893347995c3a34cfce8011cfc6de98104840842250017c9e9333a29dcae32ea9

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
Size

388KB
MD5

158a2791893332580758c83dcd69b08f
SHA1

15a4bfa638f868d0ad827820edc3a373216d3f10
SHA256

893347995c3a34cfce8011cfc6de98104840842250017c9e9333a29dcae32ea9
SHA512

f1ad8236fdd559a84106ded49bd96c52e832be299d0e8c6f7db5fa1ccae2eef7e91df0e3c53a64f301f244c4743666b6307e409158c66e0d3e040ae7dcf043d6
SSDEEP

768:ae2gVe2gVe2gVe2gVe2gVe2gVe2gVe2gVe2gVe2gVe2gVe2gVe2gVe2gE+WD6Y3:Z+W2Y3

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4048	exc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3020-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000700000002328e-5.dat	upx
behavioral2/memory/4048-9-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/3020-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000100000000aee6-18.dat	upx
behavioral2/files/0x000100000001db68-21.dat	upx
behavioral2/files/0x000100000001db69-25.dat	upx
behavioral2/files/0x000300000001dafd-37.dat	upx
behavioral2/files/0x0001000000009e66-35.dat	upx
behavioral2/files/0x0001000000009e63-33.dat	upx
behavioral2/files/0x00050000000006bd-31.dat	upx
behavioral2/files/0x000300000001e6f1-39.dat	upx
behavioral2/files/0x000700000001e5a2-43.dat	upx
behavioral2/files/0x000100000000c0ba-47.dat	upx
behavioral2/files/0x000300000001e6f2-52.dat	upx
behavioral2/files/0x000400000001e706-56.dat	upx
behavioral2/files/0x000500000001e5e8-119.dat	upx
behavioral2/files/0x000600000001e5de-117.dat	upx
behavioral2/files/0x000500000001e5dd-115.dat	upx
behavioral2/files/0x000500000001e5dc-113.dat	upx
behavioral2/files/0x000500000001e5db-111.dat	upx
behavioral2/files/0x000500000001e5da-109.dat	upx
behavioral2/files/0x000700000001e5d3-107.dat	upx
behavioral2/files/0x000700000001e5d2-105.dat	upx
behavioral2/files/0x000700000001e5d1-103.dat	upx
behavioral2/files/0x000700000001e5d0-101.dat	upx
behavioral2/files/0x000800000001e5ce-99.dat	upx
behavioral2/files/0x000300000001e79b-97.dat	upx
behavioral2/files/0x000300000001e79a-95.dat	upx
behavioral2/files/0x000300000001e799-93.dat	upx
behavioral2/files/0x000300000001e798-91.dat	upx
behavioral2/files/0x000300000001e797-89.dat	upx
behavioral2/files/0x000500000001e72f-87.dat	upx
behavioral2/files/0x000400000001e72c-85.dat	upx
behavioral2/files/0x000300000001e727-83.dat	upx
behavioral2/files/0x000300000001e726-81.dat	upx
behavioral2/files/0x000200000001e719-79.dat	upx
behavioral2/files/0x000500000001e5e9-121.dat	upx
behavioral2/files/0x000600000001e844-165.dat	upx
behavioral2/files/0x000300000001e877-183.dat	upx
behavioral2/files/0x000300000001e876-181.dat	upx
behavioral2/files/0x000500000001e5ea-213.dat	upx
behavioral2/files/0x000400000001e79e-211.dat	upx
behavioral2/files/0x000300000001e79c-209.dat	upx
behavioral2/files/0x000300000001e8cc-207.dat	upx
behavioral2/files/0x000300000001e8cb-205.dat	upx
behavioral2/files/0x000300000001e8ca-203.dat	upx
behavioral2/files/0x000300000001e8c9-201.dat	upx
behavioral2/files/0x000300000001e8c8-199.dat	upx
behavioral2/files/0x000300000001e8c7-197.dat	upx
behavioral2/files/0x000300000001e8c6-195.dat	upx
behavioral2/files/0x000300000001e8c5-193.dat	upx
behavioral2/files/0x000300000001e8c4-191.dat	upx
behavioral2/files/0x000300000001e8c3-189.dat	upx
behavioral2/files/0x000300000001e8c2-187.dat	upx
behavioral2/files/0x000300000001e8c1-185.dat	upx
behavioral2/files/0x000500000001e875-179.dat	upx
behavioral2/files/0x000600000001e84b-177.dat	upx
behavioral2/files/0x000600000001e84a-175.dat	upx
behavioral2/files/0x000700000001e849-173.dat	upx
behavioral2/files/0x000400000001e848-171.dat	upx
behavioral2/files/0x000400000001e846-169.dat	upx
behavioral2/files/0x000500000001e845-167.dat	upx
behavioral2/files/0x000600000001e843-163.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\dhcpcore6.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDOGHAM.DLL	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ttdrecord.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\winrssrv.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDINEN.DLL	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msinfo32.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\rdvgumd32.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\CoreShellAPI.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\d3d10warp.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\iprop.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDGTHC.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDUZB.DLL	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msidle.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\PeerDistSh.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Direct2DDesktop.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\DXCore.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\iassam.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDCA.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\rshx32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\sqlwoa.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wlanapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AppxPackaging.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\authfwcfg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ExplorerFrame.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\itss.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mdmregistration.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mstask.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WMPhoto.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\credwiz.exe	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc140u.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\uniplat.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\vcomp140.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WMSPDMOD.DLL	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\eapphost.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDA2.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDPASH.DLL	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\termmgr.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\TtlsExt.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Internal.Devices.Sensors.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ncryptprov.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\networkitemfactory.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\onexui.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wer.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AppManagementConfiguration.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\CheckNetIsolation.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\joinutil.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDSMSNO.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\clip.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mfh263enc.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\PSHED.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\convert.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\DismApi.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\kernel32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msieftp.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\slc.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\stdole32.tlb	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\calc.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ExplorerFrame.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\splwow64.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\bfsvc.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\explorer.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\write.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\sysmon.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\win.ini	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\HelpPane.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\hh.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\notepad.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\winhlp32.exe	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File created	C:\WINDOWS\mib.bin	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\system.ini	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File created	C:\WINDOWS\twain_32.dll	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
4600	msedge.exe
4600	msedge.exe
2332	msedge.exe
2332	msedge.exe
2440	identity_helper.exe
2440	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 4048	3020	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe	80
PID 3020 wrote to memory of 4048	3020	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe	80
PID 3020 wrote to memory of 4048	3020	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe	80
PID 3020 wrote to memory of 2332	3020	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe	90
PID 3020 wrote to memory of 2332	3020	158a2791893332580758c83dcd69b08f_JaffaCakes118.exe	90
PID 2332 wrote to memory of 4132	2332	msedge.exe	91
PID 2332 wrote to memory of 4132	2332	msedge.exe	91
PID 4048 wrote to memory of 2948	4048	exc.exe	92
PID 4048 wrote to memory of 2948	4048	exc.exe	92
PID 2948 wrote to memory of 4468	2948	msedge.exe	93
PID 2948 wrote to memory of 4468	2948	msedge.exe	93
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2948 wrote to memory of 2860	2948	msedge.exe	94
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95
PID 2332 wrote to memory of 2660	2332	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\158a2791893332580758c83dcd69b08f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\158a2791893332580758c83dcd69b08f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3020
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefaaf46f8,0x7ffefaaf4708,0x7ffefaaf4718
      4⤵
      PID:4468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16299494630239267647,13366566985165371480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
      4⤵
      PID:2860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16299494630239267647,13366566985165371480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:2696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefaaf46f8,0x7ffefaaf4708,0x7ffefaaf4718
      4⤵
      PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefaaf46f8,0x7ffefaaf4708,0x7ffefaaf4718
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
    3⤵
    PID:1136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
    3⤵
    PID:384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:1536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
    3⤵
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:2356
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
    3⤵
    PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
    3⤵
    PID:3204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
    3⤵
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
    3⤵
    PID:1656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11090337579545031435,14004627414164897159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
    3⤵
    PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefaaf46f8,0x7ffefaaf4708,0x7ffefaaf4718
    3⤵
    PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
bcf37972dfa4dea7f7cebea14d19bb81

