32ea01af48912f01b199b7d6915fb09c4d69f62bf40bcacd2d67fb7fc721f6c5

Analysis

max time kernel
148s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 01:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c21e30eb01d9dc830720eec526c60890.exe
Size

306KB
MD5

c21e30eb01d9dc830720eec526c60890
SHA1

3b50c44c65caa8565529df944c375a45da0c8370
SHA256

32ea01af48912f01b199b7d6915fb09c4d69f62bf40bcacd2d67fb7fc721f6c5
SHA512

83422630f2cc70a263bb93800ea8554ec55370df66b56435b380383c74bea7e6ecd0d024d212761852d3a28fccee4bdc7256fa2f12d0f2f85380781f079ae85b
SSDEEP

3072:MEsmHEsmFEsmHEsmFEsmHEsmHEsmFEsmHEsmFEsmHEsm1:MZWZ0ZWZ0ZWZWZ0ZWZ0ZWZQ

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	c21e30eb01d9dc830720eec526c60890.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	c21e30eb01d9dc830720eec526c60890.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	c21e30eb01d9dc830720eec526c60890.exe

Executes dropped EXE 1 IoCs

pid	Process
1560	exc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\cmgrcspps.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\comdlg32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\fsutilext.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wlgpclnt.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\bthprops.cpl	exc.exe
File created	C:\WINDOWS\SysWOW64\stordiag.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\msdtcVSp1res.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\CoreMessaging.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dhcpcore6.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\KBDGR.DLL	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\KBDNEPR.DLL	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc120ita.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PhonePlatformAbstraction.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\unlodctr.exe	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\SysWOW64\vcomp100.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AcXtrnal.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\dxmasf.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\fidocredprov.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\JpMapControl.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDBHC.DLL	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\chcp.com	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\shell32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wlanapi.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\SyncController.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\tetheringclient.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\WEB.rs	exc.exe
File created	C:\WINDOWS\SysWOW64\AppointmentApis.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\kbdnecnt.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\msvcp60.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\netcenter.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\nlmgp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\icu.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MSAudDecMFT.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\pidgenx.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ucrtbase.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\srmshell.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\uicom.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\usoapi.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\dskquota.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\iologmsg.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\ktmutil.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\msrepl40.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\radarrs.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\wuceffects.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\xcopy.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Payments.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDFC.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\mscoree.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\MSFlacEncoder.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\sxsstore.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\w32tm.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\MSDvbNP.ax	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\ntdsapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\sas.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AcXtrnal.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ir32_32original.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\odbcjt32.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\useractivitybroker.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\ir32_32original.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\SysWOW64\MSAMRNBSource.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\credwiz.exe	c21e30eb01d9dc830720eec526c60890.exe

Drops file in Windows directory 45 IoCs

description	ioc	Process
File created	C:\WINDOWS\HelpPane.exe	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\winhlp32.exe	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\setupact.log	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File created	C:\WINDOWS\twain_32.dll	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\setupact.log	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\mib.bin	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\setuperr.log	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\system.ini	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\bfsvc.exe	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\explorer.exe	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\win.ini	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\WMSysPr9.prx	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\write.exe	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\hh.exe	c21e30eb01d9dc830720eec526c60890.exe
File opened for modification	C:\WINDOWS\PFRO.log	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\splwow64.exe	c21e30eb01d9dc830720eec526c60890.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3620	msedge.exe
3620	msedge.exe
3448	msedge.exe
3448	msedge.exe
4172	identity_helper.exe
4172	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 1560	3100	c21e30eb01d9dc830720eec526c60890.exe	88
PID 3100 wrote to memory of 1560	3100	c21e30eb01d9dc830720eec526c60890.exe	88
PID 3100 wrote to memory of 1560	3100	c21e30eb01d9dc830720eec526c60890.exe	88
PID 3100 wrote to memory of 4856	3100	c21e30eb01d9dc830720eec526c60890.exe	104
PID 3100 wrote to memory of 4856	3100	c21e30eb01d9dc830720eec526c60890.exe	104
PID 1560 wrote to memory of 3448	1560	exc.exe	105
PID 1560 wrote to memory of 3448	1560	exc.exe	105
PID 4856 wrote to memory of 2256	4856	msedge.exe	106
PID 4856 wrote to memory of 2256	4856	msedge.exe	106
PID 3448 wrote to memory of 3456	3448	msedge.exe	107
PID 3448 wrote to memory of 3456	3448	msedge.exe	107
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3020	3448	msedge.exe	108
PID 3448 wrote to memory of 3620	3448	msedge.exe	109
PID 3448 wrote to memory of 3620	3448	msedge.exe	109
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110
PID 4856 wrote to memory of 1032	4856	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\c21e30eb01d9dc830720eec526c60890.exe
"C:\Users\Admin\AppData\Local\Temp\c21e30eb01d9dc830720eec526c60890.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3100
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9887446f8,0x7ff988744708,0x7ff988744718
      4⤵
      PID:3456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:3020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
      4⤵
      PID:3936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
      4⤵
      PID:2912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
      4⤵
      PID:560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
      4⤵
      PID:2384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
      4⤵
      PID:4676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
      4⤵
      PID:3380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
      4⤵
      PID:3984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
      4⤵
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
      4⤵
      PID:5820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
      4⤵
      PID:5164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3676 /prefetch:8
      4⤵
      PID:5404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
      4⤵
      PID:5396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
      4⤵
      PID:4756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
      4⤵
      PID:5884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3828400174823718583,2604447998578887899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:5688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:1748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9887446f8,0x7ff988744708,0x7ff988744718
      4⤵
      PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9887446f8,0x7ff988744708,0x7ff988744718
    3⤵
    PID:2256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13718575621244434447,426943739008220915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
    3⤵
    PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13718575621244434447,426943739008220915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:3392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9887446f8,0x7ff988744708,0x7ff988744718
    3⤵
    PID:3788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x3d4
1⤵
PID:5452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
2727418c45863f7933e473fd953ad6f5

