16ac200407b4b2012c7e80ea57dfd15b254f7cfabf7499ee6405b215dfd780dc

Analysis

max time kernel
146s
max time network
146s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
Size

457KB
MD5

3d4d90672a3439a7130869841a30d3f1
SHA1

1237a90c9bd395370f5f2fd3385c9b4fb03cb4a5
SHA256

16ac200407b4b2012c7e80ea57dfd15b254f7cfabf7499ee6405b215dfd780dc
SHA512

b20cbbd845873cd307de70bba10dadf7ab24e8857d8c175280cb637ce72629c288a0cd6458697fae15c7f4e00425d147ad3533ceeae8171126ace2d1bfd0fed9
SSDEEP

6144:t515R5b515R5b5R5b51515R5b515R5b51515R5b52:a

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\wimmount.sys	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\wimmount.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Executes dropped EXE 1 IoCs

pid	Process
2096	exc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00070000000120fb-6.dat	upx
behavioral1/memory/2180-4-0x00000000022D0000-0x00000000022DA000-memory.dmp	upx
behavioral1/memory/2180-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/2096-11-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0001000000003e7f-25.dat	upx
behavioral1/files/0x0001000000003e88-28.dat	upx
behavioral1/files/0x00050000000055cf-46.dat	upx
behavioral1/files/0x0001000000003e98-44.dat	upx
behavioral1/files/0x00010000000054f7-42.dat	upx
behavioral1/files/0x000100000000e6f8-40.dat	upx
behavioral1/files/0x0001000000003e93-38.dat	upx
behavioral1/files/0x0001000000003e90-36.dat	upx
behavioral1/files/0x000100000000e664-34.dat	upx
behavioral1/files/0x0001000000003e8c-32.dat	upx
behavioral1/files/0x0001000000003e8a-30.dat	upx
behavioral1/files/0x00040000000056d8-52.dat	upx
behavioral1/files/0x00020000000057f3-50.dat	upx
behavioral1/files/0x000100000000ea77-48.dat	upx
behavioral1/files/0x00020000000057f9-70.dat	upx
behavioral1/files/0x00020000000057fd-76.dat	upx
behavioral1/files/0x00020000000057fe-79.dat	upx
behavioral1/files/0x0002000000005801-85.dat	upx
behavioral1/files/0x0002000000005804-88.dat	upx
behavioral1/files/0x000200000000580f-102.dat	upx
behavioral1/files/0x000200000000580e-100.dat	upx
behavioral1/files/0x0002000000005808-98.dat	upx
behavioral1/files/0x0002000000005807-96.dat	upx
behavioral1/files/0x0002000000005805-94.dat	upx
behavioral1/files/0x0004000000005706-106.dat	upx
behavioral1/files/0x0004000000005707-118.dat	upx
behavioral1/files/0x0004000000005709-120.dat	upx
behavioral1/files/0x0003000000005750-122.dat	upx
behavioral1/files/0x0003000000005771-136.dat	upx
behavioral1/files/0x000300000000576b-134.dat	upx
behavioral1/files/0x000300000000576a-132.dat	upx
behavioral1/files/0x000300000000575e-130.dat	upx
behavioral1/files/0x000300000000575d-128.dat	upx
behavioral1/files/0x0003000000005757-126.dat	upx
behavioral1/files/0x0003000000005756-124.dat	upx
behavioral1/files/0x00040000000059a2-152.dat	upx
behavioral1/files/0x0002000000005a2e-169.dat	upx
behavioral1/files/0x0002000000005a37-175.dat	upx
behavioral1/files/0x0002000000005a36-173.dat	upx
behavioral1/files/0x0002000000005a2f-171.dat	upx
behavioral1/files/0x0002000000005a29-167.dat	upx
behavioral1/files/0x0002000000005a28-165.dat	upx
behavioral1/files/0x0002000000005a22-163.dat	upx
behavioral1/files/0x0002000000005a21-161.dat	upx
behavioral1/files/0x0002000000005a1b-159.dat	upx
behavioral1/files/0x0002000000005a1a-157.dat	upx
behavioral1/files/0x00040000000059a8-155.dat	upx
behavioral1/files/0x000300000000851b-179.dat	upx
behavioral1/files/0x0003000000008ab3-182.dat	upx
behavioral1/files/0x0003000000008ad6-185.dat	upx
behavioral1/files/0x0003000000008ad8-188.dat	upx
behavioral1/files/0x0003000000008ad9-191.dat	upx
behavioral1/files/0x0003000000008ada-194.dat	upx
behavioral1/files/0x0002000000008adc-200.dat	upx
behavioral1/files/0x0002000000008add-203.dat	upx
behavioral1/files/0x0002000000008ade-206.dat	upx
behavioral1/files/0x0002000000008adf-209.dat	upx
behavioral1/files/0x0002000000008ae0-212.dat	upx
behavioral1/files/0x0002000000008adb-197.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\KBDAZEL.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDINBE2.DLL	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDTUF.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\Magnify.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\C_863.NLS	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfcm100u.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msvcrt20.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\console.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\D3DCompiler_47.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\vcomp100.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ctl3d32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\imapi2.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\NlsLexicons0013.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\C_1149.NLS	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Dism.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\UIRibbonRes.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\netcfgx.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\replace.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\vcamp120.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dmusic.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\fsmgmt.msc	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\InfDefaultInstall.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDIT142.DLL	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\uxlib.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cmstplua.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ieui.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ReAgentc.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\systray.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\WEB.rs	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\aaclient.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\DeviceCenter.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDEST.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\taskeng.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\ubpm.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wscisvif.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\AdapterTroubleshooter.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\C_20866.NLS	exc.exe
File created	C:\WINDOWS\SysWOW64\fmifs.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msvcp60.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\sppinst.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\where.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\dsound.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDMAORI.DLL	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc100esn.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\resutils.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msrd2x40.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\dpwsockx.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\gb2312.uce	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDHEPT.DLL	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDSG.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\iscsied.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\objsel.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msv1_0.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\nlmsprep.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\XpsRasterService.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msfeeds.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msiltcfg.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\WLanConn.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\srchadmin.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\d3dim.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\imapi2.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc140rus.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ntshrui.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe

