0537c7adb34de9fd5da85b57917ba4133c7ae94e3912cdcef55ea71a96eabc08

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 16:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
Size

477KB
MD5

fd291ecf1326b208eae79c1fc7f67f43
SHA1

fcae442561ea5d45389d647298c4a7429e0e7c6d
SHA256

0537c7adb34de9fd5da85b57917ba4133c7ae94e3912cdcef55ea71a96eabc08
SHA512

77679b663e1935a7910e3f94cea09b096e64aabebb183be98ce4dd4cd14eddcefd205dcb4dad292715dafb4ab35cea077ff0b1e5df825c772e7bb58aa8631a68
SSDEEP

6144:MZ/Z/Z/Z/Z/Z/Z/Z/Z/Z/Z/ZweP1ZVI51yZAv:MBBBBBBBBBBBz1M51yZAv

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4932	exc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\ComputerDefaults.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\DxpTaskSync.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\rdpsharercom.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\WsmWmiPl.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\WLanConn.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\kbdarmph.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc100deu.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\msvcr100.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\oflc-nz.rs	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\sqmapi.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\logoncli.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc100fra.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\scripto.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\CompPkgSup.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc110deu.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ncobjapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\rdpcore.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\spp.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\CoreMessaging.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\LockScreenData.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\srumapi.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\xpsservices.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\DfsShlEx.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Display.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dusmapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\TSTheme.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\w32topl.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\apphelp.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\joy.cpl	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDINDEV.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\PackageStateRoaming.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\tzres.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\@AudioToastIcon.png	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDMON.DLL	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfcm110.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\occache.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\rasppp.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\DDORes.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\InfDefaultInstall.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\expsrv.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDINHIN.DLL	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDSP.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ntlanui2.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wmitomi.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msi.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\pegi-pt.rs	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\tcpmib.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\AcLayers.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\CallHistoryClient.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\dabapi.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\els.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\hhsetup.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.FileExplorer.Common.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wlgpclnt.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ws2help.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wsmprovhost.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\dhcpcmonitor.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\setupact.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\splwow64.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\write.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\mib.bin	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\sysmon.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\bfsvc.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\hh.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\twain_32.dll	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\explorer.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\winhlp32.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\win.ini	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\notepad.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Professional.xml	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\HelpPane.exe	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\PFRO.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\system.ini	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
4248	msedge.exe
4248	msedge.exe
1728	msedge.exe
1728	msedge.exe
5916	identity_helper.exe
5916	identity_helper.exe
4308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5328	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5328	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 4932	4500	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	84
PID 4500 wrote to memory of 4932	4500	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	84
PID 4500 wrote to memory of 4932	4500	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	84
PID 4500 wrote to memory of 4424	4500	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	100
PID 4500 wrote to memory of 4424	4500	fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe	100
PID 4424 wrote to memory of 4244	4424	msedge.exe	101
PID 4424 wrote to memory of 4244	4424	msedge.exe	101
PID 4932 wrote to memory of 1728	4932	exc.exe	102
PID 4932 wrote to memory of 1728	4932	exc.exe	102
PID 1728 wrote to memory of 744	1728	msedge.exe	103
PID 1728 wrote to memory of 744	1728	msedge.exe	103
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 4424 wrote to memory of 4688	4424	msedge.exe	105
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104
PID 1728 wrote to memory of 796	1728	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd291ecf1326b208eae79c1fc7f67f43_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4500
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa11ef46f8,0x7ffa11ef4708,0x7ffa11ef4718
      4⤵
      PID:744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
      4⤵
      PID:796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
      4⤵
      PID:2332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:1564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:4412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
      4⤵
      PID:3764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
      4⤵
      PID:5528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
      4⤵
      PID:5548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
      4⤵
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
      4⤵
      PID:5928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
      4⤵
      PID:5936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
      4⤵
      PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
      4⤵
      PID:3076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
      4⤵
      PID:1068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
      4⤵
      PID:4032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
      4⤵
      PID:5700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
      4⤵
      PID:5692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
      4⤵
      PID:5900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
      4⤵
      PID:5764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2004 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,1786396141069133566,15531524212716587774,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7020 /prefetch:8
      4⤵
      PID:3040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:2964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa11ef46f8,0x7ffa11ef4708,0x7ffa11ef4718
      4⤵
      PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa11ef46f8,0x7ffa11ef4708,0x7ffa11ef4718
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11393119834580188788,18252362343473393892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:4688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11393119834580188788,18252362343473393892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa11ef46f8,0x7ffa11ef4708,0x7ffa11ef4718
    3⤵
    PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
29KB

MD5
e9330250cdaf48283c652514790eef85

SHA1
48f66e3f7c58e4da19d50a5299bd97a5efa4488b

SHA256
910e343f3fec253fa8af03a4102818ae4b0a2cbd043967ad88ea7e465ded79c6

SHA512
dd8d61b669c2c392f6da862e1bc38e23f093108e6f5a65a3db5f2332739c853d07fe15710f989f09852a8a27e114b36e17ae863138ffc940444e1deafa8faa2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
63KB