SHA1
a0badc0b6f24ce0d31eb43b0a3e151b88d9c278b

SHA256
df31f7a8cf89c54862a4d3ed3618dda724ad3ea26943c64f92d1ac4b9d14741d

SHA512
408b1a2095bccfbbb92daf5b8e254130f8a878f773e38c42bc45dcf69891720580a6021a0415573efa0e1fd595c71458a68d34d744ab3a3838e22e6db46cf9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
03501f2be3a34146ebafa6bf06f3c174

SHA1
319e48e3467c9e8222cdd9953183ed994f4c1166

SHA256
02df09279b977dfc48bab2e19f619c769908b22df1fcf16268d304c353d457ad

SHA512
c2f83ea5c8a481c1f2899304cca069d78a723ef308be9c9591351dcca878cf52b6cebc40c2b107df75cde4d08112049d97bd8c8f220477225ce30006a9b95655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6f6e7b2dd9b174835f3e0954826fac1c

SHA1
e7d65c1ce92b21f451f9bb072521c98fa3384856

SHA256
6015281a7f2dcc285f71afdcaa3a091a663bf97bdecee2e193e1fe2445e4cc3d

SHA512
1fbe3d963a4f760d750e30bac7de981352566e748b4c6fc20c499070641fac4ad32808eb9adbbfecdd2bbad340cf673e3f4532e3de26a4d8100490d1f8bce072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f922c11ec1d8fa300d8a23418b2d212a

SHA1
ba12307fc81428dd2c08a6df2340a9d81131c1ec

SHA256
308145864e3d9ab0f8437b6619c60dcb25c8a4fb16ec4aa23ec751acbf9d6595

SHA512
726ea7b9398cd4ec75f4b0f10a2292f2ef4269ae3ffc5b40356aad50c64e9eeff693834a2534efbc3307479df8cc098301311a59c3e27c9abb5d60626aa033d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d59e3744c79d528e0e604b6714f70cc2

SHA1
cab21937d3f3f4eddc5cd1149a50ebc03bebd98d

SHA256
662367e310e3ac0d052b3f4ff2c6c5797a33e17bb9b5d905f12ff5f09930708e

SHA512
775e97f0853abcbd0c4cb3a94fd7f74451af88722d3deaed3f5c62089eb2bead9d0ce4ff8c9715792cdf5cd6812258a554ddbe653db2242e4c8f42e4399d0456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
413e4631c9f85d0144720efcb6918278

SHA1
2a5ddb663f786bf44b7ca10fc1cc118a20b308ac

SHA256
fe369561080a4e46e4e4677c42d5f7f47994c050479c469c50172a516f622555

SHA512
703672a9ad7f12dfac61af14908c93225dddd54bbf162401fd11a40782e6ddd9cf7a595fe0803ba69758c1f948684703d0f8ca5a0c9e700641e1f44fa1a72f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9401c757a3bd769e56e56cc56cc9ae0

SHA1
5ad911be1bab5c7b56f3047f5bd46d6bdfa68129

SHA256
61f66de54deff9c4f95d4df2e7ff344006156db01fdb5f3ac407ffa96f1777b7

SHA512
584ffa8c5a9364e602e2f3f48e206a4f4211581c0009e0c029bf5b1e20e09f8aeae6dbb11a40ddab20c43fdd9885c40ea52b786c2fd94dd970972d0a22a278ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594e84.TMP

Filesize
865B

MD5
beec837e82c3923d9c0e9b51821c4341

SHA1
5801b6ae77331bc4f05df4ee5d1c2db50337df3d

SHA256
057e6854191d60584793b82093fc91bb1f674dbae75774943e4a903f61461e81

SHA512
0544391f9c28043c2f82b00bd4bccfc67af840fdd7f3ff0bf1023d887612fb32193ea51fcaab64227edb99b387852d1c10478ae1d018b747011666ecd43f20d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5e51d6ca643106826175d13a816b7d81

SHA1
0a4d745b93f1815545f50cc4515b9ca9fdf59b1b

SHA256
6bb8b88cb18f7157cb7ea43feb0c8eaba8f74f1f12929be6bb471122102f8383

SHA512
a900c6846c51178b709ec4c41a97a6a72154524d4225df1450c0b9aa5ead7a76350b86ec27a3868521274aace6e49d1942bf1ebf9b1db21f94a383b0befbafbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
60c89c0327c025cd5d1f023339519c93

