d411b6148483122066529f38f3f74cbb05e2666ec242f4eb3bd19306688a7297

Analysis

max time kernel
170s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c7011bb973bae5d2ebd570d56f26b96.exe
Size

306KB
MD5

2c7011bb973bae5d2ebd570d56f26b96
SHA1

56ffd6b31faf92f40214dd916c2811df39a35be2
SHA256

d411b6148483122066529f38f3f74cbb05e2666ec242f4eb3bd19306688a7297
SHA512

5770bb26f73d8c814575dec90bc006bc7f56c8c622af4858594d1a3f4d8e2e43c93332afe484259cbc18ca229f2565506b0e2fe6ab0983a7292179c203798aef
SSDEEP

1536:txft5exf2xft5exft5exf2xft5exf2xft5exf2xft5exfD1Z:v15q615q15q615q615q615q3

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	2c7011bb973bae5d2ebd570d56f26b96.exe

Executes dropped EXE 1 IoCs

pid	Process
2532	exc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4972-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0007000000023204-5.dat	upx
behavioral2/memory/4972-9-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/2532-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0001000000009e5f-17.dat	upx
behavioral2/files/0x000300000001d8ba-21.dat	upx
behavioral2/files/0x000300000001621e-25.dat	upx
behavioral2/files/0x000100000001dac6-31.dat	upx
behavioral2/files/0x000100000001dac5-29.dat	upx
behavioral2/files/0x000100000000aee7-27.dat	upx
behavioral2/files/0x00050000000006c3-33.dat	upx
behavioral2/files/0x0001000000009e64-35.dat	upx
behavioral2/files/0x000300000001db6b-39.dat	upx
behavioral2/files/0x0001000000009e67-37.dat	upx
behavioral2/files/0x000300000001e608-41.dat	upx
behavioral2/files/0x000800000001db43-45.dat	upx
behavioral2/files/0x000300000001e8d8-47.dat	upx
behavioral2/files/0x000100000000c0bb-50.dat	upx
behavioral2/memory/4972-53-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000600000001e08c-55.dat	upx
behavioral2/files/0x000400000001e60a-59.dat	upx
behavioral2/files/0x000300000001e611-76.dat	upx
behavioral2/files/0x000300000001e60d-67.dat	upx
behavioral2/files/0x000300000001e60b-62.dat	upx
behavioral2/files/0x000300000001e613-83.dat	upx
behavioral2/files/0x000300000001e614-87.dat	upx
behavioral2/files/0x000300000001e612-79.dat	upx
behavioral2/files/0x000900000001e599-91.dat	upx
behavioral2/files/0x000600000001e59c-97.dat	upx
behavioral2/files/0x000800000001e59b-94.dat	upx
behavioral2/files/0x000500000001e5a0-108.dat	upx
behavioral2/files/0x000500000001e59f-106.dat	upx
behavioral2/files/0x000500000001e59e-102.dat	upx
behavioral2/files/0x000500000001e5b3-121.dat	upx
behavioral2/files/0x000800000001e5a5-119.dat	upx
behavioral2/files/0x000500000001e5a2-117.dat	upx
behavioral2/files/0x000500000001e5b4-124.dat	upx
behavioral2/files/0x000300000001e89b-160.dat	upx
behavioral2/files/0x000300000001e8e5-164.dat	upx
behavioral2/files/0x000300000001e8ed-188.dat	upx
behavioral2/files/0x000300000001e89c-212.dat	upx
behavioral2/files/0x000300000001e89d-215.dat	upx
behavioral2/files/0x000600000001e5da-208.dat	upx
behavioral2/files/0x000500000001e5b5-205.dat	upx
behavioral2/files/0x000300000001e616-203.dat	upx
behavioral2/files/0x000300000001e615-200.dat	upx
behavioral2/files/0x000300000001e8f0-197.dat	upx
behavioral2/files/0x000300000001e8ee-191.dat	upx
behavioral2/files/0x000300000001e8ec-185.dat	upx
behavioral2/files/0x000300000001e8eb-182.dat	upx
behavioral2/files/0x000300000001e8e9-176.dat	upx
behavioral2/files/0x000300000001e8e8-172.dat	upx
behavioral2/files/0x000300000001e8e7-169.dat	upx
behavioral2/files/0x000300000001e8ea-179.dat	upx
behavioral2/files/0x000300000001e8e6-167.dat	upx
behavioral2/files/0x000300000001e89a-158.dat	upx
behavioral2/files/0x000500000001e899-156.dat	upx
behavioral2/files/0x000800000001e86e-154.dat	upx
behavioral2/files/0x000800000001e86d-151.dat	upx
behavioral2/files/0x000900000001e86c-149.dat	upx
behavioral2/files/0x000600000001e86b-147.dat	upx
behavioral2/files/0x000700000001e868-143.dat	upx
behavioral2/files/0x000800000001e867-141.dat	upx
behavioral2/files/0x000800000001e866-139.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wlanapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\kbdgeoer.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\KBDINBE1.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDNO.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\FlightSettings.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\whoami.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\fdWSD.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\odbccu32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\usbceip.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\mssign32.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\spfileq.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\unimdm.tsp	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\wwapi.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\xmlprovi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\f3ahvoas.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\gptext.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDUSX.DLL	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc140.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\msdadiag.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\netevent.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\accessibilitycpl.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\dialclient.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\mfvdsp.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\msacm32.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\ntlanman.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\SimAuth.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\bootcfg.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\DevicePairingFolder.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDIT142.DLL	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\MsraLegacy.tlb	exc.exe
File created	C:\WINDOWS\SysWOW64\odbccu32.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\oledlg.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\shwebsvc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\SortWindows62.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cscript.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDNE.DLL	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\mfsensorgroup.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\msvcr120.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\dssec.dat	exc.exe
File created	C:\WINDOWS\SysWOW64\dtsh.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\INETRES.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\dsreg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDFO.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDMLT48.DLL	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\SubRange.uce	exc.exe
File created	C:\WINDOWS\SysWOW64\offreg.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\playlistfolder.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\calc.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\inseng.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msscript.ocx	exc.exe
File created	C:\WINDOWS\SysWOW64\rdpendp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\UIAnimation.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.Phone.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WpcWebFilter.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\imageres.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\mfperfhelper.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\SysWOW64\ncrypt.dll	exc.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\WINDOWS\bfsvc.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\sysmon.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\win.ini	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\winhlp32.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\PFRO.log	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\twain_32.dll	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\HelpPane.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\mib.bin	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\Professional.xml	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\splwow64.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\explorer.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\hh.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\setupact.log	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\system.ini	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\notepad.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	2c7011bb973bae5d2ebd570d56f26b96.exe
File created	C:\WINDOWS\write.exe	2c7011bb973bae5d2ebd570d56f26b96.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	2c7011bb973bae5d2ebd570d56f26b96.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
1496	msedge.exe
1496	msedge.exe
1084	msedge.exe
1084	msedge.exe
468	identity_helper.exe
468	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 2532	4972	2c7011bb973bae5d2ebd570d56f26b96.exe	91
PID 4972 wrote to memory of 2532	4972	2c7011bb973bae5d2ebd570d56f26b96.exe	91
PID 4972 wrote to memory of 2532	4972	2c7011bb973bae5d2ebd570d56f26b96.exe	91
PID 4972 wrote to memory of 4232	4972	2c7011bb973bae5d2ebd570d56f26b96.exe	104
PID 4972 wrote to memory of 4232	4972	2c7011bb973bae5d2ebd570d56f26b96.exe	104
PID 4232 wrote to memory of 64	4232	msedge.exe	105
PID 4232 wrote to memory of 64	4232	msedge.exe	105
PID 2532 wrote to memory of 1496	2532	exc.exe	106
PID 2532 wrote to memory of 1496	2532	exc.exe	106
PID 1496 wrote to memory of 4384	1496	msedge.exe	107
PID 1496 wrote to memory of 4384	1496	msedge.exe	107
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 4544	1496	msedge.exe	110
PID 1496 wrote to memory of 3256	1496	msedge.exe	109
PID 1496 wrote to memory of 3256	1496	msedge.exe	109
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108
PID 1496 wrote to memory of 1760	1496	msedge.exe	108

