80f6adeff8ff98ba5a79e03d03858124102cb2f684913f966792a18882b1fd4e

Analysis

max time kernel
146s
max time network
145s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
Size

389KB
MD5

0f97b58c7db709747d0b13b81ba6a59a
SHA1

5904dffcaf53f9731ddbd46a2632485b1d83b4ff
SHA256

80f6adeff8ff98ba5a79e03d03858124102cb2f684913f966792a18882b1fd4e
SHA512

7bb099dc5f5b846a01ab35e47b4a39fe9da1506baf33ad5b52a8d33159e669a7b8c194eec85e473a34b1420791f03708c63a6b44eb9726ce3931e3036424ee0f
SSDEEP

1536:txft5uxft5jxft5uxft5lxft5GwtP5N8g4iFEYDRwZk8jc:v15a15115a15n15Gwhag4iE4oI

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\wimmount.sys	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\wimmount.sys	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Executes dropped EXE 1 IoCs

pid	Process
1300	exc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1996-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c000000012320-6.dat	upx
behavioral1/memory/1996-4-0x0000000000800000-0x000000000080A000-memory.dmp	upx
behavioral1/memory/1996-11-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1300-12-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000500000000559c-44.dat	upx
behavioral1/files/0x0001000000003e98-42.dat	upx
behavioral1/files/0x00010000000054f7-40.dat	upx
behavioral1/files/0x000100000000e6f4-38.dat	upx
behavioral1/files/0x0001000000003e93-36.dat	upx
behavioral1/files/0x0001000000003e90-34.dat	upx
behavioral1/files/0x000100000000e664-32.dat	upx
behavioral1/files/0x0001000000003e8c-30.dat	upx
behavioral1/files/0x0001000000003e8a-28.dat	upx
behavioral1/files/0x0001000000003e88-26.dat	upx
behavioral1/files/0x0001000000003e7f-24.dat	upx
behavioral1/files/0x0001000000006220-62.dat	upx
behavioral1/files/0x000100000000928e-68.dat	upx
behavioral1/files/0x00020000000057fa-77.dat	upx
behavioral1/files/0x00020000000057f9-74.dat	upx
behavioral1/files/0x00020000000057f3-70.dat	upx
behavioral1/files/0x0002000000005804-93.dat	upx
behavioral1/files/0x0002000000005801-91.dat	upx
behavioral1/files/0x0002000000005800-89.dat	upx
behavioral1/files/0x00020000000057fe-87.dat	upx
behavioral1/files/0x00020000000057fd-85.dat	upx
behavioral1/files/0x0002000000005807-99.dat	upx
behavioral1/files/0x000200000000580e-103.dat	upx
behavioral1/files/0x0004000000005707-106.dat	upx
behavioral1/files/0x0002000000005805-96.dat	upx
behavioral1/files/0x000300000000576b-128.dat	upx
behavioral1/files/0x0003000000005771-131.dat	upx
behavioral1/files/0x000300000000576a-124.dat	upx
behavioral1/files/0x00040000000059a2-136.dat	upx
behavioral1/files/0x0003000000005772-133.dat	upx
behavioral1/files/0x0003000000008ad8-178.dat	upx
behavioral1/files/0x0003000000008ad6-173.dat	upx
behavioral1/files/0x0003000000008ad5-171.dat	upx
behavioral1/files/0x0003000000008ab3-167.dat	upx
behavioral1/files/0x0002000000005a37-164.dat	upx
behavioral1/files/0x0002000000005a21-149.dat	upx
behavioral1/files/0x0002000000005a1b-147.dat	upx
behavioral1/files/0x00040000000059a8-142.dat	upx
behavioral1/files/0x0002000000008ae2-214.dat	upx
behavioral1/files/0x0002000000008ae1-210.dat	upx
behavioral1/files/0x0003000000005779-203.dat	upx
behavioral1/files/0x0002000000008ae0-194.dat	upx
behavioral1/files/0x0002000000005a1a-144.dat	upx
behavioral1/files/0x0003000000008511-245.dat	upx
behavioral1/files/0x0003000000008507-241.dat	upx
behavioral1/files/0x0003000000005c5f-237.dat	upx
behavioral1/files/0x0003000000005c07-234.dat	upx
behavioral1/files/0x0001000000006415-263.dat	upx
behavioral1/files/0x0001000000006411-261.dat	upx
behavioral1/files/0x00040000000056e3-284.dat	upx
behavioral1/files/0x0001000000011b09-302.dat	upx
behavioral1/memory/1996-307-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1300-308-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0001000000003e7f-313.dat	upx
behavioral1/files/0x0001000000003e88-316.dat	upx
behavioral1/files/0x0001000000003e8c-322.dat	upx
behavioral1/files/0x0001000000003e8c-325.dat	upx
behavioral1/files/0x000100000000e664-329.dat	upx
behavioral1/files/0x0001000000003e90-331.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\KBDGR1.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\mshtml.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\version.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cintlgnt.ime	exc.exe
File created	C:\WINDOWS\SysWOW64\MigAutoPlay.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\mstext40.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\msvcp140_atomic_wait.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mfc40.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\MsraLegacy.tlb	exc.exe
File created	C:\WINDOWS\SysWOW64\riched32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\w32topl.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\bopomofo.uce	exc.exe
File created	C:\WINDOWS\SysWOW64\icmp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\inetcpl.cpl	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ksuser.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\vfwwdm32.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\xmlprovi.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDSL.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\msvcr120.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\upnp.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\certenc.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\C_20269.NLS	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDGAE.DLL	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc110kor.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msvcirt.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\provsvc.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\vdsbas.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\C_1361.NLS	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDFA.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\C_1144.NLS	exc.exe
File created	C:\WINDOWS\SysWOW64\C_20420.NLS	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\intl.cpl	exc.exe
File created	C:\WINDOWS\SysWOW64\ipsmsnap.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mfdvdec.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\connect.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\migisol.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mtxex.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msls31.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\NlsLexicons0003.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\oleacchooks.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\QSHVHOST.DLL	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\C_20106.NLS	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\finger.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ogldrv.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Query.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\sbe.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\sysprint.sep	exc.exe
File created	C:\WINDOWS\SysWOW64\capiprovider.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msimsg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\basecsp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dimsroam.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\sdbinst.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\comres.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ddrawex.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\devmgr.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\DisplaySwitch.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\PSHED.DLL	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\VIDRESZR.DLL	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\cryptui.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\diantz.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\dot3hc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msdart.dll	exc.exe

