0537c7adb34de9fd5da85b57917ba4133c7ae94e3912cdcef55ea71a96eabc08

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 16:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
Size

477KB
MD5

fd291ecf1326b208eae79c1fc7f67f43
SHA1

fcae442561ea5d45389d647298c4a7429e0e7c6d
SHA256

0537c7adb34de9fd5da85b57917ba4133c7ae94e3912cdcef55ea71a96eabc08
SHA512

77679b663e1935a7910e3f94cea09b096e64aabebb183be98ce4dd4cd14eddcefd205dcb4dad292715dafb4ab35cea077ff0b1e5df825c772e7bb58aa8631a68
SSDEEP

6144:MZ/Z/Z/Z/Z/Z/Z/Z/Z/Z/Z/ZweP1ZVI51yZAv:MBBBBBBBBBBBz1M51yZAv

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\wimmount.sys	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\wimmount.sys	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Executes dropped EXE 1 IoCs

pid	Process
2848	exc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\d3d9.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MshtmlDac.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\AzSqlExt.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msxml3.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\pid.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\MediaMetadataHandler.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc110u.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mstscax.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\polstore.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wpdwcn.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ctl3d32.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\sechost.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\glmf32.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\qintlgnt.ime	exc.exe
File created	C:\WINDOWS\SysWOW64\C_10002.NLS	exc.exe
File created	C:\WINDOWS\SysWOW64\glu32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDTH0.DLL	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\scrobj.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\fdSSDP.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\mfc42u.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\rasapi32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wextract.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\zipfldr.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\C_10007.NLS	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\c_28603.nls	exc.exe
File created	C:\WINDOWS\SysWOW64\dhcpcsvc.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDFI.DLL	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\C_10017.NLS	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\eappgnui.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDVNTC.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\odtext32.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\spopk.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wmvdspa.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\cryptdll.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\lpk.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mmres.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msxml6r.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\rasautou.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\sspicli.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\unimdm.tsp	exc.exe
File created	C:\WINDOWS\SysWOW64\korwbrkr.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\prevhost.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wmdrmdev.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msdtcVSp1res.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mferror.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\shsetup.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\SndVol.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\mfps.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\lpk.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\msvcp110.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\TsWpfWrp.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\w32topl.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\explorer.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\fsutil.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\iprtrmgr.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MsCtfMonitor.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\secproc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dsrole.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDKOR.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\ksproxy.ax	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ksuser.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MP43DECD.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PING.EXE	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe

Drops file in Windows directory 52 IoCs

description	ioc	Process
File created	C:\WINDOWS\bfsvc.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Ultimate.xml	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File opened for modification	C:\WINDOWS\TSSysprep.log	exc.exe
File created	C:\WINDOWS\twain_32.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\msdfmap.ini	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File created	C:\WINDOWS\fveupdate.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\winhlp32.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\twunk_16.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\win.ini	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\twunk_32.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File created	C:\WINDOWS\splwow64.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Starter.xml	exc.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\explorer.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Starter.xml	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\twain.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\twunk_32.exe	exc.exe
File opened for modification	C:\WINDOWS\Ultimate.xml	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\fveupdate.exe	exc.exe
File created	C:\WINDOWS\hh.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\twunk_16.exe	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\mib.bin	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\TSSysprep.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\twain.dll	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\system.ini	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\msdfmap.ini	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\write.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000004dd21cfac33e877b6d2891d34bf3f57c16201cf90fafdb93cf6347eec0100862000000000e800000000200002000000006d578e384e577d6771aa565580312148ec49abdd22b89b8a59b56fa93fe3d17200000000850a92687803da556052e76cac7b89a05004660d37760f59876902c568b5bb040000000208e0d1185e3559158e2d2d0617b8c2cbf4ab27df2e81a0e969cece41aa94bd2433f44910ca46b75dc756f277b741693251dac9e652c5ff0674ead6e926a970f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C80F071-FF34-11EE-917A-EA263619F6CB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419792875"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000001870132b72aadcf0dd7e2b9f214106baaf08336c13fc60e5508b32382c2e8762000000000e8000000002000020000000e7e9a934eed99aac688373492c541a7f1f1228f884b0fafadca9a8740d993ec590000000177662f37b85c14e5987f7fee134dbddbbc4ce5fac4b64fd203fc5b319f847a484f258739d91f5ec72ca867a8743cf1cc515c64982840045abbaf374bbc804f29259067b3d05de33863b2d4752e01f41dc206dbf64684c62d85e89d7bbce686c6b44aaa7f80912dbc634567493fdc243b4bf33297f2f430c84302b656e21280c8dda6973409ae319699cc0438eeb5b9b40000000744cdc313634fc86c956f7f93dc96caecb09889b3aacd584b62cc2b644cb6f3664e7146f4880617b209192db4244938bd0d6d95d8fd3e1afe25b6f52614a3d71	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b800024193da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C811781-FF34-11EE-917A-EA263619F6CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1252	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
272	iexplore.exe
1252	iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1252	iexplore.exe
272	iexplore.exe
1252	iexplore.exe
272	iexplore.exe
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
984	IEXPLORE.EXE
984	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2848	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	28
PID 3024 wrote to memory of 2848	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	28
PID 3024 wrote to memory of 2848	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	28
PID 3024 wrote to memory of 2848	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	28
PID 3024 wrote to memory of 1252	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	31
PID 3024 wrote to memory of 1252	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	31
PID 3024 wrote to memory of 1252	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	31
PID 3024 wrote to memory of 1252	3024	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	31
PID 2848 wrote to memory of 272	2848	exc.exe	32
PID 2848 wrote to memory of 272	2848	exc.exe	32
PID 2848 wrote to memory of 272	2848	exc.exe	32
PID 2848 wrote to memory of 272	2848	exc.exe	32
PID 1252 wrote to memory of 1632	1252	iexplore.exe	34
PID 1252 wrote to memory of 1632	1252	iexplore.exe	34
PID 1252 wrote to memory of 1632	1252	iexplore.exe	34
PID 1252 wrote to memory of 1632	1252	iexplore.exe	34
PID 272 wrote to memory of 1636	272	iexplore.exe	35
PID 272 wrote to memory of 1636	272	iexplore.exe	35
PID 272 wrote to memory of 1636	272	iexplore.exe	35
PID 272 wrote to memory of 1636	272	iexplore.exe	35
PID 1252 wrote to memory of 984	1252	iexplore.exe	37
PID 1252 wrote to memory of 984	1252	iexplore.exe	37
PID 1252 wrote to memory of 984	1252	iexplore.exe	37
PID 1252 wrote to memory of 984	1252	iexplore.exe	37
PID 1252 wrote to memory of 2444	1252	iexplore.exe	38
PID 1252 wrote to memory of 2444	1252	iexplore.exe	38
PID 1252 wrote to memory of 2444	1252	iexplore.exe	38
PID 1252 wrote to memory of 2444	1252	iexplore.exe	38