C:\Users\Admin\AppData\Local\Temp\2c7011bb973bae5d2ebd570d56f26b96.exe
"C:\Users\Admin\AppData\Local\Temp\2c7011bb973bae5d2ebd570d56f26b96.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4972
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe070d46f8,0x7ffe070d4708,0x7ffe070d4718
      4⤵
      PID:4384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8
      4⤵
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:4544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:3560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
      4⤵
      PID:3612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
      4⤵
      PID:5564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
      4⤵
      PID:5656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3320 /prefetch:8
      4⤵
      PID:6124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
      4⤵
      PID:1200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
      4⤵
      PID:5272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
      4⤵
      PID:5268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
      4⤵
      PID:5892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      PID:5880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=208 /prefetch:1
      4⤵
      PID:5336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
      4⤵
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1684 /prefetch:1
      4⤵
      PID:3608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
      4⤵
      PID:5496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12647449908581245249,14428994708205295585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
      4⤵
      PID:1060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe070d46f8,0x7ffe070d4708,0x7ffe070d4718
      4⤵
      PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe070d46f8,0x7ffe070d4708,0x7ffe070d4718
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,11556784380096022913,14655832500647022207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe070d46f8,0x7ffe070d4708,0x7ffe070d4718
    3⤵
    PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x300
1⤵
PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
3b9f855f46b869a25fc58718bc265a0c

SHA1
de56432817c5389bdd22809a70e1745813ca6a71

SHA256
e1a7227f54d4ba4a6e0e015a691c3279e9938176288802ddfffac1b557d1839b

SHA512
e3a66fbd415949f2e871e2253746c7893c2defcd3d0e65dbfa5925ace1cf6e8ef7e998ba3a3270f7618b1da7629da4b3d554ae0da0182a9845a1d39816107eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9c56124216996f828a380a6923317905

SHA1
c6b86ecd32f61ec432b1002f3f2159099692ab19

SHA256
a4a74e15c90ea5c0d083761b9b0f32505da7167f5ec882bd55bd5fcfe8cb8b82

SHA512
ea33dc7aef674e29b6ec6ad9883e7d099d94e713089e9aca984bb7fef8f2291c151bd09b0008251bfa76b409d908752865dcb2ddb8f5ea6c78b7d163182a27a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd6e57eea06ee9c9ac7b827381c7e12d

SHA1
5fe00cfdbdd87a75e35f270816c971eba3f5593b

SHA256
b38db920f1f42a8eac2129be046afec7520874ae7cec12b572526acb39e77e86

SHA512
83df77eb722cff3cc14c66356c2579512885e3b69aa3aff635c15a2c37eabf59a3c63e6d65077abf3a529b224fd05cb9e818bf75e5982b95f14ceb742b9a10f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a97bc5532cd1058ceb7b3220e1bfc0a

