c4e4389cc4bc8d6c7e4802b2851403c6b060103eb06dedab9264a01dd097d72e

Analysis

max time kernel
130s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a5ce1c00ea7f7cee70af54ac39acc80.exe
Size

278KB
MD5

5a5ce1c00ea7f7cee70af54ac39acc80
SHA1

665060a5f2b3b72103ba7cacd377ee7bb33078c1
SHA256

c4e4389cc4bc8d6c7e4802b2851403c6b060103eb06dedab9264a01dd097d72e
SHA512

87528169a7266c857d1dbe9c873accfbea05deb0e9057fa8c18f727936f0cab1fe072fd820b9f2fad6667e1753c9a4b5e4674cb29d30956644de2b43266207e5
SSDEEP

3072:MEsmiEsmiEsmiEsmiEsmiEsmiEsmiEsmiEsmiEsmK:MZ/Z/Z/Z/Z/Z/Z/Z/Z/Z7

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	5a5ce1c00ea7f7cee70af54ac39acc80.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	5a5ce1c00ea7f7cee70af54ac39acc80.exe

Executes dropped EXE 1 IoCs

pid	Process
1376	exc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\WinSATAPI.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\activeds.tlb	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\KBDHU.DLL	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\TapiSysprep.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\hbaapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\RTMediaFrame.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MrmDeploy.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\regsvr32.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\sxsstore.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\dbgeng.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dpnet.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\KBDINHIN.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\prnfldr.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\CredentialUIBroker.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\MFCaptureEngine.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\oledlg.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc100cht.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\ndfetw.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\oleacc.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\shsetup.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\txfw32.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\AppVSentinel.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dswave.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\DWrite.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\xwizards.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\Windows.Media.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wmvdspa.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PlayToManager.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\pstorec.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\rtmcodecs.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WfHC.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\InputInjectionBroker.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\joinutil.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDAZEL.DLL	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\wksprtPS.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\aadauthhelper.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\KBDKOR.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\winsku.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\PrintPlatformConfig.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\systeminfo.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\tcpmonui.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\APHostClient.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\cryptbase.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\KBDSORST.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\ninput.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\sbeio.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\SystemUWPLauncher.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\upnpcont.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\wusa.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\Dism.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\kernel.appcore.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc120kor.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\html.iec	exc.exe
File created	C:\WINDOWS\SysWOW64\RdpSaPs.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\XpsPrint.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\NapiNSP.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\shrpubw.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\srmshell.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\SysWOW64\AppManagementConfiguration.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cabapi.dll	exc.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\WINDOWS\hh.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\system.ini	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\bfsvc.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\explorer.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\winhlp32.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\splwow64.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\write.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\PFRO.log	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\mib.bin	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\notepad.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\twain_32.dll	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\HelpPane.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\setupact.log	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\sysmon.exe	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\win.ini	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File created	C:\WINDOWS\WMSysPr9.prx	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\lsasetup.log	5a5ce1c00ea7f7cee70af54ac39acc80.exe
File opened for modification	C:\WINDOWS\Professional.xml	5a5ce1c00ea7f7cee70af54ac39acc80.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
2256	msedge.exe
2256	msedge.exe
4540	msedge.exe
4540	msedge.exe
6000	identity_helper.exe
6000	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1376	2312	5a5ce1c00ea7f7cee70af54ac39acc80.exe	90
PID 2312 wrote to memory of 1376	2312	5a5ce1c00ea7f7cee70af54ac39acc80.exe	90
PID 2312 wrote to memory of 1376	2312	5a5ce1c00ea7f7cee70af54ac39acc80.exe	90
PID 2312 wrote to memory of 4540	2312	5a5ce1c00ea7f7cee70af54ac39acc80.exe	105
PID 2312 wrote to memory of 4540	2312	5a5ce1c00ea7f7cee70af54ac39acc80.exe	105
PID 1376 wrote to memory of 4380	1376	exc.exe	104
PID 1376 wrote to memory of 4380	1376	exc.exe	104
PID 4380 wrote to memory of 868	4380	msedge.exe	106
PID 4380 wrote to memory of 868	4380	msedge.exe	106
PID 4540 wrote to memory of 4904	4540	msedge.exe	107
PID 4540 wrote to memory of 4904	4540	msedge.exe	107
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 4332	4540	msedge.exe	112
PID 4540 wrote to memory of 3484	4540	msedge.exe	108
PID 4540 wrote to memory of 3484	4540	msedge.exe	108
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110
PID 4380 wrote to memory of 880	4380	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\5a5ce1c00ea7f7cee70af54ac39acc80.exe
"C:\Users\Admin\AppData\Local\Temp\5a5ce1c00ea7f7cee70af54ac39acc80.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2312
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9dc2946f8,0x7ff9dc294708,0x7ff9dc294718
      4⤵
      PID:868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1886568014207204707,4820337965843236717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1886568014207204707,4820337965843236717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dc2946f8,0x7ff9dc294708,0x7ff9dc294718
    3⤵
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:5804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:5908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5388 /prefetch:8
    3⤵
    PID:4688
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6000
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
    3⤵
    PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
    3⤵
    PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
    3⤵
    PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
    3⤵
    PID:5516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
    3⤵
    PID:5720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
    3⤵
    PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
    3⤵
    PID:5876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11654817326417800229,15292174335142222971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:6064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x320
1⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dc2946f8,0x7ff9dc294708,0x7ff9dc294718
1⤵
PID:6124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9dc2946f8,0x7ff9dc294708,0x7ff9dc294718
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2b1b5e53253a10641aeaa90e67d68bc3