MD5
8ae2f1ce90d6956858443d4ad23dad8a

SHA1
58fe56c165306ce8f7796535c8f0e3189be8f026

SHA256
92137fdf7abdf1ff392f5c6f55eaa76c679ec7b6e687d24bfc38431dc4f28dba

SHA512
459966a16d62a62384a2c89265e962b2eeca1f479b3768b208dd13739fc9e1994fc28741e8c73eb5128572962011ed1f3f3ea00ae8eb632b9a280762b29eca14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
85KB

MD5
e3e89a157827063c535778fdc7a3dadb

SHA1
af0be506c99bdaa793d854f866ecfa8a234edff2

SHA256
7a26ae7ac361fdd32dd1f39ce69e7744fa53a0156835d20f684dd33ed4c0352e

SHA512
f848a5861594ad3f6a6c4d25e9a237832f79fab41b076fb15169bec002272fea1070895ec309ca02624b9bbe08ae4edc83d9d2c0a6f3b301b045db4ebcc10d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
153KB

MD5
a72b1ce9652e6ad1941e2f96416bc9c5

SHA1
2e09fa71317fef23fb344b2ef38430a32d0397a4

SHA256
28b75836d9320651aac2a460af470df3a206d31ed7982e1fb942caed31a003f3

SHA512
8e629e8317b44d2501543ac1511373257f2d5e48f16a1946bde44f8df5c0e1413eb8cf663441f95fc8891243e8aa499c9d3cb7d7ec353c086039814865ba41d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2b0ee07d7a44187a6a04894b024a22ed

SHA1
75f55aa6af8c43eda45ac0b904f55277bcdef768

SHA256
b174528a06a75c13a678de0f87f5a8765aa47c75f7c4db87777ae275d013fdbb

SHA512
a4388180082ec7f0d88a6cc65e28ccefec1223c58f788c90bb69303412fc60e8ff6241f4ab0677bd98dfc19aac8163eccfbe7a0d87a687ffdffee97a46d11d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81271642b2c0d405a038de107aa1509e

SHA1
3b6aecd1f576c89bfdc4482065e96cd7acf216c5

SHA256
dbe90342ddd3dc556d95ad2109f425df2450b78e3b50acfc9ef91ae8b337626f

SHA512
c816a088976743a2e59e3f026139770f9d87b499681745a874c262a40b77783a8c0ae92df0595ffb3852bb92f772cb1af292d5c1fb00902284e62a293f6529a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad0c5ab018587ec48e506cb1127c58a4

SHA1
f359c0beb212e2303192ddf1402774e58fe6076c

SHA256
828b672abdfbc13c313296e0ad61e5cdd6f40eb65afc390d2321df9a5dbc66d6

SHA512
ecd216bc7be62f15b1a406f555cf74f76e9c818e0f3797b280340e580cfb8be8298473d2360e2404d682502d45f1a99243f2ac03dde962d2b617fdb7604187c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0f8861bd60418a08b96154d082b2212

SHA1
51ddd31286b448d8b5849bdbd76e3d88c8498794

SHA256
7f5d612593bbf34bba6156f9cf69f161e968dbba063b6fc3edd9130dc6186cce

SHA512
abd5645b96221e132e5e208a743f1c4b504e599ab0e585b385a18f018eeb8b03f4156c99a42ede425091a5355c5f7720d4dae12fcfa2a092efa9320580738935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596fc7.TMP

Filesize
1KB

MD5
f4ebe227e0f6e745622119771e8b1eee

SHA1
597a449e28b62209ebd07efcfa1da6a733598692

SHA256
6edbefd0d55817b0325fe1f0687c25e2fe65613e5d149866c672f6054d45a7e8

SHA512
59a0118b5625ae6d123e8e4351520d117f841ba74e4d6176a55f14d1d19de15b202251df6befb96e5dcbab2fbb77bbf7f981b2670865bad8fdbb49aef7882a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
69731ee1aae812aeb26aeadf67a91067

SHA1
6624891de02dc766f593e9011690a234a60feefe

SHA256
2e40373e6bf0272ba78fb5d054e0eabf460b96c00b093d8c6ac7732585263db4

SHA512
6e58e36e71c419cb173c92aa20917c953844a1b16ae568d64b48b8ba953473b10e9303b5557aa0a95ca7edf4989edacf1310e7cb156466055e4f6edb3a55ff58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
45088560abfc403e8e79576ca80d4351

SHA1
75e55e7cac9d115befc5222b262ef88ae4d83e60

SHA256
42ec364ff0bb53f2dca6260bffbc6c5743ee44ecc2c825a3f46b5efc8ab04fbe

SHA512
3f5bca4a2aba7c935b06ae103e3871137907efbd1e0401479b5e978acc8d2caa79ac1b0110cd1111633d60ff591d1dfe257aeec20bdf9b663876a0f5a23063af

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
9a74842511986d27161d706f54a3539e

SHA1
aa48b0d44867648dcfebbe58ad59d91dd13c6913

SHA256
6c8ba46c6e2ed0d0dc929f93a2558edfd470f9e50cb716655d74845f7863d8da

SHA512
adfa7b2e5a82be547b2103d9245a088fcc5b591716c944e18f4bd8247555567954ef6ddded0f9cf1ebb23b5f5d0760c998bbf573f426bd7ac040671c789652d6

