8638b506bbd352b17dd7afb3b53076cb6e1eb7185c6cb640721c1f53159a55f7

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2023 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

090de4961821bf6dfbda902e5a758f38.exe
Size

278KB
MD5

090de4961821bf6dfbda902e5a758f38
SHA1

09c8ad78bf1e4f165c1749f67a5087b75c3c33fd
SHA256

8638b506bbd352b17dd7afb3b53076cb6e1eb7185c6cb640721c1f53159a55f7
SHA512

24fc58e86670bdfdaf5e1a2ef31598e5dfab096918563be4f2b14c779596b7afa8382b59a015f3bf4b95d89fbc0c3cd5535dfd53328d95ee42a05600bee8c5e8
SSDEEP

3072:v15rEsm15p15rEsm15aEsm15p15q15rEsm15p15rEsm15C:t5rZ05b5rZ05aZ05b5g5rZ05b5rZ05C

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	090de4961821bf6dfbda902e5a758f38.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	090de4961821bf6dfbda902e5a758f38.exe

Executes dropped EXE 1 IoCs

pid	Process
1196	exc.exe

UPX packed file 49 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4276-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4276-9-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000100000001dac5-22.dat	upx
behavioral2/files/0x000100000001dac6-26.dat	upx
behavioral2/files/0x000300000001e609-56.dat	upx
behavioral2/files/0x000600000001e59d-111.dat	upx
behavioral2/files/0x000500000001e59f-115.dat	upx
behavioral2/files/0x000500000001e59e-113.dat	upx
behavioral2/files/0x000500000001e5a1-121.dat	upx
behavioral2/files/0x000500000001e5a0-117.dat	upx
behavioral2/files/0x000500000001e5b4-132.dat	upx
behavioral2/files/0x000500000001e899-158.dat	upx
behavioral2/files/0x000800000001e86e-156.dat	upx
behavioral2/files/0x000800000001e86d-154.dat	upx
behavioral2/files/0x000300000001e8ea-185.dat	upx
behavioral2/files/0x000300000001e8e8-181.dat	upx
behavioral2/files/0x000300000001e8e7-178.dat	upx
behavioral2/files/0x000300000001e8e6-176.dat	upx
behavioral2/files/0x000300000001e8e5-169.dat	upx
behavioral2/files/0x000300000001e8eb-187.dat	upx
behavioral2/files/0x000300000001e8e9-183.dat	upx
behavioral2/files/0x000900000001e86c-152.dat	upx
behavioral2/files/0x000600000001e86b-150.dat	upx
behavioral2/files/0x000600000001e869-147.dat	upx
behavioral2/files/0x000700000001e868-145.dat	upx
behavioral2/files/0x000800000001e867-143.dat	upx
behavioral2/files/0x000300000001e8ef-198.dat	upx
behavioral2/files/0x000300000001e8ee-196.dat	upx
behavioral2/files/0x000800000001e866-140.dat	upx
behavioral2/files/0x000300000001e8f0-210.dat	upx
behavioral2/files/0x000300000001e615-212.dat	upx
behavioral2/files/0x000800000001e864-136.dat	upx
behavioral2/files/0x000500000001e5b3-130.dat	upx
behavioral2/files/0x000800000001e5a5-127.dat	upx
behavioral2/files/0x000500000001e5a2-125.dat	upx
behavioral2/files/0x000600000001e59c-107.dat	upx
behavioral2/files/0x000800000001e59b-100.dat	upx
behavioral2/files/0x000300000001e614-90.dat	upx
behavioral2/files/0x000300000001e60d-69.dat	upx
behavioral2/files/0x000300000001e60c-67.dat	upx
behavioral2/files/0x000300000001e60b-65.dat	upx
behavioral2/files/0x000400000001e60a-63.dat	upx
behavioral2/memory/4276-248-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4276-256-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4276-279-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4276-531-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4276-764-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4276-999-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4276-1297-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\auditpol.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\dskquoui.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfcm110u.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\tcpipcfg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\UserMgrProxy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WLanConn.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\comsnap.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\fsutil.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\netmsg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\provcore.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\sysdm.cpl	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\AUDIOKSE.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dciman32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\inetcpl.cpl	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\windows.internal.shellcommon.AccountsControlExperience.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dmloader.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\g711codc.ax	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\Geolocation.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ieframe.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\RMActivate.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\vdmdbg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\xwtpdui.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\AboveLockAppHost.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\capiprovider.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msctfuimanager.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\SettingSyncHost.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\vss_ps.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\auditpolmsg.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\odbcbcp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\perfmon.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\winmsipc.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\acledit.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\KBDUK.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\rasppp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\setx.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\wavemsp.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\comuid.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\twinui.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\dpmodemx.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\KBDOLDIT.DLL	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\mobsync.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\regapi.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\sbeio.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\TokenBrokerUI.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Search.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\wlanui.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\FXSEXT32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PlayToReceiver.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\policymanager.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc140enu.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\mswstr10.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WerEnc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\KBDUGHR.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\MSWebp.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\twinapi.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\dnscmmc.dll	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\KBDSW09.DLL	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\SysWOW64\MapRouter.dll	090de4961821bf6dfbda902e5a758f38.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\WINDOWS\bfsvc.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\splwow64.exe	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\mib.bin	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\notepad.exe	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\Professional.xml	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\HelpPane.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\sysmon.exe	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\twain_32.dll	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\win.ini	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\write.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\hh.exe	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File created	C:\WINDOWS\explorer.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\setuperr.log	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\system.ini	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\winhlp32.exe	090de4961821bf6dfbda902e5a758f38.exe
File created	C:\WINDOWS\write.exe	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	090de4961821bf6dfbda902e5a758f38.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
4704	msedge.exe
4704	msedge.exe
2328	msedge.exe
2328	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 1196	4276	090de4961821bf6dfbda902e5a758f38.exe	89
PID 4276 wrote to memory of 1196	4276	090de4961821bf6dfbda902e5a758f38.exe	89
PID 4276 wrote to memory of 1196	4276	090de4961821bf6dfbda902e5a758f38.exe	89
PID 4276 wrote to memory of 2328	4276	090de4961821bf6dfbda902e5a758f38.exe	96
PID 4276 wrote to memory of 2328	4276	090de4961821bf6dfbda902e5a758f38.exe	96
PID 1196 wrote to memory of 3868	1196	exc.exe	95
PID 1196 wrote to memory of 3868	1196	exc.exe	95
PID 2328 wrote to memory of 4876	2328	msedge.exe	98
PID 2328 wrote to memory of 4876	2328	msedge.exe	98
PID 3868 wrote to memory of 4524	3868	msedge.exe	97
PID 3868 wrote to memory of 4524	3868	msedge.exe	97
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 3600	2328	msedge.exe	100
PID 2328 wrote to memory of 1292	2328	msedge.exe	99
PID 2328 wrote to memory of 1292	2328	msedge.exe	99
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103
PID 2328 wrote to memory of 1348	2328	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\090de4961821bf6dfbda902e5a758f38.exe
"C:\Users\Admin\AppData\Local\Temp\090de4961821bf6dfbda902e5a758f38.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4276
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffbbe7e46f8,0x7ffbbe7e4708,0x7ffbbe7e4718
      4⤵
      PID:4524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,5805497509007498903,3025451829012373706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,5805497509007498903,3025451829012373706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:1920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbe7e46f8,0x7ffbbe7e4708,0x7ffbbe7e4718
      4⤵
      PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbe7e46f8,0x7ffbbe7e4708,0x7ffbbe7e4718
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
    3⤵
    PID:1348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
    3⤵
    PID:1848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
    3⤵
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:1356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3260 /prefetch:8
    3⤵
    PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
    3⤵
    PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
    3⤵
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
    3⤵
    PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
    3⤵
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
    3⤵
    PID:3552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15483073275816748558,3688379253935891063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
    3⤵
    PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:3560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbbe7e46f8,0x7ffbbe7e4708,0x7ffbbe7e4718
    3⤵
    PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380 0x4cc
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
b73a6f6c89458da653eff06815c41f32

