056715895b944a1c85e1aa3a72a5004987d1f2d760557497a8874b6d5706d4d2

Analysis

max time kernel
174s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

804a92fdec201da1406bcfc8ded035ec.exe
Size

743KB
MD5

804a92fdec201da1406bcfc8ded035ec
SHA1

778c9cf7240c8d2c7e9b3f15f40acb979b41e23a
SHA256

056715895b944a1c85e1aa3a72a5004987d1f2d760557497a8874b6d5706d4d2
SHA512

81eecbcb4cf709d725a3ebf8f93f407c758d5fabdedbb1332a16644667045451dac2c2267b164b34b9658ccf6a85bdd11fbdced1c3d53f33b40ff7aa0fb4c4ec
SSDEEP

6144:t515m515m515m5m5m515m5m5m5m515m515m5gLNmQfmriZ5UUvs5UdeTC2tmku/k:dLhmTC2tmku/iCikka/+MMB6P9+oT

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	804a92fdec201da1406bcfc8ded035ec.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	804a92fdec201da1406bcfc8ded035ec.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	804a92fdec201da1406bcfc8ded035ec.exe

Executes dropped EXE 1 IoCs

pid	Process
380	exc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4860-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000600000002320a-5.dat	upx
behavioral2/memory/380-9-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4860-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4860-12-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0001000000009e5f-13.dat	upx
behavioral2/files/0x000300000001d8ba-17.dat	upx
behavioral2/files/0x000300000001621e-19.dat	upx
behavioral2/files/0x000100000000aee7-22.dat	upx
behavioral2/files/0x000100000001dac5-25.dat	upx
behavioral2/files/0x000100000001dac6-29.dat	upx
behavioral2/files/0x00050000000006c3-31.dat	upx
behavioral2/files/0x0001000000009e67-37.dat	upx
behavioral2/files/0x000300000001db6b-43.dat	upx
behavioral2/files/0x000800000001db43-47.dat	upx
behavioral2/memory/380-50-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000300000001e8d8-51.dat	upx
behavioral2/memory/380-54-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4860-55-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000300000001e609-59.dat	upx
behavioral2/files/0x000300000001e60c-75.dat	upx
behavioral2/files/0x000300000001e60b-72.dat	upx
behavioral2/files/0x000300000001e60d-77.dat	upx
behavioral2/files/0x000300000001e613-89.dat	upx
behavioral2/files/0x000300000001e612-87.dat	upx
behavioral2/files/0x000300000001e614-93.dat	upx
behavioral2/files/0x000300000001e611-85.dat	upx
behavioral2/files/0x000500000001e59e-110.dat	upx
behavioral2/files/0x000500000001e5a0-119.dat	upx
behavioral2/files/0x000500000001e5b4-142.dat	upx
behavioral2/files/0x000300000001e89b-172.dat	upx
behavioral2/files/0x000300000001e89a-169.dat	upx
behavioral2/files/0x000300000001e8e7-187.dat	upx
behavioral2/files/0x000300000001e8ef-206.dat	upx
behavioral2/files/0x000300000001e8ee-204.dat	upx
behavioral2/files/0x000300000001e8f0-208.dat	upx
behavioral2/files/0x000300000001e8ed-201.dat	upx
behavioral2/files/0x000300000001e8ec-199.dat	upx
behavioral2/files/0x000300000001e8eb-196.dat	upx
behavioral2/files/0x000300000001e615-212.dat	upx
behavioral2/files/0x000300000001e8ea-194.dat	upx
behavioral2/files/0x000300000001e8e6-185.dat	upx
behavioral2/files/0x000300000001e8e9-191.dat	upx
behavioral2/files/0x000300000001e8e8-189.dat	upx
behavioral2/memory/380-221-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000300000001e8e5-180.dat	upx
behavioral2/files/0x000500000001e899-167.dat	upx
behavioral2/files/0x000800000001e86e-165.dat	upx
behavioral2/files/0x000800000001e86d-163.dat	upx
behavioral2/files/0x000900000001e86c-161.dat	upx
behavioral2/files/0x000600000001e86b-159.dat	upx
behavioral2/files/0x000600000001e869-156.dat	upx
behavioral2/files/0x000700000001e868-154.dat	upx
behavioral2/files/0x000800000001e867-152.dat	upx
behavioral2/files/0x000800000001e866-149.dat	upx
behavioral2/files/0x000800000001e864-144.dat	upx
behavioral2/files/0x000500000001e5a2-136.dat	upx
behavioral2/files/0x000500000001e5b3-140.dat	upx
behavioral2/files/0x000800000001e5a5-138.dat	upx
behavioral2/files/0x000500000001e5a1-121.dat	upx
behavioral2/files/0x000600000001e59d-107.dat	upx
behavioral2/files/0x000600000001e59c-104.dat	upx
behavioral2/files/0x000500000001e59f-113.dat	upx
behavioral2/files/0x000900000001e599-97.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\AppxAllUserStore.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\format.com	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\joy.cpl	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msvcrt20.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\perfts.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\actxprxy.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\edgehtml.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\secinit.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\MiracastReceiver.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\mshtmled.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\remotesp.tsp	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\SettingSync.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\cca.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dmband.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dusmapi.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\linkinfo.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\p2pnetsh.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\Phoneutil.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\PlayToReceiver.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\certreq.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\dpnsvr.exe	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\FlightSettings.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wksprtPS.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\wscproxystub.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\label.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\psr.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\TtlsCfg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\vss_ps.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\IasMigPlugin.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\MbaeApiPublic.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\psisrndr.ax	exc.exe
File created	C:\WINDOWS\SysWOW64\CoreMas.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDIC.DLL	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\MessagingDataModel2.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\POSyncServices.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\Windows.Networking.XboxLive.ProxyStub.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\AuthBrokerUI.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\certreq.exe	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\chkdsk.exe	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\winver.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\winsockhc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\DavSyncProvider.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\scksp.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\usbperf.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDA2.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\comexp.msc	exc.exe
File created	C:\WINDOWS\SysWOW64\dpapiprovider.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\iasrad.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\hlink.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\ieframe.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\kmddsp.tsp	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\mciqtz32.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\netapi32.dll	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\SysWOW64\cmintegrator.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cmstp.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\dsuiext.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wsmprovhost.exe	804a92fdec201da1406bcfc8ded035ec.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\WINDOWS\bfsvc.exe	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\setupact.log	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\splwow64.exe	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\winhlp32.exe	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\Professional.xml	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\win.ini	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\write.exe	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\HelpPane.exe	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File opened for modification	C:\WINDOWS\system.ini	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\WMSysPr9.prx	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\twain_32.dll	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\explorer.exe	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\lsasetup.log	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\mib.bin	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	804a92fdec201da1406bcfc8ded035ec.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\hh.exe	804a92fdec201da1406bcfc8ded035ec.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
3896	msedge.exe
3896	msedge.exe
3900	msedge.exe
3900	msedge.exe
836	identity_helper.exe
836	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 380	4860	804a92fdec201da1406bcfc8ded035ec.exe	89
PID 4860 wrote to memory of 380	4860	804a92fdec201da1406bcfc8ded035ec.exe	89
PID 4860 wrote to memory of 380	4860	804a92fdec201da1406bcfc8ded035ec.exe	89
PID 4860 wrote to memory of 2132	4860	804a92fdec201da1406bcfc8ded035ec.exe	98
PID 4860 wrote to memory of 2132	4860	804a92fdec201da1406bcfc8ded035ec.exe	98
PID 380 wrote to memory of 3900	380	exc.exe	97
PID 380 wrote to memory of 3900	380	exc.exe	97
PID 3900 wrote to memory of 2736	3900	msedge.exe	100
PID 3900 wrote to memory of 2736	3900	msedge.exe	100
PID 2132 wrote to memory of 1752	2132	msedge.exe	99
PID 2132 wrote to memory of 1752	2132	msedge.exe	99
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 2132 wrote to memory of 3432	2132	msedge.exe	101
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105
PID 3900 wrote to memory of 3420	3900	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\804a92fdec201da1406bcfc8ded035ec.exe
"C:\Users\Admin\AppData\Local\Temp\804a92fdec201da1406bcfc8ded035ec.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4860
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcf70946f8,0x7ffcf7094708,0x7ffcf7094718
      4⤵
      PID:2736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
      4⤵
      PID:3976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
      4⤵
      PID:3420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:1288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
      4⤵
      PID:3592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
      4⤵
      PID:2728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
      4⤵
      PID:1444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
      4⤵
      PID:2480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
      4⤵
      PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
      4⤵
      PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
      4⤵
      PID:1492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5764 /prefetch:8
      4⤵
      PID:4632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
      4⤵
      PID:5448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
      4⤵
      PID:5556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
      4⤵
      PID:4512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
      4⤵
      PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,910938779597445413,526976520760321613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
      4⤵
      PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:5344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcf70946f8,0x7ffcf7094708,0x7ffcf7094718
      4⤵
      PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf70946f8,0x7ffcf7094708,0x7ffcf7094718
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12337125761044488328,5738765961349125955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12337125761044488328,5738765961349125955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf70946f8,0x7ffcf7094708,0x7ffcf7094718
    3⤵
    PID:5312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x33c
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\887ad181-4896-4c6d-a09e-b04b06895416.tmp