Download Submit
C:\WINDOWS\PFRO.log

Filesize
56KB

MD5
6d7051f0f28452c5d10580a5b103fdae

SHA1
1de4455d48bf6804066015b636cf743a02eb7916

SHA256
d538e119d709c2cb030f9aa90b4cd868230ddeaafa11f630e238e8baf63c7e0f

SHA512
b95735bc441234450a0232b09c5d67cdc0e8aabbd283602c9e72cc276bb8e3dabb12768fb15efabe69091be1243b6b8f35f47748277b360e768da8f6cbada203

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
0ba256fc60d59b28af4500489487b856

SHA1
25f0c0c008775892aa9ff7141d29ec118db7557c

SHA256
a5b87098b88c67ff2e78613f6b5c2d6c3f32fe8aeeabe0fe537eb5180a9cf9ae

SHA512
6630de453caa2f9d247a695f9baa3045bdacdfabdd0d583d7ee8387c6c632674ff91def1b46fe824806f473aacd50aa0f6773cfe1712b4003bb39d32f42dcdc3

Download Submit
C:\WINDOWS\SysWOW64\concrt140.dll

Filesize
269KB

MD5
646f716865b03ed16b32e5d77f2732bb

SHA1
fc1e9d2f316c80a94673e342cc8e8d69aa7ca701

SHA256
173585f625959d3c9f915ce42e8fe1419d45b6eb81901af564dfbf45a3c7b3da

SHA512
f6c1097732ec95f6d84e49c7d39d29e35204d1d6aa0ec8427d5fc37e486002b43d9316b3277d9bfe150bc4f0fc0dd31d4b82f34fb7cf34742124cddf04167640

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
90KB

MD5
c7e7a9fbfc52f96f510323803d81f168

SHA1
a6c0deaa32f7676bc787b583ec45a1097c8462e7

SHA256
43f0c1c14c003071f1a8d41c0538623aaa192551c5e8d3554771427ea5e94911

SHA512
091c3638532adedfd2a300bdaca8915b3f7acada0213d0ee01555f8c5ebc8079adf105392679616fd1794a54d429be3e81fa0979fa1c79b5629b2815ec4a3d0b

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
109KB

MD5
b108fd5d125553f13271be2bcb9e50b7

SHA1
aacbce436882ab0105c27ff648500c57eb43f363

SHA256
5b282d5d2f132d3e9c0784c5e0bdd5f01aa8f37d6d1989f91ec573e744694ac0

SHA512
f1888b9685fc4bfca69d6be24b8bef2b2039617430628a8af7a07fb4510a989deeb479077b83c78a20d38f2ec5a7e196bc624abbc20790878cf1a95326b64275

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
117KB

MD5
729ecb36abbe826c41c7df2b9c32376a

SHA1
5f438ab3055d014f8707f55739c74e81d888040b

SHA256
7a7580eefcc7f91f325736b7ff6d60c19fad714108e7ff5e36a10702daa62f7d

SHA512
e62e12eb157f8bafd7c401447788e3f5d55d91c3a8745def43a9bc8614ddac81f9692984c70b89e49cb649ddaa2670ef1600c8cb1bf1a51f2c4cf5a330e95e9f

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
4b3f38f629d20f7a73e2e7e4bd35fd09

SHA1
7ef08a0b052bc827c573bba1079291ce67d9192e

SHA256
6b5a3c917368df593d77798c50d281176b19811ad8ea4d52d7b8b67a5597e27e

SHA512
ec237dd1153686ec42828b48a564cbef213ccf04939b463332489042aee8b74cbda13aac2b611f300de1815345b4339d7567bb0fa90f7a6a71f2bd23342a0ff7

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
f3888edeb42068c37a50e07cee5a26ad

SHA1
d20b1d0afc11315a815bde84deeedc761643f3e4

SHA256
47483435e9bd0306a870d609aa3d4cdc4be8ca00149a6870a519aa6a986fc68c

SHA512
4627e51512e10e0e0b08baa50f8881778a5570c66c1efef3ef93345aa84cf587e79c5852b7eed3db69396ad2fb11d3670015eed77e11899a7e04c4ba05e0fe25

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
81f9410e01889476fd5ba3b6700b6e58

SHA1
71fbb17c69a97d038b4026585588de99d9d149ba

SHA256
585bee89b338f6cc8baa96cd77fde6f3f4fc31350b765dee20522f04f4736b84

SHA512
051889e9b2ccf585c4a93ee23b31877c460627fd49a6cfbd55047a63d635650726e449af4720ef17920f86c46788a59749e8765a6add155031a72f9b239e8c7a

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
a5d06b8be4dc16dde1c7c11ae6041d1e

SHA1
9cf572ba9159da4e1c137b3d85d49290fd40eed0

SHA256
53027a99cbe2d241a76104353dad1a58f32be99dd9b4bba2d894f0fe7ce704bb

SHA512
5f4cf9dc8a74ba8bb7d58cdfa08fbb0cbf16f850ab6afbc5cfdd591352924813b6903bfba87a67fed4c16cb966868067c0407d4392c8920ca7fa41bb8346299f

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.2MB

MD5
05e803ef2295c2267de4a717fcc7471e

SHA1
b8e588b37d4c9c2a7f906596719ed2cb6c47b0f8

SHA256
d09895af0ec7a387b6cb87b78564995041fb58b9eb02a976c6a2a2a21b61da76

SHA512
4fcf1fd7fb7f22c652e0e29bd9701ddf9da9e814b699d5a15e14acaff906ccef3b5a70d4b8de52a5e8277a988f0c7eeae0f6f099257825c097127bb554723b8d