Drops file in Windows directory 52 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\winhlp32.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\msdfmap.ini	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\twunk_16.exe	exc.exe
File opened for modification	C:\WINDOWS\system.ini	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Starter.xml	exc.exe
File created	C:\WINDOWS\bfsvc.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\splwow64.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\TSSysprep.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\explorer.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\notepad.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\win.ini	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\twain_32.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\twunk_16.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File opened for modification	C:\WINDOWS\TSSysprep.log	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\twunk_32.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Ultimate.xml	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\twunk_32.exe	exc.exe
File opened for modification	C:\WINDOWS\Starter.xml	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\write.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\Ultimate.xml	exc.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\fveupdate.exe	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\twain.dll	exc.exe
File created	C:\WINDOWS\hh.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\msdfmap.ini	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\twain.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\fveupdate.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "108"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "118"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "108"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "388"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "388"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "423"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426947698"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "118"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "118"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "118"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000002c805113b2ccb8a94ef4aeb4f8a07d4f225d82598181ac3d44070d9e4a3b25b8000000000e8000000002000020000000e6f542e0399dde9c89e5565659bfad4c9fd8ac45e17301dce0debdaaaa3e262f20000000358aad02512115a4916e4d4f61e747d5654ac9f1729a0010093b5c7a8f01ff1940000000885eef8b2d605ebe9243e16ec04c50218bd02ac8f73a4eadeee84e40ba1b95592ec2ace861f0a8d0afb17d354432346f0c14d403e986ffec14af0483ac4c304a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "255"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "388"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "8"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "366"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "423"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "118"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\avira.com\Total = "118"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "8"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.avira.com\ = "0"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3068	iexplore.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	2568	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2568	AUDIODG.EXE
Token: 33	2568	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2568	AUDIODG.EXE
Token: 33	1376	IEXPLORE.EXE
Token: SeIncBasePriorityPrivilege	1376	IEXPLORE.EXE
Token: 33	1368	IEXPLORE.EXE
Token: SeIncBasePriorityPrivilege	1368	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1940	iexplore.exe
3068	iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3068	iexplore.exe
3068	iexplore.exe
1940	iexplore.exe
1940	iexplore.exe
1368	IEXPLORE.EXE
1368	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1440	IEXPLORE.EXE
1440	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2096	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	31
PID 2180 wrote to memory of 2096	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	31
PID 2180 wrote to memory of 2096	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	31
PID 2180 wrote to memory of 2096	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	31
PID 2180 wrote to memory of 3068	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	32
PID 2180 wrote to memory of 3068	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	32
PID 2180 wrote to memory of 3068	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	32
PID 2180 wrote to memory of 3068	2180	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	32
PID 2096 wrote to memory of 1940	2096	exc.exe	33
PID 2096 wrote to memory of 1940	2096	exc.exe	33
PID 2096 wrote to memory of 1940	2096	exc.exe	33
PID 2096 wrote to memory of 1940	2096	exc.exe	33
PID 3068 wrote to memory of 1376	3068	iexplore.exe	34
PID 3068 wrote to memory of 1376	3068	iexplore.exe	34
PID 3068 wrote to memory of 1376	3068	iexplore.exe	34
PID 3068 wrote to memory of 1376	3068	iexplore.exe	34
PID 1940 wrote to memory of 1368	1940	iexplore.exe	35
PID 1940 wrote to memory of 1368	1940	iexplore.exe	35
PID 1940 wrote to memory of 1368	1940	iexplore.exe	35
PID 1940 wrote to memory of 1368	1940	iexplore.exe	35
PID 3068 wrote to memory of 1440	3068	iexplore.exe	39
PID 3068 wrote to memory of 1440	3068	iexplore.exe	39
PID 3068 wrote to memory of 1440	3068	iexplore.exe	39
PID 3068 wrote to memory of 1440	3068	iexplore.exe	39
PID 3068 wrote to memory of 2740	3068	iexplore.exe	40
PID 3068 wrote to memory of 2740	3068	iexplore.exe	40
PID 3068 wrote to memory of 2740	3068	iexplore.exe	40
PID 3068 wrote to memory of 2740	3068	iexplore.exe	40