Filesize
2KB

MD5
17b7e5e5c8c3a4cb6e764a25570dfb4b

SHA1
f6634a57f4609ed603931e9f868b95726ac97aab

SHA256
c6016d32e72b5730a730a04e3e975561d035e7b9c78ec0ce38c56267d1e96c95

SHA512
01916aea63520263ad69a4465aa68db16b5c767c0c5797f72d0a56aae3ec862262449acd41250008132be726d76a74eb6117ebfe02f4c171e6121e89b86f11cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d1cf2812703718cd3c143b1a4655428a

SHA1
340fa5a1a4ca7ea7d91acc37229e8c28c5f0911d

SHA256
5c43c1fa4c8805dbd24ccb4bb98144282a0a08135b88996a82b95d70e666eb7f

SHA512
480808c6c97590b8933666d3895f4d53fe841f1a2770a7e8617476a0ca9d11c838ba64b19a9eabe3bf8f906f8af006754a697073731e48046307b5012ebe21e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8dc27c0f6dd854d4f9df5b0b08a299c

SHA1
d612f94b82896953ca47531514fc6fa68e4a9bad

SHA256
486ff567f0673a9c980539cba0a0625d307c35bc735bcdb26cc55b8ad1c2bf16

SHA512
355c18dacb42fb4212c72efe0e139af344c820d97a7d1ab78ea550866b0b864acffe18a31e060e8b8713da5614418f408ef9284f0faaea8a126b48392d6547b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
200dff6c39a3839c81efcc3ab2e93d60