C:\Users\Admin\AppData\Local\Temp\fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3024
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:272
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:272 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1636
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1632
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:930825 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:984
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:865286 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0f15d6ca56dba7bd16346cdfeefc3f7d

SHA1
9612c5b9f34e8e0bb3cca665d5b9ce922ac15c4c

SHA256
bffaa0db54ad1c038b11ce53125f909e99e437d29ca0f06be23437fd8f85c67d

SHA512
771ccb7a21e6ef30549200e3a60642f0841e86a267b558648077eb07fd67e40a2df8e63c999a1ffc1612dd78401308b5bc6f7677d5eeaf21f7c5d44472787c91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9738b50dc24430726de110a34c1d8fc8

SHA1
0e76c766a7ae5fa4d43025b33508752c9d71556b

SHA256
bba6a48a1ae161d53f8f761285bb494e2e245b97b2cbccbd49846d8c389c105c

SHA512
7b1bafb66044aacdb379c4159224eec1ec882b6f9987d1f2046388c9956c560d62bc21beb2e6c62f84d6df019f97449c6491211d3f3317a02d68e7d36de99260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e10f9dba4d78c6bcefc80857472752b

SHA1
83a5e402a6c6da47967e338080b62d72e5d65c2b

SHA256
603dcb23de4d44790a59554d41f3c2a7bb693ff7fa51faf6bfd9d644d25d0bbb

SHA512
9d2fec49161e3a8e2e45ae82e1e76f4ecdc63bdafa356c567e43a38f8f991490e331d1dff594338bef9c5aeaa04c4e9ac1fda8e32769c22a8a16232ea67233c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
306984419b2cb160431962fa38efcb01

SHA1
1e64afbc74929692a762d08f7163e4282bbae44f

SHA256
4340f171f070ebeee5727ac101efd8b360d1d14b8190f33128039fc49acd3c34

SHA512
f8e35368224c0048cbb04176baede2908eb627e40dd80ed1f7a64e7361235c42c73466bd33f817f8e6ff013264671d13588fd95d06d0e93e3206b7778da28ce2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e46f7447aeb9851c76dbb76b43e17223

SHA1
0b780d58ed6f80cf1861af94df4cdbb9651184e0

SHA256
c722f35a63e2d6317df536c8adcf0fb38162a8bd8bcfcdad058639fed3246b66

SHA512
d6590382f75868176778f2372f5493acc68419f014e518af2dddf86bf8781374083cafeebace2adae7e5bcb9bd158f7840a058c8d0346859f2ffa3ea059b46bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
033fd799dc519a235e4c90aefcc5777c

SHA1
c4c50633ba66f52ebf0fdea4a13e8bd99f317a0b

SHA256
377945dde3f0dcd673431cb93e85253e336d0ce8070ecf7bf03506327f47ad24

SHA512
f16176ed59dff9e413649aad1f926e2ee0ad888d492ed7e5fbcfbf02e2e975c173fc97725876106cb8746bf282d130f98fcd23d6438cfb17346c701b8efb48c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb3c03c3fd8c54e1871f6546d209f558

SHA1
da6676335fe134d6e53896b482008b9511c132de

SHA256
2e1664434db8945faeefecf7ebc03d799aaf3f3d7de39434e83417a50dca6eac

SHA512
c135c0232c127f63264004619f11806a9044a8ad2c044d93a5442b12cc63aee538a75b7761ce6cc0bd48fea1f284e2d1c963c638363aabe638b5351e87172884

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b93580fe529cb4f95be5f1c6a06b9f8e