SHA1
0f51e1f9c74a0bda11b39484f2d92d582c1da2ae

SHA256
50d0714d03afafc5c42a7d8db4cde5387309efdb699e137e7cd9911e060a2917

SHA512
594615f5d7b4aa637b6fa8d0ddeac2c52fe9911de1c08e42de4486f6c17f781543a52eea193f6cc9cb5cb7738a952a570a250c334743771c6679df8d76c02b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ad1c85b453e4774f8fd66f2e37e926f

SHA1
f45a6a8210742aee3f17bf16b974666d7185cb45

SHA256
c9cfa75ec8413f4d62a668216b619de4591249287be9e94361948fe312ce3750

SHA512
fee285920d648cc5f4d26ed16d54061a89f5fed1ef943711348af3c33ad720a659de82853831ba4c640c63ee3af087a56ac9e6da858822891a5047403ccaab2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a994c0dfe7af9f07475a28f8636813e6

SHA1
936f31a6ba1053fc5c2cba5c0fbf9bb9f353e32c

SHA256
bbc225c067e386eb4e64f946777412c3e825d2992e5adaede3942a4b1b1d52f0

SHA512
56118c2155fbb988d69af0b52d608ff240d94b683c1e5fa43081ecbb0f99237870d638b2e6a1ce35a552811be19e1504fd92116b080f6d5d913b5f97c36b9777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e33ddb420bf9b10631f6ca9150e61908

SHA1
e3ec32e266e118b787eed67a3ef496f4a23b4730

SHA256
a138b90daa064a504bd9eee2159f69849b4633560c1b614ef7d57304f9e25a61

SHA512
ff10965c03c8bb842faf10939f05011476c0ca074fdefb05099fc86d53431ae7653a52d81875276d0acd55a87a6a20011a3dec5612d7c752df5482e47086f44d

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
e94198ced61d0a22f0606e3194b5cb3e

SHA1
58e7afd55f40269e99e0c49bc131133d263e30c0

SHA256
9e73207166c6c9b2386eaa950a28e5273db2a7cc55a3e7e806ed2ffed192b2da

SHA512
7ba2393daeef5d13188280e3cd62c117acfda6e928b3a82203cd3e443d3b1edc793c1fd675c8a1758b9b7a6abe134fd34ff74e245931202475da962e603e49f3

Download Submit
C:\WINDOWS\PFRO.log

Filesize
56KB

MD5
bdeb91907d191827c452d5b8766777ea

SHA1
1fafd0d20413cffb5d364fc61f8a0cb9253859d5

SHA256
82937e506a355c8b226969dd3484fc59097f1170457befbb5a75ec21272332d1

SHA512
83e1791efedc654862fb21a57db7d42da38231de5e9a1474931a28460e33887cf055aae879ec04f850b173cf829189b7e7ba79d810effe55a5539ba1bb5f4870

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
335b400cbc8ca7913342653c4c4c8c15

SHA1
fe49a5140bd04b029738c04b25ce547179f59267

SHA256
4b2d347a99c149ed0b8e8559fe6e79da9e57eceaa19b2393dfc74208b6229856

SHA512
948dff4072ca9d428e88bed735326a10c1035bfc5de41fcfa7fecbb23b242750f9b15f5b1996e43e32b113de3f6e07daaa5df1f4434b2f5f6d3c72c54081d79a

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
aa2984bec126e28cd3e00d71f75538d7

SHA1
fc8a1cb51bfb2a6af3e88797cc2ea1b1e8debae3

SHA256
87dceb1a9eec6f38448ff45986b6f495c15c1fa0415bfb9a75579d23a9e0412f

SHA512
17be46707c192076f2f64386ca81baf200e8884a1a4e7a0e2b11335f951fc58112360d8620da072e4c15d6f64245fd77e42380e164f27a7c4d4097401c4c5f41

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
215KB

MD5
e58d05bd07427be2b6ae053081eab505

SHA1
6a3e4b92f79c6e4a638580db633749c432148e20

SHA256
a667b6ded9077f34247042f5648acb81c93dd4f34a4fbf9a78e98cdd1018c823

SHA512
4fdaa3c5c5864df1712cade23ada2d1919fd08cada4d3fd8e3b0e8e6c84a0761ba0dae5b1640c05e56b3e0ce69ec63263782e7c79ac9900ff2cfcf06a0ebc343

Download Submit
C:\WINDOWS\SysWOW64\concrt140.dll

Filesize
269KB

MD5
0de02bdcdb30e4eb0c971873c70ee0bf

SHA1
095cc3b8e5be4bbdcdb4321a49bcba44cb5104f3

SHA256
ee15c348855faf96ee07fbcc3ef82c12469c440fc35e502efc7ab44396cc02f6

SHA512
6d3ee2d300088c3316bb52ccd7fd219f5fb5f48b424d4af83747b8615e3ece31c564237905abf60f236c670164c1bb364c923553778b4901b8508a5c5a858c40

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
a5db9aa4fa3eb59aea6794cbab6e89f0

SHA1
61039c75fda5988d68bbe5511e1e0a90f4172cc3

SHA256
fa49fe3ae02d2cc839e3095523353252f5313cd2829948e2fe33a019fde7aeef

SHA512
883fb1dc2a60c4f6ea630349c8636f594b20f295d8abf04edc8a7aa47fbd19a5ee10f621f2933cc4269b95fec5b84678e60561dbc0a3eb6634501a1dd888e2bd

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
28KB

MD5
5c3a59525f95909acb6d153475068e29

SHA1
faf30d9f7c2411cafb8f3a25a10d43498af165b0

SHA256
972b6ca19bf527b6a7b2836d3118d961d9d3a3bacb1c741039ad4732a195c3da

SHA512
6666967870e11d5e8573bbe6b02536df0e906e0c2022c90b7ddda6980cb5f7df80d181d049908e533cf1649bb4f979e4be0f84b323edf4ead580f6179c7e771d