SHA1
6dc8ef5edf5288f9753cbd58e76f6d7bb09f3bf3

SHA256
f69958260e1a27640b29910a06e5e69e636b62db905ba86fd1ea320c017e7fe2

SHA512
a3c28e157d3f01cf57c1c5c868264784d32c1d8b9c77b56d16abe4966ceb62bee5a3c67a570bb1fbd652ca2f0a7a747f1a487919bf1e64fc80d5abd39df7b48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f6589d9b704c5304c4d95694d3bfb27

SHA1
398b60e55f99634b6a8451ff0ab838676826e4d6

SHA256
0c729e06eaced344f7ac85387ce59899c7cbb88ac73b567d6bae75fac64df5ab

SHA512
7bfe268bea2956dfd7afdb85e632cc8699ae71eef04198589b74ba1fe12c141876d2c10b5dac291ecc9799de19ae00f331682f627c6596cbf2ca237071899e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
caa9fa06cb46b7839db576d0a6da866f

SHA1
4adfcc99cb2618e99116277a05ee34a40a966d96

SHA256
b7d7ccf63b6b8a20db8f26c706c0fbe231b7f76a3c7393da4a0667e6edb2603c

SHA512
64bbd6780c134f402ea8eefe5d27ef043aa945299f5b13edad6091889bc0be027b75694e76fb0ceacb6f38ba1fb8ceee1be632c60823e40f896c3461f718ea12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77d148b4cf89ef00bd542c187635cac5

SHA1
c1769db77617bbc7f0d81ef0c226e55e424bfb84

SHA256
e4322cdadbc5c4c9b188e6750b84e6de775515c4e68f96f6f8af0a9d8de084fb

SHA512
f916e3ebe5af16d139dbd22bd62207a897258bc95f192eb60eca222f7e68cb5a72cc4eae948f57f109441d5df8723d998fcc4fb82d66b9ba784bfe9c5bcc382a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
24ed1dfb01ddd9b4b771bd4c7c33db6f

SHA1
6c05b26eb6b7c273232282b663d856118cdb053b

SHA256
61b562a5e596bbe555f447b4225842dd95be57d3ad3b24cb99cd7f2aa9288055

SHA512
2517766c408c1578c880fba611aac8a5fb1158ee4421a49f0c107d7685946c4140eaa5fb77027e29ef3fed976e2a44452cf536630225d8c08aea7664b3ee4f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
91dd393975c52e6849370af46c6fec72