SHA1
c55ee8fb4c990c434243f1b263b2b5ae15db0f2e

SHA256
ffe20b64e9f4b2592613609d69f15d32afde56e0f86d29b23f3fa9af123f688a

SHA512
1ca7c9549001cfc212980916aa9f1199090feb824eae9505747329a5186611f49f1730f1fe3b126d8593887e4e43e4e2b9f51d93ed6ad32f56c224980ad78ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
9587b2a98cb291057345d64bbb1d5530

SHA1
02ee7ee5900bc2db0ecdbc4df065ff45d7e86942

SHA256
1c4e0448fe709aed67215b88fa103c5cb0ad113f3e789afbd88eb394a0cb4500

SHA512
df6402c315a6d4eae72a2f2c87130d410b43b18e0c477c8eaddbaa570430a909bba26b32d71acd01865026ae1b3d0413460118c3fe2fc07a3893b6b457c8c8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
69b7f3acfcd5047e25e28e9b7e53985e

SHA1
91e728ab19ea034102a3fc08097bb17423e2346e

SHA256
9c25a1eda28027de87f9c39e5f3444d0771b1f2d337d25d1e192e203075a3d75

SHA512
326d3772ff090219d66bbba3cf1b82de5f2e9b83db4208676b42eecec6272e91a44f3976ad51615088fd369317e4f2345b6c429f48c5ac96d0251fa602442748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7bf62025f66922c4409b191c6b73d695

SHA1
ae2bf47bfcfb5e8727035fb53ae9db1dfae2dc96

SHA256
e6c1bb608f3ff010345b7df31b7d7c70a0603bad3e8df6547622a20ce58dc5e4

SHA512
ae9275bdcf141f7bd9e02ee25f1103b91004dbe8f9247b640ecdc7a979905a884bd82f85d6c45ed79c870760c50581475c26e09b001538669e165404163cc2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
367f19157bb10e03bb901c0f1dec5896

SHA1
9d2aec54efa9982e77f44c951d70217af1747144

SHA256
72e3c53cfe744e3e7a21b714df11322bab3cb2a5f07c8fa2532c41710f58080c

SHA512
76350421263245b983485adc7e3915b15eb9500bda52aa173546604e670516bd820852536359ad2bf21ae0185999e2e6433ea7a6d0a15ca2cc1073451e33e39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5949a13c2349365d91f7116161097b4

SHA1
f94bac05d1ff1e78da59db7c6f3fd5e0df700368

SHA256
3badbdae684a3279b2de6f28b9aec435f1a769e573bd4aebb9a526ba51b338d7

SHA512
4d1fd74e99eba4143671589156a6463d4119bcae88899a18d7c69cc570f8af2cc4d4efefca0d702bcbb17af860b5a78527717376712095fa169ab8cb6684a935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
97eec3545088e1c0d380f086fb83bf4a

SHA1
0e2de888d43000121bf8988db67fe0d5f28b51c0

SHA256
8b5db799f20b4d4e40d173e8ce8f42f8858096b06ae9971a910b601e05826350

SHA512
a311279536335d341062e200629e5cb30c1fcfa9bcc6bf92944dd5eba2d9289b6632c9bd0c4be9454b7c966d057f89ca0f9e9f98516c2bed1637a22c4340d3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b14d8ec42db749443a9ab15e8d38c686

SHA1
5ec6a08d625f53716fb26e0b4b90b8c851cae184

SHA256
5ae90b1f24e39a6c3d43c2b980132856813a2a3abc15aa8934713364787582c0

SHA512
33c630d7b7a1ecd9f654ad8240823315c0894ac8036031e55d148ec0d6e695ecfceb351172fe4b5b17f497340278be49bdeb24ea3dab5b2cfaa3b1e0a8c6d731

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
19615b475797f7aa9780e4eeab3054c3

SHA1
384060850b631b5a9e73941bd686bc63c6ac0f21

SHA256
8cfe5365108f5dcba8bcba24c9ba53e868a036c55a67a18f246adf1fa4fbc985

SHA512
a35721e5db79a37414af4f648c7def03b0b4d970fe0004b037eaab5bf1bdf4788259bf7aa8b13493eaa2a6de3eb7835c403b8d4927f26d0783beb198ec8ec84b

Download Submit
C:\WINDOWS\PFRO.log

Filesize
56KB

MD5
a1034afe93b8b32f29d5c6188ac9f455

SHA1
292cfcafc60f02482ba8584f13c71d502e3d3ef9

SHA256
55b6333a67ca97a5edc1270f31035978685a35d738b1f3eddc77e0e3530e9a81

SHA512
53890a9317dff06aa9f07f11fc68784619b080e21b828e4f142d454c784da51624994bea5bdf59de19ada284962e47b2fb5f2e98fecb985145986f8cb53a4366