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
62KB

MD5
35d72e6120e7c18d79bd4a978166e40d

SHA1
dbc05bcd3139fed301d91e58d4987e3470ffc911

SHA256
edcf4328ea83b989e6c2741331e6b662826f98fd439d9e497f8931b193427790

SHA512
2c97fb86dca9e6258004ae8a33e420d804984ab705d84f96d0eba10eae68c179de2b80109930546e062a1c8f0b7fcff34e231b251ecc686e9dc5b67f728789f4

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
62KB

MD5
65d475a683c6413d247deb0f36b8ac3a

SHA1
8d6f4be680f5c54b97d60ec0ca77a65bf4c2a656

SHA256
8535b5db1eae82af92e7617c716b5db6a34be82db54a45e76ac1e4ee737a746b

SHA512
6de7466ad1f86c9f52bb3df0c902edd9bef7ac9b5c155f2270c0621e05bbaf81aa77e2721a52b65ef1310fb644487e88cc919b1a06652dee7dc98478fe6c5552

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
81KB

MD5
35e426293239c157bcc76aea813deb86

SHA1
36efd5645e1e49cea9a3dadcb8d941fb9894c2ee

SHA256
49261cd634eb012ffe20138e9a88b35e96359297672198639cb23f120d641007

SHA512
ca04159984783c4b09883e280a94108ecccee4875c00f499ab80296a13a85314ec436e053d4c9bc9a7dd0631d6724307cc61e3261c68b673f03deb87aac8ce58

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
70KB

MD5
696ca1ca7db74952a6fa617042a92843

SHA1
f45057365254b20f9d33ec6b234097aafe0c5b70

SHA256
c479ac76e65279801b65bf995fba8baaf78451bec528cfbf305f238ad63b4bc3

SHA512
d250f3143630f2795a69a0794b1b5bbe205923981f5e607963a4546dc6c8ee49975dbb29e496c6475a1eeabb1cbb44b707edad6f9367e331bbc38595d8672a9c

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
69KB

MD5
b3b8f57abbc72ae99ab50eab5f5e0e2a

SHA1
bba5df93653362750cb73878179df00a3f2b2193

SHA256
9e772d42c962f731c721aa1b40ca483c7bbdda78517b06fc2a12c20f208f1f56

SHA512
70ddaa25c53e3f9894583471c6bf33dac17e3b46ee749ac8511ba3225609ce83e78721670095dfe09009b5f91b7832cae4f149cf4d8aca3dc74039a4d6bd487b

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
86KB

MD5
0b5cce1d8901299525c00ed5ecc76d09

SHA1
25d949579c3facb6e63b0c6ae177729b9151f577

SHA256
4228069fe03e1e3dc300a665f7532a308cb2e6dd6398ae5aa96f5598116d083d

SHA512
0dc9f6973527ce15ed180c33a45c5e65a6f8a4d6d13de2cbdbf05dd4b2f2d127c3a0d334513821df3635789a2f750bc4020f8c27d722d6f8f15d9acd2e4dbdd8

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
1.1MB

MD5
69aa715cb35d0145316ee19d4de94639

SHA1
4e852d9c9f4b4cecef8c8da2c790cafc68f0b317

SHA256
cbe2da93e9aa0e609725c91a23b9ddbf8c080651014249084db15ee4904bc3a2

SHA512
8bace03be56c72abda62cbad3d3b4c5e30415ed195c422a2679cc25af4eb71174646e3320c853a6867c4c2eefc85f8c4d07df23e6973f41b29c8d0d7f06eaf99

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
608KB

MD5
5a774fee86e967def3ec6d4f902c9145

SHA1
a2fc5e40b070f3099311bf036bf805eeb07512d3

SHA256
e0669f6121a50f4e74b99a003e502c116eaee6fede2eb41367020d4644b4163e

SHA512
3a6e4c42df42b95ac707b65894f50f0cfa262f9fe08f9e2d92488508a6757b5858ec2e23cbed13dee60cf573812a69ea105118c22d81f807f75b1b726912a2c1

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
83ae23348f33f76334ac6674103fb391

SHA1
45ff4d128af3f4aea2efd75f5fce8a700514b0a5

SHA256
47168cce039f84ce3e8f101935d93cc26ecd98841aa9668192121bef1b58d334

SHA512
9612301c131673bb064b1e287a06d146bbd00d6918e580f003d494f154fc0a81f91b389ac01089fd5c8b23027bed9272551e7abdc6cc44ad66f6f4dabf56b637

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
72KB

MD5
6bbc03bfcdcf2a744613e1f2816406cb

SHA1
aed7b8325108b1828f6520aab4b2a2cdb4b38d44

SHA256
247968cd357550cba671cc695c466ec7aa6d4cbdc35d0af7d378d9942e9d5b56

SHA512
eca044f4bc21e39140ee406a11cff4d43d8149452043359d6de23e418f37a3295a916fedbf8d9d7cb93e0cde08f37f251b8f6b50f33125ef4674ed4261de102f

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
df150b36c8cf2e2de554c8ed591870be

SHA1
599b88a4ca2aac4de04ca9512f463da7405f8a1a

SHA256
579da40c90515e2a01d4d1caf4659b7550bbc2de34a56b7661f22bc5b5437601

SHA512
e9a227888d6e1f0c2a40b60357424809c1e54e11c65e38872efb7e88a54fcc0a99d276012e5bbd5535fff2f7a9645e7483e328d0c13124951a10a4f9c6bb9751

