032c7a5aa3ee9b2771145

    Download Submit

  • C:\Windows\System32\oleaut32.dll
    Filesize

    812KB

    MD5

    eab5aded2242feaee371ed5cab6ea919

    SHA1

    d9d46f3be08dd8b988b873c4e034c622bc0fb119

    SHA256

    bbe70836e44ba71555906d37011ec2aa3f86bd1314f5431406bba8f305dfb570

    SHA512

    44debfc49043003a3e95af09e6687783c55f31009fa4d156218f70fc4ec41f1f086aa1eaa2a5b044f8d1982554a3be525625c28ca617b9db19f0558b27559c7c

    Download Submit

  • C:\Windows\System32\policymanager.dll
    Filesize

    633KB

    MD5

    1500d26519d73ae1b997421081459a38

    SHA1

    5d1dead9ef60c8b47ffbace82794a8d6a2be29ee

    SHA256

    52fa7c1da3158a75ead78d2e011cdf98031e25521b5b369d23b2c3a53365264b

    SHA512

    4cb99bbbdc8b3ecf200aff69e4dd8a82b590848da238d37c2e44e30366a821275c43e567043eb2dd068d494da464dcb7b3816d04f044743718ec6b5f353e8eef

    Download Submit

  • C:\Windows\System32\propsys.dll
    Filesize

    979KB

    MD5

    b5b4006acf4d06112dec1d2d3e86c431

    SHA1

    0fe3f7f5ad40e9b902f4438f55cdcfd9fcdb5cb0

    SHA256

    bf1a5b4b8178c8092347e0c977e0b1bc11a287f703d5ecf68575589ddc6655f8

    SHA512

    0249f9fff40a135356120e9a7eb8ae3db0904ba0554bda125b20c264c1e93f4960fd713b7ca8d7c02202034ef0d0bd623bdf558834ed21ad5630f36036b38f45

    Download Submit

  • C:\Windows\System32\rpcrt4.dll
    Filesize

    1.2MB

    MD5

    dc0b01c678d532758d2b1fac1566f89b

    SHA1

    b35fdb8d452e39cdf4393c09530837eff01d33c7

    SHA256

    c84bbd6d2e4f0334d75d6199133515fce3d44439062095f0dcfd1f8df0f5183b

    SHA512

    7a898d3ef8ade5047ebe59ba1aa3a82ccd6ac0d12ec0828726dc49ee2791c2c12188052893e208374040c64f26c905fa08363740327735becf9b2fd79e3792f0

    Download Submit

  • C:\Windows\System32\sechost.dll
    Filesize

    610KB

    MD5

    e127fce942c28931ded1442a1f2e84bb

    SHA1

    2afe30f581351040cf0f6c721fcd33cc285158e9

    SHA256

    f900de6143d808a03584075417940c5d42bcf612811a19129059a696be8645d7

    SHA512

    c6eea30c104cf775a2732492226570bd9cecd65efbfc8f33ac9fae1c2584f8bc0a3121b5dc3566049a8f12aa1260ed002ce39d8b0c996a17c139960d1b20c248

    Download Submit

  • C:\Windows\System32\slc.dll
    Filesize

    143KB

    MD5

    4f6f869094d632eb65e88ca037986aa3

    SHA1

    681b0201ca12047db8768462497be8aba49fea29

    SHA256

    a68d1f8265d6a1175e55283a6f57b96ac94bad9585d19d3d56f8d2c6d4c92df4

    SHA512

    1d292560d7c91c4922113181ae757f15e61c43edda5daa68e83f946c9abe5d05272adcb88a2e90592adb002148a6cf924c0478c4008edd4addf56d6d3f4e3f3e

    Download Submit

  • C:\Windows\System32\sppc.dll
    Filesize

    127KB

    MD5

    1a344a53306779abd7a3242f7521ca19

    SHA1

    93105d0b684532fd5ae8f302497beec84891087a

    SHA256

    63acba2d7b1e0ff51b1fb5eddac20b89e7d47051a4d7e3180da4f99ecca8ae32

    SHA512

    d622a97d475094d0043b49bd34ebb8a1ee7f89701715ad147f172a6809dedb8d11331ae11a860dbcbe108dcfc643f5d6f5673b2b8847c9ff1e03dc06a70fdf43