SHA1
85563f344f26df5729871d1d5bed3d8bf778b82d

SHA256
9911a4502a7423c5dccf73c1e1077dc9817c2d5b7cd602ef18c42da5f31092d3

SHA512
26210ceb6cd066166b2902bbbaa686bf37866ada9f4e75129ffad05888c3344723e09b8fc34477b08f1632616a2f18e5dd328e440e6bf624c855df2a452b484a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36a3ade325f615c181499506654e7acf

SHA1
3d17174ccda3cb969b6d30904c10b752fcbd538a

SHA256
0ddd4ea802907629281d1e678c3c6074148bb2fc0894f64ce5ebe0ad672aed6c

SHA512
6f877c99fa0a94a5be739d6c96a98665edfd2b1894408f003cf1e1a6980bd521e78c9e2caab690e65e8f5851770390c3676e3cbeea18d8b76c785474a3d905a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
095ac04d91d82631718f9dcdb895844a

SHA1
d5e672f2bd8e5650f774b6ca61fdd4bc3edf6e49

SHA256
1eb35a40f7e9e5bd40df1558df7d177d6f929dddf7cded01058e908786a28050

SHA512
327dd282ee20fbb2d244acbb195fc08c81af4fa5ead599712f9da5f22cedf7a83966d108e3bc88edc76c75397686545abac486939d3b07bcd3695690d43e0f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aa7d34f6b2f8cecb5623e049234844de

SHA1
b0f976fe5beb6328a9e5f229561d85a7c891757c

SHA256
6c6400b7e6713f02f8ec352a9715650ebe8599bb86c080179dfa39db6f2a3edc

SHA512
ad4ed645a60fa577405fc44e3907d05e4ce55195f386b1ff80398a9696f1a5d3cae9851f705411cc7097fc8ba59addeb2761596a8fbbc63e3dfbe7afcfefafe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
347207deab50a0bcf6ba2945018318d2

SHA1
f223281cdcc8d60cab82caa1426fd71cf87958e4

SHA256
5057d92060e7609e30864774d4d398a755ec0c6a9a557f58bb8c41b39486d129

SHA512
0d7683474c4087588e664162e701d9203c20d51d7ec8b88fb57468ee6f59abaee9c3b30a73fdcb0aec4050d0f745ed57ae0dc33c7349902bea0ff9b3fb9ecd30

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
29KB

MD5
9a4549124d7afb9403ca6e4fd018c6a6

SHA1
d42a13bc943354e8869d06c9764ee7b42c2b41f2

SHA256
e8cb740e00b393fdf7bcf90d9269338824faa299af1bf1691dfba84b8ce35e7d

SHA512
a82e46837c692a11cc5e3a627d038490ed649580f2de33603b77aafb7ad660f590b7454cd222f3fab6fc67242a85d0a8bbc6453043a91db0e4fa291b2aec78d9

Download Submit
C:\WINDOWS\PFRO.log

Filesize
28KB

MD5
e6991e69c434e1bebc7e1450dad9d9f3

SHA1
243ea638b5900989986dae36fe862d795a99c4de

SHA256
83cf7e84109159174ec58643fec5f423bc454da4ac749df2b8d74536c3da2a8f

SHA512
677295138054d8ae84cc1732b2b683d0c863cc06f9a1ea34839bda125bff37205f9592d0940c42c493cd9c47cd89bc9667ddac39c68b7d704db9652fd7fa31e1

Download Submit
C:\WINDOWS\Professional.xml

Filesize
57KB

MD5
59bd4f0a66396762fc2420ddfc174973

SHA1
58ba3370873265b05fa6b204a13aa146445a616b

SHA256
78eff9867ab3ee9daf536b22d17733e3110933784e43a9d9916ed4df7995386b

SHA512
ce2cb75b9fc3c504fa6f0a9968aa661c5dd4dba2e3246b870c46e5c0c921094cf6f00dfb2e9fdf09b4548e38b1a28a627b8447a6f6dc68f12f7ca1bb383389f9

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
153fb04e46d6e254d19386b48e65866f

SHA1
8ae00418ee3b760ca7ce61f526a75c4526be89fd

SHA256
d818914ba1466f3b7b979fd91a868c7ce3e38cf94c57adc7b7b7eec7321fd96c

SHA512
53ea490e2b054a4a272a0943c3c1fd9e7fd55bb2c631c0efb934818aa59d8b43be32c03669a75f95be2f1babb907a19ca565f0902abc8d831d4275e2a894b185

Download Submit
C:\WINDOWS\SysWOW64\concrt140.dll

Filesize
269KB

MD5
31252477e77cacf0c5a9cfcca2e6dc02

SHA1
4cffc086ca06c65dfac147a7d48c273032d2a4f8

SHA256
a34877842ec5af4ae8ca8b43ecfa943cecd5f1098fb20d6fd541c3291e942fba

SHA512
97ccfd7235f3276487209efa4854a0d0ac5bad620309160f5a913dfbfcb46f4b8662daa152df86e727cc050e81fb659f4a1894260b3dfe8d192fbb8207deb0e6

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
78KB

MD5
9d00f98e9db951fde16e049062ecc2f3

SHA1
e508b988a9368490e51898a044f153243de2b8d3

SHA256
b9a58955e60a6d5a64f291211c0cf32efaad5b3487766e3643b83040ed9fee67

SHA512
673c85faa33026ed5166616aa8e799c3b06ca47cba891fb1b3e59b36f1afe86d166337315a1e78d50ec3ca18d9459505316fe5060a92b7456d1a91b7dc27c90b

