e9d8607680b8e3db6469638149531039e0662cf58c383996953c6854a1aacbcc

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 23:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

78a5bc3b38f79a3637d132bf7ff4fb50.exe
Size

477KB
MD5

78a5bc3b38f79a3637d132bf7ff4fb50
SHA1

4a7428cf1994bd06f641ca3fb994fd27469bc08c
SHA256

e9d8607680b8e3db6469638149531039e0662cf58c383996953c6854a1aacbcc
SHA512

2aa644b19bacb6dd4371967b66c34b5ee9fbe5ed20c5d08b01909fe10c4b08307645b4e8e615c768679173a8b160b524c36f1c450c6c749218349c4385aa2f84
SSDEEP

6144:MZkZkZkZkZkZkZkZkZkZkZkZreP1ZVI51yZAv:MOOOOOOOOOOOa1M51yZAv

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	78a5bc3b38f79a3637d132bf7ff4fb50.exe

Executes dropped EXE 1 IoCs

pid	Process
2672	exc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\rasphone.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\syssetup.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ir41_qc.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\KBDBULG.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\mfh263enc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\srm.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\udhisapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cmintegrator.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dmview.ocx	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\prvdmofcomp.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\rdvgu1132.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\pla.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\gamemode.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PhonePlatformAbstraction.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\dsdmo.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\getuname.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDPL1.DLL	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\tpm.msc	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\Windows.Internal.Graphics.Display.DisplayColorManagement.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WinSyncMetastore.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\cliconfg.rll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\cnvfat.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\joinproviderol.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc120enu.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\TCPSVCS.EXE	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\fontext.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Geolocation.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\mobilenetworking.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Accessibility.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\cfgbkend.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\CoreMas.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\timeout.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msadp32.acm	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\shpafact.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\iasnap.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\KBDNO1.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\samlib.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\secproc_isv.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AuthExt.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\findstr.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\mfdvdec.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\grb.rs	exc.exe
File created	C:\WINDOWS\SysWOW64\imageres.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\fdBthProxy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\MSVPXENC.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\prevhost.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AppContracts.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\d3d10warp.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\netprovisionsp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\rasctrnm.h	exc.exe
File created	C:\WINDOWS\SysWOW64\userinit.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\Windows.System.UserProfile.DiagnosticsSettings.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\SysWOW64\wmsgapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\d3d10.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ncryptsslp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wuapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\chkntfs.exe	exc.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\WINDOWS\sysmon.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\WMSysPr9.prx	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\HelpPane.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\mib.bin	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\bfsvc.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\twain_32.dll	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\write.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\setuperr.log	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File opened for modification	C:\WINDOWS\win.ini	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\hh.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\system.ini	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\lsasetup.log	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\PFRO.log	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\Professional.xml	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\winhlp32.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File created	C:\WINDOWS\explorer.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File created	C:\WINDOWS\notepad.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File created	C:\WINDOWS\splwow64.exe	78a5bc3b38f79a3637d132bf7ff4fb50.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
4932	msedge.exe
4932	msedge.exe
2340	msedge.exe
2340	msedge.exe
1548	identity_helper.exe
1548	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 2672	4552	78a5bc3b38f79a3637d132bf7ff4fb50.exe	88
PID 4552 wrote to memory of 2672	4552	78a5bc3b38f79a3637d132bf7ff4fb50.exe	88
PID 4552 wrote to memory of 2672	4552	78a5bc3b38f79a3637d132bf7ff4fb50.exe	88
PID 4552 wrote to memory of 3088	4552	78a5bc3b38f79a3637d132bf7ff4fb50.exe	97
PID 4552 wrote to memory of 3088	4552	78a5bc3b38f79a3637d132bf7ff4fb50.exe	97
PID 2672 wrote to memory of 2340	2672	exc.exe	98
PID 2672 wrote to memory of 2340	2672	exc.exe	98
PID 3088 wrote to memory of 3416	3088	msedge.exe	99
PID 3088 wrote to memory of 3416	3088	msedge.exe	99
PID 2340 wrote to memory of 4276	2340	msedge.exe	100
PID 2340 wrote to memory of 4276	2340	msedge.exe	100
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 3936	2340	msedge.exe	101
PID 2340 wrote to memory of 1288	2340	msedge.exe	102
PID 2340 wrote to memory of 1288	2340	msedge.exe	102
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103
PID 2340 wrote to memory of 4424	2340	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\78a5bc3b38f79a3637d132bf7ff4fb50.exe
"C:\Users\Admin\AppData\Local\Temp\78a5bc3b38f79a3637d132bf7ff4fb50.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4552
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6a5146f8,0x7ffb6a514708,0x7ffb6a514718
      4⤵
      PID:4276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:3936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
      4⤵
      PID:4424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:1596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:2752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
      4⤵
      PID:4596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
      4⤵
      PID:3992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
      4⤵
      PID:4728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5436 /prefetch:8
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
      4⤵
      PID:4824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
      4⤵
      PID:2952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
      4⤵
      PID:3352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
      4⤵
      PID:3132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
      4⤵
      PID:2408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
      4⤵
      PID:2528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
      4⤵
      PID:3180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
      4⤵
      PID:3084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
      4⤵
      PID:208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,704061665368261474,17050891883054024760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
      4⤵
      PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6a5146f8,0x7ffb6a514708,0x7ffb6a514718
      4⤵
      PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6a5146f8,0x7ffb6a514708,0x7ffb6a514718
    3⤵
    PID:3416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10494474149600345129,6104787279403201360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10494474149600345129,6104787279403201360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:2196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a5146f8,0x7ffb6a514708,0x7ffb6a514718
    3⤵
    PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x3c0
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
bfd8bdfa3351cb054523d8a206d9803a