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
127KB

MD5
54bdc6a5c1b7f5a2998b464fdec8d6e9

SHA1
8adcc3eeba6f2563fa0561e05bbcea14299cbb25

SHA256
42610d3fa443daf9592af33882e7566c15de4d22460a99afa2d63ffac19146f0

SHA512
847e4655046ba6c9df27bf3359b7f248de934588f416da74f14704e4b759d7c20862a5d8f5e0f74199e7173103503ddfee86afb3325a140cc65f58074da7a5f3

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
0c43469b02443fa4965a4674bacbff37

SHA1
537bf2d9be0056f62e5372c79f3c83dd75474301

SHA256
3faed403aa33da8bacbb28fc2efa59972ddf129c37d166e38c930ac87f11ab2a

SHA512
a6a959fc9b977654155aafed2c5365f6d85aa4fd6b1dbb2a9520d467a4e4261edcf39101dcdc7445ee77170bda25fd22a599c21a00dde0b64d0a49352e3baba6

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
98KB

MD5
30c81aa00483eacf3de87abfece0a57d

SHA1
685ee8f93ca32aef2eb9bcb40262e86a697bd123

SHA256
e757da56889f0fa967e1dd01ba97d98cb28eba6445b67f04db608680e904e2d9

SHA512
a87fb34bf6c0241b3d24ba5fa112bfdf7e5eee88d52dd38620d384d02e0ff2011a28f9694846a267f3e10633bcca34796cd7cb77cb3263991856f18abe1f7b32

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
feb65fb858319dcc5cd13e7cf109d9a6

SHA1
af2223205fc0e4f5571724fd7677bb3b26797e6a

SHA256
93f64327e858f02a044090df69519a7c69a90cbbb7e3ae719ae49453e00f85c0

SHA512
b063bf09e50cf5db36cbd16e710df2437ba7af3f891db394cd5eef63dc6d7b609635b028a5428f47986acc01413f0897849c044545f45aa476979cc5f43f89ef

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
035327bc8a3471aa89ce18ee46cd709c

SHA1
41245495974189911ab53bf0732cfd3a8831504d

SHA256
3a43bd99a84c44671f115a3b8bd7e5a987d567a87b3679220c21665b3fd321c7

SHA512
2861845dd3759cfea3f66331a812d7b2c03a392d3f1e093548cfcc84e9b80212723eda34e1f96b42af3183fe84a12f31730703ab6a6196d6682a503e6588ac67

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
9fb604fb471e8a82c2c0bb845012a352

SHA1
388cd73956a51bfa3444f1ef8eec6040114200dc

SHA256
ca41db8521e0c17f82225871c711d3f44ccaa994b85567e86b9a9048ad007f62

SHA512
13f7f7d6b27df90a9701e3a147889f8f38606d76f0bec12af22bc72847514858bf336633bbbde61a87ce088ba3b3baa4a72fc33e13207c48b1e8a513de17b020

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
313KB

MD5
b35e5f8c38a14f2f902716955d04c17f

SHA1
b66398f001fb153d8b9984aa7404095266ac8ea4

SHA256
e3d0b95ce609bc619faf35cbdd87c8a524d4ece4d7006782debecf272ef028f7

SHA512
ab6ca9fe7d21d861fff25c27a7113d291a98fa610232a8ab02f0fceb98f8709917546810658d94e2bf53255518e5b8f3352241257c54b3ef113307bc31887dd3

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
1.2MB

MD5
e90227f7cf821316126fc350b96c16b1

SHA1
e0d97152b534fb13ea40418f2b7efbd24851cd80

SHA256
19447cd5edbda0647e56fb9f6a8b9ac1b1e29935121e9ca6c24fadf4c9991f25

SHA512
9f0d1a1df751f30d2b5e0d7642ac0827bbc5df5467178ccefc2525922fadbf6b3c404b1066e423d032c3707579e35b88eaa044304a3ca4b898adbe6af9fc0ffb

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
962f09b92602e20f1ee78bbca1f9af7b

SHA1
82623d633867bc85b8941982ff55b53a5e75405c

SHA256
49d743349b6475fe78dd44ca09a843fc474ec0e15108f9d6d1e9f200f5a11514

SHA512
76cc533eea1ff3dd87596d69369609e373d688f4e14dab289e323160be6a3dcd5b3f3676480d0a7227b594f521a4a9c08ad52a62ce691e151f45677472d370ec

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
097f36f9aaa6571319053f55496d4255

SHA1
018946992e6eae48a5f025b85383f8e98f8f5c3d

SHA256
27408e3c9c265b5c3e7e90856b4f553c3f75dd3f9c7987b6b60df32d11a98ec5

SHA512
68c9d074ebea7427169eea0aa287022f9b7a68a1a3b7ea1cbcd113e19b8d5d43716349b07443750650f5d7dfc8bd1c71e598d64023ddafc643a617440a4fc76b

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
07b568f7ccc39c319783a25499962581

SHA1
39b7701d6661ce983e122916359f743e9727a2a1

SHA256
f32ee9f0c839c9c3d93e6f4efbfbca340d1a36be8f468c1356cb830509c7c3c4

SHA512
6646bdc0c5a0b3862d9bac79a29331020134938a3e515d8b75bd3a672de39401f0fc50005a8334badf97e3aa283045ac8c3af9d6d8cae05b0bec68b417602c7e

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
567a1f132881c03b8db5d643991b3351