SHA1
043e40e077c382f3eef164e3f40e6f0c5807bf56

SHA256
cbd19a8288bb05d47d058014c624771ad801ff57426423a27acbb8ede370447f

SHA512
8ec8192c4f3c691de22184adfc60dc025b594e3ac7855b2456eebfed25516d25be4528fb65df57e59ee88e7f2042faa3db14a78814bdb75fae40d7d2d623c298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
18dfdda013d226fa42e9e9d45fd4607f

SHA1
a94a2025e0c22df1efde4871198d5bbdc5e5b392

SHA256
4673625dafd9b582aace2f7452776b47c93ebdc845108cfe913b8bb5a6e08144

SHA512
ddbc165f98dc6c12fada7b55bb7e27b95c17d5aeeda3bb9a8431d001fe4d2a8d0d0301a41b4d018239f70e69b0517d0f08e546b4fa716ecce56bf1ad74801000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab261.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17D6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1936.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
30KB

MD5
0cc5b8f98160cbea11f0fb33d287438a

SHA1
dca7c72e974ddaa7a36d64b5ad5733bde79edf0f

SHA256
1685f83591961f3a9eaf887c1214999d99d582b3644eb56168c476b3109b4c8f

SHA512
52d2ba61eec23f646b45b6319d86dbd4ca0b842f6d1faf702ad10e4c8b959131af2a3a4fcf8218f1725f8d6d80c967a18ec5dd9800cad290ad48287344863a42

Download Submit
C:\WINDOWS\SysWOW64\korwbrkr.lex

Filesize
11.4MB

MD5
7eadf754053dbee733be1234d72ef2b6

SHA1
962bfbd3de88c89a9f39385bc67363227dccb156

SHA256
bc1bf35fa0aff46f78ae53b623fac7a271c88b41c26b7b401c64f7b019226b49

SHA512
550335e0a84f88a07676f48339a7d7bd7311eaee5607fc0a6d3441c18f401dfa41f7639a88b61b0d26847b5603a94960953dc15ef316fed6612e75c89df71b71

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
141KB

MD5
168dfd265c32de4187ea0e92c6ad0325

SHA1
2738fb853ffbf477a98d9197b1b18c8e914fb9e7

SHA256
062ca21398146727ecc7acf0c0989f45dfe203b122c53a8bb78ade901fc27c4a

SHA512
db8c86a5c14886ad7ed45f8382bf61262ab326aed25690101da43e559f2dfa761ca3ba049003439ede8a638dd0ef12441efcd0581092fc7e5bd29f7e7e2db4d8

Download Submit
C:\WINDOWS\SysWOW64\mapisvc.inf

Filesize
55KB

MD5
dd14df759c7e591e90bb47738747015b

SHA1
8d925f1a759463834d10aaf790b491abe2a12e30

SHA256
90e0f0df8fd0b0535ff6c637f2388e061d3351bf30db5047d62292bf8f5e9043

SHA512
82186921cf2527a75c6dc74f3bb49c4b0fae74c85f5ff8ed0ebf6034c228cecd4e86e7da7778076773b30e6fe85c33d54a4e8edbc83e23d9b9010e3bb3fa6a78

Download Submit
C:\WINDOWS\SysWOW64\mapisvc.inf

Filesize
55KB

MD5
665729bef1ab572ef9ceb63a8706fa39

SHA1
ee872eade861ef35acd57eb011eb0c51021b3fcb

SHA256
3c89b16331256d32958aa6d32d2133fddfc1ed1a9fc423cf0b2374306e8066fe

SHA512
8ce9f2c69efeb65ef2bb58831452b2c6bbeb4e0de67fd78ee976c82e6836e2e1fc43684da48817a2f12b3d3fd82f1a56445f7e67fc47cf367bebbea9779c937d

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
62KB

MD5
f54c61d8b975672776a269f35f7f7886

SHA1
9e42957f68a951c315e2277aa896ec1678d609d9

SHA256
73dbe86b19b9735f7436c8c5b0ae66932950bba503beb3aced58ce7e990e3b50

SHA512
b08e18d8543344d041f09c7d2c0dff632493e4e6dba1fc882c703ba3c53b14829c235d8619874683c78b1aa1dc8c7c0a140417593aee1b281ed5c80dda1cb0db

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
90KB

MD5
5435b4d89f81fcbad1c187f24b789a4e

SHA1
5ad73fe8d8b8adcae5c88884862bb0cfd60ad93e

SHA256
c3b27d40008761464ce54ab37e41222e586eb17be6f911f107df90d993fde406

SHA512
adff180f5b9856677d14efe1b10b7ef371dac6db920fe6bf5e0ebd23a86441d926b1f198ba0243040e51ad04173846a873a787b3744bf2386fa3c4e2a23274f8

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
67d8df2d85f19f67eff5fdc779448bb5

SHA1
5a2afd38ebedcec13ef349342aa7bdf3bfa2a679

SHA256
2c5457967fcd6e6aa1f2be839f1d8c397a76a136efb71ebd32a00eb4a7c1a34d

SHA512
69772c2c4c0f55c26943a53b20d25858d41a6fcbd0a01f5a59f4401281c874c5f73e5d54c68bc361241ee2715e8d43869be4329f5b831db569cc4ed514db1529