SHA1
552239133c9e3ceea1dafa0e18ab7f18126e51da

SHA256
aaf655057c3c56e558c922e494faf25dfe36b9d4fd8a022a2de6e57023a5efa4

SHA512
17449ffdc1fa9f6aaa40af89404c09ada592c35ef7335456d2e8715e5395d9de83c82d1d57d1d9e1831899a1d48402e271afe3b02e692896b424374a437a3fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
a20718320044f48bc7f34c41b0038c23

SHA1
081b6a0d3743af82372cb3c29c2245d4bc611bff

SHA256
e9e1ac80a4a21912d9092513c250f28bcf9fae616277e25bbbee7c278843898c

SHA512
ce386194dfad8fd3d3ecc96cb257df6e8836f0a78e16183f49cf44b2719e1c5f01a0e6ef9f6045d5569b0fed87ab2a0c4a44e6dadf28e4decd0e514f04a49650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0c25964364cf29df6ecb958e4a6d9185

SHA1
d6f49930e41364722522d6f376623ff3bcf753b9

SHA256
0e183b6824ff57faea5d56b202d09eda6215fdd57322d6fd893a59e599ebf1e6

SHA512
d9462c533a5ea6c4e49b8bb4a51e3799342962e1175253fceba8fe67ed72ff14fdc3a450ff81d2b7af32ec8a1dd68302a8d57077409b1e3b980e9dd441bd72d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8be33665028d3682f3f6a19388faba8b

SHA1
bdc176c4a460ea9f2add18b41780592227be743c

SHA256
1fe37de44635c003093ad55e879bbf9e42e55dfdb99984e40d16478316e2530e

SHA512
cabc3713ff25ec1f4721c905061f0732def9f89536d950a1a0cfb23b9284c0e249898eb259677fee3a8d2c6f22d82eed093e16627b74e0413c5c14b4ac604da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8efbb413c9f76e14de376e41ce55de19

SHA1
9b4dd07f0b1599b4f4a661cb69d20ab6c9d48677

SHA256
1bfeeb93915929423be54302e9983c4bf51cf0173962d83a92c0273479bd463c

SHA512
5de63c5440b18e930cd0ab044e100e901884b683d6790fe0e9dfddd0d3349117895167486776c77a7efd10f8cedf0a6f03be0280da15374582ab600ffddc868b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
885e236fa2c703e57731017b6240502f

SHA1
6eced8f68949cb1818ac63423bbf42ef26e922a2

SHA256
60e9ae3a6e684e8c37facbd6fe10f4c98c81b562bcf257d4196e604bd77faaf0

SHA512
92a7ff20905f7805390526d49736904951db75a62f10f05121c15832567b6cd261045aafd58adf889b21b5fbde284c7ae6e6380f1da4f1e5048ca8a5481495ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
57268f6a41709a323a764a129f2af1b2