SHA1
21c1ceba51b628d82cb00bf474e268c0ffd5b191

SHA256
103b898559edc8be47bb13405672ccf640c66c211c50a8ff318a41fb3db830f1

SHA512
b7f3cea6f41dbf1cf210cb703e97b3f4a6890810a2df14469a5b057b322773f4cb0896f6c2757192f27b4567250ebc8674f9fcb5867c3bb5f072df0cf47d541e

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
49391a05bfcf9122dbbd53f496ea69ac

SHA1
b71fe95ab9e6c6cb9d058682d053ad3f28ca4a07

SHA256
1558082813690de6b959f303d00282712987909425cdd8185db82e03c4d8b091

SHA512
d112da41bcbd17b2d3caa8b3198eb7c052926ffc47a5805cde9682fe9af149bf5f35f7589ee1138564104129064a7b953acae615b3a3d098e1903f4ecaec3978

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
75dbd8b1c8b609a9474eff6dbb26bc9b

SHA1
434c38e84b53007cb397119f14e4a9bb752d0fbb

SHA256
526a5c292c076c3c7cc3598bda4f9b6818c00ae2265b699f287a67b5cbed62c7

SHA512
48cfb1bcb12c00725a53a1a84a6b842ed71550c411a6c0e90b805ac5af8ab2997c1e16020d4f18f59ee3efe3a78ddcc39a47d51d162e143e6134ea098b960f97

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
21ce32433750178920860a8692e7b10c

SHA1
40a7517fbed6508a534fc3060932be61ee5cfbfa

SHA256
06ddb14353fd25685ceee0344f8b98075d9842067811cb4df7b903a9b0cbc5ea

SHA512
a82de961932eeca7c73e4932729dd529910f78075599ccf2217dd7a3a100ea58eeb56aaaa2e064477179efc4f2e7d5f8ab601a4e2efa285aafcac2688132c730

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
ffac3a360099d108420344b01b4b9dcb

SHA1
785dae757c340c09912fdbde2b506b747738795b

SHA256
d8a79be178f03908cf13c6035adc2c9532531f1b0cbb69527d5cc751d1c3f237

SHA512
1680dafb92f02dd62e74372f97f91ac690903d39e894f7157d7e6861d9d18be9d7055ca4c975fba01913942af466282fba5a379ce3b0091a6ee5ac1b8686336c

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
6242fcc638c301db43c1258f7351206e

SHA1
36e3e981d73c58c6745e23320853e3341543bebd

SHA256
33bfd41e27ba952a87bea5676e03b2b0b0054ae4d8cb226bdfe74281f70197aa

SHA512
e1be11f604454a9d6b4e31b3f5bcc2be3382d4a090f006d800ad7cc5203ad5a25afff68a7591263efdd4d5b858c2115f03cf6cf07a935ab5667f70273dae436d

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
6e76eddbd5c87bd661de156abbe98d50

SHA1
383d2ab99dd47bc65a58adbe640051f9bd2ee79b

SHA256
04f88643bac0e2b37dbfa54826f06c07909d8ca3e8c6b0ad8fe0036e760391ce

SHA512
076ae7567d69addc79522472a65642bec9e00c1c325176e03b55e39002d46e876090fba6b6ea296bdc066dd34e351bc62e712236a9fb196bc3ba8c7796cd1561

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
307KB

MD5
703361030ebb152c1cbc207908c64cdc

SHA1
296961198a8e9d5a6102a1c4922f7d47a2b8a213

SHA256
003050411d6eba03296ade47c66923cb7aa9a18c67803ce0e088f4f213504068

SHA512
b9e2c92663c26eac69b6a0ad1acfdcb30abb00cc700d2f0c132c61b9d8e96df749cf916bb156766c5eb03fa10d5420788de0cd0ae442404ee15373a62f000a1e

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
427KB

MD5
ee31eb97014b3b0c306ee50642337dc5

SHA1
6ba3dd36fbcbecf6d2f35ad844336183ba10b8b9

SHA256
de696edea11d24dd3e1e5ab84beed492bdf9afb079aefb59f3c084377d040087

SHA512
35388a39522371900ad7e72cd0cd09f68b8e48599e53981f089e3fe7370d3473331218e0bdfdcaf342531053f4d7b408b6d258824a4be4ab645ce10bb1fca379

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
471832ace78391999305844bc2faa87f

SHA1
f433a29dfad5cac79cd7ad7b1cd67b1d2fa3128b

SHA256
20125c30486c78f263e47a3fd86245fc9cfe71e9383bed7e836429dc66328264

SHA512
df8763e2a366113086cdfed66742daa1ae914945611e032e5bf91ee80584619d1a2a04d34d3fed34375b7fecec6e02f86a710bc4c8209d2094cde8ce52c81408

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
66KB

MD5
15278b19bd200c8f8cfeb6ee3afdddec

SHA1
5ccbbef307f4936a990e4bf7d6721fba8111b3d3

SHA256
3a89b21b00642012802bb377c59f046a5a84e5a4d2d30668585d05dc7509e68e

SHA512
00b5f30280702b9810546bf6cbae18070f6bf64e31a4f1d9dbadf365f1df962174689ac07e768cb3260b4ffca744896a27d06dcc55c01218857f2c484b580459

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
94KB

MD5
900fce2dc340cb273c4d14d28cd8617b

SHA1
2ee934d2ef9ea95e1566c1480aac7346646530a8

SHA256
799d1dc6da078c0eca7f2e460a38d8d3c91f0c996d24d51f4c59cfa080db59f9

SHA512
b68fdb288f2fbe3a5af77064c945e9261df690aa34d4a67647f107dfaf82a78347aade224eda1097a5a600c6b5daeacda9dfbf9385b6eb1aa6ba623041dc7c0d