Drops file in Windows directory 52 IoCs

description	ioc	Process
File created	C:\WINDOWS\twunk_32.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File created	C:\WINDOWS\twain.dll	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\notepad.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Starter.xml	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\explorer.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\splwow64.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File opened for modification	C:\WINDOWS\TSSysprep.log	exc.exe
File created	C:\WINDOWS\winhlp32.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\msdfmap.ini	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File opened for modification	C:\WINDOWS\Starter.xml	exc.exe
File opened for modification	C:\WINDOWS\msdfmap.ini	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\system.ini	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\fveupdate.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\fveupdate.exe	exc.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\twunk_16.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Ultimate.xml	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\twain_32.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File created	C:\WINDOWS\bfsvc.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\twain.dll	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\twunk_16.exe	exc.exe
File opened for modification	C:\WINDOWS\TSSysprep.log	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\twunk_32.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\hh.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Ultimate.xml	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File opened for modification	C:\WINDOWS\win.ini	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\write.exe	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "118"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "233"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "251"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "255"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000012f8f6086c3b8137dd856e005273fc071ed1d6444b8c2342d5a9b3c63898838c000000000e80000000020000200000003f0b62fe56ad7ea54f45c4bef6d9cb7fced909d8298dac68d9b0dae0951f1a2b900000009fffa0711b688f2533b0bd586a98998d23f6d203397f67b2d4bfa34792977be1643fb43f4ab6b41848e3d2a59fc6d669b56368440ac39cd9fec1aef0a0839186dc04a890f1eebb875414d23c6e2dc0a75287bf2639026a45da4ab485889c95168466f19205f6d577886cca159f0b7d524724f8b4362d8bad2c8593ded544aeb60125391bb23734ef4c10d0503d79d603400000009b94dfc0b3a7b4c7f38b25c5aa986663ac9e58e88043dc735f09322396442090d6023d4ce9c6e1d8cb79402c6199e2928886b5707f3df5fe6226ee3e37b10fe3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "251"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "8"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417820751"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "255"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78D38071-ED44-11EE-A41C-62A1B34EBED1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "8"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "233"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1736	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2488	IEXPLORE.EXE
Token: SeIncBasePriorityPrivilege	2488	IEXPLORE.EXE
Token: 33	2296	IEXPLORE.EXE
Token: SeIncBasePriorityPrivilege	2296	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2848	iexplore.exe
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2848	iexplore.exe
2848	iexplore.exe
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE
1736	iexplore.exe
1736	iexplore.exe
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1300	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	28
PID 1996 wrote to memory of 1300	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	28
PID 1996 wrote to memory of 1300	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	28
PID 1996 wrote to memory of 1300	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	28
PID 1996 wrote to memory of 2848	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	31
PID 1996 wrote to memory of 2848	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	31
PID 1996 wrote to memory of 2848	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	31
PID 1996 wrote to memory of 2848	1996	0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe	31
PID 1300 wrote to memory of 1736	1300	exc.exe	32
PID 1300 wrote to memory of 1736	1300	exc.exe	32
PID 1300 wrote to memory of 1736	1300	exc.exe	32
PID 1300 wrote to memory of 1736	1300	exc.exe	32
PID 2848 wrote to memory of 2296	2848	iexplore.exe	34
PID 2848 wrote to memory of 2296	2848	iexplore.exe	34
PID 2848 wrote to memory of 2296	2848	iexplore.exe	34
PID 2848 wrote to memory of 2296	2848	iexplore.exe	34
PID 1736 wrote to memory of 2488	1736	iexplore.exe	35
PID 1736 wrote to memory of 2488	1736	iexplore.exe	35
PID 1736 wrote to memory of 2488	1736	iexplore.exe	35
PID 1736 wrote to memory of 2488	1736	iexplore.exe	35
PID 1736 wrote to memory of 2052	1736	iexplore.exe	37
PID 1736 wrote to memory of 2052	1736	iexplore.exe	37
PID 1736 wrote to memory of 2052	1736	iexplore.exe	37
PID 1736 wrote to memory of 2052	1736	iexplore.exe	37
PID 1736 wrote to memory of 1732	1736	iexplore.exe	38
PID 1736 wrote to memory of 1732	1736	iexplore.exe	38
PID 1736 wrote to memory of 1732	1736	iexplore.exe	38
PID 1736 wrote to memory of 1732	1736	iexplore.exe	38

C:\Users\Admin\AppData\Local\Temp\0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f97b58c7db709747d0b13b81ba6a59a_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1996
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1300
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1736
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2488
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:930830 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2052
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:799771 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1732
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:340993 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9862a44f4c01c75baaf1c2588ff088c1

SHA1
e3e121bf8ace63d053ab6a39a9f4595a3990d9a4

SHA256
d0d203fa876a23ddc3ecf0701e2e0d739fa84520c87a77bb72906eca855df0a9

SHA512
30106974a4a7375b67a6a7382dd23b342035cc1987b431b58724072cd64072a962ca5d7fbb914b5bc0830d3c08f2ea7d1b4e903e5c608e08d51c83e4a9eef9cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ca84be93dd9b10dc26b169d8d9981e9

SHA1
64f124a53cdf89b9fc699bf0dbd0793542728c67

SHA256
fc8194a9e34e93f087bb2b85ed5fad82b5af72dcd20ebeaee5ac7beec318179b

SHA512
8672a723a61f5b2829c6e33b62ea74702c6bbf34db67dfdd9f8e42242dcb7552ec5e7e9cafeef2ffb46236147ef1e53d69cf9f8c418ed7e78fa1ed7d156b7f57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
846fb21385fcfc36aae4b80b3a49eacb

SHA1
2d6f143ecdd96f3bf8aecf79f72fe0c025fcbbca

SHA256
7820981445c1e031fae8bda1b0d37b618a6cf6f84202affa911bbd8f3b7ef322

SHA512
283bdc086467c74c46e432e1584c22ebc9c037657d8c9a1e8a4691bd6c2a72d2bedaf342610971edbd22e66255c34f7409d46d6cb860d3fb2637a2f157844db3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5ccb0d653c2735a9f4e1fc51f55055c

SHA1
a0666b22b6629a88ef2c4e42aefd44d209ae5735

SHA256
2518f5802b4c7fb57cc82a6d062482d4b5280a3c2308968e612480523f01ebc8

SHA512
0af48d772d98d8034b5cf2695fb7ac2e0400ddb4ead6afafcdad0cb9402fd3f6f878655b8b325a973005b209c16d161758d2c8e78e17f9274e83485c9918a585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84a09836be0b6ed16ad3e9716eb25adc

SHA1
826796c65abbce6433f9d6ffb67f0952f137a732

SHA256
359991a4f921a284f20cc78a12a715ffbbfcb497677b350ecb7003c77bb0565c

SHA512
2948d9c85b9767983252a30087df4052848671f1cd2f3fe0e0f365ecdf62080da4e499f761348a7060c77195b1b0e6b7457bdf1cd5d7140a0bfbf2b29633bb66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5decda8d03780b6113e473de4ef576e3

SHA1
7f3c4e894d65f4a0a5324c26b6f52807beb2867b

SHA256
3bd0d622ae543d46beaba06002a0360084a59939fb8150e9f7381aec220355e3

SHA512
69a922e3ac5c958ee83388e7fbd344f73a25f5d5e9ce0ba46b2238598df4dce405f4a375b8bf185f688ca229ab4f8303b7b09c133a2acbedf232c7c200d6e74a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8521bb463cf683dcb2dbdbaa5af582a2

SHA1
360cc3941655f6d18b1151f9d506fa1083d0a7fe

SHA256
734b90778d9522c6aad0246d1e9553dc9d2e0be3c271e529bdec5e562415e3aa

SHA512
4f216dfeb1e84b04834e067ad53103900a58464cec55e228d46935e4c0af59c99861ca202bbdaff504cd13848b0533cb83e0d505b69057701da578c2d4821120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48dced3e7521257bc74efda6afbbc189

SHA1
c6a57dcd1f74d1e03c5e44d17fef2e67fdc88c53

SHA256
fdb7bb006f5334d1d501846c1455a65562b5e6cf3b2eb6c124f9b08a0bfa2965

SHA512
ad7f4550d8ef354c45d6173af99fc9d2053ab5ea7a698998bd2b30c9d2849e429d7d601f63e2d97df382bc63fa627d66a1bfaeffeed45041a1ad82beb01a2d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e67d37d11b2b6da1f9913d1e9c2e2199

SHA1
df9fcd87ba35fc6f8b620d79ada28f7ab2e2e9a5

SHA256
0e8a7ee46011e7ca341e7d8f12cd30637ea7e311f21822b62c5565871ea44c75

SHA512
e879ac759f2a4ce3a9600a8ab7ecb8a9b6d326606aaf2f269e7b5935f96c6b0b6b9c5ec3e643f43aa92bc35d867856033b3a27209dc1fde065a253c8cffd6527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99a52fe732ab2bf405a12189820b05ae