SHA1
0197a61f0cecf062c7d780998fb65f197d0c3a11

SHA256
5b8691a345aa2ecc62a041f2510bd27b92c314576035237d8e4a1c38ce61ab66

SHA512
1bebf743fcb2a485a5177e82a46c019d8461e0ebea1f880379e7bdbd07b4aa8e6f20bde8292f44bcb51fa4861e836df08ccf3c6f78dd99890690e932a81669cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
556566d890a03509adb2b57d90f90150

SHA1
65771f1dd74d470a52f927bd2cd356b7342fd329

SHA256
abf225dae98f966ab253cbe6357a9c5067c45085c0cca043addc662d1ad67bd1

SHA512
1ea063055e2fc8bd3005ac8c029b9bb87b22840a6535b7e2c450dba9a01e97e19251be257146c90fceeaf68dfe0e216c7728988552e67ac5a7b37bc9da544e67

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
0653b44a7988bae38ea5c940f35839c8

SHA1
f4770c07200d2c19a8fd1b0f2de2ef588aac0fbe

SHA256
8d0be1c4b483b26a23a72e29831959477df2f98c618003b62f9395a4c264f08b

SHA512
117c1bb470b3017a871810eef3628c20de5d5571d5a899e7185676f4ec1ca0a399b6eb0e1f2b67c8380867dad0d5113bb7737addb77cfcec6f9fb81a4ab007ed

Download Submit
C:\WINDOWS\PFRO.log

Filesize
28KB

MD5
7a6ced9d9f0c895574f9593f17edde2c

SHA1
2f4aada23de5e77caab33f6d8dd0ed2247e98466

SHA256
ed4faa289769d70269550f079142d4cd6b05ccf31c5b9b89f3725f168df35317

SHA512
dce3e635db976e1d0d99d3c2f42b7a62703b20d3b1b8bf899606c744f8763c1fb22030199ea22570fa935afd3fe0d225a981cbbfd4503fb3fc7c7f59cd348212

Download Submit
C:\WINDOWS\Professional.xml

Filesize
57KB

MD5
607583cfe80e075dbece7a78429c2dac

SHA1
f7b9746d4b958a8b3bccf620d9a7a34b3e4203a7

SHA256
18779bdf9ce205a481c685cc906f4e2641be00ff21395a48a3261c283dce64e4

SHA512
c63e3f061f4eb52ecf6ef7daad6994da1eac2cae189ab15377bcc997f749ba8982be329fc1ee10420fc817c5ed925f66c3dfc8f60cd10bea6938ca29d0efb098

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
64a0bf794fd8eef862073facb5749dd5

SHA1
90dd05578cdd8ce8e17ecb4f5b58f58c2f79e60c

SHA256
dd1a28c406b7311edc7773719eff9488d97f35097e1302d1ef4a96a43535b283

SHA512
454ea736d2bd22f4553b93e345baabd94a8a7a84238fe3ca886bdd889d5a7d884279b3bba454535f6b134a7ab45c6f3e0d276325b45f395e402fac2377d8d3ab

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
a5ac3bd4280e0f4ce081d0e9741d801a

SHA1
8538a63390a068dd6c97ea6441a3aad40d1407c6

SHA256
04c1d82c3ebb1d9dff0f1045602f9df29970d3dfc8bde2aea4e30eec901a3a2e

SHA512
2498051e63c781ce0c0ad0cc5603358d9bb83de698073bbaf326f7f4fedb89171d45cd31d125f46a661793c6abc9d3838801f582a31e3f6c11c275cbf17c66a2

Download Submit
C:\WINDOWS\SysWOW64\concrt140.dll

Filesize
269KB

MD5
8db22788fc2cd5411dadf50f2783d727

SHA1
75759f6cbce22167f15cf4dd27c2cf359508ae0a

SHA256
a32bc9287b3c898bbab3a805f9dabbe1716b10ac823fa6a67a9b4e1a1343f2f1

SHA512
c124f2beae7c2f26637e9267a5816838ff8ae28c2f1dfd3d536d003a564ddab3605af5c49541f81bb642a8082dff8446f609217836a24bac1f76e430a157da0a

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
27KB

MD5
7805538d58f3fd8f35095e8f23cc1877

SHA1
36f902bc2df05b944308d253a00158804d4e1b10

SHA256
36a283a3dff96092b04cab3626eea056a66ee17b98e3b77f0aea277e0ebe12c9

SHA512
609109db72bd23cd8e9fafa1b40ab8d7d35f2fa46f49d32a8909d7a8464e8d9164c032adec3d1e071064fc82480fc884b538070ca416019688e373abab5689fd

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
1.3MB

MD5
79aa9adadc90250f05d4e965f804fb6f

SHA1
8782205da27b3a4a54c7f4657a275b5be51afa95

SHA256
ab2fe32f3469d4fe039c75eae3aad997247218d3abd712565cc7c19dcb09424b

SHA512
74f06b6e9bb18c66b7716f081632f059bca48854e0003233607dadf0702fac541d9aa7bf4c07173607ec16379f4a3e397e94256207e2f6f49acb743f262238b6