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
8e19a6af5a2b46f0256b5a966e10cd7d

SHA1
31b470d4e9fb90e8609f865a5880cf58f4610363

SHA256
ad3dd617c9c5a43ade9268088c1bc3fadab75d6d7ec35e962d558ddd46d1943c

SHA512
da5c3ed9496216d1bceab2fa61373b835ca584d24737c9566f1c2bfdbb88e51b4c60f04cdcb8f03b72c7febaec49c87429ad19b0d00b1f37081a77169b14544f

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
72KB

MD5
ae55b750e25a5d6f9e411f7e28548a9e

SHA1
0ba3396bc9fc322b1621d6e27ab3cd2edd4b5539

SHA256
244a889c60f2c95fe0155efaa244b62e2ecd9ea636ac84f7b3fcd88533a14592

SHA512
64122c16f4f145417443cf38a288f55a99d0be05f338ee3ab34e7132c475737428d67ce8fbcfa31cc62e0f76b6d4ab7637fb04e1e435589c346220b2c1dc8f0c

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
100KB

MD5
84cf3c4f35dd896e23e995e243a2599a

SHA1
f46d90164b5ad3c20ccffc1daf13e2014d9a5b3e

SHA256
c71c9ad50aa23b6fcce29e7ecd9629c18ba3a48e352b85f5604755dabdde2880

SHA512
94f129356e7b1bb03e6935a99faff2f5dea1752fadec9194b3960ddf1b443c1873abfca7cef2b9a03fcc14f4372665cc84f9d9182eaa8a383b469ba0ea25dce5

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
91KB

MD5
5a82f3dab027b3b57ad0d8568951dec8

SHA1
4872ff88bddae45432cc61365acad27a1fb0b179

SHA256
716eb3de8945bd176e3b1e822646635883defec70e2781293e4d2f13f59ffaa6

SHA512
721bf1bbe206f52f015bab02192cc8e881d1a53cccee9426940b611b509f572d9ed79e95d46716215acb770059429b93dbb77c1c1cbf9c10ca245e0153a15b26

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
99KB

MD5
4495f471bc36b30edaf4080d2b352799

SHA1
6fc015cd247004de5702127f33e0dd8229a82991

SHA256
4c1504d31c667d11c281bf3449fc2251c9b4a4af614cdf270f7c0c0f770df473

SHA512
e3ca8b97fad6b92b88ba8d12166a611f1f44f8382f2d23c9693a3108952f6842586c0a26d408b2f0a40e92b3bbf7d5417b5fd1b2ccc40016f04b6d8f67b733f2

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
5fba17d05756bb9380d7fb1d77b04164

SHA1
fcff665d57d391bad662f0abba098ff1baa81740

SHA256
84db301e7a4867b9ffacf19347111c4c62792dcf5ccb6c47c78b2e9b27802941

SHA512
90eb8776c4f14db079bbba99d319fcae656ac440b5be37c2fc61148bfa7437964a272e875f44bbae319e827bb0999f6c8a9bf9639d1ca625a6c8a411d9dfdcce

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
162bcee42eb187feafe76f562779baf1

SHA1
2eb8cbd78ca65f6c479697568efac16ec963caae

SHA256
251dd674a052bf6b107cf87666e6fb4be54096ea62baf055c3383aea9bad9ffc

SHA512
8de036130270faca3f7317a701ecb6b0b7b7320791523b7616c297a19fa77b6060d476fa31f0d80a7f228c26241574a078601220b292f7173b67d8a0bea0b0cd

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
757d93c24eadb4e3cbb3c65231ab8690

SHA1
4da0e00185a887011d61bf73324dcc5cfd2a84a7

SHA256
4d928f42cbc3cf2ac9389c450d4027038de5519d554f1994d08ef8b6315a6367

SHA512
155a2672949d0ca15b4c3c18b28201d3a912b9b1866ed1c2d386c14aff2dd149391076ef741c5688cf4040947d2c5a5cb6a3a1d544b51ec12281415ddfc6e451

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
d903c88ab989cee154c0061d6d5d8a0d

SHA1
ae358afc5ce260ceaf87849f225a19025052c1e3

SHA256
12f1f664e8cae0c29e537994933e1b4c8163496bfa6b40383d3a4c7b04b1eff0

SHA512
f456805bf88e996106a5dd4b54801822dc87cc949f58e0d9a6932c1ebc8d5170d72a8ca79dc1ef61c0562a6c4596b4ccc78b6db71602a9fb7632793373a9b126

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
696297d69b6c6fa4438edca63532f24a

SHA1
7b9d1e2c28a6d934dfe8645c728e1aaaddeded13

SHA256
b65e1f0d4e4e318a7827bd33ca2e3b5091a5ed33550cbf6c0aff732ee410812a

SHA512
f65b4bc055ab3e4a2b7c5afbfed01ab3e42d4cd2ffca9d1119073335ca5fb680c6c44936b3ab0a90b48344d986be2b00f450b8093a3328940b558b27355600de