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
43KB

MD5
8f290db71ea9833ec2b51a85155d2edf

SHA1
c0ebf4c7b12be82a2dd1800d68524e8e3f19cb70

SHA256
13ccd4de0dca89d75dd01c8e1d78f25478a84f7c8aa1fa244726deae31c52de7

SHA512
cd246ca4167e35272cfff6c9bf18f1a091532af0a2bf16b10e2d8c5a2b31f9facbac3b71779ab07577a09e349d921e02801f2fad6e2757a3d41efdd3a5e5ad81

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
53KB

MD5
d1292c92a67acea62da563914a21d8b7

SHA1
fe04d42b31665214de6e41b086d19d0697f1ae3a

SHA256
9b0e16c0ac7b6d37bfa3dbaf25c8b6e556bc04746ffc8e90fd7949aeaae0953a

SHA512
6a3ebc2e0813270f6020420274f858d236c5cd09b230ff814eb52bbdd083190d88ceea336fa3783249cf652fd6fa0b73f7d8afb25049c54ea8f0b4ea487fea93

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
20KB

MD5
4b892637d4b889854e78a6581ed23511

SHA1
5d656c6547a46044b6c1d7a6e42fd04635d5592c

SHA256
9fcdf46a1f1c2effefe30a95788a599b01f3e946af0e6b48c64de5c02e0cfca0

SHA512
c46c3be7b9918040314093354145cd6cb69188ac1d3ae39156ef9037acc16583e23fc52642a83098fa9401435accc38ad5d4c75954a9dbb47f508f6ea8527d22

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
117KB

MD5
efe44239dd187302a67fa180f4597bbc

SHA1
5658b0095155eb93ba19cd39b512c77db45a767a

SHA256
1e7b318f17ee82ee0072054f93998ebf27083655320bc98816054b9d148e423f

SHA512
d66d243910966c2ad707acd2e7e2feff7ff4dfe6137ecfa0eb8d234e45c79f688a6b6bcbb618d840e5c35adfc6a507039af866048c92f389b1196c8a1f3ffe60

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
6012ba4b0656e1589deec81312c58f09

SHA1
251bb9d0bb6bbf8cefacdb5b85d03ab1e7a5f3b5

SHA256
39deaa4672d03f31f741b6766b0b051312f93882b1370144bab78adbb436bce3

SHA512
590d8e567345fc459fe0650a0d607bb426ec0737a32e89cecde2aa12b90670d20ae001b43737461e2c9a6ec89f96239d58c751adc9eae81246914d0e2f02bdb6

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
1803f03eede943e3eb2cbb51a509125e

SHA1
bdfabcf32eff4605926ac5f6aebd8ab54761768d

SHA256
55be071140e67a774ac4104db7a37c031079073ee6c42a18f15153ca5c6acfd4

SHA512
cfa33929c78732750a70d827742ffc9618c6faff62efcb78a39121ecd3c22c6f6396fbaa0ef19c32b154156dad08ce591c2eef5e75718ac4be041c77808edc50

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
43KB

MD5
64aecae65b2d66f4d75de5f647b2afd7

SHA1
25320f07fc5d59b0340a5009842f941d2332cf1a

SHA256
33eec8b550e94a5e48055ff381c438dea467c746c9277765de9536b015a346c4

SHA512
8bc878329d15f37a3499d8cdb54556a09bd79490112c7cbaef784465694a9d51749181cbfd2059e0616a2fc7b07e3e9121ee6000bff2973fa4c6242c40683a11

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
40KB

MD5
38c94c14721bf557b605f71ef17ddc98

SHA1
b3d62131c9f6bd49e1e413e40ac8dbf622ada446

SHA256
f531a190601f5f16323cfdb8fdb38538960684578831ad3d9f556d68d698d3aa

SHA512
b5c44324179edb7dd67f37e0379ac3a5f59eb7784d43784aa304c828a8f64e1814039ec07d70a8a120a651e79cb80dbc0d4bd96b531b34e6fd81106ef04b29a3

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
57KB

MD5
e29f103c160856d6602838279122c664

SHA1
28572c040697829544e9f2ed57578d83c77127ed

SHA256
7572f907c89c34f0224d0e54fd20555a00cc4f56d44db570234766e8ba83d7cf

SHA512
6cfc54b16ea9d3ae8de32f4dc83d9e4951a1146d74cce359d6140e7503b6807f39f43c935ffd16e59d49a5b5b53ea19ddb10a8a1ee145e3f386a636b1f7f3e0e

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
43KB

MD5
1f70ea596d795bff3955a9a5c4950fe5

SHA1
2d51e2493b09661ae487f8760cc67b319493a6ce

SHA256
ae7e03cd5693868a63c1111ac484a4cf180e00942dcaace1709349731bebe642

SHA512
7b5077ac029465b2829c25204993dd576cdcb10575022922fa49cd90ae28438f870892464b07c000aee3ed1ca17386bc706bdd85641c93a3e6c91b32c675db67

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
615KB

MD5
0e61c083d6fa4dc62776fb71ba31e68d

SHA1
4dad37279d59a1ac44eb96cc6daba9423fa7031a

SHA256
a651474ecc129f05bbd00fbc894c6ca36f36e4f9b7b703fd138f8824fdc94e21

SHA512
f6333deeade58f45c634b31e128b20994f06f34ff02b9daecff8c615680c7cbe2b204f92c363afadb3842e56b40d8ca4749090436f549190092469dc62f6047b