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
90KB

MD5
1e04604adbed7239652c4d7fb8b9cc99

SHA1
198b411f097a15d7b0844d1b6cc293bd51f4759e

SHA256
c55b56559d3383d33acbaa3a9ac771e967d18fdd6c0508ff97f5aea5690a81f7

SHA512
1615f5c1fec34cf57c62a0c1e2bca5b2d2b11aa9af6b2ce7815960e82f6e645c5c7afaa1daa6114e5c281c0c461897ae98c36e5e86f9a3a080db6de908a86632

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
90KB

MD5
70bb2292f3450a1c2e251723d9b60425

SHA1
8d5211d3a5b34e111b27b802f75233e2c26cb89f

SHA256
38bf7eeb4e4e27f90321e2178e5865d81a2026ca5e7144fc1a411b2eb5579bea

SHA512
f69c747b9ae2ffe164c2b546f1f18d9764e01c6cce7c088eabe1eef24fbe8e70d72edbfa1f21177d962f7fc95b0cea77f5d192c73db75607674fe7ef619ca001

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
118KB

MD5
de6b14984963b16e0e654a88ca06b421

SHA1
256f2465c973d066b1a544cc84f3e20bd3eb39c2

SHA256
b78bb7b9c9a14cb2490149cacd0a429989b5c8ceff33026fa8613d1fae8b6e21

SHA512
c7db039d1845937c4aad5ae27d9c711a25850f2400b3816e8b107e827faffbdb131e8a2d71c793af3bd98c514fe351b6afe3496d89f08f95c8395b68621889b3

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
109KB

MD5
24e844ea9379c585464c6ed9067ec322

SHA1
2af0ce660635a63975f760c4d5650bbea709dd20

SHA256
883c05ec0b1daf6c15daf0614a8bb5db11e4abee616de97929b818eede999e44

SHA512
b6218aa7ce5ca78a6684d8e0ae20b40e4f7a148e7b7dd7d4502b2eeb0b0c5cf3269251b903dd5f167204e70e83738aab1fa7f6dd7ce1cebf2c19ea5a44f48049

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
fe9d1614cb5a36ba023aa1db96c2c5e0

SHA1
c2ec0330889a9fbf38a868e36e277c34d909593b

SHA256
54e8d78930bf26dc70d3cf2ec11af6b3be4558b6d1990be7666d88453342fd46

SHA512
c4156a019d4aa27a56a05292a35a28618c71b2e91ee99a3276be742aedd3e64af2235da666510120891dbb602b152a08779b2af0e7479a38ab9755638b230ae7

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
0fe93af8c27fbe3388c7924c668ae14a

SHA1
883e285066808b274e35ce571259591ee168a8a9

SHA256
dd356a50000736606b809874095436f56f745903c876e90e5576ffda822bf3f5

SHA512
0401d1632eb76fc92942651653db076de25a2a39bd5397be448700a359371b01a08711d1addb7b8e794c0cd733a4c7d035dd720746c2be87a63d936219a2c1fc

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
438fb30185dd023518f03ed923800358

SHA1
a262df24ad7ec77dcb6bc80ea10e94c577c85a7c

SHA256
6262acc1ed8dabad415f73878d5e8a48f784a0334c372e12660fbf369f384432

SHA512
7cfccb0bab3bd8ca1dcd30889b0731a35671b8673e116c2681f28a53a6818f5c776e0472a29e3ea6c290ba51c4c33c4c8b0c2470155ce8eb7499f58571276b51

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
bbf34662606184e82c1048469c80553f

SHA1
518b9756b978c256025ff31a02f50cceaa845039

SHA256
93fe0e4c65f07a64e8f8f3519ffb8ca002bde72a29b398be7b0948c40570eef3

SHA512
8f5b52676dd3f83c7974b31e060517028fc63d64cec4d06f0574812c788ebea62c723b087e39a79dccde353b562e89aca871e5ef9f2b5670ffc5a6a124a308e1

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
97KB

MD5
9150e84ff8688b97cb66507bb266a23a

SHA1
d13b7ae03a1d25f4a524fc014488d0c96e648f6f

SHA256
bb912e8ea4f6c22483ea9a7bdf7e0ef69c2916079bbcc436d24d28e7989ea7dc

SHA512
3f99fd508a4cb6d1472f0ad2409274b9e4d3eb249165eb2e2cc2a80ef9c60f20b44ef1d596e82874cdd3bb098bdd7a639615dc57a467c6a764790e7af1c3c382

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
114KB

MD5
4c65c7a201680df149d3d8260e89ac2c

SHA1
40ead11bd905cb25b0cd3cf2b4d2ad7f72731152

SHA256
2f139f88be1de1884eb03e1aa6048dc0a43b7125f06b53cd4bc8fd11b5806571

SHA512
13ef378576f54f2ebdd3515cbfe86f7f88ffc65e6269b793bab1b73efb11442aa9e87e201b3a2a7c0c90dd948ea0170745d58a2c8be266d5bdedc538f41c8db7

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
1.8MB

MD5
97bd082c522fb593cc0909c9733e7cb3

SHA1
9ee0c2036e21a31d61c32e2b7727abe0474c6cf4

SHA256
7074358016bb3fa994f5b0d9222d19540e7c8d5d09f82d05ee4dd6d6e67e5503

SHA512
f7cb312aa31382565c84d8aa290f0cba04283e8d5788047b4d1594784ec256d7239a8178ca1cf4a29edf8be66c25bd6f6e897bc97deea979f5784117e9eac836