SHA1
a6dc37e5b5665df99d5f8df6dcff3bc3bf7110c0

SHA256
21dad5e7acb73cf19f9919784568b168034daa3158caee18a61576aa9410b575

SHA512
04e1807aa115ba3ff8a4ac8b793b3f72fffd429f38260652243e93b4f8ae8220c7f2a1a7de84cb77c92cc16f52d7e1a43d42aeb82f408203986d8c61a7feaee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ed31617fcca9a635d1754ad58e622d5

SHA1
6282b5e92765a7f9d0286d9fa01e388fc6ad82d9

SHA256
1071df11a4e4d9822339882ead9d913158ca2cda3df29ad2c8130a8e7467e581

SHA512
e253298992d8f274dff898c00e3a64c7fe9856b99f768d6bbfa80c98ff25400842b8ced3f17c34cb3be61ae5de5fac757bf0e2c75f0433c3ae4dc1060f79637b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5065bb83df2a2b216c75cae7cb02a03

SHA1
d3cae6f558601dfa3dfba727ce0d2169f0979d99

SHA256
bb8cde63d8a03cf4097848dd3a9201543cd119bb2ec51961d19e64f2842409d7

SHA512
18c1c8c7707ddd3125928861a502eb598c3b85bd31175249eb496c72246ebc1f9967101b445141c36d5d449127ef65c24592ec7d235856fffe61475f1b5940e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4a3338a4c25e0b951f459b7d619638a

SHA1
8d8d37fecc9c6a8bfc526d1564f856b30981fa1f

SHA256
18e20e66a49cd212b139a92dbf0864fdef912677cbf4f12262b38624f554701a

SHA512
06a498f57aac7a5c454c62c199df20c9370a004f902a0a3a69603d7fe72ec18fd1aa1435c27a27485408492c603295f082955e3c080f9228b905b1568414cf6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
41b7cc68b60d7ee0c7c83ef0396c6bad

SHA1
d40a3134da150f5cda117bf3f3ff1f9a59011516

SHA256
f8a7a8333cee5431724c4ddfd2ee1e7009c49183185946a0f94a60f92481924b

SHA512
5cd3d06ae88ab1839314467e8dff71adb5c0889be2008a1f4b95152006c1ec796602bd867ed2164ca6eabe8421c5e637ef8e0080e558c46be0b8a09105a529eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc8e703aca863fc32bd4e6128928e7a8

SHA1
88d46e1fd346a684185b42e744a754aa2219cfad

SHA256
c2be3f50ede2d333947fca41587cebdeab22281c5b41c2b8cec052b5a015bfef

SHA512
ff950c3a86fd0b11e7912879527df8f6579c5fd3a452141ddb441781badf3b4f99de3786ed8678bb5e3e0975f89841630b400b48261e1a97d6d1b18580c03b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3e62629053b41df055c67e40b0c0b1de

SHA1
9e3d81ae1e5ab6b2da9f7f08b657eb19e15bb710

SHA256
3c6a6ac4f8a2136e7454a939c8349868d51aab785a43ed603e6b4aff4fbbffe6

SHA512
4dc135da3d5d03d68fc26594b41c11b770fead572bb749910134f085f4adebcdc29cc4f277c58975d654f90a4adc5ebb31033adb36b08ac23d9ef1fea3092eac

Download Submit
C:\WINDOWS\PFRO.log

Filesize
28KB

MD5
d154dccc39d56580bc06aa98fc150659

SHA1
c80d04025e4b6946ae7565f513cbbf75ff20361b

SHA256
74dc510940679e474b2a475652bc64611a8a5598ff346a17693bf086b10d388e

SHA512
1cc3b8ef896fad8ef3621807216e55595d74dd62ac2e4ffdc62a3265d892e9eabed4c134c39df4abd87d28acd57fdbbe750e6f85dbe4a7a2d229338852abbda3

Download Submit
C:\WINDOWS\Professional.xml

Filesize
57KB

MD5
266ac6eda2b3c1f64fa36963c20bfdcf

SHA1
0362e9d4fcea21694253f1ddd269fc89a40cfed1

SHA256
76f2c1edc968cb21de03b6e1c04ac35b6707a58861bace7b3ee273946fa55ce9

SHA512
2f38db422780e4836ccb947c360dccea57c80387f00114e39d976908179822f551e305a1e7dc4be358fa2f1e85b069879bed6668bd95592785a376984c32be8a