SHA1
14b242ce6ee319b1283a991c00b6e6b92b03534c

SHA256
d31830a700deda2362dace5d071a2f63fe5b5dd0870c75fc4c6431fb95f1f9ca

SHA512
7a44bfe65399b59ae0bd4e62b8862ee736967fdbc76d97462a34b6abc117ae654916861fa73e855c73b276ffc7b3b238ffabf18e70bee404e7f6b04043de6ca8

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
4936377cde4b94b1af98660ebe8ba307

SHA1
21a5c4f5fb13f2edd7bff08a872dd7c4e26ad8de

SHA256
6ca9614d8ae417ce3d6beb89be9d03015fc94f2e4181a25ffaeeb532ae1c21c9

SHA512
e49a8c62f0ce2f7d885584b4ea9523fcfc9b583fd523449498b7e52e3b88a21b5da14bea672915902d58141c7398527b2f561836e5894c8813fc341200c6434d

Download Submit
C:\WINDOWS\PFRO.log

Filesize
55KB

MD5
1a5efafaec97217ea4c09a0402fb87c1

SHA1
b4903a9f52bd5451d7c568b84677b405398fa67f

SHA256
ee986da24d298f576b26a2e67a652ccc1b3a96892a59966bf8fa18d4da583e2c

SHA512
c3a7a46964c2ad3c78181e6f2c3a5157b02cdb95e235f79e5f96fa5194a6866e69c09631ebc5d82a49cf064ba7433351d9ab092414269015dca934368932163c

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
e3fcffe9265539ed11d60448e7e577f0

SHA1
a6cda83565731d16c85214f9547bb8024d0c8c17

SHA256
796f4b6000f01c8ea86584c623f1ddc0063a9ddf5c9f82503e5af15d39e1e7f1

SHA512
155e47d70dc4c32084a21e2727b9a8228023faa2ae471734d17def093050ea28026be60e5e2a73819829c4fc9e489bea9781bcdc9c87ba7188740655c1b388d5

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
071f065ecc397537d85c982998a611d4

SHA1
a8418799ff72efd212e12d23d398a7fe8334893e

SHA256
af59957626a8c9f032df2fc916fcb6a5fbf6193dafac4a1ef5aebd4f2f2fdcf6

SHA512
4e4aba130ce01ec0f761236579ed9b6257949ae23f088af814de8084abd9b73ccb18acdb234daa27503e6d003e05a2d735001091474d6419c6ddf85177d09a9e

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
d9eaea68cd67f456455557df3f7ce485

SHA1
9f8e158ac85239f52034604cfc3b8cf88d9769fb

SHA256
1b46e6330a3df0fcea8accb0c3ee70bf25ca7fc2989f8ffe86b643659f70f2b9

SHA512
dbe32e715aef3f6ff7e45c00046d8d8b06e828cf39c9edabcfcb6eae9e5c9409370f54135c19b192dd9da57e8bf2d8646b28fcafd47a9e9ffd813220586fdacf

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
28KB

MD5
780e12a6bc94d7f77a78e5a24d457bdf

SHA1
32332ce3dd035535db0bf4352c3761704d90b599

SHA256
e12a31758bddb58fc40f80d4bb0f4d9daef7d15a4d9502ac606f1b3a3da2f0f0

SHA512
2903c24dfa97a4c8421951a84beaa7399330827538bed4eb5f15220ad759e68b7ec3b1489383fb09a7dca07afbd7cf6cf6b17e7d5f1f259497e0cdf134060d71

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
4.2MB

MD5
5f249ef30242c08714f5db4c72a83919

SHA1
ae3bd6f761fe7c7178eeac289f1cf129d7d04eea

SHA256
a905915c3facd5e3fb0221aa400db6d09cf7aa6192c682e814c799da675e2751

SHA512
6cfd2349ff81c9b7ae257467f372a1a60fb04ecbb2d2a0bec1ebbc071b1bec07e0deffedbb0dcafb8cefb3518a1c4d0fd073cf38f82415baaa75c29a78a14ae9

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
90KB

MD5
b87b9a0e68e3b26ad77ac4892f6d8413

SHA1
079bc2817bfbac64e3e1d5ce6073d948c0febabd

SHA256
fd10dffeaac7f02b59553cd4b362e29723d8b3ec5e065a7d2010921aaa145245

SHA512
d3ee7e072de923937f402af7de1c4d830038e6dc91aa83735b409195cd948207fd0c24ceaf1df5d0b90120b7057242c21de329f9cd9289d8d6100e2e81d83861

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
90KB

MD5
b4316281f56efc215772ef8263163ba1

SHA1
452469b448217b1bf536961212d1336a713cfeea

SHA256
e5aef6b77d694380616b87e406deba8c876412dd13f8c73013b48b3093baae48

SHA512
cfde9d0b8865d1352a9dec1f9fa86a4f3f726d5cc53dd792f2173f5eb67871480cdd67cb999e06f1ea01317ffc07d8b8105c64833daad46d3153e2b5f315dd65

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
118KB

MD5
640e94d518fe875ee0c6e75689c8c0e0

SHA1
ebccd3b82c3452679261dd327bf0ded6ec07ebe0

SHA256
60a386e3bff533e0e5f7d199cf2c8c42e93a2922fab105fe15eac8c21a8b4eec

SHA512
b5093dc0d941f8c65d0ca1f31470a926f22997d8b72b2c4a0c567ef9636bd66eecf22269da46195115ad42daf7155a3462d4889846cc90b6796d3035200b46d1