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
144KB

MD5
01bcfa498d5480c53d56e4e89a82527e

SHA1
6235b20049abcbf66fae436672b5f17f7b9c9675

SHA256
418e5fe050afb62ec9865f064f653ae8970e3d135cd0ed6f3a401327c9f34691

SHA512
85c7bdc2cdca89c707e59461d80ee503e640c5af285f638d3a401e2d6e484950e2c8ca07d821d0a899a113b05861d4c3746b44f8f869cd15b65fd549540462a2

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
83ae23348f33f76334ac6674103fb391

SHA1
45ff4d128af3f4aea2efd75f5fce8a700514b0a5

SHA256
47168cce039f84ce3e8f101935d93cc26ecd98841aa9668192121bef1b58d334

SHA512
9612301c131673bb064b1e287a06d146bbd00d6918e580f003d494f154fc0a81f91b389ac01089fd5c8b23027bed9272551e7abdc6cc44ad66f6f4dabf56b637

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
64dc0f3d6c8220e5a5e91aef23e5b146

SHA1
4e553a99c976d20173175578b4f9d40814c8cc9e

SHA256
36cca2081bd467a15f8816824bc43f1ed556b38a91a77be8bc142d0c920a5a4f

SHA512
c46e99155066230cf5d5692d1f7cf0bddc467c9469e3d29785b6601c505cfd16f57e6e52f3750f90fba71b4fc3ca6c08864510dd54babd29b7e1602be333091d

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
97KB

MD5
164f625a3e6b5d572e019d24ea65e508

SHA1
dca73bc2a35039742681e969f3daf67fa1620885

SHA256
fa7c52274b74da3b8f7c9bfd0224d69c86eab3f9abedc626ddcbd590c1a5d857

SHA512
7691ffdcb4bf0814f31453e57b860725be9f619b4d35108dde9ba59c6718474e3b2fdbc44ddc89f3b51477eb3083f5ae71ea95eb4240447d4590cdc378704116

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
860e6c7bc122b19d10085e86c86c1b16

SHA1
58e640dee84945d0bae36523907bb5d8d56b3f76

SHA256
935fe54b0616067165c7d8f4d6bc2778fa7d5281f4740c314c93f7f0f4a776ac

SHA512
62d9ed802aa1443048d024a1a1a46fab7775b32faac16631d2c98ce0a572825bdb707312c562d586fb197b9e815b3fbf52a806af20822c2cf9cae3982fe9536b

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
99KB

MD5
2e3b8a5c0439d5229545926abaebc541

SHA1
de7326f96741e2d46a757d0f8a39b9fe0dbe2107

SHA256
282ae80b12e2809d69df08c14093f527ca34c4cdf6b2ddd05115104414d010cf

SHA512
996896cf36425f092a1ee9851641dcb09e917de7b3b7d84156724a7db9f950cb911308e73dffe8973e72f8a132bc5d4d481e45372877c898b6ccb121c9f21b48

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
22237df608798014b31b7dcbb6ccd217

SHA1
cab02fbfcf3df419d1965693ba06940a88a3c103

SHA256
46edefc274a73b7cbf4790e23ed39d06f0595a825a28f90243da70508d242c60

SHA512
4e15ca8411820aeb5428841f57de222fd4f64600a7310595279a36aee791bf9d94820766eca4ac6edc858975887f6869f99248d53ec391bfeb038b4a2a10c129

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
afe0302cd8e41427868837b75f82cfe5

SHA1
5f79409ddc263cf0de378485ef2d608afea385b9

SHA256
a3eae15a7590feeeef48dec2cb3be8875b618dab8353d610b441a0e97ff8ae4b

SHA512
68275e65d9deaf9a4d41705843be2d6eb4e2e2d5dd495b9ea19d20b92e95b7e9923bf52902ee102999a85b9d36b07e394203c3f86bb79fd6f5ddf3d93d4db1e2

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
d624a34940e99fb23d88395f2999359d

SHA1
eb9b925005967f1195a87e36ee4e713769907d12

SHA256
eca0b4b121ea0517b345041e45667eb1dd4fb7cdb29372e9fa3e753be64a5581

SHA512
6c795b1732e2a13b1762f3b0c9f639cb9cd30fcbc030be1e8695928238c910f163b00f31d6a8f8e6d1746bd0754295d0982afba3e02261b5926fb3fe886e5b9b

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
1390fb334a0194ba9f31657ceef85594

SHA1
83eaa286c0277e1de97398b87c4d75451aea02f0

SHA256
3ba7c2f2ed8efd74b2a65d013c2041e7ce73b74e5d7f59a578a6fdbb78913963

SHA512
76e90ecac1707cad7e06251f3eee8a0372c1edb0af7cee191167f373ed2e1aa1fcbc7f226968b1ddeced507c9a8f42eaa58fc1d6cb5ac965f30ae9b55c86c1a6

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
bc450129940cc21f83a2167d069c0974

SHA1
367dfdc94568d31941c944288968490b6a4ad4f6

SHA256
9070292538d2893f3566f7fdec1ada806cf38d17c1f27d4c9b5b47b3f60f443f

SHA512
e49f056147f58f8bf0b3d1978518d085529339162f239b254ea89e634f174aeb6736b8fa59c71b1cab974f3c22825d539f8d741639b9c2ba8260861013e993b1