C:\Users\Admin\AppData\Local\Temp\3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2180
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1368
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1376
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:1258517 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1440
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:472088 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
36465c6b59daffc31b3e402ecfd56b63

SHA1
822485859d0e181e85cf6570fe44d051fd3438ac

SHA256
81003bfaabe34d475c52c9c5555debeab21da502b438a62b93ba1688b7aff6a3

SHA512
f07b3902c0f217ccca1e478254c39dd4a6c14ca71ab23e33ccc4a8813b1c708ebd38f8d17d38d6ae6c5d0bc8e1c3ef0464933b8f7bffc6d11aa55c84a3cc6819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd17072e2f5818971ae56c33b6d8612a

SHA1
c6aece3d6ca398444fa22edc7fabfdda3e897b45

SHA256
33daa3dcdf5446c5283d86dffcd462a025ee8642953a9af44036ff5c06c14b1a

SHA512
f7aa4008c194ad62e0972e51f25608657570c010c0cd58609f35f287f7f9f7ee2b13b2858ea7feba162d12ea0a18a8f825230870a11d3190b02337a191e00f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a7fa822eb81f743a313547b14172c7d

SHA1
1df5fa0dd70edbc235b7adc9c590a8d7edee7111

SHA256
77038558adf26d0ad6e7de6edd12d26615f675228ac7fad02c4216420b2fcd73

SHA512
701e47f5ec33af42e5009281891ce4767b7101be714857687fd1aca252944b7f728b626bec294b177e0b9cfe63ee196f37e5805f249b4018d460ba97de06de66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc41bf824e9aed0575c5bd7f08037ac9

SHA1
6c2b43e7bc82d2e43e951ff7301ce2e278936f85

SHA256
0d96e34ebff85523d717be71a2cad2895db3b65a88edb1d05a828d54836f2f07

SHA512
e78333eb9ec949ecbad203446fba728ade898084dcc6e3df2dcc9c5b1334d26b1f9b553d5069e57c2e782ec779b093bea6fb0df94cb2f6ea69d2b9a2da6db9f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63e45895268afbec4f9010e56e9d5d03

SHA1
4755cbb2d06a93a46dd5c8de722f2a3c46beaa8a

SHA256
b125eae65da5f3355c6353b1c639e6681be9566a9ca5eef93b972123c28e80f5

SHA512
a3b61b0ab58bb42ce9df4238eba52a157b62852a8fedca389abce5c2d15fe8a739ef8819c70306f74ae9258c30fb61ec67a8c51ceb2aaea63cb714ca850dd4dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d530bdfba306ac60486bc76d75974ed8