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
109KB

MD5
1959534db62ca7ff63b979fae989d608

SHA1
fb9ba9041c90c057988c36e80c172d0becbcf3ef

SHA256
dec9d148d539cd789710373eea7d1ba963007c94fbcc2bbb75c9d63b17907939

SHA512
88f7f2cfe46a50a58f1bfdd1f2ddbb7c937dfc10cd7e8784e49eea8fca75d3c54d716d16930caaf999c32da6c296c2e56ffaff4a8b3ec24b15e2522903677dbb

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
43bbb7d172a69fed0f45c2368e488a53

SHA1
3b0d505b9d5a23cb6b139c9b94e7fe8ea59efdbb

SHA256
619907286fd94e4b2599bd7e9fdef1cce223006e0f6af2a89d95a71229fc2ae7

SHA512
60332d74712a85cd9705f44a194819979cf358cca0b38fe13bc8dd084abcd1204d5fc04fd09f7643620da09bed9edd56b69827958c50bd7556272d5aaf0e4132

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
90KB

MD5
f72355243618c7abaec93731ee3cc88b

SHA1
d218c7505537bba04b69b2201491f1223d315e3c

SHA256
1952bb4cb486da0352b33aa5111dc60e5147d3e92e0822385682256d80d5e12b

SHA512
7b7e8f2800e58ad03a583f056f1c4ef44497d9353b59c3bcb4dec115defcbbd20667ddfc6dd176efce2a2e506c8cd129573ca23d04019efaf9a719d40fbb1a51

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
88KB

MD5
4ab2c5edd6f5f317d3ed18822ff5a2a3

SHA1
39e3a61e3ee5a3ac155c3652367c6547326d2869

SHA256
c238f8cf914666afd79fbdb381286cc86362cbfa82f75af57f25479362074d86

SHA512
ef11cf99af5675ecda5f2dbd271369bf84e42417030c9bdfcca733ee7ab117238d0e2598882c4430c266976e342dedf58d11e37c8a89adde895f6bfd6fa30f96

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
70KB

MD5
844f4a3799544aa69093aeabd26b6bb3

SHA1
6865c44a71075e59d8378495539937e99a1fcf76

SHA256
a1188e50474a17d25eda0f83a347eb2c94fd0104d167a23f05cbdf6297c7a184

SHA512
5b6b26774c25c50d39f6533583078d52974542419d1713d121a188acba6d74ac9e4b4a131f9b44303eb5d278f7793fc8aaa20120820c8b1e1e4fafaa77ca82e9

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
69KB

MD5
7a06c37fa30a4e15793994932905f469

SHA1
71b3876e4e7a4fe26ce4716c8071b262d4141d43

SHA256
c7fafd8b8e367d43bce758867922bc27eb6ce210f9c81a5107e0a8d282b5a023

SHA512
a287e6cbee8d5ed94306cf4404ed87ea9f634f7ce57dc7835050516061647482b92eee057d360280ec755546116108e5187e9d57d2e7ddfdbb6dfc811b08bd81

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
86KB

MD5
906178052366a0508e643bc9055791e5

SHA1
aa82c6b0a52056e2fa63d0e9b5af9fad29c5736d

SHA256
4d41e08d4cd734aa2d021533935fb2e1a40653dd40ab0bed5f7f3c7cec2740b5

SHA512
f764fbc90325c6037de87c5a9693660ed7fae0878b6a669acf43fb8d336df2a7efb33faa470c59301559e27793945c16c5d7aab1259d883ca64a34be1692f2ae

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
17ee521a06ec7793c4e57bdea8fbbe16

SHA1
efc137be0e4dd9800aa285d70c57cd818bee0362

SHA256
7322c2ac7fb7da52020110f8bec8d72dae2a52220430ec914b0567a7fd682fb4

SHA512
466f8923cd55cc970a9e73c8ca3e64b1b32de820ee98c123c2ddede3527c0fe024fa135412e59bfe8aecf123da0b7939d863f858c4c770b53af75489203d81da

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
31975b683ed7bb1a50f4f2221955d28d

SHA1
4fa56f392da24fef5ceacc796bc341e9596239dc

SHA256
2f1be4626a4101473a755e72932020843b57766226ababaaa7c89d34ae195278

SHA512
540af5ecef3b1ed963d7003617245563e9a5a1b0bffa782fd6bb74de3583e3483f2b0d412cfe475c0791396f78bd52640570c78c73667fe60d00ab538469207b

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
72KB

MD5
c7b19c02f70bdbd9922beef35967872c

SHA1
7412145e55e63ef8d02f3c12bf9f386d4edea269

SHA256
8687e01392dd1bfe59688b32fff26bfb5782642d776afa813ea12386ece27c94

SHA512
875e247f44931ccef26c09e175e9220bc3a29902cb916a9e233ee568cd51a0f52757d6f410a11b77b6f4638145b9407dc3729346ffdd86ad7731ddb946107621

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
d5479411b16c620603e055262b74000c