SHA1
de077afac4a83b75b38f008541e63c6c4c25d6f2

SHA256
f7ca5a624fbbb92f2f984b05c23116fd99fb1f172de560b9670f513ad4f599f1

SHA512
bda553ac04288834825962915946f711c59f93c5d722e6182c65d2026f6baa06b0b6953b1d0c41b0f0fc032e3de77536b0956b5e0e0d2c0d2552d5d180787619

Download Submit
C:\WINDOWS\Professional.xml

Filesize
57KB

MD5
ec52263cdd24c14257e1f07da9134047

SHA1
94bdcaa5116a84e125c84f07a8e061a086aadde6

SHA256
1fc9424555556e4af38b84c18a9c580499727f819bf193a252c760ebeaf89b03

SHA512
5cf8bae70e5e3cda6004cb3e70439a0b1cf062ce6331bf0d7c9f151fd1e4eb3a3cd74e69de0dcef1e7729b77ab758214e90f0dcefb3a47d7bed7be10ffe34a70

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
20901d3611239f7893558d7595b26ed8

SHA1
412d43092c658d1d77e549be8e501b4ba39ef4f8

SHA256
96069eba7a17de9a81c46e67d1362785e18e42d4cfe0b51c4d96d544114b1a6e

SHA512
b056cd77c1859eee1a679bc73fe5c397e90d8427ce9a1e28b79878ee61585c5e3c0476bf7b246fa32ed256e11efa8e2584dd9efae65b669b40ddd095a592c180

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
ae9ed0f932cb10908b66ecea2e65b9f4

SHA1
0d9ba36c0b55b96891217b942fb01894c89749cd

SHA256
c76219eddf8de55e4948304fdf0a647af474b3755f770fefbc97631b941555ce

SHA512
913a60ccec66494d7144ef33b334850f1c8df30d5e43b59363ceddf1aa01ff58d9d333ba005611e03d28e9c578dd6e5739f433ba6909fbe590e3fc8126a35b56

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
b0cae2bcd141cbbd80787b4609bfd60e

SHA1
e71039bc196ccebc494abdd689afd011be8ce692

SHA256
8e12533cfc50581511d696044b8cba38c5509716432b2b40accb15c4494b8bc5

SHA512
ab3b2602a9c375dd4a4fdeb80d4902e0f052b9d2024ae1ef6ad25b2c9996f09c879b2f684ea75f04e3bdd68e4a414b345f114df63361bdf63bb4d0da5af080bf

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
4.2MB

MD5
796f4bc300bbd6542f05010427a71f46

SHA1
4a7406f9ba8242e2f222760bcce920ffa4ee26f3

SHA256
685e9b8ccd310c4a963ef9568562c50314653c0e161be8f04baca0adfbc4a370

SHA512
60849dd52d11b7569b38b7a8422bbdb6d379365ddef60b0c9f60a9b2228e72dfe820921f5f446b42085062a8bdaefd5294e30d99723195f278198486209e65bc

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
62KB

MD5
053b7283ddaa2e5c6e89e08721395f9f

SHA1
67afd5beff6f81341792e8645dc9e82d20bb9795

SHA256
a368f55fd71194b17e6676503242ad0d13f3346d7d8e48df72244ca3dfbce675

SHA512
04fed714fad38fa194880d6f806e42c14151173a06e2cccd62854ea6c37ec793b9a1f85c99bf540db00e82048251d18e18cff8477c0874feea0777e42ceea04a

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
62KB

MD5
a3c00b9e5f24bb4b9a6018b65e57e23b

SHA1
ab426190286517a5f7f3a9ee4fbdb499f71c039a

SHA256
9fda45dc77a7e61af502f6a2ffc5473bf030a0c0dd19d6a74effddddc1fa1c3e

SHA512
8c50ecd1579348efc27d79a0e2354c396387df832539cc4ff007c56970cf25523cce4e861beb96858d45c7c5e0462dd575267ce6791c47cc0b5ea760ab7a0644

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
118KB

MD5
6fb5552005de48a51aa136a37b9c7661

SHA1
7c3110d93910a6471444cc8a7f78c4ddb437f1c8

SHA256
66a74a6fad27d5a79b2eabfdadbde883875b581043e2b590ee5e54f728c877be

SHA512
f9e60caa83d3bea4154c777f140c54d4e5ad9e37024b1b5231f8c29bbfe3273b8603e9e1000560513818c6ebd2920c71387b58c7c1da156022d595a749fd0983

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
109KB

MD5
01b9fce9f7a7e8835f518e5eb36b1f06

SHA1
308beef876f47153e1777597af4a771247756bb8

SHA256
2d659611be727b6a4c7ffc75bad59f55099779311ff81a255554663a3f21cc19

SHA512
81b4e25e4878581a10e5ff02b09542d898953db1c0a21dd04e5d5fd24428456d8c224607b71adfeb0cce093a666b0ceeafba62a1eecd64c0ffe9ba5139ce5d5a