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
0ba256fc60d59b28af4500489487b856

SHA1
25f0c0c008775892aa9ff7141d29ec118db7557c

SHA256
a5b87098b88c67ff2e78613f6b5c2d6c3f32fe8aeeabe0fe537eb5180a9cf9ae

SHA512
6630de453caa2f9d247a695f9baa3045bdacdfabdd0d583d7ee8387c6c632674ff91def1b46fe824806f473aacd50aa0f6773cfe1712b4003bb39d32f42dcdc3

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
4972d50feb55b38a2ebac2cf1c9fc613

SHA1
91ad686c7831e48de3211b2a462829e6b2b6436a

SHA256
b6cdafb93ab9d5146c08d0138b2732e1d233d17ea6eced5b1f4e8d61f7e8b718

SHA512
1e10f7e34312fee2a073cb4ae5d0bf71a498f640b5b45f572b91efa5f6d9b365e55f56561947d1d7ec74323a454914c82122eba57425bc0c898c98ae4247b58a

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
fe01d08a91197d242dcebb65bec2d4e6

SHA1
2d797b1ecfb22acf2a97b71f0b5fb37fd8c6fc82

SHA256
710cc4d56a0bf25efb25fe5e3a939fbb8074d5008faefd439b63e17d0e1c66f0

SHA512
16d96e3a53fbe0b6e66470dc4270c96ae61aad97e6f95538fc208761aa19ddd40ce865517008f7613e6efe2bb02e3c4052c86357bf98b7392b4624692d5ce78f

Download Submit
C:\WINDOWS\SysWOW64\concrt140.dll

Filesize
269KB

MD5
646f716865b03ed16b32e5d77f2732bb

SHA1
fc1e9d2f316c80a94673e342cc8e8d69aa7ca701

SHA256
173585f625959d3c9f915ce42e8fe1419d45b6eb81901af564dfbf45a3c7b3da

SHA512
f6c1097732ec95f6d84e49c7d39d29e35204d1d6aa0ec8427d5fc37e486002b43d9316b3277d9bfe150bc4f0fc0dd31d4b82f34fb7cf34742124cddf04167640

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
755KB

MD5
75849c1e9155a5e9418c9fc00ee8635a

SHA1
5c2e7348a5470161708aeb1711c86876dd26d5a3

SHA256
8790e26ddfa31f3370ebe1d8c91034411331840e321a8e71b2d8c0cb9f9436ed

SHA512
4e2ffac180eb5113b89769ba6d6e32b3b599086acc0af836526236314f787aff7401e0fc613e91e98279f13f3c4191ba51f8b03db978a183d91492ceb5a105c5

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
28KB

MD5
68e909e044fbdf918679b0d881a6d85d

SHA1
9283e4148a8c0c33b6da66099fdfd9a97a889405

SHA256
7324d2f075634a9109262351ebffb704709f405bf46f2be22bfd3087efa05db9

SHA512
7daefa718a4bf6d462f1a2ba7e3bafef92651c50dddc1e5a508a4a34444374b6a10679e4fd8762588c512dacddeb69b68155936ca11b035e585769004e81a2ee

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
35KB

MD5
8e72098ca0d8a604897ab4d87dad1175

SHA1
2ba3fc746be3e7880f2fbb5152ec12f16c1ddf08

SHA256
77242c6832706c2cd17ec1930ac6a8ff47a86ccabdcfdb403dd5791b3e75c9e1

SHA512
953dda9596c377d7bc7f8f26049818266aeac03b758300b11b7833727f0471d173418eaf1d11d224def3adb62c178e1f051a1040adfa4c068c0f8e10afef001b

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
13KB

MD5
d067de9142f661e11e7729add1764bb5

SHA1
4aa71e2273cebd18d3a3a09431181d24f083d492

SHA256
2996f91b61622cc50ce68ca0593dd42efd61ce942d31506d6efe7478012b3c45

SHA512
15874a24642d3e35d9f4442a9bea157efd7068e103e368f538cfca3006fa2dc793354ccb07e5d51784a3398ef71e8b85d57b8f187a510b25989a004e3676e217

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
33KB

MD5
294214662a33daaa25b74a112634ca17

SHA1
7b19788acc5f3e72ab375b064dc39d3d931643e0

SHA256
131aae621f8b2b439140efbcd7c44523bb826589c319ff6cdad47db6b5dacb09

SHA512
31e6c46a3ceacd03bd5f2294acaa32b8861e30b93fa327319889a967f09a94b4f9c4fa3cd730416b910139277da83cb5c862354bb1e354cf4b0323dfc10af377

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
18KB

MD5
8e70579b971dd65058fd48bc082f0be3

SHA1
b0160a2ef0ab68b8907e769fc719af62456b5291

SHA256
bea915888e4f26f34a16ab3bacbca1c9d226c8089d503176dec39afec6d20719

SHA512
002f159880750c7c4509b5da00f0856f9c71473db6b49136743a3e03de56d62636f8da6495b79cd18b023aa1ad7487e7967aacf6f60513ed32d5beb0a670358f