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
4b3f38f629d20f7a73e2e7e4bd35fd09

SHA1
7ef08a0b052bc827c573bba1079291ce67d9192e

SHA256
6b5a3c917368df593d77798c50d281176b19811ad8ea4d52d7b8b67a5597e27e

SHA512
ec237dd1153686ec42828b48a564cbef213ccf04939b463332489042aee8b74cbda13aac2b611f300de1815345b4339d7567bb0fa90f7a6a71f2bd23342a0ff7

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
f3888edeb42068c37a50e07cee5a26ad

SHA1
d20b1d0afc11315a815bde84deeedc761643f3e4

SHA256
47483435e9bd0306a870d609aa3d4cdc4be8ca00149a6870a519aa6a986fc68c

SHA512
4627e51512e10e0e0b08baa50f8881778a5570c66c1efef3ef93345aa84cf587e79c5852b7eed3db69396ad2fb11d3670015eed77e11899a7e04c4ba05e0fe25

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
81f9410e01889476fd5ba3b6700b6e58

SHA1
71fbb17c69a97d038b4026585588de99d9d149ba

SHA256
585bee89b338f6cc8baa96cd77fde6f3f4fc31350b765dee20522f04f4736b84

SHA512
051889e9b2ccf585c4a93ee23b31877c460627fd49a6cfbd55047a63d635650726e449af4720ef17920f86c46788a59749e8765a6add155031a72f9b239e8c7a

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
97KB

MD5
4257bf64d07a05f964ca09c93c8f535e

SHA1
1cd10f687306a63eaa3aa548bece5ee83402a735

SHA256
8dea536a574126dd344724fc44ccb4da1ef68847fe52ab4bd237381f867f645f

SHA512
411651a407d5463891f61a99d3345dc831ef4ced7f301a12d08ac12c594f4c56939e93a46a8c269fbd98fbc08171577b4272cb2879ea918e452389895cfac5ee

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
114KB

MD5
76981960593340bb94ee8432ca5cc25f

SHA1
0224dac25674dadd7570e40fedc73e2b0ebb47e7

SHA256
43dbc1668369897e1d6a2c3099c3955d44e7f82bfce6eb23f103d24750910bdd

SHA512
7e6b92f1f2012a000ed73e482955d3890cfe93f6c913db7ec27be3becc66176bb6f29e9305f0615450052721261f2d6fba3fff6885fca1e3f762e18f50b5ae4e

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
52d726970a421b2b75fb0807030dcbc3

SHA1
d65e6a1c64f77eb856c173ce1b20581ff203a6db

SHA256
eff87b841b45b55f906956e16f834a9a69fc15b74bd4741dee4e048cc36528b7

SHA512
2e7064a56938a62369fbd4338975ba42df52428e1437a04813e14c321336cd92bacfc4b0d51f011684df7989ab77a2d32696e82b002823177dde6acba4fef24c

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.3MB

MD5
00a568793c7243590727fddef901dfdc

SHA1
f549b5f117cf3d364a9b6ab38d638c72f8d0c9e6

SHA256
ef98354f97ea38882946cda40246d58d75955cb5d09c8f76295a9b9dd6afb62b

SHA512
2923b26a2137e7dcfd9f63ad90c2eb4ee728f0f3c01f23ca4894b7959ba02931bb81fd0047fb43bf934e95cb84d03fb150c40e968584dd77bdb3a4d18d572710

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
100KB

MD5
e11eeb30a2c555d0bb459870bbeb9f90

SHA1
1bf05353c68a92d99b32a846ba1cce5b52f6a1f6

SHA256
cf22f5071754e094379b0c9b9e2dcda30ea521896c0f570f4056871e9d81f488

SHA512
54fa7fc67a3d44cfc125be987ede2487fcd31b06ae904a81e89e051b3f2c17b6ecfb8c1e35cfb5680de388a9fb3be2a8fb4d96e327b72f687f4dd27c32b9517a

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
7374eab37ebae24c33ba97e43271e6c7

SHA1
da0d23b45d35073ca79aed0f4c10424d10f123a2

SHA256
b088ce2f7da38d32883fbc4bbc3797855307687f9d2e1ce928d40ac3be63b1b5

SHA512
f5ae0f34d6a05efab83b73ec750636ff061e9b7ad8f24307eeb4b63e404ec7969fe3fe7e515ac1f739f17a0281fa33662005277afe9534fc2326b126c2dbc0b6

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
128KB

MD5
0bfa0d7e9e665431d7eb0ebdb5380cbb

SHA1
4c30e50fee11f2302353373f9a314b07d2f2a4a5

SHA256
bdc15c5d87042177a0b53f90b29ab04d030717a071d1bcf0570cb6c8c93cafc4

SHA512
88dc3b7854dfc6e2601a0f936069cb0bb721884a2ede7a4c353cc247631fe00988846543e93ca83adcca5e3d6a4afffb353d518008638613c582c71ae2177caa

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
11f71ede14f69f57ccee529ec191ca49

SHA1
e1c0741ee398fe7e9fc2c21d8d56d038b0f7b2d0

SHA256
333678f50a020cd1f7ad6648d7d5e42f8c8e5d4ccb753a036bf0935ee5857c50

SHA512
e9edc146f488691481d1f2088cb6d545d5c587469b7114403bf2831a34e9702b56320b0ea9dec070dbdf0df117854bcaa131bfc45e2e5d02f4335a35bbbeb762