SHA1
f1d89116561a4df5d2fc8232550298a91cad4653

SHA256
dba752dd5596e2e4dff6ddb2921df8ab90c23467f77425e78414c3433b46be83

SHA512
1e840cc51ab15ce8c48f2c6469986c7a3967c6b7314d6930125340a9f5f76325e5b3ce75b19c6286b75fbba20fd647d184db6f109e1af5e583ef5c0851fc94f1

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
4fb66420ed2afcbb85ae38a6c7be4488

SHA1
8040f65313a42c4d33da5d9d94df826612a59efe

SHA256
ef73096e7ca2685b74eca5d20f2c7e8b5e7b3aacf1179f10321dfb583dd8075f

SHA512
f84962f288c29fceec8020a4a68c07de32f7f6dcf2ac3c61863a25b671ea34a67f73f8196d2f9cdbe3a79badca40646098ef5bab5bc1b9aac8c7de338718cddd

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
e79f28820f20f801729ccf03bc85bff7

SHA1
cd6b3c16933c818dc053169a32d930524a64ee14

SHA256
b109616be866cc21aabb94821b778298b01dcdefeab74ecb58101e499ab15794

SHA512
65455147caafe109b25696d8064f0fd282f9197af5f19d6952bef51ff25fc6a3b5aade4f5ac1ed39e00bf795ab2437309a2fbc5560685c517b27a32820a7f7e7

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
ec2a6a32b4f434b108302b56f38ea986

SHA1
37750bf040bf0ac9d091c0b935e12f13eac509e5

SHA256
ed1704ee97ef4bfc97ddb292bd6ac74269453b777233c8296ba77dbd3a5454af

SHA512
0c2169750d90a71026248d72021e209f722d472a2ee025824b7746948a5c4b900f0ee0ccc32b0607a9377d6aa35042e283bc9fa13cf6e35d7b1c94b4fdf40eb4

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
c9bdf5b22b4d4273654c2193502af6e3

SHA1
9d53ef2846de3c1cdde7a9da638ed49e73e982f9

SHA256
936d654a80ab92ed96df5431c9f64c0275604dce3c2be1a081c3ceca47190f4b

SHA512
45a6ff604e545a5da02816bfd93d837f218815d9d9c1b6a2bc57124d21b96ba0bf6549b8250f5614a2ffead406474a3c56ca3d5b9ebf8a8da5ff51e72219e223

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
22f1b2f4bd9caf23af9f5e704a344ec9

SHA1
a50b6d5f6a3a77a30b4b2a2cf4859226c08857c1

SHA256
8845b3ae8f056ca4ebf69a652f7794007b1dd1435a151c978fdda2d946d37011

SHA512
4cdbd7e4373109b18ec93fefe14c1fb10383bbfa8b5864e9d214ec015139192d4af2bc14a3b925ae675760b15ef14438f9967755ac82470ba62cc51ba8f39eff

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
bc924ac92431b1b0356975bb697a5f48

SHA1
e09de45fd12e3801d7c27a5e3129d1327afdd4de

SHA256
7e910924c92ed94043f5424d4aeee760caa31eec965300e79bfcf3040e868e1a

SHA512
3ed01e853181bfe73e21aa42310253f7a840293edfd6d1f190b059454095cf0ae519da8963a0b61650a1f7593bea1b12953d41e42b076ef61b5911a0f51fc44a

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.3MB

MD5
711bbc08dd4361ba8cc0c2e5aefe8e44

SHA1
9e9dd74bb6cb1f453df18b0d7d4a5419d6aa8fed

SHA256
51d1e3aa698eac2091342cf7a79b70a8c6eaa4cccfb62decd60a68b93747358e

SHA512
382e1b816560a5640038c71e3d658ff43e2fda709d9d234ef2f26bd085c967cc0a56149502feabee2b713bf96d2de415e86ff72b3189877a28a5b5696ab28219

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
529ca42ea99ce5376a44cc88bf58a85b

SHA1
f3983f2fbbfb9d216d33f701a24629d9f18c3f05

SHA256
01e84dd9af8e834070647321ba5e4a793227ae9f0c213f4a7b6cf9db51f94cd3

SHA512
263528d1bd0217f45d915eef5750c2179bdf6ffd4e4698090689d733fb1fc872a4927fd1ac40cb79ab817e2aa0d4088315a199572195e32a3ce5539135db233d

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
438d64fb568fe1354dd3115fd9febd7a

SHA1
3ac6292a9694eae2fcaa6dec64bc083d6ab2b885

SHA256
119aa1b28d915053ec830273e4471c6892eea487a468e2c5dfa44794ea102a04

SHA512
88513368163b1d86f120cfb651530557abfc8a03906b44be921afdc1c6e3a4e8787d8e193031dc8ce0c375fae035f924ff16c84024ba1ad099c3ba3fb4353ae7

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
5a45d3bf1f110cd5a3b9087dcbe1ee92

SHA1
ddaa536a6e7db5f98150f6ca490ca87a797a67c9

SHA256
75b4d5530841f56a1c0e85a89f636dea771a2a740e37d6e74512f76410e4c670

SHA512
c6a8274f62ea4ecec1c2312244aa761d53a9c909ba40bfdc24fc3706f62c81d0ec1f9cb2241b862ee642dcf1fcc9b55aeefb1ccae619cb4a9d76716b7f675d9b