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
128KB

MD5
62bca05113afd958157596838b12480a

SHA1
52c0f00b92c373fa7cd845f1997fd14391da437c

SHA256
4ee0535005196386e21a2808471a2fb733468fa1e3515fca4b0e71b768a7ff1a

SHA512
539ffb64b078b7290c89d7588a9795eda142054cd1aec18e9d2bac721ad145180f7da2c50e470c8e1003d581d2c935a7a75228ac1bd9b35d7fb3f0d9986ec1d3

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
1.5MB

MD5
1afce570f2ae533361a517a45ce9cd84

SHA1
359903f283f07a640568ab02d63124ed6585868d

SHA256
855ecd477af5910877a764a5565d0a9598747862cfe75c01814bb6ceefeeed50

SHA512
46fd4eb3a5e5514daa3d45cde499491d4f53617925406c71ea99b77d4bd5a62e9a754f82626c6a82adf5ba7302e63c465244a58d900b56a3ade98839b31cbd3c

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
d82e12c23a2d7670fd7ef7ae309bba06

SHA1
a233b2d0da19cfcf0169bf16aa9e7aee36733f33

SHA256
67eaf643d89074915179cb93fe2ed6bef96a55089a798c16c94472f07539f758

SHA512
b916abc15c499a0462db30b8c604b1d944f6083000514ba5b2db62f05149a24adc8518f0bc8cde0276ef000f884e012d1d3b27424872479e9345dfc38d33c799

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
e61a0010fbc475fca9913071a12e2d11

SHA1
a170e2631fadc0393d6d6f4906b681f2cb236396

SHA256
adacc988fe00b2f009dfdde0632e16eafa57f6fc0a803d7cbe905487f022ee81

SHA512
da957f64b5a17e558c3f7d1eb32557ae7f30a90c97e012a7e1ffc919ac5948b2be7a2d79eb0157c78c93db7cb436d3f13799ec13d94635abbccec6c7735b4acc

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
98KB

MD5
bf656d6959594f3ee84ed97e08091b74

SHA1
fd3c2d711d1e5c2901a10edb8eb3dff58a604ebd

SHA256
89751761df20c8aaad4371d49483a9ddd06401e740434cbfb9644742d764095b

SHA512
de87d22ad5a01db741632d4c3bf10b52b35d3af1be74419f16c326966db3e1ca2aa683edee005b96106c1423f134c6ae19853c409d8a863dd7c36f3ee2c17cec

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
39e180f00f4c0743e89a7a41f4653617

SHA1
1fd739c163a876e75113a50b8cc01eefdd2f99c6

SHA256
3a7b2a3aa2873f453644fb2871ffce41c3c79deca84c1febd81b63acd7e2e60f

SHA512
1a60f92cfb29bc11aad9110e1d83ab7c03cf77031ca0c029edc4e3c99e88792b3b4584d41b722554f38cebd83c69e60ddb72d79cabf3d5f0e32402c12ba72428

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
1888bc506e90cb3061c168c2eaba6e73

SHA1
921dd427070e98728aa4f73790b6446b04e89495

SHA256
5d6ef1de7351ff682c1267926497bd664244474cb5db7a72e2b12c6f69eca0c0

SHA512
5e1d00462d6693d2c989020eb51fe48e715b2f0bb16adbf02a1f2e430b8ac48f8a777a3f38f5c4f2396b105883ec83ebd28e66ce365030330fc3140809165145

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
64KB

MD5
b836f72f46141737e532b61c285910a8

SHA1
f1a505f0567679a6135803fdf2b8d0e932d5b404

SHA256
fd040c7c78f40b87f00ca32647928f7146bb328c3661043227898ef3e77fbca1

SHA512
0b577c54d1fec098700e60149be7fe647aab26b58ff1a1a9fe8cadcb548ed4706b227553a6de904124275b2f46b554039f19a31aa9269c5bfe6c49b5ea0a67c5

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
82KB

MD5
138aa4d49987096822c79768dfb913e6

SHA1
2b0921484bf7b95260b433f04f04a00679702a65

SHA256
f3dcd3a59efc6a0787f3b73aeff64aa6c846a27180634cc3a84ea622de2b9bf9

SHA512
f62be317d507b5ac45b7469cf0708aefba556fdbf2810aad45ae22c121ea9e3fe04b68061536a9bc283d862b7a915d19c2d5656d086c6fffede694a3faf81cb0

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
81KB

MD5
7919aa77059ce95da308d7c8269cf639

SHA1
a9521fdaf5b5d94fd7b9b1d69604abfafa7ff861

SHA256
d9a7768c110d3e421f5dcb088d515989bfd5211e0b2e1b641ca7d17d6137b17b

SHA512
c5da275234e756b2532b0b906548fd800198bd1ad9df499eb26754c348244060f6962a0ed1c705fd4a5b4ff013dab4ee2b42184264a5a8f1d577bad0dd4a9c22

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
88KB

MD5
69446a0ab8d2ac50fc3d526706002e1b

SHA1
71b2c623a34b248a9e4e9b57995e8ba944038032

SHA256
2d5428cd043a081c63a356f5fb53ea558ec1fe5f0315b88bfa8507e80827bb18

SHA512
35f4cc013d404142c7fe63294c262a96973e127393dc967e1fb403a69d5a4db0ba1bd0df9810aa3f5cae74e7037196aee7e138dc26ef798298637213de88be1f