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
127KB

MD5
2b1bd78b571f1043a066696343523d39

SHA1
dd6e4fb18fd68a3143af40705846be3afdc84d47

SHA256
32dea277c5a1a614f243b798fda8b40e11ef289a43857d4debf4fb9ef84ad09a

SHA512
72f1a7a45a80d582d4e5a189e06849217d4afeaa1db79aefab9e89ec8ae7a88ad35c42833488d7a2ae7fbb0c12ac8c1b07196524ea98335c6b492dc5c3cbcbb0

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
5fba17d05756bb9380d7fb1d77b04164

SHA1
fcff665d57d391bad662f0abba098ff1baa81740

SHA256
84db301e7a4867b9ffacf19347111c4c62792dcf5ccb6c47c78b2e9b27802941

SHA512
90eb8776c4f14db079bbba99d319fcae656ac440b5be37c2fc61148bfa7437964a272e875f44bbae319e827bb0999f6c8a9bf9639d1ca625a6c8a411d9dfdcce

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
162bcee42eb187feafe76f562779baf1

SHA1
2eb8cbd78ca65f6c479697568efac16ec963caae

SHA256
251dd674a052bf6b107cf87666e6fb4be54096ea62baf055c3383aea9bad9ffc

SHA512
8de036130270faca3f7317a701ecb6b0b7b7320791523b7616c297a19fa77b6060d476fa31f0d80a7f228c26241574a078601220b292f7173b67d8a0bea0b0cd

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
757d93c24eadb4e3cbb3c65231ab8690

SHA1
4da0e00185a887011d61bf73324dcc5cfd2a84a7

SHA256
4d928f42cbc3cf2ac9389c450d4027038de5519d554f1994d08ef8b6315a6367

SHA512
155a2672949d0ca15b4c3c18b28201d3a912b9b1866ed1c2d386c14aff2dd149391076ef741c5688cf4040947d2c5a5cb6a3a1d544b51ec12281415ddfc6e451

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
d903c88ab989cee154c0061d6d5d8a0d

SHA1
ae358afc5ce260ceaf87849f225a19025052c1e3

SHA256
12f1f664e8cae0c29e537994933e1b4c8163496bfa6b40383d3a4c7b04b1eff0

SHA512
f456805bf88e996106a5dd4b54801822dc87cc949f58e0d9a6932c1ebc8d5170d72a8ca79dc1ef61c0562a6c4596b4ccc78b6db71602a9fb7632793373a9b126

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
696297d69b6c6fa4438edca63532f24a

SHA1
7b9d1e2c28a6d934dfe8645c728e1aaaddeded13

SHA256
b65e1f0d4e4e318a7827bd33ca2e3b5091a5ed33550cbf6c0aff732ee410812a

SHA512
f65b4bc055ab3e4a2b7c5afbfed01ab3e42d4cd2ffca9d1119073335ca5fb680c6c44936b3ab0a90b48344d986be2b00f450b8093a3328940b558b27355600de

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
698f68ce29d6e1246bf68f96d9d92347

SHA1
6376f745f2c5e31533df5cdd9b0acc29b8051199

SHA256
06c71e40087277e1301a2e84629be2c845dc1f55400da7ebbadc06f3347839f3

SHA512
80111501bd7a928744ff1086d20493954f37cef5ce2b9818c2e52effab38fe401d30f60d564ee2d8b35c75b2464b3d764972f82d0a26d485ced1c3946c4f9649

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
1eab3d60ec07c0513c0ed819a53bfd61

SHA1
b4b63017688a06892cde2534c52601ce7074c1cd

SHA256
232d00da62729516e0b6f08c91cc000921552e259862fe5f51f1715e65b5d185

SHA512
2d93b63770482f76d16c381df1e65d6e3972e22d56d56cf4ff408ae985a96bdea5b64db1f188ef3b48583b364430699335d0685cedb2d9494b0b9f84451086d7

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
72KB

MD5
af6c106cdca0d9e7d5f0136c66bc5d9c

SHA1
92426e69d6250c5e722e785b56c95c7cd56ffbc1

SHA256
f2f627c6d13bb175f95f277b727e9b972810206118568cf11633cb565cd1765f

SHA512
b00227adac9b8cf2b84289607e7bacb8589e45d2ece5d58261d26317f1d5521cd6e21e977d5d43ab9336084e9a86d6475231602aa86f8b646af9643d61ef53d3

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
72KB

MD5
fe77e61079b2b57f58fedc8f4419b2fe

SHA1
1e0c335a68c7a395698940c6e3b4af1e1c0729ad

SHA256
e9c184d4ab2ad9af2597e9e99a0967736c1ac1e66597703c54ed546ded979bae

SHA512
a9a67f48057b60626e7bb586ac0f9985b38581abdf13439c7ee9e60faf865ef5073ef3d9170cc1af4f9b5be8ef272241677c733a8a4420b021adee2a364ab099

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
d9c122b3950057cce3ea53deb7a629e3