SHA1
f631c7b4e051cd444d45e41af0e6b29c5f0f67de

SHA256
809c0b7c441f2d3bb23a7a20743c05325a1922a29befa64242263d9ecaa21058

SHA512
6a561e1ebe515467d2610298051f7a5f67217fdd9b6b4af8feecb3d8b7fb1f7691c48bd9e27a71ccc2ec310ef8529febdd36addd77d5ce7daece0066ff01a7be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5606a6e7c22b705d12cbed874f5ded6

SHA1
f19f2c7ceeff7a59444b291d8b1c0b94ae21daa2

SHA256
27ed9a4e691c3294cf22daeec853bc8690138b0020266dc04cd3164abbecd154

SHA512
ef4a6b0c8047e09ef439726feba381e1e0aae156219b3e52b779da52cffd124d0e85677778705692ea6843fdc9a47ced0aed38e27a9d10211a819a75e125d07e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7106f8264347ceb6dc82e31ce2f9d47

SHA1
db70a5b92ef0e4a3c89da10305ad701ed68368f2

SHA256
74053a9eceeee5638d45690f62e82389eca284cb79eb2a7117d1684f76d3f625

SHA512
d24b25735c80cddac8053c08c116b589a8275b3887b7b49d83077acdd80a77b0042b3a44af0030f1073f620a56768b07d19c525fab01ec2d2a190c0300ae7e84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
934457fe7b8634d097442f9eb0db6832

SHA1
eb44b06261ad2d0989deda658c9bfd4c5d088535

SHA256
77f2705838b7987d304e1bd47e281365625668c4f3a133599babda94ed6f2d77

SHA512
35bfe201c9584a88e252228221163e59234a186e4f1016bd02c1e5d8d595b86aa4fa9bf4fc9c00be646a60147ef9adc6f1e369d5a48f2a30c7d915af1c2b876b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89b1b859e0af38ec7417eaa54d002486

SHA1
8bacc0dd3211ebff2803cc7d0c58a97e1188988c

SHA256
49d16a3a96c86b2657cd6faaf485c48b6c5fdb9a3e69bd8913500782159debbb

SHA512
ee69c50329492b7d4690170aa7a3c3eccc5dbd8a95d6c2e77f141b4b2fab4fd8df5d22415d13e05b44c690a489cf849f31bcbb4d470e42a14b1b2d91bf1ebb34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
803571ba1ce86f09aed3517fc78ea3b5

SHA1
f735287505602fc305fc8287596a6c828f5c5182

SHA256
d5badad33ba4b88734af15e98ce0f07963bef63ae8c827543ea1f620bb86392c

SHA512
17efeeb2fff9a3a137745274af13aac0491dde6e6806a31bc4f392c5dd9b51cfabc2a17494827c00c604acf62e52ed6612167a1bf209bfec006a9747612a6834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbf872fd04c56fbfdf2acb5c9bd3e9a5

SHA1
94954f3deb36cdc56816a20f7c714d0c9fe98bc9

SHA256
9a21ee76241726e75c91fa056aea8ffce97b5b5d0c7bc68528eb4bdc7c901d94

SHA512
e86fc933f7b9f7ff86908e181fdd115f76c2cfcd0911bf047689e8d171c1a19bab20a32ff71f026443b04950f5e3e537d8d2084f3861406f38d3b1117aedbe00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1af5feca72944fc5e0c90c0d29fc83ff

SHA1
81bdda4176d61cc1b1c0c54c0964481cd63707e4

SHA256
36842c0dc6380ebcfbeb5983e07d6dc500f4164d09da91c04d853f8db76073f5

SHA512
17e84108358f082d4510d8e5b3106bc8c9e4e3c2cd68f4578238e1fbdf4a23e6ab30e0d7df9586f383decbc42a1cc4271cce6a72407e78d8f57b983d6e6623f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3995134d263669e739d0c4c16e1c6544

SHA1
6e9b3192fdc5361fc0494f7d68c6ac1265b26190

SHA256
523cbdd1cdc3531a6310d52743461cd00188615a644ed69552ba840290058197

SHA512
25dd84b7d42fc8025f7c96ddb4dc497a7921fd78f6ae1c9c5af138b8d63f1c4ae41b6670d72b41b4c6267b9913e997bfee1017191edd677a78f70d4ed24d930c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
3256d048b22a172a2ca0b8df347ca324

SHA1
6a510243bafbad75c460a88c09a34c4e37f4b45f

SHA256
9c7968a9aca2d5499c056c58d1ccdac19c07f8072ae78d2b21403a451ab2a60d

SHA512
8aa7b20321b3a95ec63d2c221941c79edb14333d7c05396314beb50028b8465252285b805666921264ce0505bc44f477c76b24599229c8692637277cb778f6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VXL3RCVL\www.avira[1].xml

Filesize
224B

MD5
6c51c71201f0c8693b7ee43450385ca0

SHA1
84efc913842fe69ae990e89ff0b82e8677a8dd33

SHA256
dfac778aceb313bd272ffb87bebb43ea70c71fc1dad6fc24c62e5eea5352d9a3

SHA512
f2a888ef056502025a65724af8784f2b28201e2bdb18d0f25e291a0d6b5b2c903b69d3e7d279fc3bcc0db1eb38cf711cba32a76e76270dfd47f33e30372ee973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VXL3RCVL\www.avira[1].xml

Filesize
437B

MD5
a84adfb1bf1234e884c756aa1e058f9c

SHA1
7a795599d22e5d50058cea5fc2fdb6882d0d67f3

SHA256
be29c7c6f9bc96d6ab0f371d3b8e0eeabc873c59063e27a576ae89803e6f1f7d

SHA512
2bdf881f3a03c39746800a5d38196650f8b59e7f1bfac9fa0a8ddd8991c785645c4d61e8775a4ecad0aad901c7cc58d345812aa9e382f1169dd23f3845ac8308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VXL3RCVL\www.avira[1].xml

Filesize
437B

MD5
587129588984191fb2accf50b26e7d35

SHA1
37b1583f9f361c6f2ac60b11dfd5e2c0d998216e

SHA256
5be4fe52809d0d0140016378afaa195fc461650f9603414e3817968f88f9a2dd

SHA512
22ab7c78deac998c7b7daf7c9c40503cb6f7be072f976cce0c6713f3764222288a9c3a168001f6c63f13515bdca8344dc9510595753d26aca8d42501fb630cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\favicon-32x32[1].png

Filesize
1KB

MD5
13e4a579c3cfa586f665ecd794e0462c

SHA1
b629b7170f76734c495630191e665b6a88024268

SHA256
a961b4999fbb3ea58527df10b36cfd5c6ac7cf9fd12a0ecede32a8f7f48fec30

SHA512
813d424cb854ecda3bd1cb73e87af2e1072364e5e6345e2a7ff0c93cdac34628146786f1f5fbfa869b95d72ff0071414af13c4453545e76b3f627c1343cbdc8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\gtm[3].js

Filesize
450KB

MD5
3fd711185ef37ee0e4acf88d8dcdec75

SHA1
8ae9a64585c472d98548808b42c10181c10c616c

SHA256
b90d4e46da8e4148e2aaca1c5ac352dc5284b1ff4b734765b583bbad70156100

SHA512
262e07df425699d9e2d5b2f1025af7f863bdb897ebb2f7d7c7a1adc5239d8e3bd547c4f3355a2a5d1b2393a8438dbc5c2ebfb9a12bbe2e2a99ba25fe544007e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\mhubc[1].js