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
755e8ced2409aae8846e25116a44b7a7

SHA1
eb303de0f2d9628cd65acff0bd68b6d4d791b77b

SHA256
f6d87ba5982ad86f2b9e238479282e34bbe8a84d8b503eedc5aa87bba2e0a86e

SHA512
3a0891055d144f4f3ea69f6d05e005c914464cc5ad327bcf67ca8f0c22b42b2b147848e0bb72c70cc70c75d9f21b1b400f25c78e096a4e1d536871bb3000a485

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
7bb06380adac918564639eafaaac5a7f

SHA1
3fcf19b7172d9cd8d20e74694f970a19fed29c23

SHA256
a391718d65ed40e61fc0c98e2f86d4ffc578eff18c7a26cfd80f70e6bc829db7

SHA512
682e962ecf73e4f9c6cc84a18e7506dd8d7163c076c82496645cc923148706a66a1917c3c3a06fa0b63bb72249d2c43782b138724a99c2d63ee85313e275996e

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
40eef89b5b50a66108954eda5bcc2054

SHA1
51a5a8429aa8e946e5f3c4ec09d9b83097ce5e0f

SHA256
84440d2270beb893f4a9bc1453c47aa372b854ba1cc15cf02be3cd8c40067470

SHA512
5612aefec4ab04a5887103d2dbb747c457994fbc7ebe2e84a562b81abd673143316258e5dc008c8d1b19906ac196a06e3644d382f3f53d85a00e182730c7d5bf

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
6b5317120f942a8646717a180e93b95a

SHA1
438978a5b626377c963e31d659f7bde96c52b4f3

SHA256
3873d8e1a111cfd0c80f8cb7b0b251f26e9abdcf376d008297182d23f4dfa782

SHA512
0240a24ca3a516995e89cd50c54ee110c69b6dc1bd2e604c9f97657bea1cc8692f625996523c1166b610318111196f959adce03bd8d32ebcf10f7a6203254c49

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
38406e397481ca548d62b936977cb326

SHA1
faa288e6b0a34315a40dfb74a2538cc3cc248d37

SHA256
5e31ef52fd05d8a9a1025c9d04d19fbf2be3c39d5a12ce9f99b3ba64f134dfb3

SHA512
ab99b5445bdcc3ef2cfd45352f3642f5b42bbf197b00a214a371e1c192d422c5f3935cc8a029189f35989da0453bc43c28d3bfe352a2b4c06486d907aa214787

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
d8c45e5d73a2c769d20e044b47d94319

SHA1
74b3c2e218afc7eb779c1df2fa2169d92ae57bba

SHA256
cb1cb46764e03e77407de1891922d449af4d88dae9f6e650555cd78aff8d78a6

SHA512
7b383c5b46ceb4ca84996fa25e1a96550c19ef71d96bc762d63299d5e9f5ae4c6158d747c382c6640e78ef596b956810b545afb3c8e392b3058685bf960ccbb3

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
16f72497fcd62f7acb40e58121d3d977

SHA1
b86279a0d4bb5ed0a0757393145ee41f3a5ba1c3

SHA256
83406dedbe84577f06796a62c5711603b898af86bb83a36defd9201350eadc97

SHA512
aed6e89e2759312296d84470bd395886a9c5f97f0ddb0c5beebf1626a4b5d8d6b094ca374d960151c5dd818f1210e3bc79c819665e5dead776392c34c8c478ee

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
952ca53f88d30c120d72f7c25215a79f

SHA1
3efaa7c4d565775741ced957b92c4c9648a8fd24

SHA256
ff2e5152843c5b3ba5b1c724b88f06e6bfb66d13f6d59bb8fce6a3889cc16fd1

SHA512
0658040687d1634307eaa02e5b77de73dbdd4e744cd2ab994f1864f90d04df0299fc0badd1121f1f820b030f30d428883acff87b34462fe3b0156251b13def15

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.7MB

MD5
93dac29cf5d381b678d8541ed4944ab4

SHA1
acc38b160efc9406fa9796fab88d262b1abcbdb5

SHA256
a3a2f940166481e5412057dde01895b13421a40df00988b70b7fa8148f750a9d

SHA512
452bd732fb0d1c70a8c9e96c2f276649e428e051d5d1c9c99216efd05364a95c7703d960c4cefcbad68baf0555406f881f025907ed6b2f11377d5230a19d8a6f

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
f59adb448d59a99bd5a3892b1ce752ce

SHA1
13723cdd06b202a6a92698285f73a485f1cccf80

SHA256
c31eb4ef5df515f59afc1ce5d5d9a5211e072e52feeee929c52b5440a7e07b43

SHA512
512c11e1cbf8e087baa4d382262e036356aed3f722ea4ac95f9560a1490ef8d6758d8dce9bef1789d515b74382162341e80e4820e75b9c3a70c529d3f092b4d2

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
80845653d0b3dc21051f91c607b36f2c