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
2c2c1680861ce3eb322363c361bcd2c1

SHA1
5a9870d1e233f3cd68fb922c7aafd9cd69f91caf

SHA256
c583642c5f26ef62d0c857350793eb235fe9a0687ade35e350cc3c2aec65793a

SHA512
ce10a009bcaae6215e6a41816929670a0d7217bca2d09d6d1dd58469b908f711a78e6df67d5fa1c611c49211652bc60ccedd441c4587dfc2717bfa98b31886dc

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
f82e625dc4941853bfeefb204100cb8c

SHA1
a1f20ac14448b361a87bdec339c6b749af5db5db

SHA256
3241df1c90ddfe85ef752ecf880271d36a5866a90a92195d55e428d0639b71d4

SHA512
f5d9a9342816972e4e177fbeaebf603c974f819c9feed823921a4bfc99057d98776d89b0f72790588bfd0547d36bbf2c195b3969f1c98648df06b2fdb84c1184

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
8be84188361523a05d1e6c3ef302fa7a

SHA1
ea7ed819971d545d8499379c3ee5633f7c2d9869

SHA256
cdc5a5fe8d317dbb08c2cd3234512abf1035d750a93aacafcf9fcf0b3bbe1cf2

SHA512
7bff7a1e7a53b2c0015f9673e92e1e006f6c531be48e54b1603590ecf0576d7d29419531dba215503b970805cb89c4031eaf7fa0bad3cb0b03abc03be45a8402

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
e8bdb052fe0aa98317d66d3f1fe57037

SHA1
abda126deb48c04e40d9b8bc9a6cd99c4d265abf

SHA256
4dbaa19695eef4678444bffea464506422f42968e8a6e47d1e235ca8a1190b11

SHA512
1843b3673ad6b6c0316abfe6f017c5ca569cff4edefd03199d346a5e91ee0680fca4ab2c1b15492dedc75bfaa19717fb4de485dd3e16268f9647bdb02e9808b8

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
9fd6491ea7ca2bd3329b5086aaa1a93f

SHA1
11a829d59f6ecb2603ac7cc155f342e5e158d0d4

SHA256
6120a4d405d3b9ffea21f821c78f522837e6794d162cfd2706fd6c890519ec18

SHA512
f36d61cce637bfad457ef60a9a0a1de04987eee151d92a02650cd0f9e4412e0b56ae322b6cffb97b054e9ba9a89a5e3c6e79129163b7c6987ca6cd4d4d17c1e4

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
d9c122b3950057cce3ea53deb7a629e3

SHA1
d616bd9b88eb9d54295d3c64951cee8ce83d0b75

SHA256
6b2662b7efdc334da3468fe8bf61b4fb8498c15b64dd084ce59f2f65bad5d3c8

SHA512
b70859b49c89ec1ebc26e8119a6f115f5b9200b359b4dce4a48c32aac70efa51b3636feb579a84043ce80d66ca162c800af7617f246eacb5a29ff9474c392de3

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
ac52e1b584edc90aa3ebc9d4cdad8b5c

SHA1
646c8706252ab53154f03b1c5ab733578ec6d5f1

SHA256
e9587e5ff55ab6549df3f2693e6ad3a6b7304fb7835f2a40aae9ba130fbb4921

SHA512
96dc9f268bed0dc5a71d331a8a13b20d0de5be51ab5484016f9e3016e855bc488b7bf67d9a07d14cd9630a86069c73b00ccd40d929e015cecc7c5a204230e810

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
1fb00f5a2ec44730d3f4ad1a6f6c23c6

SHA1
d807b67d9a2b3e62fa0e7834198786fe62a89bab

SHA256
aab050372305b5b1ccd85b5d8d99bf4dab7b47b9e2a675a4dbcf441407215a60

SHA512
20d25928958aa11728cfd1fc67371bb25123d3c425301f053e2615fa606706fff6e9de7cf8663237a021de8f6e1ecfc7d743fe087b4d6d67fdf5d9f18aa22684

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
ae0fa073caf81ce4697cb11f1926fa50

SHA1
ab9164d2a97d3ae87377b94e609dfb2582bb88c1

SHA256
15eb59c38938709fbfac4f1499065e5fedd2b8d703227371a5c4a8a757b04f15

SHA512
1bed7a522f7129d9dfe18054a6f66d77dbcf2c95ff950e46320ead8a369bc5ec54bac66f97062b06c8aebdf8faf0dbecc3f0074ae8877c9db6ba236df0883902

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
db657a8b255c97176baef1cf0ba80b26

SHA1
a04b77ec3734ba8efdfd9e8d6a4a2949e4e10d04

SHA256
cfa8431f94b35873c6df42bedbcefef6a088b1f0df12a5c3169d1d63c52e5a3d

SHA512
f23f6178bfdb9c8e052132f957fd2d73505922682cbbc531e710b14322d0efc85e36a61fec146791c639f6f390cf1726d53eaa95dc2dac65974b6b7fae5c400b

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
68a9125a7b318787e7e92d389e8af9ae

SHA1
35182eaf06080f7f4c986483a67b95c004301b7e

SHA256
9ad6523e6f269a5740dea0a74f4169e49360d05ad3659cc6eaa13773c8f1f339

SHA512
90ace4900917de0240f03302cf8ebc0a6f4ded2511b4350c1caadfa4ed6d7c8d9244aa987006e6ff5691feb4734d2d2ca32ac25e83f27c494ad2545d22f52c9e