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
27KB

MD5
4801c67bb60040595b21f41be3d9bcb7

SHA1
5d249ff4c31568d0ee3c10d00dea209bdb38c984

SHA256
87971f1d163c5a2b697fb22b2a9248bd175458859e3880f44ea581cf01e3395c

SHA512
e9aa95b8f45f309838cbf1c78ba284b0fb6cf9cdda48e18e0112acc4e566c3524c0312af842932d861438d80ccc51c46222f935ca98e0e584857d261af9ed59a

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
33KB

MD5
92746f17c870d81f456f8262713668fd

SHA1
f3413911de7fa80f3d28d2703b38c73d23cd16ed

SHA256
cf3de7a6d2d095fd18e076cf82431649dff4afb0f08fda5456a6ea8da1aa8d8b

SHA512
ecd4f9a8a722b5ef745dac672e57ecf38e3f6db047cfdd8f8830ec96d5ad351ac4bf256a9cb602eec409757c70bcc7d9dbac5f31a065d72563b6571ee69a35f2

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
58KB

MD5
44f7453ec1f3c6b50da80789ead334a7

SHA1
d4b75358779722e65d7c10c658074c0a87fd83e7

SHA256
0275df22f73f76260f17fb0004f93cb7f447543a5e9b05571df988ef175a5b78

SHA512
eace0d2fb000a34712e319731280f8cd3243834194798f126c28c5b4f09af1cc3ac603839f67994df2b0a25126ea5f9b5e0a31aaafe1048cd1f22255cc85f281

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
816KB

MD5
8ab8c3452d128596d72d5ffa4f198caf

SHA1
ad73fe470ba9fed262495e3bd0f3681a0725e7eb

SHA256
38efcefc9247de7fa24ed048845b6d5c736acc1de0d046008d10493e4ede1c81

SHA512
7556d69b9aae8ccaf8f48591d71fdcf350684e68b6bcefbe8b7b2d106c15dfe89bbf04c0b3f00df5efb140582d483115fd4e8f99f8f3061028886262cadf6689

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
8e19a6af5a2b46f0256b5a966e10cd7d

SHA1
31b470d4e9fb90e8609f865a5880cf58f4610363

SHA256
ad3dd617c9c5a43ade9268088c1bc3fadab75d6d7ec35e962d558ddd46d1943c

SHA512
da5c3ed9496216d1bceab2fa61373b835ca584d24737c9566f1c2bfdbb88e51b4c60f04cdcb8f03b72c7febaec49c87429ad19b0d00b1f37081a77169b14544f

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
72KB

MD5
ae55b750e25a5d6f9e411f7e28548a9e

SHA1
0ba3396bc9fc322b1621d6e27ab3cd2edd4b5539

SHA256
244a889c60f2c95fe0155efaa244b62e2ecd9ea636ac84f7b3fcd88533a14592

SHA512
64122c16f4f145417443cf38a288f55a99d0be05f338ee3ab34e7132c475737428d67ce8fbcfa31cc62e0f76b6d4ab7637fb04e1e435589c346220b2c1dc8f0c

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
11KB

MD5
d1299dc78c068968b725599839786868

SHA1
8ad22331906dbb676d4d92f7c881737a079edc2b

SHA256
9459fe81973ada69c7c87a4014269a1237624b9a2ff63a01d60bc56875c1a5d2

SHA512
8b46985fd4965379638ba378513f0d571efeb2c6bb8d96367794bb2e9e330683758539e4c3caba93a577ee88a1de63a735066f1bca1e974337711b1765f3432a

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
1KB

MD5
9374fd4cac3ca78dc3f43ffbd0b7495d

SHA1
9ee06f22d2195e14b6f9c9a9c76d7417a295f465

SHA256
cb6d68747e9a2553325090aa548e2f7edd94ebdceb164fe45cc80ae2eb7ddf3b

SHA512
c53ead72efeff733810eefb5ecf508563129513fe68ca07388f3c3e9a2a8a67b0fed6d5822197129c274f3cceec4a25ca79cc9956bd263f97d9d19aaa304de12

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
57KB

MD5
3220dde986fc737285c7324755e14e15

SHA1
d577deb302deceeedecd3b6d441c3ee383e47275

SHA256
e6c4f6318f74f132a9200e598d434ad1c7d7d88c5085cff28142f11c1a5f6205

SHA512
36638a437e09d13f9cca9bda73a058712f51666c9a0303df8f4db51f505abb24de6c5b0912279f0c4c62e28076450d67c0214993f5943b09b44796bf89f6f86c

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
12KB

MD5
66dfa46d45cf25bd43452e63de800cda

SHA1
df72ab387dcd4640adc6a88d5570d9f1ab1a6b07

SHA256
47e6eda5c39b09ac0771bacf7c079bd674e877a471f1ab7b7bc18eba17dd180f

SHA512
9078ef16bfffe6076d2fb0413d1c7b36df61874fd052e5b53e2b44e29c71ef9b345c1e0a4e09aad9e3a7babb3e906ad6949be3aa4a7df73d7715eeb6b95460fc

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
100KB

MD5
af5be299f88aac66dd5c3bb3622da6b5

SHA1
c4bb4bd865f11f7280be0a828f41857b686d0a6e

SHA256
5d4446fb12024169b8f1ec5e3c15f5c727200c009d967675679b8ed64b1944f9

SHA512
9cc6e6cce415b8d542ff8d41fbe9778a3619dd9333a7c5e848fdb33631a51fd3368a569fc329e61b691f93e403dc541f3521ef61fb39435cd5e0f6d065de0da4