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
beff099a71bb64822f9e28775d76a65c

SHA1
25820fd0a6a8b45494dd08134ff243c15aa5b401

SHA256
be5b253e2111e313747427f026efee33660ba08c4174a1ffe1491caa7f6e1639

SHA512
3469b411d1a72a5b24356b42d36ebd215d71a879c3f09b9ebf3db627fb4e7c3ffa5e00ca518781068d56048f4724c6db738b876e6316556ce9f1bde27103182b

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
59d7840f5913f2805a7eaf694d3bc21a

SHA1
5f34c95c87047b0fa604d9523931f368e7137fbb

SHA256
4e3cfd9dfa047ec7a6336607136692e4c0405387d8dc416adc4c2ca9e3c28418

SHA512
5e26502faf9a9ec3fa56d5a21b6fc8c1427d632635948ae8ec8bb6703c3a5ea7d38b35c4bd583623507bb2208d685aa522c78cce661960988fc8d719713133e8

Download Submit
C:\WINDOWS\SysWOW64\concrt140.dll

Filesize
269KB

MD5
2b11c515cab59098d51be67c463db601

SHA1
cd3dc43028000463f50a21887c4ef3b0c6d46b00

SHA256
697e89703aa6346c11aca22960121214b7480fc8204c1923c465a525bf9c27d9

SHA512
0b9564e2c3fc3533520798e60ab77037b41ee4332d128846046687d3d3b192ee64d725aed1d5f69213a667fb5c096c80dc5585c8ea938f7fc71b08fe913c4f0e

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
f199dd9ae54d8b1dbdcba072e4eef559

SHA1
0e28e0d1c4c11017594e6b4e2e8b775650903e53

SHA256
c7264a58693ad6d391fc0902f0c67856c631acef25bb59cd89f5a6710ffb798d

SHA512
3f05cf232b93cef5eeab4456251453873c49e79bf9f6ad0e2dd6945845509900f41d7b4cde917d958bf862c73b639ccddd1f28d9a4e72c994e0f8e1942477558

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
28KB

MD5
e1a75420ad73070c3088dd4cc731b8bd

SHA1
39296fa2004c5318e8899a2430fa38079eacc092

SHA256
accbcb6831fc9a9d578d7928fab1f77b384b5a5ceeaea4cd47f34262ffd7a2d6

SHA512
ac782d46700b11ccda5ac086801593b01f59bc3cc0994a0495475614c8a5898eb9d4639bebd6aa06997fd68320216356604adce8d632f562ca517cd8e9cab7fc

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
62KB

MD5
4b2b4d792195ab122f02f7fdf47576de

SHA1
69cfb0c19d587afdc80c72bf27c4e1085038745a

SHA256
f75c42719c4850b62a20637f28b86f3851714c75c6dbad582ea82c76a8f0c030

SHA512
8a826f9ee6cf30cdeb23abae06dcf97a5fa374ddc080cf94296335572353234f180f788c55067d8bb0294faf9497518d412af0a5e390dbc9b80f1b2c36b52706

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
62KB

MD5
da0fcd420b8ab12c38e4ee536c4e2f9c

SHA1
0b16591e59946ee1d2414639f819b222bf8f7240

SHA256
bb41b8909a80592926083e46982ae1bab2363534d98ab897fef568c694808a35

SHA512
8d1c7466816d84b403ff3b8c259a7d3d4f177dc0bf44cf455e9a2e6af3f5a061a5ffa61864f85e76fa9e4f07e6e5bc3b156a0d445c67293da50e9e65fa6fb00f

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
90KB

MD5
1f19f09753a8deb211625a47488e1d4a

SHA1
6a055106615da536d870214399ed14ebd158347d

SHA256
ccfe851ab7c2a55194f19707c78e0161bd81fab4609488208a73381e33e6274d

SHA512
abec7c4f723a76b6d1aa327d1258f5ea023de6e25fb19a503f559260ef127f899aab08903d7ab0f0ba7b0c277cbfcdf8f4c8be79c23e0eda8096257533ba02e1

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
001513f7dac04daecbd4eecb103f232d

SHA1
97d6868d1d2443be1e18de2b9512c6a32adf9158

SHA256
245b365f4f0ad230d15b327bf71c4f0b85fb00c706e13ae1ad33b89171f59a63

SHA512
92d33c5e96e2254f343ad753ea01935a1b83613c5e8fb233d7b736d519a5bd21ebd4f9eda65af5e9c2f0487ff296390fc34f50026a2ef40d4c9219c33ef787a6

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
90KB

MD5
27dd0ab96b7140487d059a214d5d8e7b

SHA1
2343dcce805f76947046e644371cc5aa4920d74c

SHA256
ba733fcf4d1b1355cb6bf1dfe42f5130acf0c63535a0311a489d5f15a05c133d

SHA512
55e26dd7339d31b19eb0f3e2bb429bf547fb1082b09564c2fd1dd417fabfd3623127b3125e28422bbe10f9d2428d3a1654cc9d9a057a4da4a0f4aa113457115c