Filesize
273KB

MD5
11d083a3e62fb70a622d9d885b60759c

SHA1
76d81a361f0b702ff8a375ea317291a411435216

SHA256
d9992a316dfed8b2168806e82b0c60cecaf9220643843c910c2ae2a962ff9f53

SHA512
33f42c570f1603aeb59da0dcd62aa387c52bbafbf5e23916c845ae8c7a7a7d120848554504360b7f8725d79aafba3cf689e8a63cb18a0799e632d06d38172fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\otSDKStub[1].js

Filesize
20KB

MD5
371fe1fde25dc853add509f5d9fe57ac

SHA1
b6219c34246fa4a3f1f35c64bbd708dc04c463ca

SHA256
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41

SHA512
e48b8fb6fdf40b1d4dd4bc82dc5f516161844a3daa31dbe1826c84bf3c5ef3687a746189a765e8753f603918d5c683df56fea3166ef004a4c2eb4da8185180a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\9F3DH-WHDX9-7CG66-F4G3J-99FEC[1].js

Filesize
140KB

MD5
b1290dfc24cf0fa7fc8086f1b9dd99a3

SHA1
9e3ff4c4b46853c46fb8f6bfa46939b92b1bcbb4

SHA256
b38b56cc66465707f7a28c32aaa60859276bf30d268eb6d3a90a02bfb6d74ba2

SHA512
f3fad1e09005557fa72fc402fd3024c15350a5c30a3532989253cd4e9d1523719b7c7c6a5ee673a2b86b61519c7e3e73febfad60527f9774f59ea60feb7288b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\all.min[1].js

Filesize
178KB

MD5
973473fbac1c0e0cd82cf83bccb7247c

SHA1
f4cae9ffba8d2ad240555ef9716aaf33f391fa22

SHA256
b1a2c56a4fae2771514476846f64219f23ba473ae10cd0accd1203c9ccec6e22

SHA512
7b1660a2c6185be9e6bd7bf186b54ec53e278f5cd7c0f6d94ee42d75cc3aa3031fa610a362f2dd2f640b79a2dc9fa03737f6bff64d1ef8c96d010de5c511250b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\avira-global-website.min[1].css

Filesize
624KB

MD5
1b90822ba21625b02f9e17b3124d01dd

SHA1
9aa240d86b39e2ebc6263bccf2325674b1f488f5

SHA256
093ba3cb28fd20ce50083ccaa5bff704098fbaf3c3dc8fdfa128c8f23ab37807

SHA512
ebd4a5cf91fdcbb3a35cc0ad2ac99e4917d3bb9b290ac64df6999eb5e3827aa22a450b6d095bf3f10e649bd1cc83fcf00dbdda66e79181c5b39b18570184138e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\avira_targeting[1].js

Filesize
13KB

MD5
3ce6674fa9a054e053700e5da7dc7f55

SHA1
48cbb4f34a190e35c5fb5435806de0d84f9014b0

SHA256
20c2afd6d70dcbc78e9995631dd355ae1bb8499e6f6f8ffbfd916f5287ee862e

SHA512
5a8049f78819c58cc38db5175eec815895a2d4b403dec2238d09832de962799b793ba5a4a02eedc661dfb7cae5fab3ea9baaedc09a6d8973340334f02a13fc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\ouibounce_min[1].js

Filesize
1KB

MD5
0067986dd93b7869e9dd229ff44251ac

SHA1
3e89404238b959ac1d3c113b21cde64ac95ad267

SHA256
b74c3b8c5f786bcc4aa29f55ca0b178a0e2b5fcc6da3057a121bececc1b572ea

SHA512
dd84f6d85c350145b8237c30ee644e53195e5ff5a11d8d6e87a65b58be5b472a8335cf1413c5107f8a2d4e272ab69cd711e49ad82b77699ffc8298d572ccfd2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\jquery.min[1].js

Filesize
87KB

MD5
12b69d0ae6c6f0c42942ae6da2896e84

SHA1
d2cc8d43ce1c854b1172e42b1209502ad563db83

SHA256
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

SHA512
a55f55d56899ab440ef0cae17b28d5cc8f5b9766d1e9bc1a8ac6b89376924b476c1ab0c325497eb5d44af41f4ebf8eea236d87a36902244b8a3eca54994b8711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\one-trust.min[1].css

Filesize
51KB

MD5
39ad837e1a331dcf6654116073a3ee0d

SHA1
05e7811d2bd3ccdfd5bc1ebdf063c86cbd1a4e0a

SHA256
7a905ec7808e96434796bb7c6876f39c05f4ba72b2c54cb27e9e87a7fbe7127a

SHA512
32555fc33526c8e0aee77575cf25694ae81358cfe2105720adbf96f8f9283ef1d113a1781709d2123e61518baf3cd0a8eca4dcb43a193b2b13dc119b13f470db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\OtAutoBlock[1].js

Filesize
5KB

MD5
d20dd37c0551ffb1ddbf07bb14eb8673

SHA1
ef2d7f3f351d4f066b9b114e45ddd1fff86e9da9

SHA256
2dac11b6349b6fbbefe783a2cea3f35e8a9f2bd7e88a786874c0928700a9ac70

SHA512
5504c2067982eb19c8e4aa929171d3b4d2dd88eb059fa4716b83f81e72fa67e445868a6c4715276c4289c931ba9366cec4f839cfdd4990c4caba76f16628b6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\components-all.min[2].css

Filesize
197KB

MD5
02d116bce543e6bb4fd3834eb5e3ea3f

SHA1
84923d89ba1f7743cc10a3f80afdcfd845de5295

SHA256
3f858e488c447a1120d57c6b4ec77b74d35a142ad89ee7570a53b63cf7d4d89c

SHA512
2e222c3ffd723f3df119cb1cf525207481d10059a723b7d2a3ebb126f49964565c06d4f8591b9617f6a166b2cc84fd160d1a93630426b72695c163447d66ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\gtm[1].js

Filesize
280KB

MD5
329c4fc8a79f411cf3f2ebb32a6a7c38

SHA1
22e74ab971c9c0fa244a7a274243092129d056dc

SHA256
b369e1bba3647e1b1b099b29f2c0a6345fd244399833fc7bd1e19d54611e5ecf

SHA512
7e83f24c607aae2479cb26ac07608e23b0e57bb156b99c32403717a052720fcc8083d892cff2315973d602f14eb1142a4a295716c4a92630424f90bae5b64a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\otBannerSdk[2].js

Filesize
421KB

MD5
65d6272013fd813bcb3bb059c3611dad

SHA1
f3d451ec0b826d15f1d7dd7b6f3f56f9d5fddc4b

SHA256
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437

SHA512
b800d2bb9d3100ef9baa8f095e5f574ee665414664ced3f9e334725ac155a419dbbde7f242b21e8868038dbd9e9f1eb4ae9dec39b3c39f98a234cf9c22cab400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2FE.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFF07.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar310.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
acf99ec50bc27dca179f45d0024f9fc2

SHA1
8a5df4cf7645b88b45041a9913f3e0c4375c9baa

SHA256
3cd034cf953c2e922aa9c33666bb6f3f7fed26b744913a0dcbada51f8c592f1c

SHA512
d5d63798799a808a6be0d4c5863d5e5c9de82669f438ad5bf50fabee5a9661a22012b4e1020ac49977967b77b8d09bc42407f1d43c0e837299976a5b0428982d

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
113KB

MD5
4e32eb67901c6c834bdec8d249f57378

SHA1
d1fcb2c2356e26e4f7a606b9b3edcdefcee11800

SHA256
3a925176fd31888710874a71ab6d29b23f7ed972960b3a8a33a17d456c0b2d7c

SHA512
6e9c51fd1a5eb494a6a0d8b30b9de4e34fb40de3d0e2885ac41f964c9a67d7075910ac83a7486af109530cf83cc6a400c086d3de71fefbf9d2fda74258d41b4e