SHA1
22f4010a8238606ef99b835f3e5ec0a7fc2bbda1

SHA256
a0e616fa33633e72a53de70bdae8fa369567ef2b7850d02f02ac12989e38ba01

SHA512
65c08e9166513eebd1cbdd6ca43e00f2f6c70c3df72463c9c4049157453d157b2abfcf06db63e571a4e91cd8c969c61368bc84260939039cdbfadaceeb1b41fc

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
fd04fa8080af76c0eab208bc9aefe9b9

SHA1
534bb9e49a8791e84d671f399c4e21d3ed1d073b

SHA256
051af9fb1c106a85d12a41b4f3e2d479b6951042bf4a8b80155cb8e82ae5cf82

SHA512
895c4af7a21b5ff83630840c69eadf1169fb7766f797bd04a236d0ef2ea17e84c2eae06842478d788de9e7dbed9da7e1ecf514ba8f20bb4bfe41fc1c7d44c9f1

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
2ac8ce727bfbadb32ef4852c42368da3

SHA1
9f3680ef044acbe8f1e69c6bc158f7b7d0d8e4a9

SHA256
94353ca1fc552ef849235f62a3dce1ee0c63296a59b35b91a2416e09a1e4cf1d

SHA512
ee1f516875627cc746012a3c58841397d3a7ee50514a35c4e01614edda3a8efb03d9a295a3f895a296e468be442809bad36a00c9e558cae57da265a36fbd7a50

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
94ff70f8940a5de12375dfe94173ce14

SHA1
8a6f670f2c0c200d1d792cf3bd6eecd113cbb70e

SHA256
30bf2964990cdff8e81e90b9c6f7a4d2b9fc02947552e881fea93a8bedb00f63

SHA512
fc30b14f65c91a201f1c6a4cc8e2aa55196a44b12730561e416ae60c699e8d64c29af5e4f779717f8e0f979150322a37c0d53beeb1939c4558dc656a3daf156d

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
daab963bc5bd6f35b4ffcf2ee30e6f6e

SHA1
4299b39e5d19e070b0eab3dedc1222e11c44e353

SHA256
6a2bc3b4d237a8c61fc298ef9e67edd65658766ea3d9514cc465c4ed74f66b3d

SHA512
3f1c9edab056719b69b81571620151a161fdcba89512f5e7276ff9348853f068405b5597c2603c94a7fd2c8fea1df546b7ac420ee4ff563967808d3110f6935c

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
0b53908486efdf632416098319fe3f99

SHA1
02f7cf658adc66931028525d8296ad44a89f8b78

SHA256
7309eb35d0d00878e045f10428636554b353c6638626f7ee96dbf80f3aabd922

SHA512
46d78be07d58820ba6bac5ad6e382374174745b9579dbfcde305b9323093402d53d3776b3b93cd6f10728f81532d2ee35f5fed03242daf82695422f62382a974

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
5ee30938db19aeb112571e6adc2bc2a8

SHA1
aa9fd5c8a6161ebe89eb73a7da24473e1817c1c4

SHA256
17a364a1b20fa3dd5c58bc10376f54564453c76bffd711d270d513b02c6ea5cd

SHA512
943b6bcd5a010bdc041dbac6d8f7315d00679f465b9092d9ad626b848a5721cd2018711df326f6f4c3c332cccf3840db0517a4db2161408d8bf9987066a57180

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
d4bcf3ab75bc3d62a15c6155318e38c6

SHA1
41d70a32537993283915f1a928fd466e755735e4

SHA256
0f087f1ee3c317ad649e350f8aae559ce58f4367f1d70e8d558e798e94e12f45

SHA512
3a88f87fc9f27495eb93c18b993132578d8553c0b242389dec9d3a7d3ad9dc41b255149fb6763b63aa517a8b31293d3f43fc0b44145b24c07f2747ef1398c43e

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
118KB

MD5
8fccd39b41f44e04bff3f25d510011a8

SHA1
603b677d6cd4a3ebe339a2ff745e09cb37e10e9e

SHA256
b01a882c773e3aaaa58e80f6fc184a47d5419b98dc0f093965d8625205d84388

SHA512
9e3e037af88c6ffa8fd32040a50f949a68e70308ff1cb6646a7f4672c7cb8db1f7d1e41650a706c930ddf01ff207e7d5c1ce31f53f0b27861a8319e44f9179bc

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
888febbb40144ef24278aea8c689f748

SHA1
6969ce5cc4fd4a4bb951f64ef53687ae392fc37c

SHA256
b16fa612be67c211a79a3e3407b416b7299762106b7d51c5ab0457d174a0f223

SHA512
4fce00cbd57ba3bb5414189d3cb314dd07128c403a3207bd1947580628acca1f512ea42d11cec84d462f924a9e163052ca5c9febb50ad8f8fab6d2fa3504fb16

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
107KB

MD5
ba9fe1b839311bc95e8274a4c8b00e2a

SHA1
99701b0dee0358a64a85de187c2b948cec1990de

SHA256
2d7761a2c0a5c9394c3059488135b944430b345225de826d5b10945615a7c0b0

SHA512
8080af1491f56ff351a7113b4b9f34c790ec535dcb4377cb19f374eeda35139a2636dab1c059400cb1791126c73fb7e71c2398a75fd3c351ec5d3fa374c5f370