SHA1
d616bd9b88eb9d54295d3c64951cee8ce83d0b75

SHA256
6b2662b7efdc334da3468fe8bf61b4fb8498c15b64dd084ce59f2f65bad5d3c8

SHA512
b70859b49c89ec1ebc26e8119a6f115f5b9200b359b4dce4a48c32aac70efa51b3636feb579a84043ce80d66ca162c800af7617f246eacb5a29ff9474c392de3

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
ac52e1b584edc90aa3ebc9d4cdad8b5c

SHA1
646c8706252ab53154f03b1c5ab733578ec6d5f1

SHA256
e9587e5ff55ab6549df3f2693e6ad3a6b7304fb7835f2a40aae9ba130fbb4921

SHA512
96dc9f268bed0dc5a71d331a8a13b20d0de5be51ab5484016f9e3016e855bc488b7bf67d9a07d14cd9630a86069c73b00ccd40d929e015cecc7c5a204230e810

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
1fb00f5a2ec44730d3f4ad1a6f6c23c6

SHA1
d807b67d9a2b3e62fa0e7834198786fe62a89bab

SHA256
aab050372305b5b1ccd85b5d8d99bf4dab7b47b9e2a675a4dbcf441407215a60

SHA512
20d25928958aa11728cfd1fc67371bb25123d3c425301f053e2615fa606706fff6e9de7cf8663237a021de8f6e1ecfc7d743fe087b4d6d67fdf5d9f18aa22684

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
ae0fa073caf81ce4697cb11f1926fa50

SHA1
ab9164d2a97d3ae87377b94e609dfb2582bb88c1

SHA256
15eb59c38938709fbfac4f1499065e5fedd2b8d703227371a5c4a8a757b04f15

SHA512
1bed7a522f7129d9dfe18054a6f66d77dbcf2c95ff950e46320ead8a369bc5ec54bac66f97062b06c8aebdf8faf0dbecc3f0074ae8877c9db6ba236df0883902

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
db657a8b255c97176baef1cf0ba80b26

SHA1
a04b77ec3734ba8efdfd9e8d6a4a2949e4e10d04

SHA256
cfa8431f94b35873c6df42bedbcefef6a088b1f0df12a5c3169d1d63c52e5a3d

SHA512
f23f6178bfdb9c8e052132f957fd2d73505922682cbbc531e710b14322d0efc85e36a61fec146791c639f6f390cf1726d53eaa95dc2dac65974b6b7fae5c400b

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
68a9125a7b318787e7e92d389e8af9ae

SHA1
35182eaf06080f7f4c986483a67b95c004301b7e

SHA256
9ad6523e6f269a5740dea0a74f4169e49360d05ad3659cc6eaa13773c8f1f339

SHA512
90ace4900917de0240f03302cf8ebc0a6f4ded2511b4350c1caadfa4ed6d7c8d9244aa987006e6ff5691feb4734d2d2ca32ac25e83f27c494ad2545d22f52c9e

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
362990f1accbd28aa22b95d7a1654a66

SHA1
b7a7c286c90974ffab626ae6bff2bc72a440e2e2

SHA256
06bd67825bd6376650d4bcd9bc0603c9000ac368ad2f0fbe198730d342ea7025

SHA512
e0a7e1a925d4c1b9e5862670a877471dd31c1f51f50e450829240d9fa5a23a98bcc272fa3a8ba19d0a5174c151591d3dda8345d81f9d740a158513400de40348

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
57eee8292fa4b15c387680cb6a077757

SHA1
e707d132df93010ba9d8b821b0c11f8f3ad05473

SHA256
a5122a8513badef82df55091ed0eb40e03dbbb329dc5a98368cff655fd1c5af2

SHA512
2af8ccd8950c068c3392f4cd4e35b4f773ef1f6d630abbdee10549af7e29e566817353e913045cbfd44fbe1fb957f3e1d6cb11b7a71c8b285d9ac04633e589e5

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.7MB

MD5
af70f0aedac2df449ec4044ab60094a8

SHA1
7f5c07e7afff052841ae029b9fc358987199498d

SHA256
50f3fce7b8e341119ff8a7dff6edd2c61cff8c09759b45f3b558a45b57399d10

SHA512
41f0afcf52b1d31073b8d6a019626f2041a014f57c2a47ba2e855b4153df23e8cffb953382edcfeb77e0e1f56ca71d6ebc2a0a765cc21938ffe4a6ff3d1e1410

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
a521af4febdb2b4c3303e173380fc109

SHA1
17b594983e21d83ede02b424842ed011ec256830

SHA256
7d5622c70835afa742708cc24b2a5afcb1cd5f8f8b9a63c247f19e478721556b

SHA512
e4f003a35329d3cbb2ae09f697bfad9104235f652e17359d7951f8d94fb0a2964b0fa8657dac6780cf3d99cd66c1798d1b91b83fd2a93620505cb5726cbe5399

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
db2d999b3f0ab54128880bfaeb5d07f7

SHA1
69fa4cad906e9e594205a7686a00687b4c4e655d

SHA256
0d141877e0494fe62e4ad0605b7067eb1718dc9386146788d1151d55198207f5

SHA512
0a8d1ef7734fbab4cfcd85e6d509cebbf3433321a91a7048529dbed8ed7d98390f5f06baa2b11713022cd4b9775dc77e488adf565394c32011129cb988f0ce93

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
08599176c2590868dd4c875c25785d24