Download Submit
C:\WINDOWS\PFRO.log

Filesize
60KB

MD5
56f53ba2a5a6c405f5becda0111ef020

SHA1
66ffd9b453caf88a433eab3317d0604bf2ac6467

SHA256
c9936c12f3148d128c29507588aeafafbc2e661b68b32c8faf0c75c31cf5ce9c

SHA512
56f4c4a9a68053a66c1ca01bce95d28bf9ae04275265de412714eee93947c366b2697eacf36bb0c928626910a61c44ab67979fcd97d2a6d445c18648664c50e0

Download Submit
C:\WINDOWS\Starter.xml

Filesize
129KB

MD5
c86b5ba802fb9f268177f535506a782f

SHA1
d2ae525aa13651ab9583e7d03a3356e10456d43c

SHA256
c4d7ced472f2419baba15c612d14d4592f2b48f63bee7dcbf976a89d860fc0ae

SHA512
85a3cce257ca7a5185a807ba38263997929c8d4d0adb1e82c0511121fe3bc19f161c35f1c7b566b715a045866e0ce0709f839334cfb9bfb4d3d59f89a648dabe

Download Submit
C:\WINDOWS\Starter.xml

Filesize
102KB

MD5
b7bece85459b7261d742e0f664177fa9

SHA1
812fbebdd5c5b44d99880ce6514a460b4c64283f

SHA256
b9992696fc6784ce624ae978c6c146567c4a332ee390ecad68e37a05020f5db3

SHA512
80fbd041859aac9d16ea5a99aefa3b91646d05cae1c27439963a5dcbf6de5fe880abb21032de6a51783180b7abe64976d962a784532d989d7f403329590ce50b

Download Submit
C:\WINDOWS\SysWOW64\NOISE.CHS

Filesize
29KB

MD5
f07d31fb5ea8ceb0a0f7876c539cbb0d

SHA1
4672d9fd5f4dd9baf8377792443d0913eef631c8

SHA256
1811a3047734e358df198f2b03236411abcbede2a54f1e53a452c3985ab51d1c

SHA512
2928ffa82cde9db54cbf743d24379f04ed6ae0e781c948e9aef60de0936509f2564af2bfc670b48be88ad7de8e05b56ed24867c24b57924c64422ea9f06768eb

Download Submit
C:\WINDOWS\SysWOW64\NOISE.CHT

Filesize
56KB

MD5
9218a2f2c6a480ccae66244e730b9bc3

SHA1
860a2a3a40f88c080d5603ebadfd7d7b6be5cefb

SHA256
521b14cc98572f7a3c747bd51e92b1dc2b0525033b17d162d8824787070a4767

SHA512
130d001bc759548a3aef3bdd9acb8a943c38ccf97ba723bbc799da83e7852dd08eae89e3cadbe9084dc156c6df17dd15b91474b7931e6874b34da50d6b945806

Download Submit
C:\WINDOWS\SysWOW64\VEN2232.OLB

Filesize
64KB

MD5
b4d1f0795f6a02e9ccc8cbee4761ad7f

SHA1
ab65b6f1cf5bec2dbfe125e078a2a585c0873003

SHA256
053ce0a7fc31a99b80df35e008bb1cf08e312e52a0f0035b96835f707e76d6d6

SHA512
4e6527e7156cc86c478e8aae68bf01689d02156cc9f5e5812fd7bb26c8e753cc5f2cdbe043c932dd3462caa25f11eda62fdb0d42fdf0a472ea60db1a6896b336

Download Submit
C:\WINDOWS\SysWOW64\korwbrkr.lex

Filesize
11.4MB

MD5
b86b7d30fb32ca255daf45498b6a4a50

SHA1
3990aa3e48c3c2cf2900a2fe2bc5bee92b902cfe

SHA256
a913d96dc00ada21d14fbaae4d0603d95c1d5fa8160516992fb66bed3d207ee2

SHA512
08725e55083c4d8e905521d0c02d954236922767cd6a3bb6133738d1bca2a17965b61ad423e15842fa1de3be2c5be86ceb1da185fee3db3868086bb90c6ac5da

Download Submit
C:\WINDOWS\SysWOW64\mapisvc.inf

Filesize
28KB

MD5
8167638681c42fad5f240bed2ed0a035

SHA1
513c34077cbdf5ec938957575e2dc694b8c61d5c

SHA256
409bf88c9cd156daa4af5f8f759b01364a49baf6960e366c9f938a453ae3d596

SHA512
886cf9a82cacc2ad26a8a846297bccd2fa0c232ce3101199276a7f521634ecfec0f4de0a75daac576d227b27ae97c5425ca4ee6e20eac652262663fce0088aab

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
4.2MB

MD5
a7c64a1bf1d6a120cfefd6e7fcb45ebc

SHA1
4e26ff69ddb53b87b4392448313dc97b5e53acfc

SHA256
21585bc053a02fa905062cab697554669b6f8c7ba2cece2e5763e3c16cff4d45

SHA512
0fa1ea97641c8bc4c11c36ec982c6f7bd9dce3980438e68a968029a1ffcf78a8c95c9ee6c0900f5f921139ba605db397233c1a637d632c47a96cf4e5632cfff3

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
90KB

MD5
96f363584657cbfcaa199dc3db8ad76a

SHA1
113612fa596e5b16d88342d0d9446200e97641ab

SHA256
cde10212116c89cf3f063eb43ba0ae4e18b4e7bf7077a99f41ba269a2ebda47d

SHA512
943893f473a84ee9ab5c412f712fe676476eda5705a11a8eb60b3360bf9dda45a5455707db1a8e914d18e5d61fcbf17a19fbe29e44575e7a01f56427128adc26

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
90KB

MD5
b753a5ff9fa218254ede8a51331dfb59

SHA1
6ce4d8523fbb4f82ae10cbfa8d421adad1eccc3b

SHA256
0b0d758ee6a0d6364981b268f22c1a8a9fe8f9ff95dfc372852c1e91caf7fc0b

SHA512
aac94e2bf38185706f75e75454a8ed79322c7f35347f91eaf3642a003a89a35c44008f78a6275fc6e16b97c3daf7ad861b7c424c9db6aae95f8e73b09a6c3d0a

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
118KB

MD5
3de208461555b971099b24c23174fd2a

SHA1
164302984158b431776d99bce0cd20af41b0088d

SHA256
0c3ddeb02c5150e3ccf08f2249c05eb7e14399018b52be58f3df96c7e946b4f0

SHA512
9decb48f80f28d668c0b44c64d60d876180ab51245f47c94d41e8dfde8201c2bb0a77b2d0efb7c8317696863ffe077f1050bcaaad368e773122e827b9c7426a3

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
109KB

MD5
295efb410b79dd112ca9a9f99c57120e

SHA1
71cf8c381bbb86b3940d78087d4e50362e669727

SHA256
eda81c7b43bb2a8af1204af458316cce736bd5fccd92d63a219063e9461a7cb6

SHA512
2bbda83746db3cb48371cd616b3edcf1ad297b3ea03a9c22ff7bc9a0a61ce98149c035efc917c6b455899256b4dfcbe792e9227982ecfa738b714d38d81f1c91

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
117KB

MD5
3cc9e3affe7d8dff5372fb1d68c348e2

SHA1
8a10998d6f8a222412fe09cf130fb344b8b3cadf

SHA256
118cff6b0c98c9e30cfd0fba350b1a6bab1f5ada8894aa95c079d711a00a9174

SHA512
0dcc95a51d89003085b78b0541781db4dce002ff36b2dabcbe244b34a0673fa0c94e3d06aee020c8083541958d2b70beffa4dd848a43f5ded7a90e0eae79cfea