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
69KB

MD5
62fd1b13d1e47bc45e305385b3332482

SHA1
aa284a4398434d5e63214be1b124e000d77b0018

SHA256
8bb00f33f9746565dbdb747aad93f4e28dfe50a873c76f920a605603199d5560

SHA512
94720bd522a9755b377d4cc71d30f8be03c5fad5105040f40115d6841baf9ea41175554f80633858114f795a7073f97b1f4778b9a32771117b3a53e69aa06468

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
147KB

MD5
aab1a975ddad72bd68f2bb9ecd94ddd6

SHA1
8f55dc94cf537439725ca5dca2f27109deffcf7c

SHA256
093cd0e3f6f135d40483de6c154f01517baaf83ec5578e1adb51965f1b438351

SHA512
715cd73ff6afbc9f888a7c199c4265ada24c796053621f2eeb9a378bb89ad066060cd360ad51ec9eabecb64d3ee3ec18bb289a246eae5e385965f4a504ce0b8c

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
70KB

MD5
a8baea7fff878b82280044dd6ba65d3d

SHA1
4a6098781cb1ccd575316f210dbaced4f132929f

SHA256
725c3339fdf61d66bb41b12c45ea11edde5b471577f647dcfab749c7cc09a3a0

SHA512
c21d66d4e17239e0c88cb9e64f62674954306ec13094089ef60cc54fbde5eeab5e5e7b73a3ab09dab9dec8bfcc174a63d73b7764855bcdeabe79ee904d3ff10c

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
86KB

MD5
4d2c3710d19abdd424a53eccd26ddb53

SHA1
6fe71ad566491e02c3bdec748f1dfccb93c869d8

SHA256
c027df4fd4514fff007e455f4c4cab5b95c87fa2e3c9d2d658da0b32fa31daca

SHA512
e93841a785631d9d6ebc7ac401a1793d637ad890738590c7442c08222cbeff5b6fb93efbd63bab6f9e1d6d0c946178d9ec014900a97764534f2894b98ec3d4f0

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
44KB

MD5
5de592049fc98062b088dbd051882a0e

SHA1
bc57fdee82fc50894bcc6ce84242959f6fa60342

SHA256
a979b0e79b15cedc25236356c2f7e212774bb6469f6ffd63e654300638df4a95

SHA512
c83dc0be9e4a14d4ab534c67f6f0f2965b0516288391dd77b9436bb89b84635c755af8e1a5e327e261857e2eddca1cae4c23f8d781cf0f08f4013e52f30546bf

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
29KB

MD5
3d573d164dcf87dee83081f16ca6d51d

SHA1
c2db2a3aaffe802e375049d2f3db2c91e1c63257

SHA256
1a1ace35e00bc565de68eab9296a5bbc9b34abfcc17c17f2ccc20ca65358a169

SHA512
96d029cf64400645459abd42302806e20399b875b22004521eff283bef33ce724529691db2cfec78e586888afd761c6e9b0f7b1b2b9f07e70a26d82c8046a047

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
91KB

MD5
7585cd17dec2ed1bdf4e778da4199d7a

SHA1
a749066ecd9a0b5d09535c0ca09a41a964873152

SHA256
fd0b40314cecac00712020fcf1f726837376918a339f0a8c490f69aa8a1ee217

SHA512
6eeb299669b1dd8b5f7622699abf60626d8cf85837d9e739d5c66256c0e1e6b4d8a212df2684cbfd0a03424ca1da858da48cdeb87bb3cf8c96e3fddd0ee78517

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
49KB

MD5
1c9ea9a56283f16ae84a7dcf3159bd78

SHA1
19d67c9291b49cb28af9867ac1ba048e49685fb5

SHA256
ae90db0592494e024bff5fe5baa2abd3447ea870de017abb6dac313b39689f92

SHA512
b455e19b9a0c99957cec88d56ad0f4be4c561de99f795fb1bebcd2d54cd73296823c390148afd935e3e48007c668d6c23813fcbb173635e56893f264d36df312

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
50KB

MD5
aeed23cd58003b755bbf1bc3ca5f31cb

SHA1
5543a9cbc05c758585bfea5689f05f3dd2c89422

SHA256
07301367596ed2dd5371e946a612ea7a5c90c467260665c5c41b980331461610

SHA512
4275749ff54faecd4be46d42349c58e5876f2513f9f05d90fcfb9294d078bb277afa01c946202985cafbcf269af3575ef7c054d7826e34be62598b475c2f4803

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
16KB

MD5
d5abdd05b0cda026f356dc2a7a6989ef

SHA1
54cfcc4f6d305ffe2c332b166253e6e3dd32e066

SHA256
88c062f003135fd59089b2da8a309eb73e4f9cf2e1b2859b31df578392b77e19

SHA512
4d02e21cff114e6b33d3d4bfe8c6f3925e3cb78f7ea88444b99189a1a01e78cb41878cf1c04c3ad36766c886f5ace5012d36f6fd5dd2ff9d14daee11493231be

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
13KB

MD5
bb135665fc3c5164e3aa6fa3f169c3fb

SHA1
2f481d14347dc45ff4d7852363bc9cde75f8e139

SHA256
36810f92623a0bc1cddc8f516efb3de558f9aeb77200642b8898f121c533fa7d

SHA512
a262a47f13c18ff2fa8e1c1d89776a80b71e05adcd86a6c236ee2c7ea0f6e5462bef595132f3cb4e3dda2a4f94f2765f71e4f4bd651a6078c96e2116417b92f3