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
88KB

MD5
ae7359a50e3a604249383627904c6b8e

SHA1
6575c66a83a1fd8ce4c618ae8fe87a5130942f86

SHA256
f3b672196eeb5ba76b6804e539f182123250ff64d559314da0d70f4ea3ed11d0

SHA512
04dbf13f0c55ab927554640c517d0e5eb3530de0d1b0a0f041fdb94e38bc14c349183e510b88131cebaa1f1b12672229f5c4f82a257dd175087e365682a91c48

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
693e4b19cb6c74914255b409a7768ec5

SHA1
b03619a5fe08881931416a75781eb46f2812239f

SHA256
c365dec5600f03f042bec303e38843fdecf3c204c04637afa13e1461707293fd

SHA512
a3c87b40cf54762af17654ec32e096ff4fc17fa8443ce5ccb9d6989f7d6afa076619050c7884858c8d6c32ce1530c09b89c238cd4564448a64e0e8f59aca6028

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
69KB

MD5
92d3b68f5dc8d6b299a340428d1c07c7

SHA1
6501cfa13d5756ebe613e2a3f02653d4856b0f75

SHA256
1e9456dfcfb874cbe17d173e1482d8f11d0f352220973e06d47339eaa258b093

SHA512
830b4a3460e4a94294cfaffa37291f066660860f422960adab31fdc831de2f3d3a20fbf3b66256290475b02ef8b78e1060241110da3284614712400fc0ff3abe

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
114KB

MD5
045dd12cd3c744dcf74a858341637a76

SHA1
86ee21e43919f414d9fbe03a500409b4ed7501a6

SHA256
6b43b25167c86d6517c208613f469387f1144c1858d5d40e35b9a14772d5c074

SHA512
5ab4fbd45d953da1e665d057ac60b4c16583eb22c4e20c6208060322fb173009ac972e45539e94b773e9c0db7395f17ade05d2107b50740b7fee9169147c00b6

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.0MB

MD5
3310a83b7b0627e9bbfb8175af1780d1

SHA1
d9b6b2f6fc9e466482ddeec2a2a4a0c4dccda2b9

SHA256
d6ac550b38a3e48202b53885a7527f6f83e87e22f710f8be894206f172860c10

SHA512
11fa9f2274f7cb94675a62ab3ef739bf293b6bec32114709a2cc8f15b78942c31273d00f9c53665b52056720ac6f346c508a22d0f78bb8ab30723566f6dfca6d

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
3.1MB

MD5
3c23d3211cd72b14fa4e5d577665ff5c

SHA1
7ed1e75c26385c274fe038ce00221f980197fda7

SHA256
4a00206cddbb991995ab4139e946bcf83003980d69541298047324693e633943

SHA512
e600f3d1721254adf2ce025b127b81a7a5e62a126268583a9fac5959d0adffbbc273eaa7879ef6cc999299022585ca3be2a60bad3c87d7e800418310a7229107

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
294f471122b70e32bfe68c8f3ddb341e

SHA1
89ab177f88cdba42526dcafba0f1c76a9521b739

SHA256
3b0f4590221dd24fb9e3c6b4928e9b2becbe4c9579940c1f508c28cf038a3950

SHA512
1b56ddbf152d5a81fbb9af859ae36f4d713d80bde226bcdb627c70d2a40fc9e3503484a96efcd44f8bf859cf86fa8ec58cc62b698becc442ff7c1e115d927c49

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
72KB

MD5
2a9e0849f4b64626d5dae356d669eedd

SHA1
307c0987968547743f63c829cf61ede9f0cf6456

SHA256
9949a9419f461fdbc207f33a37156764c788a76f7634c79aabcad5ecb59f863d

SHA512
f11857afd4932a08726ad8a5338bed702c361fbe7d6470cfd45951b6f76709b6b407fc8f2d5b6dccc09ff87374a9d5dc063d394973a78691c4d7f57c50f091bf

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
100KB

MD5
f28171254f5bc0be723587a13cf7511c

SHA1
63413478e51f6780a7d73380a626ac804af3b564

SHA256
80d6e10204e789ed4817be914d59878d728793189ff452f77451ffe7b3650ff9

SHA512
4d30419e7df52b2a100f9ee99c34fcbb0212f6239062bc455968cb3036199679f1abec7de66629f70f8de3d2dcfce5c385314b4eeeb5be014fb39f90796f943a

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
91KB

MD5
3d04cb6643ddd9c7ca271d47693a212d

SHA1
aa299ffe7946bb9db1c68afc097bd4186136de77

SHA256
e093ee27b9b2370f0cf94d5bf5865f29888961dca83210ba73b4001a95d24c55

SHA512
e2ba106183e878fb4308044f5eb7dd2f5efcadcccd9071aba9b1a72a079552c4796b8cdda6d230e2f05d56461075884ca1da1fe470bfad19ec128f2f9a755fbc