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
100KB

MD5
924cb857b7e61cc26aefbf2cf173b516

SHA1
a66c697c9f30a570bba2929c35ec35684ec05c80

SHA256
f5be016193d773c7250fd087b136b39b6fb9618b8e7cea68bd92be3b8ea3dfa0

SHA512
e0b21f3860c0c7b999a6e435a3c3df3adbf3db22be7682ab2d2dd1fd4fd9e313e4f3200c99fbbf3a31b8acaeb8d5cba541ef30371ff6ae88df12be0cffddd4e4

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
366c861bc89291efd2ad124d7e79d0f5

SHA1
f496ac2130b3e1b20b0589aaee7def067c661108

SHA256
682fdf5b0ab4938e4a22be457a397156077f622d39c96205d78a8fe2f2f16773

SHA512
0119417ffb197f81283d98e0d9ab874a76b7eab89a0b3f1c145ae6469b67b511ec62a9fb3e1e1d04d39a30471e1688277c513d32b2f8f9b3f5382e209b3c6762

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
128KB

MD5
583d42fe5c4691ced11664d6673f24cc

SHA1
249636bc669ee56369188fdf00f7c95b1325cd10

SHA256
7c06ced10b9b41de4a11eb0d360b23bddeba6d6ef7f68fe5131d8c118b96b9c9

SHA512
983d3aa133d079668596256aec870e3b7add6974c93e8d855de0298e6cff6812b414b15638d6eb27b36ef9fd6c7eb9576caaa4729ed378e00a22340d1c2323cd

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
22KB

MD5
5681354556cf9f5ae0346637f209eabc

SHA1
2fa2104e34df6a0f94c81e1e692c44d86741dde9

SHA256
8f4f3a08843c54311246967f716fc550bf9b3bf1395740e23d2be874d4c44005

SHA512
a30bdb8a5fc0dab8b7fd31386cb163974af1becfec91a48f39fcd6196ccdc32554456536657e4d7d94462f42fff07918831a70af582c77e76245f7300d5cee67

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
127KB

MD5
c1971900074c2b84012e4c043a858f91

SHA1
f9a21177efa2448fb4495b00bc141a7574c6ba97

SHA256
f2fc3fcc32634681f4d6980cd2bfd51119aa289f3fefcbb824724f2a9c5dab07

SHA512
473201ded3120241fc6b01f17a52ba06bb37858c4bf07deb1faa57432bc89730783d6390b87997f39c2a7fd7b87acc307e17e7ffcd6e729f538045159eaca2e8

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
34KB

MD5
01bcf3640d8c7d93ec249047806cd5cd

SHA1
8898e34d4eb56ee11bea4c3027af4e5f0af299bb

SHA256
dcd48a3aa32b1dd3d36104509eb7b02a5e3f3b0ddee69a06b344749cac0cfd86

SHA512
c080ef979be8aeecc91a64d9e881feaa4a27f67b05e09b74d67a144d5fbf0df532ff2d0c9c264eedd483c03d5c8cacce28a21dfc0f10f98929d7c57babeefe1e

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
fbf10b295e48c35b1138c443ced8de95

SHA1
48d9fe109f77bc73e76e275fc1644af6189f8785

SHA256
09326debd2e95bb9ed9e866f5faf0c35c114d6481eaceab5d4db0feedfb98e4a

SHA512
7d93731b36674be99ef7478d4e98aaeb5304756f2c0a2852bc127cbe94bdbf31717cde22689f402d3731e07ffb35ef7ab5e2d41eae66f9bb9b06ebef3d87af83

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
79fe0544c16bc25c8eccfc46a1ee8f1a

SHA1
b29f66ebf7c7e9a4f2034c87289276c3485be47e

SHA256
370baa9146ecb88be5f92b41eb09e4418c847b29c041d284d41a8e7e56d58eec

SHA512
fa76b480b373613f7dfa399c62536e0935a7e83056488625bd6cef165acbebc00d69157868a265c432203de0c69b67b81b79f278ead1c24cecb6b9f8cc718b69

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
dd321365653d5ae60b8ce1dbf92fa13d

SHA1
3f940ff08f5919d6a4d56cfb297990904d9bc036

SHA256
f4b9dd3bc406b320080fd45e6800453742a9a5f9551ec3f206917ad3a8d0cfe1

SHA512
eabd866439dccab7326426c52957bcadb15810df77cb082f6eef2d8f34f64509ac7dcda4514825b04a2c29c4efe4fd07befbb524c7cd5dfecd4feda6f7c2a696

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
12c19053036414b95255ea8ee5c4af9f

SHA1
c286aef82735f6e45da2520ef53b8b1385d8788f

SHA256
f66fc7e581a28dae50350f63b67b27cf01eb791e34eb024f5fd0a9aafd85982b

SHA512
93f0680fa164edfc49e5bcd62308fa27cc3f3e9b0c7adc69d3e950cfef9496f8f086c64789f0cdbe5d0c6efc285e9f607dd200021947e82e5a4159b630119f69

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
1KB

MD5
ed729f4c8b9f4bf169c5c07c60b10cf1

SHA1
a0f94f1ea51cf3f5152d65f52686b2070e369b06

SHA256
b223106db0ca8ec0fe81416de2dfe2dbc9389f74de07a356681596cf6842983b

SHA512
031eaee56d68ea7cab50c365661a6561d88868739b513fde71950500de2da01861d5489d0ba0f2b328534449d954f6d13a10f0a965ef04414b57a0b5141dcbb6