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
85KB

MD5
a83b9fcb968741f95f7a0ec2e15530a2

SHA1
191a80d631ea5cecd1f76966b61bec1b18e94d51

SHA256
b861282ef3eb598ab6ef9ebfd99274831b277f99b3915d8ecff4cca6af00038e

SHA512
eea8e1b504f811eb441c7a10ca3f299b2bd0b3f90434e437396cda5190a171fd9566cd3a46c126adef72863ee7403430044662407978c0451f64a2404d0b9a5f

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
93KB

MD5
0a48888b50beb7cbfa5bcd0b724ce78a

SHA1
25484a6741e7044a3ad366e2bc11872969a26d87

SHA256
8a844ebcac1eaab1d9e9f22139599733a24921ecd40f0761e45a2cdec45f11ad

SHA512
096d262a4d3237f94f3fd04d304c5286ce4201cfed0d0901725eb7208c51081762d23ac05d4961f864626b417b77daa0e4b248884bea9a73fd0a96c5e2d8a744

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
94KB

MD5
5a152d488c85b8f8909000d296fde4eb

SHA1
b3f5a161a51816b96f8296f4a79b76780cc15ebd

SHA256
3a44cfc6be2cb27283aadb0a20462c5a3cdaa0095f6a36c302802169b981ea07

SHA512
f86934b8edff2f5aa61cf997f36f0d4021de221ad25a13e43faa8f36d88f4055124945f6ffb3a7bd98f295f2c432c24751b7b66e493ae0bf56fb5c05f748a698

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
92KB

MD5
602ed259c43e4efe5e7679dbaf5ab09e

SHA1
5d76d1644e8a50cfac716557ae3394915263dc32

SHA256
9a86672b1ddd75473532a83b04788c93a5699b396f1c3a545c9afe41efaff05c

SHA512
124d83c799949ac1ad78c5ce80ee905566bf71d9bd6c06e2bb25deb80de18dec1e1d83ce6098268d87caba9928ae0ec063d0a0007293fcb486f94bed2add49f9

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
74KB

MD5
d3f640196a51d632220c66c181ee0607

SHA1
1cc7fb912cc4bcc8f33aeb95846a9132af15195e

SHA256
f88fc1d0f21b69d8b4803d64a59158406e57321d5b9346d82a6af8e615055d54

SHA512
33992453c0dbbaa4f8aca9ba06aa719625313e753aad554a90a409ff108f97f980948e4d2c4c7b1ebe651f8e29e8e07c1ed1f124a75fc4bc350ea169f7142d27

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
73KB

MD5
9a4fc9e0b9a2e7fd41f9559a177186c9

SHA1
5f8e822bdeca5dfc098e96ba54f967a3b8bc3001

SHA256
5aef520988cabe0e47ada92999800ea32ed94662bfdffcf84f319153c7a87bc4

SHA512
2ab57ac189a929edaab34fb28c3da94e114c87c0cc8e625b238889edf895c7ed58daecdf4a6f4be7f175b1ed9beb29a413d25036f77c87feca499d61f8b7d7cb

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
145KB

MD5
6bce782a31f46f5f20e8f26bb500d642

SHA1
9d441e44aa0e9d78963a01966008663b8246c7fa

SHA256
16b4e50358739ea866f32b3ba8d3cd12388dab9ba2ef4f440fc240f06f878a12

SHA512
f8b13eb9f58eb263cc4e9a0465cdc57e314ade7e1aed48bc937419c2e6662220dec83b080814bbda8baa33740ff27b6338de4fea185e3b93990e59f78693a7eb

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
107KB

MD5
07ed90352c4981a655bf8d0c592768ba

SHA1
eb1a276158446db3e57435b226384e27af0a614f

SHA256
2dac15be55525d766d96a03bd95b4da41fe91727d284508d0b8cc982df1528e6

SHA512
ce4e57f3252e62a0bd90b7e6ac6fbad08657d5046e4a326bc6a382bb3fba9bd39a492f6a330d2d01d53854dd14ea674c247d9f7f4cbd4718cd885caaa1430900

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
107KB

MD5
20700ecd771777472524b74fff9c8f15

SHA1
fb549d74c09ffe63fca80f25a8e58da2c100f1d6

SHA256
109c4fc264b918b0025512fd5a7a1072e5d5fdb07c0945ea4a276159e16297e5

SHA512
3caa2e9f797042fd469d9be116840918f0a93794cadd09f9a63075054bb306dfa3314b03d4d0bb24164f0c5daddfcb287edb9e1f4b9d2732b16b684a69c1bdfe

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
108KB

MD5
cb8866d9c84713386e596b60459b5c81

SHA1
5838a9d52921dfc436ebce0f9cda2f93f7ce3665

SHA256
0525c48853a86be1081501dbacfeb10336151e7ac373ac0b6fa9827d04c5d24e

SHA512
c846adc54856fbbe311361714cc94a23a2a2b9bdd528363f807af36e07e713c265f4982bc02324eba41b6997b3545414208a2f2bd396db7fa484f7132a768c76

Download Submit
C:\WINDOWS\SysWOW64\mfcm110u.dll

Filesize
108KB

MD5
ac50fac462f93038a0a7d29775c5ec55

SHA1
436bff14b4f123d58a61cb6c3aa30edf6cba14b4

SHA256
2f94922313420bf376b6886e5923a34b57f724bd936315468fe4ab44aac0e2b5

SHA512
b23b20674d584d41cc1fa0d81c11e7e7c730e58840cac11cecd46f580df74792bad440d5badf9e1a48d305863a6f24357d090668ccf6afb01592d64f218370dd