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
127KB

MD5
573362cdd9993600d299a5fc94cdff3d

SHA1
7c5b226b4380c4e8a977d4c7ae59f724f0c7798f

SHA256
0b669b664c96184806100440716fe23eca724765b30e135f4ca43be07352faa4

SHA512
91bedc0de318e5346430461107e9d670c6a9126e57923a1264ddd07f75656a7c962419f64307d4b065fb7d9d9c5ca9a672c3d779c01bc27ace87521998365a82

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
100KB

MD5
09c730cf5a1e091746bbfa66d8300627

SHA1
82770e905031aa8d5c35872ede30826c2eb4ca56

SHA256
286f198c387a1505689753af63600f3beb06326de96ecf19c7eea54ece9974e8

SHA512
c63dfe372911e7cb50b0c98b0de03071bd155d586dbac3f2697227668a12148908888c44c675103d6fac34d5fd754a223eee95409573220987bd6b0c8118a1db

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
98KB

MD5
ad70f4bf34141bba722a21849e6a31c4

SHA1
1a937ea4f981c51d2fba39e16c6123cc2fc1bbc0

SHA256
1d4ff0533e38ed50d65ba124a35563e83466f102093fec4f0ddb2ec1d1f31bca

SHA512
d056de89f099ba0f9ac18c970bfb26f596abc370cae3cfb760694b044054897ed1e49290673b5aea49acbfb3e246612071172887b14e05bf749ac3d6fc4b2fe2

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
c1904a8bae92ebc0a1cf979a126b80e8

SHA1
5616b991ed3a3e4eb09110529dcc03868b3241da

SHA256
25fbe6adb691ccd67f431bc5c4d231dc8a403f579d18e866d33af895e8991352

SHA512
bf499a99f98272f06cfa55b08626bc383cdb7b8f2599e7b7a8b9623db03c9f35abd4de720a8a3eae55d243bc24cc02e407f66670f74390011e1b7c984a26f6de

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
79KB

MD5
e159dbb7a6502f4984ba7fb013298381

SHA1
eeead47cb5779bbccac64b9eb66ccc274367588e

SHA256
72638634ad2e65a811ba085fb8d8f502acd536040be408a979737dc2db199d87

SHA512
8b4f148a3240793e1eecb3d5a8298bf008b53537891745876dce8b830f157faa9d3fb6e6b64a702070d4253a68e04c8bb826543e06bbc52c6f073a64e231b746

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
9101e4c66803b9d7baf77f9f002792bc

SHA1
a932db51ba1ea5462d9c2b5f1cc0c50b3056ce8e

SHA256
2e5042d618103859cdf5fcb81b76a01035da5475b5abd424d146fa148713a5ad

SHA512
1acd2fdb71b27a3ffaa937f082fb1dde42caab878d4d567d03574535f89aa0363dc6434b2c0e3e3a57306d6140e6dfeb307965a911fdf544aa339bf29eb5b621

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
2.7MB

MD5
6e63ec49b03fc6492a8ba0d7b76f8c39

SHA1
fe11c0e56cb53f065e4c29dddb2605eaf58d400b

SHA256
fd9a8d882268415097c2a795e876bad11bae98191d0cd6a206446f5b178b1555

SHA512
1b08f89fec807bfa0c45938843997637eee0049ede443fa603e948c39482fac846cb4c21860120c4a1d2aebff650f7261d4f8ee3a035452884e46b06e891f86f

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
3.6MB

MD5
00774310f6bc0aae1d551c8458de821d

SHA1
044e75c26866e58272ce6a79f3c67b93f0f86d3b

SHA256
c988cee82f77092c43f7b67c8ec44b864689085a63cf899b2a01f32ce4ca381b

SHA512
140c8d80a48b8a6647ae0948efb8e087b99a916b12a642194057daa5c323b1edff4bb4a2918ade985d07f5bf4b19c54b33924a4f511ba6fe10f3a9223a525a48

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
72KB

MD5
caf8e342cff93bf9f36e386cd396da14

SHA1
9dbb2e96d485cc937bc6bf1f42a0431e61086b8b

SHA256
7a3e7a492fb69c702bf1d3873aee0b5937a78a235ae09c7c07b76b81fbe025d1

SHA512
cb4adf71abc810c5e80d8aae9866a956ca62b317013c0b6ba2593fa478860223bff1f69a691bb1226661653211e1f24fcea7d251262fb1ebbb54a8933b0526eb

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
72KB

MD5
8a95ffbf76891e78ba2f87b52fcc92e5

SHA1
d522b66b00f464132242f88322a6c7c9ffdc4ef7

SHA256
8c746bccdc2af308e228f72caa690aeaad0367b3a1152441ebea140b70bc9d29

SHA512
d9af035bf0f7f23884e217f887807cacbf8e4964f8135af08041c31483d71ba12a79fdb9f0b9f169c863a2705e93fda5dbe0ec610f00a2df6f460856ba22dbe6