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
871KB

MD5
3c6b39eb6af6fa4765b18b41064468ba

SHA1
f921d32a034b9aa4681114da610e63be35e6c87c

SHA256
d8e246935f31d21c395bfd43b4f6296cd83091a1a2b5cb0c64dff1e2d200a575

SHA512
a5583d80d4c6ad380e4f73435f878bba16f6f48509235cd6942b090b6defedb0b28aebd4ad1947c961ea0dac8a8d4cb6434b12e322a2a5372494ef17018fb99d

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
0fbf43b7c08cca22774a37c8d9b0b4ca

SHA1
f005c9a0054efb230354e7d83d79079c1be02dc6

SHA256
64a3afdbea75b12adabcc4fd1682581ed0599856502d889a7687dcf6c35afb38

SHA512
c5319a601f1ee0ea75d4fd144fda16e868ac5bcfc09cf9b3a83d8c0facda4d178ad2f3bb78e40ebf6e06e7a9b8b85a7684900e28fc971cc7f75a614504aaa7f5

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
7a226b343efa6f4cc194584000153c7b

SHA1
29276e96385ed96710250d305667bd73f8bed1da

SHA256
b418243f18b5815cab29ba1e92e379b5a04b96304755615e2b8ae8d01e802ce5

SHA512
40d2db56124c9d6c00162298db0f7c8d0b5cc2240f1b7259c7cd2256067839e9cc1828392408d15a12a2db3152cdec1919840a664695c485f89a252e10fe388b

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
5a33ca509b8634855ac9c0518764a9d8

SHA1
dd8e80884303851ce4228a0123b08514d284b044

SHA256
f2dcba10a6d73082def1e3b2affd01a337c345ccd16a6a139212fbeb684219a0

SHA512
4227f92a9bf49618ed565582e2230a6c6274ea73e02a0189867d2a03c498752ce034df0c3b3018da791c68c6551bcdca2b03cde13093f74b50ae7e549b849882

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
9de68af3a7d30cd526749a6f2828acc9

SHA1
27061a904a8b9c84a5b399d90465bcf4d3df9864

SHA256
3a2e5680144f8c9f93aaded84735cd6aa1fd8fe1b04223cb32c7fb9b906c4279

SHA512
64f8fd617cbbecd6fbce1f924a9dc2a97fad3df4479e9257818e703d7868f55653dbf7ef1d4608eb100e89dbca6a3de8302a310776c667aae75c59059d8eb7dc

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
10a51a22f80bfac72bd42eb2839ec85c

SHA1
0bb9daed41f30065c4453615594e309738c11886

SHA256
430cba487b08d9ae865994218127e94f12069a38abb3e1ac70ea82f610b1e7e1

SHA512
cdb182bf5d6679c7664f91b8f9c3d811726500ded2f6ba5b1547af4511c293158d43f3e2cd726c7f27cf1cec1ed8cfa4d4c5e6e9de56fd813c9a0616d0b5088c

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
3365161401493fcdd86062be0d887399

SHA1
e410f364bc47a81acd05efb1087a03efbabb5d5a

SHA256
65a93ab0556c5e261913300c90d8bf658590b3eb29dfce7674f89af52a6d4a6c

SHA512
e9eb8e557f8dd396c5fb3d9832a824ce19275ab9efbca4687c3e248d4be04be62647cfdeb606c4bc1a7626d21aa54a2e7e26eaeefea3df26fb610882bbe4af31

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
6497823600a4ec6a033ab79788c56188

SHA1
fc1a4f872b0d61d854f1eb5e13c03088e8596521

SHA256
7e5307a3e577129100005f3080b2a124b855a1a3871a23d29653207f34f58765

SHA512
c7fe00c9395f639b7e20bb369537dedf2822ee54a13808c2d666ab3ee3b78dcab4a7e4fbd92ad74bf94d8e4f4d1ee2a2efb0791cf3a446297ee21d3ccfe7ae4a

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
f04f839d9311b27c4be940bb75adad78

SHA1
ac55fc19f579a3cec218b6ffeff0813c8bda02a6

SHA256
171d8172bee1b4f5b01fd58ab59544d6081033ef3f0d3dc1ea0f8a5756786010

SHA512
be194ef19a435c279c0521e602de942c340ceec208d7c451c7a12c5e2710092905d6094c6cfbced7da253b4f358a08e8e890f7b6ed4e188591370b22d9f05771

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
e250748b18cb06d131d2b1451fca5301

SHA1
ecf007f6246551f7fa54872548cdfc6d2b41d1ff

SHA256
7078be53475a96c6cd0ad88e492d6748508afdfc15268d162722e7422044d39c

SHA512
ad4370119a4b3d33cddaf5d84c4a1fa44c65dc556df48632405eae3437401a9d4f8c8d28fec21f47c665139178079369df557532f5250efbdc58626758a7e713

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
513cfeb29f56ac55b624e22e9ba728d4

SHA1
5549880ee201ede3f9ffa1e65f18781c63331dea

SHA256
4e3d8a893fe2c59b9582f4fa33bdfee79c87a155dcc7814b85dcaf5d580b0530

SHA512
4c627eb8cfbc1bd04be2c110b6ce407965510e3e70711948430e146f5cd42d6992c136a0307e0dd0ecfbae2859bcd48669285a40d1e80d6bd31b38a3452dd4a0

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
512KB

MD5
68b3adfb7518da3c063c3064ceaee8ee

SHA1
1ce2dc05ef82f93ea952e58da50aa2538be43238

SHA256
d3a8bc133359a8a88227499c6bfd611a318d064deda6d051cba2022ba81c3f8c

SHA512
fd93d0ff1418d1a1b631d354c7543c8e2fac1cd9b9ce72b08ec17ef20a313e94d067c1c04f88255a179ee0a89687a284cd8977570b0f2660a1ff63139b952988