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
d84e81423a03f4d37d8e58c9df94bf5b

SHA1
b8721d4ad9de5566313525aa90c600b6fb1129d8

SHA256
7c34a92c027551a52f2827212fd671e159dcfe59ac6bf2e519d7435e1f56562f

SHA512
e8feff483032694032268d4bc80ed97e44c4985ea1a3ef316a21b0d12b898aed0dcf7049bff48c01eceddb276d346956f15022cc1566ba0f1d2ec9f6be49fce0

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
85ea95ac413be6a9167dcc495b71ba45

SHA1
da32fc63f7f080f06ed4db27c206f94654ab4ddd

SHA256
838068f8bb644c5a676744622f8eacbc640c70a1e2e6fdffcbd20000a23dac3e

SHA512
fee1ced8c8db9dbc987b1508302d2c15ffc6ddbd71a210949c09bef664e7d37910f07d2ffaa235943de68c3019d1c01370ea3022c5d0cee50fcdac8a8df04ee5

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
70KB

MD5
27eb603018829ae0824d976ed758d4ce

SHA1
1a023600d214c638e861eda6593f84ce813c8ed7

SHA256
1a7799b411f91f8e83d34141f1aedfea131afbfebabe53efd231d6d89e96ccd5

SHA512
370b0c51100da05bdc05cefead20ab1e04de17e20365ad0fcc7893c654fc4a1862acb1a5b878cebdd0efa6ae18c1b2077a05523d06bcfe065cc9aaa63b03b172

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
97KB

MD5
f410010d74db08ed5335e9aec9c34984

SHA1
1c7a81200c0476f3eb1abd3f0ab3c6575e9042fe

SHA256
d7d6d44635baccc7bece5c35391b81c87616ec8b1ab20153bdb8b1df6ce390ac

SHA512
5d96b7933f2bcf4ac23060a70ac918c3d4492b91da833bbd923524cc03979eb16112875ea2982d0fcf1d5a5fde55d0f8abbb3be14dd1f47ed05b1f1d49b2064e

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
f292c25aa07d657a54f3df2ca5aa197f

SHA1
04f16afce206dee73752d80add3cb3c70e1446ff

SHA256
c5b726e10d7c3cd8ffbd35fb20f8ca82a06be598a19562c24a57f42e45c7105a

SHA512
c9e74acebb357d45636c82a347782fd0f90098ffaaf0b212640bcfdff13e779ebe2feeef45dc520e32c66bf219e90ef91bc5a2edf489bc1509272d0bad2784aa

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.2MB

MD5
faadab922c4df6eba56cded6e2de1818

SHA1
19b16eb8fe0d04f89ccc0244a6f59b893ba2fbf4

SHA256
301021534f394bd90bd744a7f7eab5c3e4cb7ba34e1f9759aba00ac3fda89426

SHA512
78566984f83298fbd54b47385d92b4ee2ae6379f804887c25557ecbad1b4a0a9a93b4731b019a64f50629857972e6107cc15229ffd8f82927dc94137c7ac2461

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
80KB

MD5
808e0ab94811987245e52b0d8cdc00a8

SHA1
d0e2aeecbbf1bd05ee6b28f46070e08774fe1712

SHA256
803f5e1f5ff824bdfb302eef5546df627194040c3057755d59d536ba7117a627

SHA512
deb668e95a2eb7ff8a6b31e0bf35f4542854e9807b74a8ba79333616b570e024c2522ea6d1b2ecac2789d2c9a38aecb992bea9400af40fb4fd0efdbed610c9ea

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
1e624226d457244a77d33680e5fd7120

SHA1
d11931778ad8ae0f12c68757b72dfecefa75039a

SHA256
63d8bec4e0d92c477d685f3c05696a15cf366ff8fd387a0137cd89a32402c8b4

SHA512
037c031a1abe20d2efe18499e80049bd7cfbfb3930a7611e6d917f899175ea897c26e13c109609ff15027f946110a47a8094da0b27cf650ff3f8909957d90b63

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
9e053913941331ce320974ff6df0b814

SHA1
8f93cbe32d1a7c288d5c5171c5ecd844cc1dc22e

SHA256
c4d610fd4a462e7a9b1c898330689b1f09a3eabfc9163cff7fa6f3f7661cbea0

SHA512
7d555d304f17257167dbe235e7260483a6becab3df6ae5e447a000006b52a00b3a6af29084d0748c6479534ade174ee68851ba4d949c3da511646f4eaf071278

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
397bede9cc453c2cb96f7d557e3fa44b

SHA1
5e7dfd7997c03aa9d37670950d5a62940caaf358

SHA256
f94e83cfbf4517c68091d7a2022c29f79f52d80ba59e39a1a9ce0234d74ae3ba

SHA512
d92e2645a4b9e9bd555a305186a163a862cedee24779bbec8a2f7f9ad23d06c45ac0b153459efef1f0ff7e9edf8c1001df61124714067052dc9e9f5223f3d248

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
97a4f35825742e2460599a0ce2062d3e

SHA1
f1ab36c85473ebbf12d050e6ac6846fe5fbc27cc

SHA256
2157e28c38d2956b9bed8951deb064fe9377910a1e9127a431fb07686885bace

SHA512
4a9d4b5324cfdbcf806885afa05abd6fa9cbc62090f44e51af7c95efb737785bde36cefb5368dd6e03e96b9aab8e420bea55f1778626724db2259a8352b891ca

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
3e72af69ce98b2cd337ae1a330ea7a82

SHA1
4b1f23fa3535b0e7d67288eb6349210b9309dddf

SHA256
35809f8f5d036de0c9e221617b288824957817ce8c3b669a78ea884948b6ff37

SHA512
c399f45d4aec236a754361c94e4ae1a77062661ddbb600052e3bb0b9dcfbef941fcbd2d7f81d055c07b74cbcb91187a3095fe94a0a82c37cc3f745ec0b7749e1

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
9d6296564fef2385cd29ad28aaa18a84

SHA1
0c82aec5c90a925ba86bd996bebdba14338ed271

SHA256
b00ec5a89637bf7a7a5c182464b8f113f415493a0f3493958e978aea2ad6a656

SHA512
05e429c6de114b056a0825c69742be0979217935440a0ddbc3a918d89be379dd46db6a5b59e6b48a2318463492cea4860300edbf3e4822707c4684ff0d7b032c

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
2f6871c3e2a32678bfe8f53e49e092e2

SHA1
72926249479e77ee7499d8a23348b61fc97ac0f5

SHA256
70500344f2873cf2aee42ba04450274bb617d3f0be2d119189816b95e29785ee

SHA512
1271e29cc9ae6350d49cb738e908887d79321611a95654f359a2650fdadc7a595a9fdd8d5b5e14aa608623e87cc07d7ecb5750bf3b2969eca6733daea5ae03d0

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
91KB

MD5
b332c425dfc9ae3db0fb685bf26ba662

SHA1
f4e2a0d2667162a8123280bf154b4c49f24c85d4

SHA256
7ded618d3c342f6440214e850f96ca382c5fbcda34323e9e68b7f807d82827d1

SHA512
16f585930e7f3a4092fb6e1535ff7a9d6150da7628b5a16adef4938930cec0fa6222d7f0b1e2b340eabe7b09668601583e149f5b07e01ed31cf49d4ef5a69961

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
6fb3710db1ea35068b46a1f556a04f03

SHA1
26fecf25a36021468d08230192005e4306a18d31

SHA256
3528016f272ff9c7e683b9f52fb294e6208e70b02d8ed08660c7f310b98b3fbd

SHA512
255f862fe6a172582af8021251405a757324fc33f1b248ba3421dd07e2bf9bd9f6e41f21294fbe95800adb00f5ffd09186d37b63c37f1b37a651b6c67ce6f598