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
100KB

MD5
0a522634fbb038067fcb94dca71eeb9b

SHA1
9c64d69932899d1dd4b72d38f1a86b38608e0353

SHA256
4819612770aea07e4aa50f9b79dbc160bbc23769d47075eba594e56ddbe567e8

SHA512
e6cb52a34b54e0f5ad8405f62c0411f81412495550040874d8c4a2521bc3b896008a3c4c840dfc796347cfeea16ae4ebf4cb65aed846d25b20411be4d53a2cfe

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
91KB

MD5
375d6526d463edfba7b4dad46db5688f

SHA1
a04d4ae4bce414ea5131987705560ee44a069d44

SHA256
2dac9035886a17659818b23538553a7dbcd901c86533fbb3b601b6cedbc9171d

SHA512
e342385be9ac343d97f2fa2c24a4402aa5aa5e9380d55126d9ea3cf00fae5e87aeae901fa7b77b86bdad2bc23749ddaf60017a7d500e84fb32724e765a071527

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
99KB

MD5
c19df981fbf23cd281fe43fd914d6cc5

SHA1
181b76acce45a6c83169c716595246eb92720e20

SHA256
58d284f6b635fc80f9f6cb66beaf54e0d0c5670398aca1fdcd47c2473576856b

SHA512
3d3616bcdc4fb6120fe537deb416cc9e742ecb2647fefda9b057462fffa5ff0df7303d7ebcd97c2787cd82d96e92c98e8fc20c83680ecce85b346fc026e5aa17

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
100KB

MD5
5e7493deb0ee99e44ebf2635c4c7ec20

SHA1
7b9418ce297a1e219a055f667dfbfafe7b534f12

SHA256
cfae4c26cbb29895c5ca0920fc4dfbdd7ea409b03908ded63db06521c47d7f42

SHA512
9d4b5fbb81efabe7ec1b61fb6bc8738cdb374f0e339cac5938c26571ff9c05497df23235b7d9d6c230399f66b4ae83faae1b720648d9f34a5f81b794cc74261f

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
98KB

MD5
4ac05b32ee4c43b56ed2381a3c063539

SHA1
fb8f8aa73e08f071c64a2ed1711aefe8f0beceaa

SHA256
c801614d8361d1b25d072ef8dd3eb523099d2433ca08d8dbd6077059af08d5d7

SHA512
2c6999d871f478e3551916e401c10edfbe02c055340899dc6450192487bbc13d52505c7dc53eec814dcaa60d08a916cec7a6c0f7abbd67fdc24229ffce41ba77

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
80KB

MD5
fc7db541a06ee88d2038c512b2805949

SHA1
7eda310fdc2dc31b745cd90c79bf1bae66d8efd6

SHA256
1ba0f340f96db2c6a498174c7ef77b673d9ffff9a084cc92b56daa149365afe4

SHA512
52542767faf80c75908d771be57de7ba40160fb7ad0912d8ae5655597a7d7a97ab4e36e8dfb8464822a25978a94f675129fd9b8df9610c829afe56d5efefee71

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
79KB

MD5
18ebbfe39f9e7b8e6f41e4b4d872fc11

SHA1
4c17af341fccdefdb324cc01f202ee7e97ff8f2c

SHA256
4f1edb936dd709cf31ce92587a6584024a3b2ba99f1d7f5b7ac28c39b90a2985

SHA512
f11f7b7962b7c8ac1ed3093734c855dcf3a7673759dd9a85670e314d63bbe4d58ad8d08645f1a9700ee80df8752a8cd7435404188cbb9ab4c7a8d120d1df61c8

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
96KB

MD5
7658b31b980760d54ec8c3e3ff1d6316

SHA1
0d42a439c9a93bba3a7016872deaf9672ebd30b7

SHA256
1820f6fd2405491e6956a47653636887880aedfca367ae432d167e60de6a8ca2

SHA512
a32708bb70bf0fd3520caaf17d5242b0dc3ec3bd00b334020fe833af782ead3eddc8015683dcafda699a44f3b58cbf5f46cd7db3389cf014d246850c5627158e

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
0116a549ec975e1d281fe9e2ec73441b

SHA1
58d347f715a23cb88485ab4af8c4b852cf1d422e

SHA256
e19531c196d66e617281c91af12cc60bb3764dbf9856e12ae5c33f2994456746

SHA512
409b5bde210023b34a82755f06cbc8e6adfb0db68bf3d9e67466b91b96b63faba93e1d39713e4107716151102269656c91d87724576c6f07b5b95906fb44a807

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.6MB

MD5
bf2e3b664b07ac3f9b3a707c8e316a9c

SHA1
7f6154bc93c61a62eb97bd191bc33e749bd4f1f9

SHA256
98ab03a99821949a477c1c619cc545764c8ca39973e9b384bb6663ae88461614

SHA512
de9c8f66efe990da313a9faf345cc6894ccbc87fa29a42aff9806f4120e568c7e25c7d83d357a51e01238c4e50d5751cc0e4590fdb5868be296941eb49e6c7fb