Download Submit
C:\WINDOWS\SysWOW64\mfcm120.dll

Filesize
108KB

MD5
29bebbd89904d6555a5f2fc264ed1bd3

SHA1
b7095785883906063fcbd0f80727ddd0aa68adcf

SHA256
9dcb2a9571a8b9377bfc515da948f9249d10d028c66257b06ad1ac3d422f6604

SHA512
3e8450d6f9e2732a06cb4b3f01368ba1e9e00902808060c66cd2e15038edfd257609a911243c81810c8751e16bca5d5d511733a10981e577ea269ca6ff606720

Download Submit
C:\WINDOWS\SysWOW64\mfcm120u.dll

Filesize
108KB

MD5
a657874110bd6a29de01b8c786f55c36

SHA1
005967d85cdd47c4e943df8946ca0fa2d19e1615

SHA256
8dc2fe3ece00b7cd06ebd038ee57086cf5b7e28c4facb191527aa61a9b1cc7f5

SHA512
4cedc88d64286672f7b6f73aa656a6c02a38f7ff6848e5e2c063cdece8b637448b9b7cc0dbd8057783a40102a8804c75b49e59003b3594297c9c02e6505cf5d9

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
221KB

MD5
5c5c9941e3d7f858056a5dc5261ebbda

SHA1
fd903c54b09510d0eab6b53f092716410488edff

SHA256
00ea2f0b611bd91f52f5bbfc819348d7cbc6258e188e41bc5dc7d0779bb55d0b

SHA512
0a325d2762ad0aef40246043c0f53c8847a376772db10ed212d3d1cd8fbb7f665bccb26a115f1b3a6245cb47c41cee01075ddba14405888e7bcc3c16a4054fc3

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
689e235db2fa9cd4018063ef8c5b31a0

SHA1
c62e756635c0f6d6010e6b94459d134ef62f0562

SHA256
f57cee73e34fa9a94b7eeea6275b57785bbafbf8b989e03ed2c6fc97f4b73976

SHA512
553d12a7da57a2261b24240ca661f23cdaa472b12a74d37984e83b859d16a390884a018b10af37a0389e0097de63bbd0bf601d96da74526f9db7422e5d8dbb7a

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
fdbb8d75451234cf1f88352c1f91d88e

SHA1
ddad0d90b5cc887a99ad09584fcaeeef438159e6

SHA256
0e6bef3ee596c88876b13abb2ecac9a5eccc44cc9ff6bd1e2009126b2cfb5afc

SHA512
e1559acf9b67ec88449ec24c93498e977e9d7a96ffe91e954668ce8a875c4705e8544e64a02b432a98939b669ce9cf3d94842ab2e7f22dab80d00fb1d7c97fbe

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
95bafd20e511e9946b073ffc6195bfa3

SHA1
45baf736858e4cbecc8720c2b5b41b38c0393bf7

SHA256
5db114b46f151c1eae086aac1e594c0296bde8a1fa5f7e4de26bee58071d8dcf

SHA512
fdcd919a87485ed06699d3898504f5f6c4b3a6b2e9cd1dc8aa3ea0a4d1004363b4070826c5a33af5f6dfcf0f53b9d877b4e3afb28e5e1c09dbd07bf20eb9f6c7

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
681f99fa3b1cadf7aefdfbf5be793367

SHA1
b2469013b0b5ab8065efd606173cafcdbee65776

SHA256
d49b2f1dcc8a83d24123b5b4ea919522d1d257a563a442ef140e8c31b8b279d7

SHA512
b9edfcceff8921496358382fbc3c2e2b5464eb11df3ceab0d9b7df3eb56992294abe91b8c3cfbce57ed6a856fb2d373cf5029a6bcabfd1f22cef74daf109fe4b

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
de09a2a2900d9045df93c5355490e6e1

SHA1
44720b34006617ba390225fc3692517aa406e41d

SHA256
d492acfbde1488d33dbbc10ac4dea6eb258c05a5c8b5fca33db226bbe281a7d7

SHA512
6124e7ff60a6d88b7befec5177d38fe54beaa0d54015a3d6747091d6f62c7543023384948bdf826b133259ab4dadc990c40f6139d997ce88cbef29e12f037905

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
5121c6eb20a08e49b8149ae2677f9584

SHA1
ea5adfe5e4d23821cda21ac381e372bb00936d03

SHA256
ce47ff49adce5a67e7b36cb1ccf5f09fd2e530341ea61f58fcc5d86fad5d4964

SHA512
f922bf8e6f9116c502d96197d760cc99bcbee03fd4da5bd8c1a0936eec20eea354174c26df9fea36b4fae1f544fa5f181539c6b23e1b9930258ae700bbc09502

Download Submit
C:\exc.exe

Filesize
278KB

MD5
35b315996eca1f20a3c2b9c37e6b3132

SHA1
f6428dd2431f0f0b77b38457895617a2cafe467f

SHA256
0dd8103bd2d587f237559a903ad899e4a691b0c13559b9b211ee09f6b8cc6fb7

SHA512
5af762a06ee5e81ae35cd9e48150af778265e0f26959c11d0de6c0123678bf083934266b00a42e22abbb133008ad2cbf65c8bdbb9026f458fc773fbf80ce67b6

Download Submit
memory/2532-257-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-261-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-579-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-293-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-988-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-259-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-1039-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-1333-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-474-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-255-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2532-247-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-248-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-473-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-578-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-292-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-53-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-824-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-260-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-1031-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-258-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-256-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4972-1550-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download