SHA1
2da46630139f958188fc96b7870e40a8f9116691

SHA256
d19eceecd512986167dc6e9bb71619dd75ec3fc0afe3ae98c86f89dd6b642fe4

SHA512
9286ce85fa9d5c8059be7faece1e605d390cd995ed4f57be2dbdcafcf206f6933820040f4495e420d0afcf5e60010b83b30823542ed92528e89082ee0d805fcf

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
de14f0df114aab0bfb4e1cda9687398c

SHA1
cc15f8e57b781ef2b8c1d6692ec9521e8011b46d

SHA256
9a98805d760793b9b4a67d5adb509a757b00bf76627ea687bf8a539a36b651b5

SHA512
002a30362e0b311ed11647ec2de869b3991c835618878fc34bee460d1ca21b5a6ec6b58aae0c1c6786b4ec8f49832f3a915f07b621aa9ede1ba24c74881cae5e

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
fab1d9a8bbe7c5a6fb7cbcabdb648a02

SHA1
56f115f1227cc6a30a2211c2090c34987be8373e

SHA256
50fb5d11dae0a8b7dca593aceef48d8163c3bc5f18cf7bdfe090a70ce4f14e9a

SHA512
9ae9aa466462ddff3b95198fef1047d39c1d7e0821b57cb3f370f3e7a8f3297422eef8d0f1073e3ce33966c22f2b8f9025778fe4faeb049d1cf0b4d63fe00e04

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
fdcfd5e966c28d7e08507a86507e4c93

SHA1
b25b1aa2d368716812759df83221512a66950cec

SHA256
7789ef1b4df2bd6bff8be9ec3c180565c91e44ac87c6ee24343dbf44e40f10c7

SHA512
c3b80a0f9bf375b411f4f09ae51d2e247e53b4521baba81331049b1398c8c7f193fe7ea04b18f7f827f6f90b862dc8d4e5fea29b3c89d646b55fb5c96ddd8928

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
8c009ab4c4031217ffa2606205eec1ca

SHA1
6c87881e89cf0f480edc8f68f088cda6ad3612b9

SHA256
e07f17c6f844577ad439bbbdb136ea3ef186690f847f0bebd89c013fed71b0a1

SHA512
27338903f2d902ab65f651b5a7d9be6f45fde8f4fa4cd5d95f98b7f7a5f0d99ee8b5e04b00c8a344ccd99314082bcdce8c58e2ef16461ba163f4b01629658da4

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
437880561e18d85a901a7d448864ced9

SHA1
512c69d2275477819d431b1507c3f17beb806203

SHA256
f8f94918322abcc830c0a41e913cff5ff64b425b3362a238f0370737017241d6

SHA512
bbe82475be40e0c9a96c98fa62ef257e4d8b4de0afd96c424b1baffb7ed48d408a44e8857b7131c5a0105470ef821ce0439dd608c6a7eb9c7a461577ca34cf6e

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
8b687f26362d9a9899c3d00f94a3a2a8

SHA1
c695509c2f216b7ba320708ce797d7cca2739d1a

SHA256
ac191f5119381696c9927495c753ceb5b16dad0496a7788bd94eee6aef61dffd

SHA512
84b5f90d0b113dfc9e540af34aa9c78f164f8d55648b084dd3174d67e16f93f846f61a29bafbef73898325cc55a9a0431db650e5a82cdbe793e7c865e7b8d52f

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
118KB

MD5
efebaab86c0ee9fc8d46e2af204f6062

SHA1
65ef288609175c613a2203e2833b82049faad5e0

SHA256
e523b1b9d796df16776747c605e3327484c5244b450e65a5982203df0c076e62

SHA512
69a02e558aaee0630b30959e8d842e5aa2e75bb07c7884c04a40dfd78b6d07a9b216cdfd94bba85726799325f9a4c3f5009f86a5355a496fb4189ede903f31ca

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
135KB

MD5
f0ac008dba34ffeda2df6fd1b669af81

SHA1
2ac77e73206b696419d0dcf43e469745aa73d4a4

SHA256
5ff52c879d46cb2a67812af6adc6503966002b4f2420b53d67b5eec89ffda2d6

SHA512
d2cc44b96132f41eedfaab7055f1810c6985e7bb0163e6877759e3508bfdde3367782a5d5dd984c8aa422459d35765aa79372b31b10acd3162c3713d326f12b9

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
136KB

MD5
0cc4c901d28059a8de5eee4df9eb506d

SHA1
20278f3452057df176c7eba466119daaee58ddbb

SHA256
91da33fa1e33905cd91f47523acafe81d11ce8febfbff647b38499575fe8d919

SHA512
54bfda397eab7717a4dcdc4d352502af0478537d30b11fa21b9ba6c06fbb816d5d5a5d1b28b4b5f233723d9de1f8d079c5503665397caba915541b40ed99be5b

Download Submit
C:\WINDOWS\SysWOW64\mfcm110u.dll

Filesize
136KB

MD5
1a19077d53783c70d8192aaf09bb2850

SHA1
43a85b83b063034245e9fd8d2e023e7694fef3d7

SHA256
2a9af48be8c82cf798bf8d51fd296f316556afcc9dac0588a5860fc7d357d18a

SHA512
35249456ea35e84a76897290e97f009aaa5d3a45f545d95f2615a470fff117ebaf93d0d43832b1356b1ba8b11159955403ce18b09682e1bc3ed7c927326c0b05