    Download Submit

  • C:\Windows\System32\sspicli.dll
    Filesize

    182KB

    MD5

    956ad5a3683b1d05ecb2927114682495

    SHA1

    1c241020754267181dd501949e0d43f35f0a4d10

    SHA256

    74542c85c237583a61bfd6296e7610da2973872645ddc614ad837705d9c4ac72

    SHA512

    39b691f216778a42eb8351cf84222c42d8bee81ad5ddaa480dddff36c419778abd63d08cc09a431df18b37fca4f98af104dc8ab7967b5864c90b77474f377a94

    Download Submit

  • C:\Windows\System32\threadpoolwinrt.dll
    Filesize

    66KB

    MD5

    a0dea5c1f4ad089439054c8c0ae8c8ea

    SHA1

    5f7f1fb7dc8822573ba9130fc5395ea8d94d0258

    SHA256

    192e53a11e563333ea528dd2682bf97690f7d9b4b15dfb8fd111a39980a513ec

    SHA512

    e3632430f46fe2cda4f7db81e93deb0bc9b1ebb8ffd25d6fee5a3bdf3c8036c0d1374b729c06ed42c91aee2f6b34765d1552ee8ece357753ec984bd64a6aaee5

    Download Submit

  • C:\Windows\System32\twinapi.appcore.dll
    Filesize

    2.0MB

    MD5

    17bfa6a3976985873eac662f03341cec

    SHA1

    a06acef0a8fac114709f9fa61ed079724559bd9b

    SHA256

    73dcb1aee444575b40f189b90af2058664a4ed5e1bfc6f13f5ed925550292732

    SHA512

    19953627c1bdb87581d18cf0ed85b5091a2c42a43ad115d2d72a13d609f36bfacfb25e3a560e7f6be975021bf091ecc3672a5e8f97f35bc61ee8e59f6fdfcc26

    Download Submit

  • C:\Windows\System32\ucrtbase.dll
    Filesize

    1020KB

    MD5

    2c8fe06966d5085a595ffa3c98fe3098

    SHA1

    e82945e3e63ffef0974d6dd74f2aef2bf6d0a908

    SHA256

    de8d08d01291df93821314176381f3d1ae863e6c5584a7f8ea42f0b94b15ef65

    SHA512

    fb08838983c16082a362b3fc89d5b82e61ae629207c13c3cb76b8a0af557ad95c842ce5197ae458b5af61e5449cbab579f509fa72866308aa6fbd3d751522d0f

    Download Submit

  • C:\Windows\System32\umpdc.dll
    Filesize

    63KB

    MD5

    8cdd866e0707a71952fba8be899b7512

    SHA1

    25635102c3159c4ca42e802492fea502316054ba

    SHA256

    ab37401f78b29cc26db5b27b3dc0cec3c37ce99ad4e9df6ebb54f4a239f30232

    SHA512

    51225b22a143fb390116112499e5c10c2ffabcc1c582a0f8e04d7c913cfcb75f79bb1dcb5310408dce81389c22dec00eef5bb4df6fcf4c7c76de141ef8ef28f9

    Download Submit

  • C:\Windows\System32\user32.dll
    Filesize

    1.6MB

    MD5

    f804d60514ec31233e6df99949b7ff1e

    SHA1

    96d48b58e741a33d6729d4d2ae57f7f52a0d4961

    SHA256

    a1331a9b4c8cca6ccdda97efa7b57fe249cb1753b0ee9c212a41856866c21b23

    SHA512

    fa60f5ea399a316946dd35c0c346ff6cf19e76d905055f4473f11edd47dae937efe2482ef4a0bb435aaf68d4aa29ead23c538231f66d2a58499d79547341f58a