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
98KB

MD5
1c045860b71151c9e199ed95eb4c5316

SHA1
e75ea9efe46fb21ab90085ff36abebb84cf779e7

SHA256
a3a05a775bf504fa076bd5f118e157e5167365a11923d9326bcb1503ed7febe9

SHA512
c1af47c59cad28372557cd18922151bcdfc17850def9f10da8af9c7c81f812bb9b35f8e56761b3b92e8fab93c7f7a75f03e22e87e50dc67a58dcaf131706fa77

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
18KB

MD5
4d841f16f62d7164f9150a18702b19ef

SHA1
605f5e5dcb266588d4cfbd396c1980903ce23a3f

SHA256
f5700e15898ee0458a58b5ce405f62061515858241e6e7d0d8e6d9c8dc07f822

SHA512
b52528722f3ddb04e7d2dc657c8cd961bb03793ca4ac8efc72a2b851a17f91262b38bf1ff610993a35529126f645581309bf62447e3196a0fe180438179330ef

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
19KB

MD5
3e7511247f1d1a78e80347a1ef129c88

SHA1
22e14d25fcb828ac69445fb9e2eeba5ac2972538

SHA256
b32135b6885a18c14b6e60885ab4dbd39859579e0e2190b631a5ee5035c71e73

SHA512
2f1655703e95ea21d4c13c35d9d75a346e8d53e4022d57bee902c2da1802fe2dc4e4b7af67a537251f0a9d51bba9adfe5f8b92ccf87f1cf773414bd8755a4470

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
96KB

MD5
808210ec52c9a990d4cfab9c3ab27c2f

SHA1
0bf4b14eb34d0de49a19e48877bea19a2441ad13

SHA256
945c37b39bdf75b59cd044498c22ce64c7b70fd4e29b44379a08f5d170138cb4

SHA512
a5b3e7cb12fc55b6b3e0c27eab2668aa82877b53d9fded5c67cdc221f286b3bce23d1658eff14a9197e63a6409b5953513d9d1abdeac422d35d8c41a78e468c8

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
841KB

MD5
6520907f43bc6a1876f23d29d1914d25

SHA1
4e5b0544565adc3182913d3bcb414c786befc2b7

SHA256
521b899dfc2a98eb6f7731bf0d9412d7c65d59a9f378293df5312b1e437294ee

SHA512
eb23cd4aa4ec794fcbdd08473137ce19c7637cbfd0936d1bf72414cddddced975179f5977138ca826bb1b13f67241bcc1e83c0aefc4d939e27cce967a60f80e9

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
614KB

MD5
d523225ed2a6e093fb7ea9955a891ec5

SHA1
a43c86584d9ae59ec5b31b78b8889b406e71ab6d

SHA256
8a4557299410e89950b26456f6e87aebe12fe23f423678e534105f6b9293cd28

SHA512
6b40d1855b6f2194f52e0d3afda5deca9f62f18fbe54545f499bc5183024d6e30016b5b8086017fa4a96e0c83ea82c07579f77f3846d04eb331d541fcc19360d

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
72KB

MD5
bc99ed98a9a88cf16dd18209ac832e81

SHA1
cb21bb6c61f56c8f28427e18dc0cf98f048994b6

SHA256
b74b563c985734524285a11725fca24d5ed4a40c0e9a1c4609092a0b3bfc29b1

SHA512
78a103904e083dc83f1c7eced7ea7610c30944ac66993b0f2f9a1dc8e4730f0f355ea5b1e2a5e326fc09101e25de5451b5910f308bce3629b6f82a6cb3bf75ae

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
100KB

MD5
dd40273ff7e46bdcffbf1927c3aea67f

SHA1
0fdf8f349b48a2aee61dc2c13c83e834403cdc21

SHA256
5fca88fb6fb40ca4cdba8b28f971fbb5a28dfd21ee77ea5bc741631393599ef6

SHA512
f5fc0b8079642aa302643b3ae534fcb540460552aa3851b3388a2b7527ca9add95f821e71e09a35187dfe946dac9d73ce53d5a9aaa0f4971a4d165fa116eb93b

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
99KB

MD5
fcd5c28b92c8ab2b32b795d06f07f6a0

SHA1
521c1f9b126bcf04e4f7d4fe3dc416d99c5b975a

SHA256
a529ffecc235db9e1d5bd94127ca9277d4fd585135276ea17bb5408aa06b71f5

SHA512
e44d07149a03bbeb5284fffa2bcc01b8443b6ad3754a387aec4ea501dd10b36b6b0608deb27ac86f564595b50bbcd8132b97a0f23f59cd597bb2fc9ae987265e

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
100KB

MD5
65aadd2f47a5d3c96b0bb642c346a848

SHA1
dfd0e100c2cb42130baa58bfd6f879f2a54c7442

SHA256
ce09dd44dd0b64f0138eea997f18f664e2631a72829e6ff2ca9bb9ef2c2c287e

SHA512
45f5ef44c367fa1284e687903685acbb735e878036513a15a445c7d928645de7bcdb4067f992fc0fa2af6e478cf4e0e2360e9cd1404f30bd4e40dbd673d12055