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.6MB

MD5
7c65d0a4cb9a2d8457f29a1316a769a3

SHA1
152ad99adc0527254508230e3823e493fab0a44a

SHA256
a3b05bd6d4dc83c4f10a41efd602a00b93f5691d930252fa4f4f2da4649b43cd

SHA512
1492f1fa0800bbe77dcdf1264057d97e48f6f6bf3dea59961b244e95478b9f2006436c0be21b05b1a0e965bacf0e75670503bb44041848cd8fb881e3e4eaae06

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
f4f184225beb3b38f6b3c18abc70a08e

SHA1
6e0268ceaf64638df7928f53116ece23a296c34d

SHA256
f1ae5b2bc9611b229caba0b83e8cd416121e5de80d6bf755c8493dc47d4591e3

SHA512
f82efdf076f95b4ab284099b5da4b5fe57cf382804dbe69370f34d51e2c4e96269bbd3e5e945b0ab0161c4caff8c0d39deade099abd3530baefa2553e857c001

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
66KB

MD5
86b5a674888fb46bae744fd33e886e68

SHA1
460ae3dda2986d524ffa8804c9167a21fc29327e

SHA256
ff848d7c5d3c86cd5f55180250886833a4ae034db076ddbe20544a29773014ff

SHA512
f23f9682dfccb36732cb2c2aa54cb3dba3d0cb4d73f8910c3823f1938dd939b445797bf0b5053403b8126853cea16ceb56f42bf7f01f30c5719f305f4994f042

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
6d7fe274a043c19eb47b849712ad3325

SHA1
ff138a6d95c7d359aeb2dcc5d50c160f915b25d3

SHA256
36178fe5a4aab73d9463707235fc8d5e965e461485691cf25874ee4e76fc9152

SHA512
96c6cba2f536e571423e579f7c24f92276c316abd379cf58a09b870d42eaf171f3e535c4fd1cfa3f26dbe373ea8db491461fbe29e23772fd9ab4a8c6e2541c1d

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
c79dd920e8115ca846a9dfe5d6f8f40a

SHA1
e3deed495d594d04ddce980c718d150fa3feb9c4

SHA256
cc48c47b586af850dbfd500516b735ac29b4cd64ceb9fb74501631b8791edc15

SHA512
3d6c578005b3ebcf3b5b855b3619d4cf0320a96668565e782f5e1d363696b44fffd497ec11de0215e3a2cdb5fda055990a123e882c4def107d3fcb3ec016407b

Download Submit
C:\WINDOWS\SysWOW64\mfcm110u.dll

Filesize
108KB

MD5
5cc6676b0669a3dfe3620aa80a7f556a

SHA1
9fab1554eb57753ed9b147967dea8fa88cfa2223

SHA256
d01660a9d5240effe7472fa6b2a2595c2d019269a0518901734daf28dd3573ab

SHA512
2a7ce55cc0890c0babb75fc7e5248af08e439a6fbd62bfb08d1fdb3def0f07606990ae198aa8bbe0162b024580eea3aa1702a1a772e586c7a51735d6b714dfdf

Download Submit
C:\WINDOWS\SysWOW64\mfcm140.dll

Filesize
100KB

MD5
9b36b5f21f04260459cb2555cb4bafe4

SHA1
95b9974677f28a36fb16c06733e8b8e41b1a97eb

SHA256
3aec5681bdf50863dca2cddc0d7daa544fc56a0767f7e36d17b1875062a16be1

SHA512
a0b310edb9b595d49fa5b9574b16890a5d624fbef60ad4e82684380432c337a80b3ab5ecf18b46604ce6af9847d82f05d0c5047d25660e64b81565fbc3b23194

Download Submit
C:\WINDOWS\SysWOW64\mfcm140u.dll

Filesize
100KB

MD5
332cc22fb6a6a3e67ab3ff8daaf45e3f

SHA1
acad3f79eed7d9a2bdb990548ea4c8c1da6566c4

SHA256
167cceda06c3dc5e7669d7b14bb43dedab1b24a3b913fdf2926551648670f449

SHA512
fb1f63d072a53697b7cb73d104bb430aac450edeeedbcdf79739ab404b9932e33668b1925f49d10fdbfbb5c532ea4a06215b7aafb05b431b76e5275eb82f04dc

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_1.dll

Filesize
76KB

MD5
580bc1e205c74c66921516a77e0fcc5b

SHA1
604a8e777369c20e8faf5fbab9c4464cd24e37e2

SHA256
a02088544fd25a0688b192c0f3362b60ab4779e3baac91afa546f60d56e87283

SHA512
c99c090b8b90515e984666c60065f1bea6d75c99dd418f01b4c84c6a7085ac89034a1b6663f2c476b38b48f8f13c8530cb30a9782e50b914e6c275a3a515aa21

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_2.dll

Filesize
218KB

MD5
4eeb1a853b585ca097a8f92242cf5d6a

SHA1
feaa9f5d86360ade05f35723da987a89227dd694

SHA256
247ebcd2a9929c1df0c3f01a09c22d3dc40766904254905d1aadbe486e8248e1

SHA512
f34c670dc931fb8f92adcf8bee6b5e48f680161d6acce4e105600dc9dc2002b04454012ffe461dc364192a21201cfc6d02ea8686fca8e10b8d96aa870fdbbfeb

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_atomic_wait.dll

Filesize
78KB

MD5
6c91eab15796f5fb148930a998ec1f80

SHA1
e74f7e34e50afeae7f1e46c77d6365759e63f737

SHA256
505ed9b74abb9d61d38ec027e0e0a8eb09a42768e4e59bbec3fd28e77a3ddfc8

SHA512
e761e4004eefc76607c15029aa21ffd2f9705e84ea7e4d67f2571c9528fbfab67b51bd0802353cefb53c8e0168ed1be1171dd0ec432490bf0baf488cb09224dc

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_codecvt_ids.dll

Filesize
46KB

MD5
a4d5d8cab0cdb495e268c1f0ebf2644a

SHA1
d87d293852c0949be8f3ccf172997191cd0d236c

SHA256
67bf19254b104d0af03a9ffa8c53e85a04f15d0788307d0356d646457c1ce6c8

SHA512
45b4aa85ac26e9ec9970ad1803fa673c94ead1da6cb43c0ffb02c42cf4b6f1e1608702a136b6755a5d92d474a2be326ae22da3b6f8e8b5b9783f437313e012b8

Download Submit
C:\WINDOWS\SysWOW64\vccorlib110.dll

Filesize
274KB

MD5
3afa29cb9c8c24ce6f1bde7c6f02da61

SHA1
836f3dfebd7eed3a9ba55827f244efad3bfb67f6

SHA256
8a0a24fe6e85eacbc709f39c9ada77f8c37ecc74ea86a47c6cd27f69f7145a0f

SHA512
3dad3b4d7c4f5a6f3ae7ab81bd198cc55ebf5f6544c0af2040fdae110d6e5726e8a91b9a157ec2a7bc646f0fe1d0f819949d61c2618f326b1e9add2407770518

Download Submit
C:\WINDOWS\TSSysprep.log

Filesize
56KB

MD5
4588a2dbe366f061f83cf60914cff697

SHA1
e7ae1c8dd6e90257f1746726a881bf00881040c9

SHA256
122d87b768f360aa92fb84ebf0876609e4c0ec58b2d543e95ae9fd0d138e0150

SHA512
247320968afeadee40d5b2a3631079c69aa534a33ca2d9d7b4731956db96a7edfbce7cb858407c5b63df00e5215b62b17e8d190d7f0d862c019a84b6746b663b