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
66KB

MD5
27c5c01fd7442d8b16aadeb59eb3fc1f

SHA1
17f633130ee725bb1452584fa7f701e489a89186

SHA256
e37360a22e5b348b2447cbbca5ad86099e017b33bb20f21c3fdaf985efb24a6a

SHA512
17c81430a380110e9ef385884ad28115239b7e2f6ad50efa3beb4f8e1ee76c6d8c5cd4dffea88a7543f6f8d0861016df9ebde1391e4d4010662e2bc928b20ce3

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
66KB

MD5
21bfdd0528ba5fb1634177a08f81dca2

SHA1
9d1efd092e3d50fba1b0748ef734ed3a02327258

SHA256
71e83f5c3777aed267194a5c40911bdf41a00ee1d4c2a6fe9c96a814dd8036ab

SHA512
8e81f96b446a165e1beb5ecca2b7a53bc0885d32075e4f4def04bfa4dc8a16e2edcc3ea622fb6baedbc4822d87bd987894d9e3d6dedb7df26e1d1ebc0eafbfb2

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
a3254199522cece83e5880ff8ea5cd3d

SHA1
5c42fef63cfe9a1e8304b07a7fc6b113b2a54ad3

SHA256
d21e180a67e7314f6e3b2b06fa723b8da4eadfce5e3fed2a26f4881a59dc434d

SHA512
a8d7199e06555b24fd9cd71ab4431356867e87bd53cc1a2b3a868d34a32af751c09a985f7341201d06aad260bdffae5769769d1b98eb98652af65ea937816c8e

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
25984dccfb73545763a768688b4d02bc

SHA1
9761c8620c0cabbcfdbea7d92b5da86099d4620b

SHA256
bb69668d3cc96d5ad980a212f87592d41da851dd889721402393e28a0cf027f6

SHA512
36c8f4aad8f60412e4cdf4adb28487583a666307168ed4f8430f89b435d2ab308c3b1f0527730485cf5bae2517694bc2b661b91258d5f12a01fee43c480a21b2

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
1ddc26435fad0a3233f0a922784f4731

SHA1
6b605eac0e12dcd4109bf30a43c41c1d98e6b255

SHA256
b435f056feb17e671461f2339a03596e3a7bff4304bf2c072a7b4d94fbd01452

SHA512
3708e38d31fee88174a89f3fd85a314e7907c7670f825d34d12885182468ae54d482a7fc3b083b3714397145f95e0a161c183822322e0c1977d97102bb8c79e5

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
2948c211a750025c7e05908edb8ea92a

SHA1
3abd96aeeb4c7e85060736c3c9decbc82aaa10f9

SHA256
40fe716610a6833356b0cf71dc49e87a289728f68988235283971e5ed72f0f6f

SHA512
33982ed7e326de4ef5a17d82d930060855d4405ee1570554fa07da2378111cb2c1fbfda72e0f359bf31b10bb090644208af3ff913874a5430287a2d4246e58ad

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
1dc94ae38902f297e4309c49e6bc5f97

SHA1
8fa2de444321705e12a146dcfce2429f493bb87e

SHA256
29a70cdc5dbefc8696168360225e615330a3af2b4a24d37e044a77f324c5dbad

SHA512
9727d96a430dffde3f0ca829e29a8ed0ff5ae1aec8187f199ae47ff13427f4f02c4df4cb6d8d828040d82898902f35b01a9d95aeadfc7da35f2b5aa107deaae4

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
356737fadd711711bb0dc51aa492a9e1

SHA1
7920bfd38e9f748ce13a590ab796e7c3d51fae62

SHA256
bcff0d5b2e8a3ff855e5c0e3601d06b3977ce9110090b839c002303c4bd232d0

SHA512
eaa3aa2d625b43349d736113a75e104746dd69f3ec17350f9fc8c14fd28d70d22c9328842f4bc980e80c6c265aa3265b07128c7860bdb486e3b166a1584b4df4

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
9aa922f3de4b65d8829e3d43087987a8

SHA1
01dcb29bae3c800bb35dd3645273256686d15ffb

SHA256
1449e4ea4d67a1d9e0f6435e6acdb1ed7ae5827ca93a7d0b1594b7d899fe9b44

SHA512
eda288f133af546e133f1404feafac69016f116eedd13b2f6ae0254f70a27887d02ad626b2275c171a6f5fccfd5ba7dfeb70c50bc042d861915b61c6f4db13fb

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
118KB

MD5
6a943ace7563ad4c1b8412ff6ba60260

SHA1
a876dc43a64996fa88bd170992397a76a3399ff3

SHA256
37c36c0815bd3326164d7848205b21a7aa6facb268f430a232191ce8c9239ffd

SHA512
36beb091bc14311713963856f9606a3d56f00846489b038963511f4af79617985ac1daf4c066f759fd680d74be898b3f5b3722fc467c96884f5826e8f05baa51