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
98KB

MD5
7c3618188b01162d4165c62b757fc5c1

SHA1
c55b6cf131844cbd0aa5a69c9b4723f81068c8cf

SHA256
6ae5d3f39c6d40755011b205c6e1bf972185ea63d18945e47e9698e0df919e05

SHA512
23fbcd2bcc2df18af0c57e9ba3dea284ff1775f7a9a511087af6104194c7ae08e1824e15d12f92e95ec08a7691c3ba84c81df7ec2de4a968658bb993ec424d81

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
11KB

MD5
e3fb4dd20e5ff0e73b5078a8b7bd2b09

SHA1
65294e5b97373578a583ef9ff284f2dc285d6a0b

SHA256
63a5e9f7aac0c73f86e476cca5303abb834a8378f8bcadeaeda4e6dfbed9b2d1

SHA512
685e86eff69bf69116b6ff2d75096e49456914b0e077c213f29a094d82adf8100bf0e019b058550f133a9fc3244b00ca502affaa8f928f6b029dc6ef777da492

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
79KB

MD5
af6aacdfa14a28633ba78c6cd4514718

SHA1
d35d38fe0a895e43164fcfd084edecf75c51e736

SHA256
4de0c7410e4abdfa753ad9dd42e15be41481b4609a678d7cb53b32ab36538120

SHA512
94e5abca6b2c6dde0837c8d3a427229cd14d9c18c2c8a7a54502fd0870e2893e35d14f1b3139d46b9141267faf97ea825052a8f41ba419937f8079817641fef1

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
96KB

MD5
b1e0d92dc5a13195275993d7103ebff7

SHA1
bd814e6b864651f1d2a823ff2365c70c15639f51

SHA256
188e815befaabf999f6294a5b035e98a9c7c89dfa9fc9482fc3deabb5b984f3b

SHA512
56a9c17ea74b0d3fa4c64966a4ebbb4b1ab7329cd20cdf27c6f28fe2a04db6ddabeec9835f2ccbf1c476a1ebed744dbcbf9bb52fd6b43fe6c9b6edb148c59d61

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
506KB

MD5
0e38a260f2c769a0bee7d2039360e7ec

SHA1
33908a861dbe9fa5c3406e09bbbd02e52b532f79

SHA256
5154b74b75f6386878bfcdb5a4cec20a1f49976b71e8929d6339d571d3b7edbc

SHA512
fc1b80eadb87caa503625bb87a2f91a262975cdab6d7cd836a223c607b444aa85d1c6ce9548e0fec8672565f82a882024ea731b9c28f7be351f35bcbb7f85674

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
461KB

MD5
b37af22808e7267df09b6a41e724978b

SHA1
70aeebc3f1e5fb088aca49728a204a312145536a

SHA256
85e271fc69a018e0bed02c0601d24d693113406bd064f9fb67700a2e6e1d8984

SHA512
e47dad9cc78e86a370e6484414c289b7685bd83140faec5a0143ef2887b653f7e2492f2a7e55d75716ab9948d4e9048c2ef8baa5ac97e9d8dac0ad74452fa6b8

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
a521af4febdb2b4c3303e173380fc109

SHA1
17b594983e21d83ede02b424842ed011ec256830

SHA256
7d5622c70835afa742708cc24b2a5afcb1cd5f8f8b9a63c247f19e478721556b

SHA512
e4f003a35329d3cbb2ae09f697bfad9104235f652e17359d7951f8d94fb0a2964b0fa8657dac6780cf3d99cd66c1798d1b91b83fd2a93620505cb5726cbe5399

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
db2d999b3f0ab54128880bfaeb5d07f7

SHA1
69fa4cad906e9e594205a7686a00687b4c4e655d

SHA256
0d141877e0494fe62e4ad0605b7067eb1718dc9386146788d1151d55198207f5

SHA512
0a8d1ef7734fbab4cfcd85e6d509cebbf3433321a91a7048529dbed8ed7d98390f5f06baa2b11713022cd4b9775dc77e488adf565394c32011129cb988f0ce93

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
94KB

MD5
937cd58a67296b5530089edae8e44596

SHA1
c564171b5c23df9de5b46a845af0412037fa9dde

SHA256
80b7f085ececfe10dab74b900023bfce909a82ca9aac09d49ae4dba4d84ec09b

SHA512
71fa664a0b379d740ca85405dba6cb7c4537f282e025b3b90bfc862f995a6cd1bf217cdf9c5d7f83e5e645e074a9eac84632f32fb79172204ea4b340c1e907d5

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
85KB

MD5
effd63cb5d00e50ff12bfaa02e133475

SHA1
1e4eef8e4fa8864e98bd46ee722c01f0f386b9c2

SHA256
7010c6f172d1a1e0f53e93b643141203ab580bd5e42d4ba703bcc37588a100e2

SHA512
022c0ed4de09e3118eb3b19210bc739c04a39c92702e75841798bfb565f434c70269c95ae36f6b43aa1ed9ba8f914ad24624507f8a5b3fb95ad99324893db9ed