Download Submit
C:\WINDOWS\Ultimate.xml

Filesize
105KB

MD5
754f8567cf6838ff8141b05872a6cddd

SHA1
412b7bcd890790b61ebd60c32df0eba0ea37961f

SHA256
3b84bbc290b951cedfd645297b18b8fd5963bac47d3d9cf5c7df71004c9c7bf8

SHA512
7662efda92196747a7bf512f34d10cee9ab75c26ec7c43b3d78b6173eda72c959946918cfce483d1aaf146a47d08bf3c41a1b0592a84d16884fffb6111cf744f

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
71KB

MD5
cf476fd1aa6445876f3cb0f4ffa8a457

SHA1
057cf321c365c0b9013093cf03b06c6d13ba3f77

SHA256
f99c4084860b16c2522f55b6fd2daf1ea348dc4679231278a9d64df26c57edff

SHA512
8c01b89740091a46f94ab35543fd32a9823be53d01a7ae9cf95cb6aae6f05bc52eda8a74eafd8f7ce58319070454c33d83ad2002d8492857dad03b8f7c03924e

Download Submit
C:\WINDOWS\msdfmap.ini

Filesize
56KB

MD5
6d5e72f638d25193591e779eb9260d24

SHA1
a0e2853b56769bfd47dc6cf37635135586d86b45

SHA256
2e54294cb379e112bcea05a1a7fba20bf77445e16eced950e1354c2ad7c6cf92

SHA512
cb5d3397dd148343bb8027d36f4cb272171b41bdf70e506a4d97bd92cb1df3535f611b13a581072ed902e3b5e890353cbd13abfccb20e651fae438545b924786

Download Submit
C:\WINDOWS\msdfmap.ini

Filesize
84KB

MD5
fc7b8f3fe1b235e93622aee8ea48b575

SHA1
1de085a14695c0bad9158e3a3e21ee92b10e1c26

SHA256
0207edd0ada6f31aed6dcaae017bad46dc6e376979fab05592d2b0a5d321da71

SHA512
63ba196469b1cbef4683964045f9078f4ba53d01cae12e18c60bc3627fdb59f9c6539de96ea51d553337bd5fca25e4ac4b82ea83910e765d2e1aa2982721c24f

Download Submit
C:\WINDOWS\setupact.log

Filesize
76KB

MD5
c370571eece777e6e0c4f969d85a6a7f

SHA1
62bb27ca6e156e55172e27424776aec44476c0ae

SHA256
516c08fd3ce85bec6591de360f0657fb796e4c0c128f2741383a2eef86f07fcd

SHA512
2d4281803915ddd58b1810a6fe23af6ef9c1cc5eb279c730cb73d08eef09be8aba511c183c39adf7e3e835c69b1be1a33a3f44eab7063759deba77d7f2897662

Download Submit
C:\WINDOWS\setupact.log

Filesize
92KB

MD5
ab513633ef2d79d59e8b8a0a2cd9f6e5

SHA1
c6fa0697c9f4c2646b7535f6db93f8ee49986a8c

SHA256
4eac3a959284db9bda919326cf0fccbfd6a71d6884cdbf3ac63f9f13cef6286c

SHA512
57afd664858619fe206ca934086a073cc1f971b6e4dc5df47a9b2a9b23db6980beb0d0d35aa919a4b4a4ef4f65ef1163cc7a88b980ec075f7868c2710e62b1c1

Download Submit
C:\WINDOWS\setupact.log

Filesize
104KB

MD5
e05b708a710370ecdc8faeb0671fc586

SHA1
6b78aa1a92a7e8bd038dcec55a5d6564c5e4334c

SHA256
30092edde730a26b32acb5a6222ff6aaa8612418a6dd7b4fac74c2d6127b1653

SHA512
fd2d9336393ebc36f4fdcc0e147029e7647cb95c8db4534c6c55b777229c8cd5d73787840e9066187d6ddda12654a7fcba9b394d2b19bfe10f7e81dd19ad1078

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
1682c7efb9c7dbfaa885e5db9f402a1d

SHA1
76b37d4e87146f3c3de5c67922a443ab57895fe6

SHA256
f96322b57679c352ae7ce781bcd11a91c643ff0fbe2cba1b2a0755037c0d994f

SHA512
88a969900b58805e0d966a22a558c6075a431d001e8f3313efa5c0fe9d883b6dd2bde02a5694e3ec7dd1180ab651390f08791d322cd6954431ed13e2e39ccbda

Download Submit
C:\WINDOWS\setuperr.log

Filesize
110KB

MD5
31f76668ca448be6de981466fe8d61f3

SHA1
488b31b4c00d9b32cecd28fa0273770a0e86cb17

SHA256
5bc51b62516a321ca4c6d04dd9017853c26d27b1e0e4dd948ac42b141dd6410e

SHA512
ae8d9eaeb5098dba8d7841ab30c20653aebc37c3a3af37942880c0696916587c6b7c5a245788eee0b0c6cb81ecb3a2701e7c85eb874986665bd026963c74fb36

Download Submit
C:\WINDOWS\system.ini

Filesize
83KB

MD5
23a3f0bb7006fcb7d2212264cceb4986

SHA1
7053334da7ba3cdcb0d238b4f2eb505df8dd5032

SHA256
4d58b9d7eb7ad2734cf304c90a299898ef6e9827148eeb05b88d343f2ee8bfd5

SHA512
140cd11a1890163487b5dae50ce90281ec29e2f896b678399625a36e9fc405d18d7f3719ecc6be0353767b7d30ff12db64e512aa36b94823a7bfed05f37f904e

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
c9dd39127a827c7a677898b398f78324

SHA1
fe459964c91dd41bbff3f28ca8b0662187947d3e

SHA256
ded992db028921a82ae5ef5a36c9aef694e4528f65728993a4b56ac35e356e6f

SHA512
a137a965dac85453fb1ebf01ff32b3a7b7c3440b237cb38eb278fc494dae1cce0cffe4ca2c81ec260db7e12c077f55cc72dfc5cceb43ca2a01a2a75833e9c13b

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
b3ef10e80f200fb56c2091c92e38097c

SHA1
77b3fb2b1b37b8f94db69131afbc3bad19e69a33

SHA256
03818fd063a9d439e3bfd3181cc3f19b961356e948c4a63e7d0e386db4e71631

SHA512
7d87e251ed2ebe72f25c000f1494dd7699677fae1f9ff27662635e2d71ec9c0e028bc5dd1ad2def2e2c738b3415f2f15fff9aa1eb2d88cbe1f77d2404b115c07

Download Submit
C:\exc.exe

Filesize
362KB

MD5
0881bf92e80e2c98e7fa947fedbc3256

SHA1
e10883b298417fb9fd8b6ef4b154cc8f7b742a0b

SHA256
44b109780edc200efee821695cf187dd844bf9ccec9d670956ba5b2d4dc53a09

SHA512
5347f5d40cfe4321d3e1e646f88cf0fd3c2de34f3037834a397f58093741020cc15db6833f069ec24532f756e9a85930331e0ccba18643d12b43c72aff8c78a0

Download Submit
memory/1300-3300-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1300-5650-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1300-3762-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1300-3968-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1300-12-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1300-308-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1996-220-0x0000000000800000-0x000000000080A000-memory.dmp

Filesize
40KB

Download
memory/1996-307-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1996-306-0x0000000000800000-0x000000000080A000-memory.dmp

Filesize
40KB

Download
memory/1996-622-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1996-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1996-4-0x0000000000800000-0x000000000080A000-memory.dmp

Filesize
40KB

Download
memory/1996-8-0x0000000000800000-0x000000000080A000-memory.dmp

Filesize
40KB

Download
memory/1996-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1996-3750-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download