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
117KB

MD5
4ffbb2f9c6dd7f9bb2a9b0f31f9ad4a7

SHA1
264efccab79ae74b1028ee2bfeb61a7de7fa14e6

SHA256
b6e867b044fcfeab09854125d309fc2b9fc69511a625aa80961d482c61a2b87a

SHA512
34e56c252ed4567599946285f09c7f9a8821c6aa1afbba2e30d3088d403f97f158b9d96a415ef157e4457f213a14e75a2e231a884ef5ed685da9c890f98a6ff8

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
e962cee4cd309b1842cc3730473abfde

SHA1
cd6a8fc5ca5ca3e6a4c9d761a9fd661b5058189d

SHA256
58c03fc0e3cb51470ababb971c2c86c4e66404d34aa659227d062cfe7acb3e97

SHA512
edbb69bd4f48f47bfa45770c111589332659c9da800fcec82a8798136ae781311d97ec40587808edfc90bcc48f95f91da6757f1ac9510862d0063d8ccd1c45a3

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
b0ebea8dfc8a27a599492d22d7896ac5

SHA1
a3e3bafb1bde3a8c517085ddaa45d21d60b2f163

SHA256
febbda57a25c1d1e9edc16dac893415d9635e0d8850fdf637acbe3b4a0bc16b9

SHA512
1f56d1652e4b9022e249702a3602bb61f3a74f76c0dacfd93e7a98effc8fbdfb08b9126521ae359a9f4f9dff1e895d53ffed61a86fea8fc10d17cc03b4adc09c

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
bab316a47d899ec809d378197b865ed5

SHA1
eced8ba44ae14815af19386a0e2d0d8ddbbdb9c0

SHA256
4b9cbd651f9d754ee604fab7a96da4f9889337323bfd47c7c279347234713f67

SHA512
3d098049409d2680789c39f1f9153e5f572f73cf65f3f8b3cde273e94869da04ce0ca2fe5453d07ac75244880f37ebdebf9b87d4418b733ea43cd1f08ec3bd83

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
97KB

MD5
5cfb0a308f23928797941b539462fffa

SHA1
35b7baef24f72a441acbe81ce52f7c75712b4233

SHA256
aac92e51f56c3beb8e3289d9e90e0339937c8586b8aae6959605cea08d291f7a

SHA512
3b810101b8bf9bc9929d417d1f3fd612903eb2b347e281935dc731ba44f0c01a2b32f40a4492954cf2c295638d864c845e7fb4b7561378e598862de8ea763362

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
114KB

MD5
f4717f92606e670b81b64e805963bde6

SHA1
e112292599382dd9e68ee594fd1f7b0e52414429

SHA256
5f47c1a50ebd772d36b1b4d42f9a972e75d5d490c352538a344ea208e9febb53

SHA512
5b76f7db5bfa90048752f66f5a60629a77491a5dc9f74ed029b6e781ffe0b9474439b68469983a995685ceabd468c81b6b6b4189e0d5381c0eda2c62cb923dd2

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.3MB

MD5
0a82f6ce7326ad88cf8b9617ca8c2ad3

SHA1
d1e13996ce783d46522cb873bfaa7c2651458e29

SHA256
75412617d89a1ecaa7331a97ddf02850eb6c08cf85ebbb42b48fa71ab2d59f99

SHA512
bca06bef84ad3e01035e0a37f0fe6cf71add3c52e48a831204c9e715e9426824d239809a06c5d30b69cb191eb8021d552a465935f2bec3526f8e9220d0dd7b87

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.3MB

MD5
1b85f1ab185cfa588b00605172f86f4f

SHA1
ede890e06d57c75f0e6199ec364fe8135a6d42f0

SHA256
f800ad48cdbc2689dfab1f31e223084957e44ea73b7581b938793bb4aba5dd0f

SHA512
0f14533d39d928b49143065eb176a479de5229476c55da2679e6a503c7ea0cee892c45205ba4ede7d1494e6920819b10429701d865f79259c57519cd21b45ee3

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
100KB

MD5
9357e22156efaf6985a3213fdfafd27f

SHA1
4cc7152243c867cee86ee036b6dcc211834452b9

SHA256
53717a963b22f4f8cc60b1ccdb31977c3ce039fa5323ccffbf92b4b916922c2c

SHA512
b76e6015b3283ce413c133b23818bbc75e550942ee7b594abfee3ce9490398c62909365fbc5eb5cc343cce8d4038c6ae2b2b7c3c4b8f2297051b77586a385f04

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
5ce66af34467507f24d51f04c21b22f6

SHA1
2cd943e4083739dc7eadd57b4ce046f32cc5f5f8

SHA256
9f879694ed488b088de6befa8cfbe61c9cd960daf233e71a6983ee1c55823382

SHA512
8276d6a2a2a423638e7fe539e2ace863a8dd8a57ef434251b8a282a4d32368f2abeae7f59e3f50b29d449e5c437c25551080cec778d7579e16fce05400ed701d

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
128KB

MD5
54876bc4ee48587d8a4400f22dbea0f3

SHA1
7609160446f36bce7c1f1cc65257c513dace0cc0

SHA256
bab9ed44491d83cfbc517e9bf96db764c2c7f1a305de4dc3b2893e03556dc379

SHA512
82fafcd487eb0ea3bcd3fca235e99c2890c53c4d66ada5bece415067493182c0ecfbe94a017a7fe6638dba4cd90524628f05ff82ec7743c76d332be973e604ca