SHA1
92cb477269569054764eb2c3eeaf16709ae90cc8

SHA256
09449181e17d1602bbbb07f722e82bb8d7d9381a205a44a74712e97f36cf5108

SHA512
134383135bf7c5e26e4de1392a708266fd21da26bad13da12338cc940969665f126143f5f12a37a46ececd4056444901799f486811f13fcf7f7fc2caaf377ca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ebcde77f516a8563c8e7030765ca427

SHA1
080e60b198fac9a456a6b20bcde2fad27b82604b

SHA256
d45c817158a5541670c55323414464aaf01888fe94c4f40a7acb327dd13e355a

SHA512
117d49289a68cbf63b3446892e4e55efe573ce1badb6ecb9876941de54df48dc25e087243d03e37b650947e19017034f11a1baa7e35f2d6a67f8fc6997039e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a959b0c618e400d5b8aa5fbcdef6525e

SHA1
f33bfec385cdda804f44de0e92254baa41edca52

SHA256
6223b993b4d3de02384b79c8f472420c1df506c0bd836d4f685ed2051d86a18c

SHA512
201a5dd9f26214e8e6715fde2e024b27e930eb1c340cb0191d5be38976a03f49a02826da2f62bad1c2cf1e548fe2f57a2a7931a690efc01a4e447ebebbcabd45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b385c2c6ce323488edfddb42903131f3

SHA1
1b73c9e3cf11ec9f9b6a0704ef4768bed6b85ec7

SHA256
87f62c966a8a0b63bb278db9427f340f6ae2b77d08b502f96ccc33e86a67c48e

SHA512
e1641645997bf793919c4cde63dd7a89e5072cdfecbf5348a936843f7982475f93d4576e2f14795fb6970ed44bee067c1e7bd4f490dab05c5d15b746bd25b65d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e23a6893b90e3cd605e30d4e6330727

SHA1
d105f990c28ec3ac661e9050011f7bda91873c25

SHA256
4484010358e6ed937e99cf689051520d42d76d2cb1610f28470c13a1f51457b5

SHA512
a2c3e960623537b8a0f63c25cb46099f01aecd248bf1bb45e1060b4252165e58ffd0a472ec0ed06047134a9580593b6b00c2b0eff637d92ecfc1166fe28bd753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
431bc69ac0d47c380e8bed9b313063b8

SHA1
ac937247abf662f7b588908cfd047cb3727cfb40

SHA256
e0f423070528f08e7073b07e672dc3456e72dc42661bdfaaa94b2d05118a573f

SHA512
cc5af01ee96a5a51ce26efa7caa1375a0156437c1f9f2b573474641fab53d4c5b668818cfb28faacb0e35ae00314037293ab8820eb4f6213ced60da92909f10e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d617629422a1581f1aad078730a51203

SHA1
7677e10d7499fae4f67177e27a71975c9dc0d3ea

SHA256
077b03e55174760a2d6251b64d248330b37165f49d2ba32382586b52cf1067e5

SHA512
c6e56c9afd30df5ee5608853e2df361cc4b9497f2ed71e9575e5827b8d1935800577f4eb55dc60ac486826bb2255f641dcf374ba3efc86584510f351ea623d50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11f50dca45be22de318104c81559486

SHA1
bd9053da47f4f32d7bdcb93f17a81e4ba54640f6

SHA256
9bef31fe9b98f6cefd5fd5499699b4903e8ef8bcb755d5c738fc3370e846f6b0

SHA512
04dd605113f73adc555ae7c8fccda0fc37c25bfa691f572b352a86e03191213f22cd03d4fb8e418b9b1ed4a5c6c413af1b238b1e0b1b09faabf6995a5e457257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fd906d27b4b602f11eb291288c63a23

SHA1
96449782d5d6fa95829f7c3cf133ebca610bfefe

SHA256
246fd40736058cf4982cf75097e58ee9be9a5d461a91e4898f43bd1433da83b6

SHA512
7c0988f6579fae91402ab8172e3741a139f97e04d62a84a6e3a1ce184f4d461f219689b9fee3056673952b1874a026a0380668f1047b171f8f85bdddab205f41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eda6c0c7d370f3133662d3f8650cbd1