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
1KB

MD5
ed729f4c8b9f4bf169c5c07c60b10cf1

SHA1
a0f94f1ea51cf3f5152d65f52686b2070e369b06

SHA256
b223106db0ca8ec0fe81416de2dfe2dbc9389f74de07a356681596cf6842983b

SHA512
031eaee56d68ea7cab50c365661a6561d88868739b513fde71950500de2da01861d5489d0ba0f2b328534449d954f6d13a10f0a965ef04414b57a0b5141dcbb6

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
1.1MB

MD5
891f57b15a747ecceeee2c5f76dacd4f

SHA1
04f30d6c8e0df15cca3606d016e75b9754fa6c9a

SHA256
1648f52fba10c0c636b3913f9efa6272d3caa5ddc7bead17613c7d9791c5ce95

SHA512
4d81b86eb3a56964020074978ab6bf63c9ddaee1f95c74048112f77cd8fb55da1ae891b7e87e58281767cd7f9c8b65c2d8c1b827f316c54c52c1ca3a6791645a

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
135KB

MD5
eb6627a5d5da1d4429b7636d2fee09da

SHA1
6d9f06db726a99eecdc384112ba497ebd5b7b934

SHA256
4be6c5047728dad4cb36f0d9a1e30314d57cac358eb635000d3b1835bbc61105

SHA512
cfbdb9f8666bf58759dceeacec0c0f4eea644e6e3190b383d00995ee589d92f0473a4c6c2f89ae2fe9a16dcc1895147c35b602d33a74c0c19f1ed20599e4b17f

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
193KB

MD5
99380741c3d2f795e891e6560010cf58

SHA1
912fb13785ad16bf397be5f1af7d3ee281bc6457

SHA256
243ed3d7d460b12e19328029b3d33da881282b566dacd5b923110f3eb4056066

SHA512
32dc3c72215adb09e92b675df47367931010a107a6c0ddf84102f9eafe8bff1e6cdc06cdcb94d24fe7d3b520680b830f76fcb003cf4c2315d4c6301ab901c78a

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
55e4dc6e7c9d542ed2b190ccfd9387df

SHA1
a26f55f7f37f784d6b2b6266316eb254f21f4938

SHA256
49e0aa772f3383d86de0d697ad02a4288a8d554ee0bc2b84f11d8b91abaf7c7a

SHA512
8137953745259c73f8ffd899578c342b8156d2f4d8c1451f58b71bb1d66c9433a5cc6ad47ea00c0fe8b31d754ab3ab87ffbc7e151c78a95196d062d806334efc

Download Submit
C:\WINDOWS\setupact.log

Filesize
28KB

MD5
8cade9cfd9703e842b5ee5ce678dedcb

SHA1
c617a8acd605454f37775afd876988c960c8d6e9

SHA256
6a228bff75479291b0de4e24686a6768dcbccbfc6d615341f7678a7e8b8ad03d

SHA512
fcec962391c53ff0565426863b013ccac6157bc42ba7b8b3dbef46a8fd9b5fd2d361359cdecc28e9b39d6795b17f2656f09d9d9e5980c71fc2b7e283d1f0349f

Download Submit
C:\WINDOWS\setuperr.log

Filesize
27KB

MD5
8ef89077b2c4714abf872b49fff0b183

SHA1
1b92d98b14619524426ddf3b0cf991db5963b272

SHA256
cd95758e211f517d91a3083bb8183d978763260adee1798b695f4e8cc19e3318

SHA512
a6b414d928a72990efb55c64553b3823b1a245fbcce94738dd317126b8dabe3ad7c0d44c525aa95a3eb4ea113e2da78f3b51f163fd49325e95b676738d4ac1ff

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
4895eeec8d2e8d9cf6bb43fbe880fee2

SHA1
e8da4120f16ab8aa25c0b1b8e326fae263e51996

SHA256
2f03a7feb4e995dcfef797795eadd64dd60ca49b9ae8a2aa43bba4341a5e7b2c

SHA512
e580b2b3e962c8e21ed70a5f538b35e66c42decea7aa32030cb50d1f8b48536115f7ccc7f1ef6b4c8d8cc98fd8d8840b3db6126e2e13e496ce4210e4caaf8db8

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
afb2add7fdbc93f58cc314c33ac07095

SHA1
4cae6a721c784e5d690ade422758f217e1801fd6

SHA256
de07d7fb1ed6f0a3411cf7e84c0bf2a0d8126bf79ccb1263dd33eadff14a6038

SHA512
c0b4d090961d28486d5aa3956cccb7e70b3f09b7480ac6379420cb8cfdc9d88b6d91ca1060c640766958bdb16c41487ef4adbb73ad2e41ad10fce82ce9d0ff65

Download Submit
C:\exc.exe

Filesize
251KB

MD5
0f5df0df7ae8d4b8f6f950455c586e5e

SHA1
40d4870a6a34ea5a14d75e8c7499a4d65548e670

SHA256
ad27b50c83a56902219486048e45ac9860b39ad1b459d6e20b52da76fa7a2627

SHA512
a12af1735070b671ef6d246d7adf51019331eb653c3a81213baf3c550149cb091c0753b6f6be8ef570beef9c2e87d9e2896e349ce17d978bfe8d7fbee9b38662

Download Submit
memory/1196-280-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1196-1298-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1196-10-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1196-1564-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1196-904-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1196-249-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4276-764-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-256-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-1297-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-279-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-531-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-999-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4276-248-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download