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
362990f1accbd28aa22b95d7a1654a66

SHA1
b7a7c286c90974ffab626ae6bff2bc72a440e2e2

SHA256
06bd67825bd6376650d4bcd9bc0603c9000ac368ad2f0fbe198730d342ea7025

SHA512
e0a7e1a925d4c1b9e5862670a877471dd31c1f51f50e450829240d9fa5a23a98bcc272fa3a8ba19d0a5174c151591d3dda8345d81f9d740a158513400de40348

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
57eee8292fa4b15c387680cb6a077757

SHA1
e707d132df93010ba9d8b821b0c11f8f3ad05473

SHA256
a5122a8513badef82df55091ed0eb40e03dbbb329dc5a98368cff655fd1c5af2

SHA512
2af8ccd8950c068c3392f4cd4e35b4f773ef1f6d630abbdee10549af7e29e566817353e913045cbfd44fbe1fb957f3e1d6cb11b7a71c8b285d9ac04633e589e5

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.7MB

MD5
af70f0aedac2df449ec4044ab60094a8

SHA1
7f5c07e7afff052841ae029b9fc358987199498d

SHA256
50f3fce7b8e341119ff8a7dff6edd2c61cff8c09759b45f3b558a45b57399d10

SHA512
41f0afcf52b1d31073b8d6a019626f2041a014f57c2a47ba2e855b4153df23e8cffb953382edcfeb77e0e1f56ca71d6ebc2a0a765cc21938ffe4a6ff3d1e1410

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
a521af4febdb2b4c3303e173380fc109

SHA1
17b594983e21d83ede02b424842ed011ec256830

SHA256
7d5622c70835afa742708cc24b2a5afcb1cd5f8f8b9a63c247f19e478721556b

SHA512
e4f003a35329d3cbb2ae09f697bfad9104235f652e17359d7951f8d94fb0a2964b0fa8657dac6780cf3d99cd66c1798d1b91b83fd2a93620505cb5726cbe5399

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
db2d999b3f0ab54128880bfaeb5d07f7

SHA1
69fa4cad906e9e594205a7686a00687b4c4e655d

SHA256
0d141877e0494fe62e4ad0605b7067eb1718dc9386146788d1151d55198207f5

SHA512
0a8d1ef7734fbab4cfcd85e6d509cebbf3433321a91a7048529dbed8ed7d98390f5f06baa2b11713022cd4b9775dc77e488adf565394c32011129cb988f0ce93

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
08599176c2590868dd4c875c25785d24

SHA1
2da46630139f958188fc96b7870e40a8f9116691

SHA256
d19eceecd512986167dc6e9bb71619dd75ec3fc0afe3ae98c86f89dd6b642fe4

SHA512
9286ce85fa9d5c8059be7faece1e605d390cd995ed4f57be2dbdcafcf206f6933820040f4495e420d0afcf5e60010b83b30823542ed92528e89082ee0d805fcf

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
de14f0df114aab0bfb4e1cda9687398c

SHA1
cc15f8e57b781ef2b8c1d6692ec9521e8011b46d

SHA256
9a98805d760793b9b4a67d5adb509a757b00bf76627ea687bf8a539a36b651b5

SHA512
002a30362e0b311ed11647ec2de869b3991c835618878fc34bee460d1ca21b5a6ec6b58aae0c1c6786b4ec8f49832f3a915f07b621aa9ede1ba24c74881cae5e

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
fab1d9a8bbe7c5a6fb7cbcabdb648a02

SHA1
56f115f1227cc6a30a2211c2090c34987be8373e

SHA256
50fb5d11dae0a8b7dca593aceef48d8163c3bc5f18cf7bdfe090a70ce4f14e9a

SHA512
9ae9aa466462ddff3b95198fef1047d39c1d7e0821b57cb3f370f3e7a8f3297422eef8d0f1073e3ce33966c22f2b8f9025778fe4faeb049d1cf0b4d63fe00e04

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
fdcfd5e966c28d7e08507a86507e4c93

SHA1
b25b1aa2d368716812759df83221512a66950cec

SHA256
7789ef1b4df2bd6bff8be9ec3c180565c91e44ac87c6ee24343dbf44e40f10c7

SHA512
c3b80a0f9bf375b411f4f09ae51d2e247e53b4521baba81331049b1398c8c7f193fe7ea04b18f7f827f6f90b862dc8d4e5fea29b3c89d646b55fb5c96ddd8928

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
8c009ab4c4031217ffa2606205eec1ca

SHA1
6c87881e89cf0f480edc8f68f088cda6ad3612b9

SHA256
e07f17c6f844577ad439bbbdb136ea3ef186690f847f0bebd89c013fed71b0a1

SHA512
27338903f2d902ab65f651b5a7d9be6f45fde8f4fa4cd5d95f98b7f7a5f0d99ee8b5e04b00c8a344ccd99314082bcdce8c58e2ef16461ba163f4b01629658da4

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
437880561e18d85a901a7d448864ced9