SHA1
69fd8bd6b34dc48ab70484f71d2cfbe3f18032ba

SHA256
d015b3777f5b309f391ae81e4e4a1eee38b2b0500067dc1bbd5d1883c6c240c5

SHA512
c514d5cf28b7739290895f4e2636ad6e2ebfb9aa8077dcd2d7e49823006b58f756a5c462555eb4d0dd2a283dca3e583a05a282e9f17805d33ea6482766069ec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62415965a9c50962c3030cd0343e3135

SHA1
a5072af063e352b5be8b3ae71c0b379b6b3e8b1b

SHA256
cb33dd1a9df690fd068eeb681f609ccd6e69be3104924db55a98476f3a1d2c23

SHA512
0ee2dac4d8bbdb4280b6c204a80bc079921b2d63076de81abc4a40a244e73b30ade4ad65ee9fa0682d5852d3264c183e1575d014bdf46a4df59511d763a8fd86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6238919bb836d39188a3ecc948f1cdb0

SHA1
92af40a5fdd1cb5056fa0caee714863735be4d82

SHA256
e0ab5f1632c3f5002ccbfe090e257fadc57dd91c62c10abc3a56357305d60688

SHA512
12d7b287dcedbe26d2eedc8f0fdf299a213a3f78dc57c950cba87751017ed433d7890fa1894dd5c85f8013da4b475bc2231171146da8c9b259addd98c808cee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37fff4b0ae4243ea083eb94646233340

SHA1
5d4fd3fd8e1d74029ad90e90bf56b190b43231a1

SHA256
9f162188da399231bc5b0ca1b18c1cae08c696bda16d5bff83482e7dac003a60

SHA512
54d28d4522d5cf1115a81bc871abbd2fb96fdb6c0f8073b5f978dab8567884691215c51834de4d0976abda0651bde8f408f7775bb8e8bb04b2c8de2f5f1a044c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cf79fcb373c7575c8001af5315e3fd9

SHA1
bfaabf57aa918fa4e40eea0f9ea7c382b652e2f7

SHA256
593e5576f0e925acbb355ab1836c021a8aa33b99792d22a725777615fd5cfb83

SHA512
51a081504b5258c75095d84916164639916bd50ed031305cba18e94cc62835d6f5bd34c7842a95f6554cb918ef2d6a7ce86024a12f5055c75a62e20c0433f313

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3d1d9b461cec3f84ac2e8d03bfe8a09

SHA1
bb93d6f2d59d08aff34afdcad4728b96b2b06e9d

SHA256
e35471f2070a86d11125694aa691f1236602d0140612cc54f732e1c0ca7ff27c

SHA512
3d8ce9802a3f4f43b2494a34f9f8f889faa122ec16bb8fbcd0d839fe4ca13767f06fbe4ea35b6954b0427240d4895d81e27cbe9ec7e12bf484dfbf0fa2fe368b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bedf72d80042348488b6d6269781413

SHA1
5e488c2bfb4e1aa75029b23eee7957d171b1a53b

SHA256
c025756a5e05a4a36d47e5705266b819bfcbe603398e1e405f1166b74aa467eb

SHA512
ec08edfc0f994ecb817186923f9ee796e9b67df62e4a48a3bea31f155af9a1de5d66df401d1eeb070d178d515bc69e51a7c37165f7de77ea883568c957235fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BGOGJCSD\www.avira[1].xml

Filesize
224B

MD5
2637a289da2f62c7f30e766fc868d626

SHA1
6a217e69bbc1cf396d3cb64bc731876f8a30e7b5

SHA256
1b11a89454ff01ee32f0ef838dc2d836f2e9414fc1a0122a16d3d0608d9b109c

SHA512
b3dd8ed80be57e87e1d19aa70694bceffd99a35424866a131eda41eb6bb7d41799c76844c61735138b8982881c039ae867b2b073e0ca756ef5be2ddfca502a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BGOGJCSD\www.avira[1].xml

Filesize
437B

MD5
a42e5bd16df3bb0daf50df0468a0ab8f

SHA1
46fecd07ed374609648cae6b76e84e5611e9da00

SHA256
06c5515f8a99b9f00a2ccbcd6c778948851ea5884db989c6f97e98e443b57752

SHA512
fde10d7612fe96de18a39f27e23f925451a4e60d8518364d27ec35a7da2beb0f49fda17fab73afd62241b829c3843478c8d57cf0ab359700eba7a602e0d4e599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\all.min[1].js