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
78005044379901d9c516612bfb460538

SHA1
752daa9946040373a651031008beb42fb3f2d957

SHA256
d9e97b380213f9a2af7e9bf602e4768f999886de9c4811151de9771338a4d1e1

SHA512
ad73ae45cc7f6d7271501e1f0be4b8807a7346b8d451d7e7b1f1d77ebd78be506a08f02a4545cf48f61200dec0ceffe90447c66a93d4534956350a6acef74340

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
127KB

MD5
8cb49466668b81e8c804e3e0e39f17e5

SHA1
89d3e4142c9cb225553140f6245855e2a4623b9a

SHA256
54af71357abfaea979f7b34dd24ebb2a70c633e452440874a4e52af19c9dcb90

SHA512
3515790c17c9e4d9a6558c782d0d3fd170616058dd5f671ffd38e8225221ed1c23945fa33161bcf79b82fc02a12ca5742fb2789cefa6733ee6e3a1896b9c9875

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
85e61dc15cb7f5ac8d79ab874e72b984

SHA1
8a7f7a2808ad0122fd73d08b8f4ea2e9e8aaa82f

SHA256
64a7ad2ef44c1b981e20936d7f40a87aa30feb88ca512e7822f92784180030b5

SHA512
f54b2e70584e3fe6c685a83e519c72cd256dce4a98c96ed43650f4312cb260a4dc3da2830918e004d31083e46085f86f1b78778dc9b91a18b11ac8e27d629313

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
705772d1871c1d933304baefb4e07cc6

SHA1
714774b2c14b6c5f3390d7709ec877b8ec2e7c75

SHA256
430d3b66355ea0af7910a071fedd3a6257e1074658ecc5075fada2d24c7dcfc8

SHA512
c4a5eaf2438050be4b41c566c112e93bab51d284c434d49eaad83ad56d48793079beabc8a02a7afd925b40a66174e135bbee55a39d003c2a21080f11afa5ed27

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
6852bd59437a4ba616c8cbe025407554

SHA1
c8734de71c4e14dbcd6555e5f72c7fbca237490f

SHA256
8f7dd216e00110c340337319948d8ec86cfbfe6b450571032941819efac48c4b

SHA512
2ab73a5b0d2aef8229c403c41eb9611f6505fc1164e3a42e368c4f6107367ee06f4f7d59b7b1c51a50020a54879f6c29d38c932118feaf515f74a23b9b7de6e0

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
17807c2f585d76b8cb9082d1848b6ea8

SHA1
2c97e30ba17bbe6e1393192a0ec79c57bc3fabed

SHA256
28e47bcd97be61d808da5719ae44f028c189538a147a66b08283448e4f25a401

SHA512
c66dc74e3f433a7214d122b28c1b9c443a7f6faada1aa737c6e84cb69e6732193957538182edccff0d74bee3efaf2c01b190635c6c5844631b703fee50f7cdfb

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
1e02819a57c828108f723cef03138e82

SHA1
ee721413ff9a0813106dd671f097c4b066161a3e

SHA256
fe029fc0048f0f59ee5b431f9429b7b34320a442a9939b526ac73ebb94f3f5b0

SHA512
07d13bdf7e2fd80bcb2a9c5cef8c7e219ecd6f6c8974b0a6e63835be7815c47f489060d5bb1cb003502fdf3131de48268b5f698e650b89fbfc80905dfa9dde06

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
f0105ce0f5fa125152805d282c44ebd0

SHA1
5a1dab9bced97ac559594f00974aa04fcc2d31f4

SHA256
0cb0859b4cd8d0476528753ada906edecea547999cf6089ad02e3042af6a028a

SHA512
f1a7bfc5efbddab9662753ba35d1158c40a9fae86f4c96b4d9ecac9f2ad5ab4f9adfc55a503f35132a015a9c4363f7f8648ce2a6f21678901fce6d836f659d54

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
6e98e8746150a685bab952614c308e2a

SHA1
2057174b7d6c2b9857bd41067940d580f265eb42

SHA256
b742acc2359771c3d455a6470350088751d7e724be238185b395c11e4638a560

SHA512
271db1a5607a954ee4a9f53fce3c8b0287dc7f79ba611d16bf9f1f33f8d8c4853d73ed6f74780d966815ec69c5e1a52ba4f9732665f916b9422c20a09e45f51c

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
48a43d98dc00f614b7f8a42c239167a2

SHA1
95d7d615057ec63066b83bc9ad73ff963798ddc9

SHA256
5e266105c9e2dce04d182081b3795617a8880b418bffaeb64788ad0e978a54f4

SHA512
5704f4641e636c114a34e7d0e8c092888a50171572f3b8c30b62825aeef9c4c731b2679d94ed58f3674fe8dfdee805212a43fe48f33eacc34cebff37ab92f0f8

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
c9eec0ed69a96652319ca9bbc47fe61e

SHA1
5a6f6c2ccc8e5db52e8fef6fdd09ac01c66de64c

SHA256
34366ab7e72ff839afaff1cdfc17fbb1c2340c4b96d0140b75bdaff72307c679

SHA512
1732062603589e80b7f2694a9139e19f7d19daad6bfb7b2a5ead4af87ff45317ae184822c3cb3be776a302baef9a7577c60fb15a437923d63d2f05d631a2304b