SHA1
512c69d2275477819d431b1507c3f17beb806203

SHA256
f8f94918322abcc830c0a41e913cff5ff64b425b3362a238f0370737017241d6

SHA512
bbe82475be40e0c9a96c98fa62ef257e4d8b4de0afd96c424b1baffb7ed48d408a44e8857b7131c5a0105470ef821ce0439dd608c6a7eb9c7a461577ca34cf6e

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
8b687f26362d9a9899c3d00f94a3a2a8

SHA1
c695509c2f216b7ba320708ce797d7cca2739d1a

SHA256
ac191f5119381696c9927495c753ceb5b16dad0496a7788bd94eee6aef61dffd

SHA512
84b5f90d0b113dfc9e540af34aa9c78f164f8d55648b084dd3174d67e16f93f846f61a29bafbef73898325cc55a9a0431db650e5a82cdbe793e7c865e7b8d52f

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
118KB

MD5
efebaab86c0ee9fc8d46e2af204f6062

SHA1
65ef288609175c613a2203e2833b82049faad5e0

SHA256
e523b1b9d796df16776747c605e3327484c5244b450e65a5982203df0c076e62

SHA512
69a02e558aaee0630b30959e8d842e5aa2e75bb07c7884c04a40dfd78b6d07a9b216cdfd94bba85726799325f9a4c3f5009f86a5355a496fb4189ede903f31ca

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
37bf2eea2038de407c3e0b0437e35170

SHA1
258f0cc3e4721c7f56fe9c82381a427f5ef36568

SHA256
0904e04b3ad9e7bb0372c0193e3f61e500b3abcfd52337f5bf584317a415849a

SHA512
05e3f3fcee9e7f53fb20b542900f060b86d60be82e8fc56e0c2a3124982bfcd693bd5805492b3d70d1b151c7f605b1955bfd9e9565c2165e4a8b2762da0cee77

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
135KB

MD5
6231d0e32ed4c65ba9a34d7dd0440db9

SHA1
288b43c1bf8cc001c1b7f14a6338ce49d5f96c13

SHA256
44ecc6ce88b5999285a42f06926b5be1343eed19b8611f1aa03dbf2ffe253219

SHA512
9d600f208556d32dd6e4c91e9ad6945959924d20dfbbfe8b851a436d325a8515c4e493fe319f090fb7c586e4941e4fb17cb458a7a37fb2624bd7a1173dce6dab

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
135KB

MD5
f0ac008dba34ffeda2df6fd1b669af81

SHA1
2ac77e73206b696419d0dcf43e469745aa73d4a4

SHA256
5ff52c879d46cb2a67812af6adc6503966002b4f2420b53d67b5eec89ffda2d6

SHA512
d2cc44b96132f41eedfaab7055f1810c6985e7bb0163e6877759e3508bfdde3367782a5d5dd984c8aa422459d35765aa79372b31b10acd3162c3713d326f12b9

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
136KB

MD5
0cc4c901d28059a8de5eee4df9eb506d

SHA1
20278f3452057df176c7eba466119daaee58ddbb

SHA256
91da33fa1e33905cd91f47523acafe81d11ce8febfbff647b38499575fe8d919

SHA512
54bfda397eab7717a4dcdc4d352502af0478537d30b11fa21b9ba6c06fbb816d5d5a5d1b28b4b5f233723d9de1f8d079c5503665397caba915541b40ed99be5b

Download Submit
C:\WINDOWS\SysWOW64\mfcm110u.dll

Filesize
136KB

MD5
1a19077d53783c70d8192aaf09bb2850

SHA1
43a85b83b063034245e9fd8d2e023e7694fef3d7

SHA256
2a9af48be8c82cf798bf8d51fd296f316556afcc9dac0588a5860fc7d357d18a

SHA512
35249456ea35e84a76897290e97f009aaa5d3a45f545d95f2615a470fff117ebaf93d0d43832b1356b1ba8b11159955403ce18b09682e1bc3ed7c927326c0b05

Download Submit
C:\WINDOWS\SysWOW64\mfcm120.dll

Filesize
136KB

MD5
80dfd556c25d10c62d6fcd4f00fa8fc8

SHA1
6714a26d58f9291ffae064f2b64fadb47679a758

SHA256
063e159bc2f36824866978625e9f8d974f07cce51f4c0562f7b77b99d8cd3903

SHA512
bb66e8ad0ce8fb3cef2b360ed761c26bd0170d8926f52e95d24e8f9273b933862dda4243225de112b68b2dbd21f39cc0708e1f306ef3e3ade7c2086595026fed

Download Submit
C:\WINDOWS\SysWOW64\mfcm120u.dll

Filesize
136KB

MD5
a89b24da66e4062a5059a22488accb57

SHA1
dea30f4d0fc5fef57837e34b61173b26d8942ab1

SHA256
3e0904bb201af1415e8c6ccff2ba6cc3fd0603bf80bc66fcde573fec843fddb9

SHA512
976e9bcfb5d16f4ad9707c193cb37bc149d3a9b5be564208a3d5fa6ab626761a23fb4be945e268199f8fcd67ff0cd0d9494c0d653c1a53b9654d31af446c102f