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
93KB

MD5
2c669836a323cb5d8b4d55698fc471b1

SHA1
5807051e290da3195251d23dc453f3abc3d71e53

SHA256
93fc7ee1fb48b71cbc5a02d2f0959bd1422fb7e16f6efb1f3c9d290c7506b313

SHA512
a008c56b7b5813313cf6104b18d5963dca90fc2a5f39f1ddedef87fcf78145617a03e1bb89672219507178711231f741aa8358cf8f34343d4bbc3530c10483e1

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
94KB

MD5
f777cfb732af7db1bb070912a10158fa

SHA1
4c37db92abd4ad4b9c82234df859a729ea50c620

SHA256
4276e87256ba5f7e2ab56304af5b58d5a3803708e8a459914ec3b16c2994f392

SHA512
acfb6f414acd29ad8b62dfa0590f0ea3e227b1aa62ec89c7206c878f57c8c695b8b41403f074d95ed13e393283080a07f3842cbd206fc6f910073778fae197fc

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
8c009ab4c4031217ffa2606205eec1ca

SHA1
6c87881e89cf0f480edc8f68f088cda6ad3612b9

SHA256
e07f17c6f844577ad439bbbdb136ea3ef186690f847f0bebd89c013fed71b0a1

SHA512
27338903f2d902ab65f651b5a7d9be6f45fde8f4fa4cd5d95f98b7f7a5f0d99ee8b5e04b00c8a344ccd99314082bcdce8c58e2ef16461ba163f4b01629658da4

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
437880561e18d85a901a7d448864ced9

SHA1
512c69d2275477819d431b1507c3f17beb806203

SHA256
f8f94918322abcc830c0a41e913cff5ff64b425b3362a238f0370737017241d6

SHA512
bbe82475be40e0c9a96c98fa62ef257e4d8b4de0afd96c424b1baffb7ed48d408a44e8857b7131c5a0105470ef821ce0439dd608c6a7eb9c7a461577ca34cf6e

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
8b687f26362d9a9899c3d00f94a3a2a8

SHA1
c695509c2f216b7ba320708ce797d7cca2739d1a

SHA256
ac191f5119381696c9927495c753ceb5b16dad0496a7788bd94eee6aef61dffd

SHA512
84b5f90d0b113dfc9e540af34aa9c78f164f8d55648b084dd3174d67e16f93f846f61a29bafbef73898325cc55a9a0431db650e5a82cdbe793e7c865e7b8d52f

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
90KB

MD5
df28c5e6df54e7dc16e5335b13e5419d

SHA1
a78cade252656ffaeabf4a489038baab3cc9ee54

SHA256
fdc14a687227de80f0ca32648c71fe2203e946116fab9764a669724609dccf9a

SHA512
3fda48482ed79312caa6e12a3e8cb80561278baba5a661690603c95fff84aaf98ae10db5a8cf7fbf869155293a5408df4e8750e528d8c3008db2b25c2ecdcf87

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
406KB

MD5
08ff838382c61ecf2e84d6b394399c78

SHA1
b3b757a5bb9e05a9a6ee545cae00b0fab32178d5

SHA256
ebd4bcd2852a10420962a7ec8fa5991aee6f3dd48db0b9579ec02bd43913c068

SHA512
54837eefabea4dae4617075f0e24074a565ed29eb79d0182abc4d3266c18f46ed44dd495f666fe56d22dc32f0fd33af459d638b806e5c2769258929bcd4f7f46

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
107KB

MD5
58e329696bb44eafc04d81630c39c2de

SHA1
591de9be9979b82aa8d543c53bd628be9037786e

SHA256
edfe5f4350ee98a7c07a15427635f0efd85bd850c0d96ef26059ac6707a77885

SHA512
2bf9930152bdaafc651ab919019b626cc14db5124d0f6bcb0251784503230cd49a8b0ffa330bd4357dd9c8186240fdf443ea9235ece5f73d2eb1c556b6b261b6

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
108KB

MD5
56fdae5bac95b2109971ba51380c4261

SHA1
7f1e546aa9f421d935b48ccd006a0de4664a54cd

SHA256
8a54ea5ce32bf3199d41e7e1de4ed0083a888adef1942d5a9e5362240344ceb7

SHA512
d59adca19b56a6a3f4253d08b9411fac83d38f6a066aed44f87eaa48fa9ae33defd921f6c65212b347873830871feb81eeed78e46043887a42c6135a549c48b5

Download Submit
C:\WINDOWS\SysWOW64\mfcm110u.dll

Filesize
108KB

MD5
4de161db1232447ce17fa06bbfebaea5

SHA1
e6debc1748e778efc04f582d273fa86c8beda9b1

SHA256
4d378dc2ac2899146320b25cdfdf8355ab8c6835bb76ac69cceea9e2ef62aebd

SHA512
d1064443541f6088183943b5e9be421216fd3ed45ba17212804433534055abb67c3b2563f9cef7d1b65c081210546852792abc7705c306a672e642611a603fd8