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
2b4dd2aca954a7869059c05bc0d60098

SHA1
f47f009a5c7d2d5d79630769fbf947ea8ac9e48d

SHA256
94d83d4fa2ab984148b8142fdb696e2953766524aba78353653e7d8ce42f4f85

SHA512
0a1b379a8700f09e290668900d62de557e4dfe229a1721ab0ccde34b1a719cea9d6006ba8a07dffd362a5566e2eeb2248416af5be06a98cffb39f305c92e8e52

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
86b7f59fdf2d3da8d40ef15af1b427c2

SHA1
23cfda1b55dde601eba05f2f32e1724171593114

SHA256
58ae73ce613ab3efccac0edde06f6c4092bc5c77705119ce005a30e6ceca7d67

SHA512
a9de4de333f17ef499da327cd7376ad1e8b5ae2408745df9ff10d965d06d9691f42238c85c1b748c5aff21045d32e0fea06e445bdf6f1b61366c581b5e03bd8e

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
ca880140cb9bb869eb6dd2a17cb51e36

SHA1
1d81dc30d60f4c66b2bbdbd49365e339aaf87820

SHA256
d0b1c33603377159a2f6db413c28aeebed5180902627b7988ac2fa1b75bbae6f

SHA512
297f253831ecfe65e6e0b4893e92ed0c0ca1c5c7096944f24d2f566b6e1df7b186630cfbf48a3d2bfd37013b110cad5c860011b60e7fa1f39a14a9c9f1c822ba

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
91635247eadd8e7940f60c2a7754dd83

SHA1
bd0feb5b4edbaae0017e24a5dd3b2e72aaa498ec

SHA256
f3397af13b5214e5003e50716e6e2fe8b8dff705051ace3c23e0b30a858bab46

SHA512
e0b17439440d579fc5fb0607aa686b2326e2201c2629d44f03ec03844f98fe97b3da172f6b3f964a3ccde301ebad50142341a7de238a1b37e0bd31ff67f5997e

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
cfff26c7a6f752d36a386a125c38dc70

SHA1
eea5660cf3e5abbf36a55aab1580f6ba9780d94f

SHA256
789ab48faa120b774e9ad883764b204a21439095047962fe1b2954f018739dc4

SHA512
ae66f58a303bc3fd6afe576c15e986d0c7fcd979cfad7d16a5689890e36a939c45e10b0cb89e351171c497846af16247413e939e9ba13c33a16f554fca7dbd69

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
9fb6e6e2c7b577f370bd85f36400f27a

SHA1
bd15c822fddebfad67ea3883b7ed096949903fc0

SHA256
82a3b50b8390b058e913918b27d102e101d66cd87567c2ac61848a9c34706ba6

SHA512
85ddab53cf2c25c918f1af297b6250fe4b5d01acee5aae2a59a28752eb94b9010927c27b13df0bbc63b15b94348231e284ffa3e01c933da33f3e54030d946bcd

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
21075160af7817b583eeca0e72016165

SHA1
ed73e16961558739b431878e3db3c963d9978d66

SHA256
b5e3b2f76abe56176fb266d1e68e7d263177fd1f631e8c2eea6e7d019a6e0357

SHA512
fd1fe6c8054c41af9cb50a0d69670fb226448920df22cc2923209a4cfb8df1660b356f917384fff25cf7a9350d02baf5b7c8714e54c9bfcf4f97d2bbaa5b597d

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
5bce2e38fefb75d3c630c9690eda84ac

SHA1
89ba93c0a558fa7991f2aa7abb071f7b04bfe569

SHA256
cefe02f8dbf837a4721d25358a62465f8a00b2784b179f08c0791dea5d042edb

SHA512
9e4b73b15fba1ee1615ebaff90c264673860cc0cba6c06cca574e58a97d22091e10f81a1e1c8081530ff7f3d2a054709f37299ab0e621e2e8ca0e8ed5cd26eed

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
1d8388321e4b2cb138f4eef45e7063d1

SHA1
b87bdf44c5a80bf1c63191e9c1443c4208d46f9d

SHA256
cad533db8c25fe35b650950338661f1ea1c06b0ef9dd0d1aefeed85bdb62e9aa

SHA512
7da44f4dd5f13d2ff42aa050eef2a2d95ec703d37d9d172d9d1a6fd7e7172d4a48a4a359d5fc6343139b08cb93a5ccb4a2f354ad57bcc9ad1036f3089b1e0021

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.7MB

MD5
0e94f39308b59e04397561c223128224

SHA1
1ae1fc05474c071574777f29195f88f6f76d7772

SHA256
8f6f153c6abdcc55471a0dd30f8a2ef23eafb6a8b3150ed5efef0b4b21eec852

SHA512
523549c3a235817a8c242fdd8881843657dfd3bc7d2191a90659faed36c621a56a0322a45138af0336281725b5bf810f12ed1d0c5535bcfe5c2eedc5d9876592

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
57dc9dc1afa5314f666e781615448774