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
108KB

MD5
640c61f2059930316960f71f41ca41d2

SHA1
2ec6748f4e3588592bcef33cd844546d8d7527ff

SHA256
40857fe4e6456376ee59d71a8fd81ac27d13f058da059e2adc0ccb806f146051

SHA512
c433b6fa571e98178db028f917328b9e00a42ae0e7dd1c163ab559ac8b9487f47d4b048a96b5db65cd171f74412e93250241d87b67bbd74d874c520777d6f491

Download Submit
C:\WINDOWS\SysWOW64\mfcm120.dll

Filesize
108KB

MD5
e69176022dd331f47cf5d0dbca112843

SHA1
9fda7624889432ecbd8c150e2f9d81254545434b

SHA256
0c7db88eb7c11900bef69a13e6365d66650686af612e8a8855c38d556817d6b9

SHA512
0677498ca33f1dd3dfd75a28df67a533ed9f33b83efe91b4b040ea0f242952213d454ed80ffb7ec1633402e60c22f586815ff19a3f0dd956f21855276702babe

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
221KB

MD5
3aae5b2ac1642ce53a80ca130c265d51

SHA1
a9075da3ee23d8c523be89952cd17fc7156cf0c9

SHA256
db3e8a4314373821c97859dbad7682e8f7dca4f8bc52f7787ddb126a457c1938

SHA512
b8f12ef50278cbd308889a2b4535d6d5fb8e9c6b02310d851e9778322b9687590b97647f55adb8177cfbcb95e0576378bdfdd47c47b7550f46b13a458bd390cb

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
7ca14b9037ae7138fdd2c07de5db2d11

SHA1
52f2b92fa992eeecc7703ba568804b4c590689e8

SHA256
91808d195f0465b8b91131385e417e6cdeceb2588029d27876f07fae13e664a8

SHA512
8991f0d16240070783ebb5c352503b45851e1ca3e8e2caf90d156eb5349448ee8f3b6c7cc7f3e81308fa35dca94f5a082d0678dd75b62fc9c348a2a329a70153

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
30c1ccb6ac56e3efe3b6c7c80378dbd7

SHA1
b6e806b75f10ad3e32de37865d42136cfb43d75a

SHA256
e20fb6a9b9445e5ae78d97e2de468c9446b738b24e72a592446086d9a4f16dc4

SHA512
fc432de7a657763b581b4c2c7eed8fb99639b23ac865006d28c7877020bc919ae674aea63771646ddb5332ce2486f1cd91c1ef856e4b4e9025d4fba51cf6b17f

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
79bd4e3d8f27e7c3c5992d4f20ad997d

SHA1
b16408bc5bebb78e24f511cc87b55367f7175f8a

SHA256
7d9f1407fb5ee96110a0106c65d5f96eb9f9a6363de26e73f994d5d5ad93c99a

SHA512
9b31bbbdd04e3b3553d019dd43960eee771bcdb7db0243be27b3f6547e348121efe22156cea80f9867633fee18cbb8b5ba2033fcfada9b18b69e1fbf9aa40de7

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
f2e28f336679192d762c741ca8841a66

SHA1
e246e4217c6f5df246fe1642f21fca4a48cd27c5

SHA256
958ff7bcf4e70c5a1451abd5684f0be440aa9e8fc432b5f2bdbde421eb37f5fd

SHA512
f200b1f9cf360f98c82756594399f12cdf6bfd1b880ba0175658606fa1b1fdcbe8f99aca54685eacf4a1b797b9d13dfdf50b7a869b452c7c595c37e39de641b7

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
c3a0c5f5c145e8f9d49bd0d0f775cea7

SHA1
931aed3af9a9a04ed59e85c1407a70e16cc02374

SHA256
687a0fa9d6fa7c7ef44783ad2d0f0e0486155934fe3e8e7be7c2f2a8a908f8ea

SHA512
4ad2c0a7ce640665eb1924e5b2ae6d2daaa6c4c9b857796683d666dfdfcefab8476adb8c17a0421e2c76c199ee5e284c5e613b0db8df5ea4dc8f1eebd5c9727d

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
7ef893bb61a8ae9f41101f12d92b7c1e

SHA1
0951691caea04b60024368e49c6f10316bcb4301

SHA256
9943187eac0a06c9313837c4e48de70319d4fa4b5fca2a2ba070c09a0b9207a8

SHA512
86a942b3174bbfa7eb2643fc0735f118584bf32de3150933dca9f4a5874b0ee32e1d943e6bf5f774ba78017922a6ab0eba6c17acde1c422d5c8f8ffd7e55b0e0

Download Submit
C:\exc.exe

Filesize
278KB

MD5
c372ec1126d607dad44e9444f8bfb976

SHA1
7429b87e23fdc684df673ef32a7905eafc8334ff

SHA256
512bae8842e098dc6ec8036d4b5e9d1ab86fab40947ba3a3e02be3e5f5f3c901

SHA512
dfa99e3ad2399c120ec94e17493240aa6f615a7724dec8a7c925d621cc5e0e805fd803452a8fca3b3c2f4e57efc898e0ca341f125236a9760563f9ace247f266

Download Submit
memory/1560-702-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1560-1127-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1560-1663-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1560-274-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1560-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3100-1106-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3100-509-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3100-1662-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3100-273-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3100-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download