Download Submit
C:\WINDOWS\SysWOW64\mfcm140.dll

Filesize
128KB

MD5
4c9ebaced7da5811cdd2aed66d889a09

SHA1
f180f37e18d4d4ca0eaa0763d6e020af9405bcef

SHA256
470ec8620b76875cb788817c5d7f40e89f5c2bc9749e29d2a99a60ca55345ff3

SHA512
4ce9b59de8b64338fb1e6028bba9b9740110370b91e8db1d11f308dc9b83abd20d96f84cbb2a2f8de4599aab0180c29399eb7824209dd67379b035347cbf7275

Download Submit
C:\WINDOWS\SysWOW64\mfcm140u.dll

Filesize
128KB

MD5
c500a9ce3e350d44bd48b433aaf69b81

SHA1
f6ff44f90ff58d2fe99d85d12cb71aa0ed9ef238

SHA256
3fdc21757983c1b5e75bd660d3ab20c8df5f2da41d79d7c4c13b8f7b7a79f5b3

SHA512
d1e75959db6506b161e51972a4f0ce394790d9cae1fcc1ebe4e7c70b126e528181fcf6fce98b4e65beba059e8fd324acba933ea64c6c2c1b060afe1f0de587c7

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
221KB

MD5
4c86e3e476ceaf303048e4abcb8bf3c3

SHA1
74781c277da1015f910bbf27482b24973bd9735f

SHA256
893ec86cadad9e744c4d8789cf9cd75bb1ee5ae8de305f02fd249ea869e898f0

SHA512
da58b0185a698c28d92faedf6b0f00eeca578065ed75f97eabe90f3b748a710d2876797a32937e5316c2d0f651e5b2570177c5df8d170cecb4d31e093a4cb9b7

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
cf3320ca8fb5b4238ac490efc0f9fa2f

SHA1
8309183a8de2fdba98deabf6d18487e8fb5cbb62

SHA256
0cf7c6a20ded1aec7fe581f700f55b803d32270f556ecc15e7ebbd71c196cada

SHA512
f2c74fe6c6be52e61f1de9b888e34420e6b0e5df4c434cf510a404692d523c7104043c31c2c7231486d913481b8efdf2cff06f9a41f2032e9f17b0b31aff8c24

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
b6673f0c914b90e32dbeee6126f1072d

SHA1
48d46f107485d860b830cea0d3a65e9433808bb8

SHA256
88cc9364baf004090f5dc7789a8e84c5cf2bfcf75038e71de0378e0d977572c9

SHA512
5c1281db72c2e44a9f74849d5de09150cd67f91bb9c0501231ff1c2d8247e21233c22a2e2f079c2c01ccd12b5a1097ccdcf968303d5968cfce8fa6d5f4cdfd63

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
44fb0fa3a20fcb361f887b818934991d

SHA1
151dee9b34e5c99a5b0f20324de7d0ca64c918fb

SHA256
4100ebb5b902952bee579e3edbd1ad70f4c4ced1ad0326d703452aa54e8033d1

SHA512
37dc99e9e84eea6b8fb17fe86c22663e0033a05b2b6858b6b77f0027e0275387f94ca83c2b953cab07653e001f26973bc5da71c5d60eef9db09accc044d828ea

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
ebb9f47300b324d2c1b705fcebe619ab

SHA1
3991204253258ce985a6b1affb7be5c3d6bfbce2

SHA256
58ebb5b4ca2f3ec08be9e770e5b8343510a8a241655f932169a6de73310ebce7

SHA512
cb6a1e1fb737dfbbf4b96afeceae3b783afb49aaf5a7eb91532436f185f79fda90f6ab47b518594f51f6211f3a57263dd3ba38743d31e55843592432a2142548

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
bb375dde5230290a1f40d9bd805eca69

SHA1
d89658644bb6b741002bc31ad47fd663588a2c61

SHA256
3a999f4ebe45d277bc674559fee6705b2eb6f5bc3ec573e3e24103bf08449187

SHA512
7597b29dbe5ea558b1ce3526edeb172acfbbbff6ffde311790d042b19ff77554ee0dc16ef93b8fdf01d3d2596c8e8b7e09105ad890d4cceabe7d38472ad9d66f

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
f9e8a6e2a544f5ef207d8b5495db1355

SHA1
ab01e8d42d9f678c7697b91b46b85426cb112d1d

SHA256
bf84f92d11d38349e371b90de9f471d0089462d646ef05323a907a51aa2bc7b1

SHA512
f0403bbc5241ed14e1f7848941403851bfcb686a7f9469d2dbc525a1ad986a55d8fe982592fea8063e5224cb76ebb1460208ecce2ce6f234442c5ebdc3498bc0

Download Submit
C:\exc.exe

Filesize
450KB

MD5
4fbc08960c6850d871a1e90214e189ca

SHA1
5c9d9cf75e4a670cbaa625aa2c53a0e3765eb947

SHA256
493889ceacfeea8d3d71cac15ca5f072efe0402c0a6caa3a83254429a9ea8a5e

SHA512
3374741c3368a410bdb8a930106c2271b3c9e8cb747b135dbc3cd7fb38ed1b332d880d76fc0b45b91c69c6c3919915f5cd17c2890e64ca401812d7796452185e

Download Submit
memory/4500-1591-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4500-1343-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4500-503-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4500-269-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4500-2185-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4500-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4932-1071-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4932-2228-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4932-1592-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4932-2425-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4932-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4932-270-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download