SHA1
10191f437a2258f5a814fef8a55fda2addbb5472

SHA256
be030e163ac8450344fbaf11aac83ed66459e577b016c667e2bb9952d2391972

SHA512
75f1bae1920f6c2a857c732e4caded0294b4335095d7f819d9b1e610f129020a0e5a979307318d4d4b65d47381e8fd27851c55424b20a71690cd2127d9f1ee06

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
afa4f7aa12a7e8e0fd5257a88e32442d

SHA1
8111a0a373cdc6a9b760bbd8db3115a118d77602

SHA256
03cc82f5771b3eb56b88861176e4665577f55e66bfbdc4b31ba4b0428a79baf8

SHA512
82308003d8060252b224bf091113bf0cae0f28de3de7dc4643765851a415948e845f00ea6d9208f2c5d9536dfa4a4ee371ff11d408e4a2136c2e0c339fd9930d

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
033a8aae774f15bc73655b76edab6f20

SHA1
2a26797d80e84bad5d58520d2e4e7a50a744467d

SHA256
ab754ec9479079de429ae6bfdebafdcce38a22f171099ec302e0e0718ff7f8a8

SHA512
8981084c03b96794b019f70b8a897fa9910700f54a19bf1dc0fdc9e4a4b50ecc31fdec5a9ba777823def57b103a607aa1ba5959e4b276c79585575850b5fedb5

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
f34f13aadf0cd6fd3586efd47e075456

SHA1
a6416421f80b60b1e034b23227694005e7c8e29c

SHA256
d953c57293d433b292309a6e67c480ec1a6420d4d1ad08aa15f252292f873f36

SHA512
d5133e0c1d1f698757fa0071cf9ee98c243ce0826d3f972299a0c9c102a6c0f1dadf7cef5aa1d0d4f3d7490858d10f0fff0de98385391afcebdf753310776cd7

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
ab5e22b65547bd0f51733c65a7317fe2

SHA1
3154feee813e3a7a0e5b0394d14c7f6fd10e8ed8

SHA256
ed11a0e1de162704b9e128c4b21dc34de927b10524b2007486599c103599a262

SHA512
24f8fd9a93a0e4d1d40a7e1626e363bdc1ab147853e7610ae2221800bf44b1c6519f51523b2bccec72b8e8a5e8e2134f2c6e8781f7d8cf49d4573e91cd55496f

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
0b448cac0db67361ef824b64955fcb49

SHA1
ddf034873f21b7d4e3e2f1a363537e6c5e05571f

SHA256
d59edf7e6f66647d3735e0e514a4f819c6f701bebd6b15109fd15f4e5d54d53e

SHA512
c751cdd870bce34ef5edc6f5c1f0014b1d46ad9fc503a54923c2eca47d8e80895732b00050e80f34baaeb8978fa7647997c7159d5f8ec325cd37f4ca0e04c533

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
7457e01d8060923983a60d4ce16e071e

SHA1
2a301aefd9811a80b828075d30cd6f2463c8e7ea

SHA256
cb85f1553bae123b19457f606c14222c29240542026227743741c000a45208d4

SHA512
1a6af45b59d9906ff3ecc8314e6c48aecc32aabb5bb220a2ce6f43f3fb905f6e38edfb2f67d879bd4fb8f76f464a9bafae08a399a27b64c3ee41619558fe0493

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
b4a6e1f9cc716eb724dd2fdb0dc2c024

SHA1
31c6cf3c24f5cea6ed7e968bcb1fbf5f079322b3

SHA256
61f80e593e8da55e9a00bac0447e0b5c74b45a7b4a70b9f7cded9f5bc48825c9

SHA512
23f53ab447b567bd8a20ce12c0303e12e44dca3e3f228128d9e3d964e9f09405906520bcdeaade7b9c1716dc5875ed0e7a107a6a42cdf8f0de7fcfe253aa9eec

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
745c5071969fab4ab86418bb21af802f

SHA1
381b874dbbd08a3651900470f5fbd1bf475f5095

SHA256
35e213b24e4b26e35eb84f1af039eee7a78e79096ec957a45c1a444344b8c7d1

SHA512
e7ee63f851d1abdd0e02940a40b0d25200aa52c95ddc4bed79c86c4ffe50ace8743dc08a4e979f10c7f927c6998a209340ddc274873d9195bf8b6e1a57e599a3

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
118KB

MD5
ab19f84833edcb65821ea60010661bdf

SHA1
61ecd7cee1768a7ca8009fcc583c91511a374922

SHA256
ae36659edc957e308d402e76d71163ad1ca408e3157b686f1200fb3236629ec9

SHA512
7792cdc87c78bc4aa850b87c81c118b20b5967d5483342ed0408483e24cfd131b4f915b77c3c8fbe47ba219aa2acff0dd078fde175aad902f32ffb21d8c1cacb

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
4a687d685e0f308fa2b4d1dbb39c696d

SHA1
c59592f63fedb6aa1a3fd928829ec8826e9cf09c

SHA256
f29fee486276c208ee7cd75abdfce967ada7e4f6ad8dec788be8278026a67e6a

SHA512
c1d94863cfdb6d24679500820a18b55f3dc4c000a775f856b1d7b0845d208f89a55261ebc578098ef3a7fdb26bdd8b5b881ee225760cd2ef7a7eefa0ba755ba5