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
762KB

MD5
3420b525c743e9e8e80108148be3a157

SHA1
0dfd0857016a137631e435efb4bf35c62ce2738a

SHA256
6e674249183b0866c211174de2bce74c97ea3c7bfed9c181bfd12ed688cf9cf7

SHA512
6fefd2cd7a7d899c589599e550cd157faef61d2761e919fcd8b6c5c88ce2ac86d86fa2f87fe49dd4381dc7d4f3a6d75fd2e00c9c2e28a115d2bcf5ebc778f10e

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
ac4db754a8f4d1f17e82da741386d8e8

SHA1
79ded4efa535e354089e1dd976f3f7dd5a14d015

SHA256
5ba6477953c790b7e2b4136023cabd1ac1fb7225eefa570a7cdfdffe466dfef3

SHA512
17835a0a9038cc4554d883415913a2feb107442f874ba217fdc7d6e03e8f26e4a3cdad52ef3c64da13b7347f773a808d7d6b4c13e6ce4b4f79d77a68cdc1a68f

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
83c4bde344c7dd7a0184b7b773fbf707

SHA1
65bdcd39471b0646f2d8c4aa23e7d4d090226874

SHA256
2057ef5e8d89c347c0632ef703fd56c5998815e77eb3c4f51e3b10ea6ade5dfc

SHA512
79d89dd1b2f9c00f115842f50899317b801b4e1174646de1af3b45677af1dd578398683a12999d74f38bae4b7577715e714e0a368b6fd5915693180a99db0fc8

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
e11d64662e20251efbd54c653e536855

SHA1
3cf8ae92ba33b6fb18579c22a5e2db8621ae966b

SHA256
110eddd5c2c3e1e6f73876ed61c3b241c0bf667224bce2671735c1b56c27a92d

SHA512
b3f0c4fb49c945d2ca62b9b478d4b434c55b468d40731aa9c2f67ffd653a10460eb8170616c3718a89895df5e021d0d61d1eecdd1611da6a84b64f8e8fcffcb7

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
bf526284b5e92763991ffd02123e600c

SHA1
3123a14039944bdf81f1464dda57f0ca7d5ee62c

SHA256
d1bdccdaa221052105a8479b3499abadd7eee79c0ed67ada081122bcb1e0c58e

SHA512
ca6929ecfff829fb61797ef8e714ca2726f6633bde3f961b86110730f8c85d31e532572f8e5c22bfd87a41b8c7159686270fff9e6129d86a6e15cfd5cb2c5627

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
92af032b3b40856758c003232860062d

SHA1
43f1501297a531295cc37806147149e101f6cbef

SHA256
082c5e43d5622e6afc947cd75c4867a4c0f0eb79bf35fbb617a64c14ff2f8905

SHA512
e034ca2ffb4dd800cf2818f8300a917f6bfd7002af3d01e326142729cee64a9e28dcb09a66f7f7fc89e3320242c734f2a938f6511fc238ad8a8d74ddd9152b87

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
3b39a9485915f6e1dd2a97bd728fa72a

SHA1
7deab2593219893865f79f59f85065c059f165f8

SHA256
210cf53882cc3c170f769122c804fddbe5271535034372121d8303cf318705d0

SHA512
2a6dd675f84a50a21149286b0fd07ab6bffc075506c3a8334716d51d054c828c25311e58e1b8b7157b826fa52e99a1b531f8441061107a4e23e554a79ac94e25

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
77c12d0806298ce0b06e3fc009f6e6b1

SHA1
6ac5059feb5228b2ed64a7ccdd624e3c76f6c98d

SHA256
0af107dc7050e91d4cfd01b9eca5c49a6118361464e4fcec4ba13f1f7b2d38dd

SHA512
aaba69a327097e2c201a64380a51004dc7f0bfd63a404019fb5b91db0c69cc37a69887497bdcc56b29846dcf704ff864eeef36c29515079c3c7793a32173f47d

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
5d7d6030660595eddbc3bac312da6030

SHA1
faf64c799a2e92aed84f551bd9987be53a60e4c5

SHA256
cd66b12730437ab1513db55c94b49162f4fe4b26922a9a229d32e3f00407dbd1

SHA512
8d76d27ec81acaaf7fbc5b0b900ae55fe097b7cbd9c8cb15bd141f7003f476d5299ffea67f8e2d252d0a99b8afb12823552a986017ddf18da914aef1ae9c9a58

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
b68c1aeadbb0ff4efc0d1c1e9e77cc2a

SHA1
844bff593615acf6d3c12c5b16af4930f65c3d49

SHA256
9991a2793e3d13284a0544269d4d2e57cced29560d262ad65c3564b12a090a7b

SHA512
433ee8fd15b506214c69a705d023786035b19ec660d283c1dec698b2251507b66bf77ee4c4a63e36a31a231d56d5c532a8a93c1944b17254a63adc0d0c5d121b

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
118KB

MD5
4a2ebc14277a62a5b2aefac154973fa3

SHA1
c3e0d0f6ad486ffb020313dc1080fd341c790737

SHA256
e44505c948aba38496028a86c00739b6052b58310b40708c0bfebc9a6b040af0

SHA512
fff5b591580e3f186abbecadc130ab2eabcf897b21ad8331f55b67279fff24a075ef46b1b164e8f20dffbd8675a35e6b9b77b514652e4cd43f9fe735dbb5d672