Download Submit
C:\WINDOWS\SysWOW64\mfcm120.dll

Filesize
108KB

MD5
9e7f5dcc919291590bb1323514cea2c8

SHA1
2ba050b0f901630b9a16a3d9da3c562eab521225

SHA256
b62d1f1eb16156055715fe080be6182d8bb7c2b104bd0449547fd12e20d6f7ed

SHA512
fa9c5dbfd764c1090a04daa278d25c47aa8fd95feffdd1c9bbbda4823a8ea8eeb5da71dac9b09da3552df4905b9d959baa83ff64b85f175e9b1ac6fba09b96d8

Download Submit
C:\WINDOWS\SysWOW64\mfcm120u.dll

Filesize
108KB

MD5
18b60c6df4ff1f7cf6ce9673e07d2b16

SHA1
dfc990fff8f92a6bc94c4f2f95aa527949ae6bb8

SHA256
972340d69ee24974ab64b8bc9ed3ba70e5b5400a373dba4c66f6345bcc18511f

SHA512
377ee5d86b3f88d5d29ecf4f29186bf1161ee6dbf05fdb3501a4549110c06dcfe2fd8cb990399c633109db316a090c3762fe73eeb9437edd736f318db74e60cc

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
221KB

MD5
4c86e3e476ceaf303048e4abcb8bf3c3

SHA1
74781c277da1015f910bbf27482b24973bd9735f

SHA256
893ec86cadad9e744c4d8789cf9cd75bb1ee5ae8de305f02fd249ea869e898f0

SHA512
da58b0185a698c28d92faedf6b0f00eeca578065ed75f97eabe90f3b748a710d2876797a32937e5316c2d0f651e5b2570177c5df8d170cecb4d31e093a4cb9b7

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
cf3320ca8fb5b4238ac490efc0f9fa2f

SHA1
8309183a8de2fdba98deabf6d18487e8fb5cbb62

SHA256
0cf7c6a20ded1aec7fe581f700f55b803d32270f556ecc15e7ebbd71c196cada

SHA512
f2c74fe6c6be52e61f1de9b888e34420e6b0e5df4c434cf510a404692d523c7104043c31c2c7231486d913481b8efdf2cff06f9a41f2032e9f17b0b31aff8c24

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
0a8fa206df479b367aa159fc4bfd468d

SHA1
512b3631ae95fb1cc4eb9bff8472deaf36fe7ad4

SHA256
c3815cfba614d9df6a845ec950b9a41d773a5a9b0cfa1ba9896da04319f95c60

SHA512
7db18c224b8d798698fa275fb5d5636e4f5fa03c5ebdf8136d34c8590ffc6e3a7d060be291800b5f8819173234cc07223e02ee3aa3cfc1539c277461525b5101

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
ea43c25d76529a484005f342bebb309c

SHA1
04cbfdb69778a0254b24a6042d7d9956f8ce04e8

SHA256
0ecd98c2e3715cf5d47391641bbef18fd887ae5b5fa41920ab7643fbd67588c4

SHA512
d3f91a66300187596067ac8b7817f7d18e4e765f3cc6ee8fe89a60b882cf6aa8a9ad6650e2a12413e86d5f4d4a745ea2457fad79768bb4020c07eb019fa7ab83

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
ebb9f47300b324d2c1b705fcebe619ab

SHA1
3991204253258ce985a6b1affb7be5c3d6bfbce2

SHA256
58ebb5b4ca2f3ec08be9e770e5b8343510a8a241655f932169a6de73310ebce7

SHA512
cb6a1e1fb737dfbbf4b96afeceae3b783afb49aaf5a7eb91532436f185f79fda90f6ab47b518594f51f6211f3a57263dd3ba38743d31e55843592432a2142548

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
bb375dde5230290a1f40d9bd805eca69

SHA1
d89658644bb6b741002bc31ad47fd663588a2c61

SHA256
3a999f4ebe45d277bc674559fee6705b2eb6f5bc3ec573e3e24103bf08449187

SHA512
7597b29dbe5ea558b1ce3526edeb172acfbbbff6ffde311790d042b19ff77554ee0dc16ef93b8fdf01d3d2596c8e8b7e09105ad890d4cceabe7d38472ad9d66f

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
f9e8a6e2a544f5ef207d8b5495db1355

SHA1
ab01e8d42d9f678c7697b91b46b85426cb112d1d

SHA256
bf84f92d11d38349e371b90de9f471d0089462d646ef05323a907a51aa2bc7b1

SHA512
f0403bbc5241ed14e1f7848941403851bfcb686a7f9469d2dbc525a1ad986a55d8fe982592fea8063e5224cb76ebb1460208ecce2ce6f234442c5ebdc3498bc0

Download Submit
C:\exc.exe

Filesize
251KB

MD5
f5fd891f41baef0f6302158e5add1d68

SHA1
bbcc5784ee473ec9fe7131f0d53587c920325486

SHA256
bfe570121ba7498531055a9acb49d41cb48e74b21e8d33f4a378632fc5af0ef4

SHA512
42103a0a9684e26d6026b7090866c4549c1a0cd623f10b581a3ddd5577fed6503cdcad940b714811c2df7b7271e9b435565ff3021c798f4073a821ab6e1d1855

Download Submit
memory/1376-1753-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1376-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1376-279-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1376-1206-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2312-1205-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2312-1752-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2312-278-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2312-528-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2312-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download