    Download Submit

  • C:\Windows\System32\uxtheme.dll
    Filesize

    614KB

    MD5

    77b94683930015f413c0479f4f21e8f6

    SHA1

    e5703d9697da0d23023980847a48eb3e49f22458

    SHA256

    8080001033997f644aceb6a08c9a8fb445a9e338ec3202fa819936dc71f06367

    SHA512

    57ca6c40b9c5848fc5aa5e3df73249af41dfb09e3b84309807b6a84385cf7d4324cf831872e42ce456fc1302eccde3aeef8feebb57aa451811540fac25545924

    Download Submit

  • C:\Windows\System32\webio.dll
    Filesize

    586KB

    MD5

    743dbafa395cf6a3edbddc785b3903b7

    SHA1

    7102353adab408fa68ccf1632fe8b33096b7e9d5

    SHA256

    a0572142ce2d871319eec032cfc9397a3531dfadaa6c836ee0070878409bde94

    SHA512

    15fdb766c1d9ad6b8a7be94042235fa87d892d4381055e9af2387fcbba8e294fe0160d74b40f0875992ffba98d3505e874ab946b5e2e68e2a46510bb84f62323

    Download Submit

  • C:\Windows\System32\win32u.dll
    Filesize

    129KB

    MD5

    1fb6e05a75de3ac92adfdbf8f8dd2bae

    SHA1

    5627fd2027f52276b790c2c4a6ac39b5f370728b

    SHA256

    f9f54817d8174c8cefecbb36c1c001d8a088bfd87d769d38f2dd0b5108c668ac

    SHA512

    a26f4a1583e77e0d2b8085813b40b17e5e007dde602f92a1e0d736c41b1adf56bfa0a5bd4715dd281cf7acc33d034b8dcccdbf71ceddca8a8082368181881eb4

    Download Submit

  • C:\Windows\System32\wincorlib.dll
    Filesize

    427KB

    MD5

    61f81db6484c0e94820ad6f8bba5a03f

    SHA1

    167e549bf81e0c9d27f8481ce4904d8627549e1e

    SHA256

    d8dcc13ee3c37d6412c120a6370a15ca3d103571f7681fefb06709d8191f95a3

    SHA512

    7634db3a104d3ad4ef9970cc506111d58c5ff39f9affc27abeab6556b1c1dfd4b0e2e7580e9410c2520cf6cc3d75f8f8e9c0bfd8f2980cec8dcec88e6a7b68e3

    Download Submit

  • C:\Windows\System32\winhttp.dll
    Filesize

    1.0MB

    MD5

    9a00e598d3dd0aea191abaf6b6825187

    SHA1

    0bb2af1b1edb22cb65398e3739e1863378b83d32

    SHA256

    dc62a2ed8778c75b29e5be10092cfa4aecfd6f7bffdda031152f0cad704d5bca

    SHA512

    dac9e1974a71b6d580a65062b7d7d0e17edf82f5eb3fe458c8ba7f39052fe82f9346874d7fc54f2fe523f05b0239a1c0b1eb99545a3185a8cb493b0094e50e92

    Download Submit

  • C:\Windows\System32\winnsi.dll
    Filesize

    34KB

    MD5

    c552b64bad90764055c33e68ec8250f9

    SHA1

    5a52e89c3e290eadf41c3b5babf3b88bc0087299

    SHA256

    4824fce965b9dec8d78842cdc3ebcdf8d2d2ed15de05d5007fb18c1b2de79e11

    SHA512

    369d86b338c477f6706e80457d34abb7a0be916cba5e90d2bad664e7b5c66eb8841c2c36ca6abf70ce30bc21e23f4c63701518b3f3ff9a38b046a25eafa72c98

    Download Submit

  • C:\Windows\System32\wldp.dll
    Filesize

    168KB

    MD5

    61f961a945669430557457615cf53493

    SHA1

    5b12fca5bf3ee6d0bafc18f96dc81604bb95de4a

    SHA256

    08225860b8e9b712439cd83bc3a04fa802c56c5fa6c2471f23e0047ac639f1f5

    SHA512

    a89e09a2897e496b39ca6f6b30e4545c195b4524936b4b184fe2a65aac1901de6c522c1eb573954b4279c008e2b7c030249f87f327379735c393ac4e44cff6a2

    Download Submit