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
515KB

MD5
cf206b7c86f96b5267a9c798dff74555

SHA1
d835cd0bb46704c083fc8d706feb605ef43de653

SHA256
ced85c6b438eb0cc2d8c24f73822ce0bcce4d70602195602159b37424952ad50

SHA512
962489390ddd41c569b8d104b2f8d4790be8dc89e39e6696e19ee5da1a1dbd8ae1611035a3d0f881bc2cf1be1f778d875d9a83d88d1f97174dd623ff9fc40488

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
135KB

MD5
b570a22320c04d6979fe233ba7db221b

SHA1
f142b9a584a4264f8b26d6f55acad4eafb7c8a3f

SHA256
d580fa81448a2313983355d3a93e14325cb1db7cffc85b5f2fe46c8588c2a4c4

SHA512
d570d893eb6c1f72ad7b6f2c6d17f53aa77786df0728e6476a44a88fb1bc7002bcb883c404f525c6b53c0a03a0ceb5ede1a2f5047a604bbdae07eabbae969140

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
193KB

MD5
30aab5fe06b3c0267fdcfccd1ea6c389

SHA1
73aa86b52fe921217b2951bf6e46fb4935963478

SHA256
0a9944296f8e38e20a455f5d755dbe1b3c28bb391f0ba700188f7500c2d5d095

SHA512
e8738b1b9b8a6fb0bcea1c28d6fb07e6f63e337aa1aea5c1708e7ce3172b4f720b8e461d1f24bac9bbd0388d01709a497d6eb3a7c1110b055688e82f62227f3f

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
6443e0a2f037c34d391c0b18cb824638

SHA1
59010d136139ba0222b85edce947bb4552d50533

SHA256
5d343950626d2538ca0a0a45153ac11348e8dea25e3d477d86dac1c5994049f8

SHA512
64031c7c200bffabda617870f333f01832b49ffab5a6dc6c8513fc7aa387882e2e00d9f2296876962b529e2ac29777ef5be1ee510b00eda8dd101d62e3c505c9

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
28KB

MD5
932c615e92a2d5d7c7ee0d3b6568d3ee

SHA1
593c0f5af2409c68c8c9b7e0644fcb05c6dea55a

SHA256
681e265d255078bff580e498e7a3e617b342a61c5649090f070b353cbaf27f61

SHA512
b1022175a056458cb12ee946c5c7b787d456cf1bbd14f11ffb02e8f54e62098141a194eaf19e781742e5d611ab4b63d36b4c93f92083af0bb628c5ecdff407bf

Download Submit
C:\WINDOWS\setupact.log

Filesize
28KB

MD5
356e97c8bfc3b3c0d751f2df6d883eb1

SHA1
927fc868879804e3fcf5a11d1b70f9dadad0daa0

SHA256
ecf72fdbe7ceec1936c721fe01f879c99f1e5caafb6e41421402d38a5e04dd4d

SHA512
e2236b8618fa6a8bb5b1d8012416b35c1b3a06dd8ad839d49a84534608c360cfbcea901ecc1542c7b5c8d342d3583d939b978a0f5ec87eaeb1d73b24634f3342

Download Submit
C:\WINDOWS\setuperr.log

Filesize
27KB

MD5
a4fbfa50d457a9d810e089390fd382df

SHA1
be614363804379ceee439c6b7a2b124e652f112c

SHA256
b78e0678e939c741ee46b98c8aa1a0fcb118de8cb0f9b8677061e00b2b89e820

SHA512
ad183889f295be4d1044c885481eda0206f9daf22b8e632a2e7810e021fbbb00efc4048cd5a35c88c42164f18e8712082674f0ada00aad60d70f417837bcfe72

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
416a470e2441c027ca9a85ab13726829

SHA1
5a0e46498bdcfe45551fcee4f77c7a8dcc868b50

SHA256
f0bd1a6a2f3fee3976bc781774b9f5c9a9f5421f3a138af7b9b95bc2d369ba87

SHA512
e65801daa310087ac1728394042aecdd422c56a7de1e39ac0848b5bfde96306cb91776618daee791abbea8d5cf084018f8fb1adcc416b0aab692378b36b994c6

Download Submit
C:\Windows\SysWOW64\mfc100cht.dll

Filesize
173KB

MD5
f035da82f72b1c069dd1a13a70a37347

SHA1
0c74be7044d934a6ab65ca0351fcd1fcbe4c0db6

SHA256
46afd5e1c75c2f9a0f998185b6e6664c181e4518fb8c4fd1332626f18ba57718

SHA512
42a28096a92cc2154819da04ab87336e37ab3210b8ffca29b780a4690c07bd71421a5185e31f99440cfc13f671dc6386bc46834e97c6d60c58c30eab2737ee50

Download Submit
C:\exc.exe

Filesize
715KB

MD5
d4a85a6f2df3ea73f0ae722d1fa1eefc

SHA1
0a74c29758fc965c2e7d1e6c567c44db55072ac7

SHA256
ab07ba411d72fdc46c1b8059d3655bd6e0dd1780d3765fe3f69d49d1ee3eb298

SHA512
11db2df536de169ed6b9096be026a09e440de3a6d63c88e9c91061cbdf1ac533b0b22b1d846aed9d22a543e54335a5f1f93a3122dd45cb5bcc04cfb9b00cc20a

Download Submit
memory/380-575-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-714-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-278-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-276-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-304-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-50-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-1039-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-54-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/380-221-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-275-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-12-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-55-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-1033-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-1522-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-643-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4860-279-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download