Download Submit
C:\WINDOWS\SysWOW64\mfcm120.dll

Filesize
136KB

MD5
80dfd556c25d10c62d6fcd4f00fa8fc8

SHA1
6714a26d58f9291ffae064f2b64fadb47679a758

SHA256
063e159bc2f36824866978625e9f8d974f07cce51f4c0562f7b77b99d8cd3903

SHA512
bb66e8ad0ce8fb3cef2b360ed761c26bd0170d8926f52e95d24e8f9273b933862dda4243225de112b68b2dbd21f39cc0708e1f306ef3e3ade7c2086595026fed

Download Submit
C:\WINDOWS\SysWOW64\mfcm120u.dll

Filesize
136KB

MD5
a89b24da66e4062a5059a22488accb57

SHA1
dea30f4d0fc5fef57837e34b61173b26d8942ab1

SHA256
3e0904bb201af1415e8c6ccff2ba6cc3fd0603bf80bc66fcde573fec843fddb9

SHA512
976e9bcfb5d16f4ad9707c193cb37bc149d3a9b5be564208a3d5fa6ab626761a23fb4be945e268199f8fcd67ff0cd0d9494c0d653c1a53b9654d31af446c102f

Download Submit
C:\WINDOWS\SysWOW64\mfcm140.dll

Filesize
128KB

MD5
4c9ebaced7da5811cdd2aed66d889a09

SHA1
f180f37e18d4d4ca0eaa0763d6e020af9405bcef

SHA256
470ec8620b76875cb788817c5d7f40e89f5c2bc9749e29d2a99a60ca55345ff3

SHA512
4ce9b59de8b64338fb1e6028bba9b9740110370b91e8db1d11f308dc9b83abd20d96f84cbb2a2f8de4599aab0180c29399eb7824209dd67379b035347cbf7275

Download Submit
C:\WINDOWS\SysWOW64\mfcm140u.dll

Filesize
128KB

MD5
c500a9ce3e350d44bd48b433aaf69b81

SHA1
f6ff44f90ff58d2fe99d85d12cb71aa0ed9ef238

SHA256
3fdc21757983c1b5e75bd660d3ab20c8df5f2da41d79d7c4c13b8f7b7a79f5b3

SHA512
d1e75959db6506b161e51972a4f0ce394790d9cae1fcc1ebe4e7c70b126e528181fcf6fce98b4e65beba059e8fd324acba933ea64c6c2c1b060afe1f0de587c7

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
51KB

MD5
bb9b57a52a72f1e04f187ec3ec4c5732

SHA1
665bc338b51f77371bc9e40d1bcdd832aaaea8f3

SHA256
a3323bb11dfc310e520513e00f54285a5859170c702faf46eb9e2e292257aba7

SHA512
463c40d5e6983af412a7dfb740265bdf47bd6eca3e78226d1d2ec43d1f7d1825737ce5de006913e753cefe723102830666a21f368c44cec035e55e56dbc09bcc

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
ebb9f47300b324d2c1b705fcebe619ab

SHA1
3991204253258ce985a6b1affb7be5c3d6bfbce2

SHA256
58ebb5b4ca2f3ec08be9e770e5b8343510a8a241655f932169a6de73310ebce7

SHA512
cb6a1e1fb737dfbbf4b96afeceae3b783afb49aaf5a7eb91532436f185f79fda90f6ab47b518594f51f6211f3a57263dd3ba38743d31e55843592432a2142548

Download Submit
C:\WINDOWS\system.ini

Filesize
27KB

MD5
bc423afd89e1254fc44af07d651eef31

SHA1
16ebaa0318e542e3a748117d184bdc89ebb84fab

SHA256
d815dc858d84936906b4b9920e99c0d50cfbb6ce86d3ebc59fe839dc61000427

SHA512
4ee8e187e0da1aade54c26109ff736f13335a450724f4dd8ce2344a8ac8d38aee69acc34c58b2d19ab7e3d27197248ec193216ad93a374d20c29de4f784a4f0b

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
6e8bce96479c2fcde307da12eec83906

SHA1
ac57eb1766688179044129eada8b65321ba0247e

SHA256
6e3fbc3be374d800190cb7698a83b39cac0a8c2d9634b0582425e9bf4d77c2f9

SHA512
7481b82987a79e50c7d02bb79381a54a8a875ffed86724252e7aae459272fa2f7259870f0737f50e77cfbe2aa7def0e266d5004d8bf061fc46398e559cc22c1a

Download Submit
C:\exc.exe

Filesize
450KB

MD5
8c8e352a39eb601c521ac4166662be33

SHA1
caa87431b7f9afdb941cb8ea214e37a97e3a9352

SHA256
83e842f27cf36da4348178e56bd4e2474f5e09d63531934799a49e465e44519f

SHA512
0e0f51294fc145df78d1d9aed0b2d88df92faa4aba4ad57baa2a653a94cb5581e2fc192362f8ca654ff8674ce104a21a53839333df64b6a31a650d4ae18b9ea4

Download Submit
memory/2848-1499-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2848-321-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2848-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2848-3547-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3024-616-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3024-320-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3024-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download