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
713da72bfe4f33d3edbae536c51739b3

SHA1
33b4216c17c6bcdfa1f678f21f58d05db0ec0bd9

SHA256
ebb11da7a79142b8964f21da85ad61fe596196d9d71390fae52f4147d95d5c42

SHA512
a8929f92ec6562eb487a1179df3e7a9cf216542bf96a803d91645d587e674b9ca89a41c415ea954c36b485057e08aa373338541844f12a12c424fd1d98e480bf

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
135KB

MD5
09a6c6c31e47b58272d4b789b4de1d74

SHA1
61df1879baf96bdc769e390b8a38e75526524b2e

SHA256
76d93ebfb2634824af29dc9915452e07f444351bfaf142bd349bc53a9f79772d

SHA512
c73d619bf108db481361d9d780e443a6e1ce80e8fefb1f0782ab46af5a87a6e1886064d67fd482c9e618c43af42d752045c249aed5a40cad59c63a663a237012

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
193KB

MD5
3efc58d221b0d82c06c0719b187bda9c

SHA1
24a73045e59e9df6f7a45469cdd700ef05a9894d

SHA256
b9ecc7742db83b26bce61c56c413a2c129fbcec09c80d17c61fb9ab78ff4cb3b

SHA512
2ef645b7a2ab025a7475ce387d27197dfb01b09971eb28216ed967f41b7de3b4b4641674a16053f9cb48ea5ed408f38d29518992f3d6ee0e5b6352f13da349f5

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
3b7752e13c6273fc06e757423f3a891b

SHA1
32eb92885497d0c2abfe86efaa2fb592dbe663fa

SHA256
319cd6f825fd1025154e0b5723449b9062555f9767006417190c44bcefadca9e

SHA512
127619e665c1c3f3dbddb24b4d4e970c0f6705cf4ea11e33e17014956b772cf6f65e0c476caed14eade70bee40687479716c00f76a72edb781d60c1878578304

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
28KB

MD5
16849e2e9d30f379148e7f35fca944ac

SHA1
f75203eee8aceaf14d85669439821e4c366aba97

SHA256
06c96d14da4de2827e7b3daa713c6eded56b6d5a3bf10d6f933a8b936d46d60f

SHA512
00e0bf7787a229961a9ce36101a50689959028221348e6f657a65533303fe4413eae331846ac3177760fa29ac474214f3e41ca0d9129b0c1904eea3686ac210f

Download Submit
C:\WINDOWS\setupact.log

Filesize
29KB

MD5
7ff7c7c38ee093c3090f4f0fbf29167b

SHA1
8fbd97e1642f36454e6d51c26c8510e3f56f1616

SHA256
ead92ddddd1250eae07dbf88d4ed1ea133d3d5e0f84c95a0871fba9ea32696d5

SHA512
65ee008e8a102d53981de478732232d064f7fb825ea00ce0fc535b24a5833aaca1840152aa972a2f0ab4ccb0ba7ccd69c626ce80af2ef1111ce8aab6b5761c91

Download Submit
C:\WINDOWS\setuperr.log

Filesize
27KB

MD5
5e588b56651d4801d880e8687df6300f

SHA1
6ce91e079e7401adb0a8ae460f11ca71aa3baf39

SHA256
111a45a96cb3a1c6d90a07d7c029d7272f3656d3d58f0d2cdf0bc1628b763dea

SHA512
2b6e03f8f954a4b36d06b95e70ee137314c12a2d11961c5673a4f1559635a826be9accaaf72a983d27b78f4ad8624ad5bb1b4e24cf7f7bae8078a39cb2c906c8

Download Submit
C:\WINDOWS\system.ini

Filesize
27KB

MD5
a799cdb14b8b39ea49fae32818ddd45c

SHA1
dbde87870f3c063e9f4ef5232f534be9fb0122f2

SHA256
3fb162c1728e7b0efafc36db8d8a92a9d59e0c92a69d2af8c8bd55722dfc7c04

SHA512
eaecfe3e00457409eb7e824f65d75ada96a2ecdbac87bead763ee353963fab4c6fc183d7192d3b3f0a5570ade89f4a797a47914ee9f6fafc6cbd255d9d68de0d

Download Submit
C:\exc.exe

Filesize
450KB

MD5
593501f86a92146b90f46d4988871724

SHA1
fc5eafcdbaabd3b1784e5d869fdf65a36c7fe768

SHA256
5cb3daecbbd3e73b4af0cc554e6bdd1365187b1ab2f0505615c42ce67df2ceca

SHA512
425be90939c522d6770475df20ad99c6d0a1643c3a8e4d39c5c3efcce177d483a578ef4521ea1334918a775f4bdfc6097896e09752b46dbb5dcbd6bb8d48e31c

Download Submit
memory/2672-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2672-55-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2672-290-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2672-259-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2672-288-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2672-1318-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2672-1830-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2672-1040-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-289-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-1312-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-764-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-1574-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-59-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-266-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download