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
135KB

MD5
baed51e7e16e2674e83a458afe1e7e2c

SHA1
47a1cf85092f14f8f9a8ba94ee41eee026a8cb82

SHA256
556a6bf4fc9fb2ce56ecff07ae01c767e7052d5d72d923afb1f6436a76f0089d

SHA512
636832f7dcd4275d70ba2bb0663b817950778e94ff4fad4f5cc6d5acb819198c5002edefa1e58dd7787c0dddfe948a5ce873eb0fbcacff1a62eb65afbda3d2db

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
135KB

MD5
6deb0e7807011f657eb257112fc2fc84

SHA1
83fca82b17119da334e3bef50e7ee4486a3cde45

SHA256
4383765b8b7e5266c238e9f240c7b28ec3861499f80be97d251ef2c3d9b30bbd

SHA512
bade10a96e23425f6a9501295b92f2a51f69a8d57c628a76e89ae8c0837a5435aeecceb43f4e236c26e776134a5e4d9dd20e3f3c69550a8d0af23126004b0ae1

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
136KB

MD5
8463e9cd4b7f312b451f4f418cfd0653

SHA1
7594a5bb270e244f2d81df2cf173a9f1c34fd066

SHA256
b24a6ac85eb7d3ae187226572c05e364e2b71d0518688fadd101d631e8a6ea50

SHA512
8341732bca6bfbb0955e44efac1134e4661fabf8af225c0847b56a506e3ad12b873870592ce86db1f1423df1b9ffa5671b45230cf5e36d9fcf6a04a61a8d1b07

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
221KB

MD5
c0622f5b6e3aae54158045c64cd6b5a2

SHA1
97725b5b05f877290c805010f1d3e8df9fe130bb

SHA256
15d51650e8c5320d914efed26933a2a22022bac7d91e7b73be56eaab7239735e

SHA512
b8965ccadeee0db99b2f0e1881a3108b67c35d06e4aefc312f6778180461268873e623700d1e8e463d6510540b2d9b0ff7bd0a412a6e6934c6c53f00f2f9b6d9

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
5f6e77bb8b98efdd8665a80fbb0f15df

SHA1
2ce88d83a55b96bb93f6e07db238435b26b58d1f

SHA256
f56ab574a8ffadc62ceb7e31c4aada50b6cc77f0a7cbc3adf8ef800a8ba0a37a

SHA512
ba9d59abbfb1bc5a1c480c2c5f13b50ffdb527667949f2667dad974e0bc89f5a602581820e912f42a6aaeada2ad5a0e1f395b296f81d9c22eaaea7749fc3474f

Download Submit
C:\WINDOWS\setupact.log

Filesize
29KB

MD5
85635ab69bc840317e6b623388616fe2

SHA1
badae8c3a79ef21201454301ce2ee4023ea5dc66

SHA256
e5b3ef3d5560137583af5ae209367f2481720613bfa7bce9b41df32cf12c2496

SHA512
6326cee99b682aaafe0352e3a756e95a793a709a8800b97f352bf5641a3d3bc0a575a3b554871f9f4d7d144e043e2c02ebc9b9852a9876f0092c358a33edb007

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
ea6cb09243a21e1834f246044062d411

SHA1
8d920314db37f966a7092664648a75472f73c8ac

SHA256
44fe6b920cff5e8bb4c4f224ec010f8a5d47620083d4d2fb252e343dd784ad6b

SHA512
0de75fb95b223d959729c7874054a2127723de83d45c6b9cf775e2003aaafb93d12ccc846f4c9b7ce594440a465c02e7b049024af6328c7385a5dfd999c387ce

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
2fbd17242b608b917469bb3214e8e696

SHA1
6e13467596f901d3297e0d103d0e11ad2cbf7a0f

SHA256
a9bab39e29cd49e292a7fb3a96d90b85af29f2db2f9f6c4f8b6f9d518030c4aa

SHA512
8eeca0060f3ddb8b06af2fbe07339ced025352e201e33086b5fe31b19077fdb493b934f4316cb424308524e90aa879071e202b9f4e80eed59b412ddff5975609

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
851e720295280614d17f99c559446635

SHA1
a4e430b22c35fc4cc76fd70020eb24187b7376df

SHA256
a74655d491bae3558a451d8dad5a2afa97fb87922b6ab23d1915cc878d1f461b

SHA512
faa34f584cb3cf0a701f1066acbb39028502619572dec490eeda1ec4659691ef71dbc7c7a94ca4b9d0279e7ffb1a2cbe9ef49a982b38dc1f6252c5959b8ce725

Download Submit
C:\exc.exe

Filesize
360KB

MD5
9e4861645d0867ca16783c1f881e31f9

SHA1
59b08297365f46a476ccfd20fb34cff15edcefc1

SHA256
0fe15f75a0822106d3ede259d0a066a31177fe7ec35e09a15844918a02f7c66b

SHA512
7e78da9949c8966440028898acdcd176d6ba86ffbdc27cac6657bbc79d4fbf580c607a9d184699764efd264e8ebfa8aa4cbc94cc43216b02783d1cabd75120f7

Download Submit
memory/3020-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-1678-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-550-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-277-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-251-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-2240-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-1164-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-275-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3020-1474-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4048-1165-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4048-1475-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4048-1679-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4048-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4048-276-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4048-252-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download