Filesize
178KB

MD5
973473fbac1c0e0cd82cf83bccb7247c

SHA1
f4cae9ffba8d2ad240555ef9716aaf33f391fa22

SHA256
b1a2c56a4fae2771514476846f64219f23ba473ae10cd0accd1203c9ccec6e22

SHA512
7b1660a2c6185be9e6bd7bf186b54ec53e278f5cd7c0f6d94ee42d75cc3aa3031fa610a362f2dd2f640b79a2dc9fa03737f6bff64d1ef8c96d010de5c511250b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\jquery.min[1].js

Filesize
87KB

MD5
12b69d0ae6c6f0c42942ae6da2896e84

SHA1
d2cc8d43ce1c854b1172e42b1209502ad563db83

SHA256
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

SHA512
a55f55d56899ab440ef0cae17b28d5cc8f5b9766d1e9bc1a8ac6b89376924b476c1ab0c325497eb5d44af41f4ebf8eea236d87a36902244b8a3eca54994b8711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\ouibounce_min[1].js

Filesize
1KB

MD5
0067986dd93b7869e9dd229ff44251ac

SHA1
3e89404238b959ac1d3c113b21cde64ac95ad267

SHA256
b74c3b8c5f786bcc4aa29f55ca0b178a0e2b5fcc6da3057a121bececc1b572ea

SHA512
dd84f6d85c350145b8237c30ee644e53195e5ff5a11d8d6e87a65b58be5b472a8335cf1413c5107f8a2d4e272ab69cd711e49ad82b77699ffc8298d572ccfd2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\OtAutoBlock[1].js

Filesize
5KB

MD5
d20dd37c0551ffb1ddbf07bb14eb8673

SHA1
ef2d7f3f351d4f066b9b114e45ddd1fff86e9da9

SHA256
2dac11b6349b6fbbefe783a2cea3f35e8a9f2bd7e88a786874c0928700a9ac70

SHA512
5504c2067982eb19c8e4aa929171d3b4d2dd88eb059fa4716b83f81e72fa67e445868a6c4715276c4289c931ba9366cec4f839cfdd4990c4caba76f16628b6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\avira_targeting[1].js

Filesize
13KB

MD5
3ce6674fa9a054e053700e5da7dc7f55

SHA1
48cbb4f34a190e35c5fb5435806de0d84f9014b0

SHA256
20c2afd6d70dcbc78e9995631dd355ae1bb8499e6f6f8ffbfd916f5287ee862e

SHA512
5a8049f78819c58cc38db5175eec815895a2d4b403dec2238d09832de962799b793ba5a4a02eedc661dfb7cae5fab3ea9baaedc09a6d8973340334f02a13fc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\favicon-32x32[1].png

Filesize
1KB

MD5
13e4a579c3cfa586f665ecd794e0462c

SHA1
b629b7170f76734c495630191e665b6a88024268

SHA256
a961b4999fbb3ea58527df10b36cfd5c6ac7cf9fd12a0ecede32a8f7f48fec30

SHA512
813d424cb854ecda3bd1cb73e87af2e1072364e5e6345e2a7ff0c93cdac34628146786f1f5fbfa869b95d72ff0071414af13c4453545e76b3f627c1343cbdc8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\gtm[1].js

Filesize
472KB

MD5
c596543d8851c893dae9f749956d592b

SHA1
0e322627b39180896b68168ef5892b99b360a8d3

SHA256
d90b890202ea0f6ad16698b8eaddd9dc60bf86e37a4e358251918e311693be99

SHA512
b8cfdc7c37fdd8989b15bce4db9c09426c515105d8e6b386a9280c943b692bbd8979b88a889e79c7b42d3e79f489f244015358d0e342086d9965ed5bf5da71d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\avira-global-website.min[1].css

Filesize
624KB

MD5
1b90822ba21625b02f9e17b3124d01dd

SHA1
9aa240d86b39e2ebc6263bccf2325674b1f488f5

SHA256
093ba3cb28fd20ce50083ccaa5bff704098fbaf3c3dc8fdfa128c8f23ab37807

SHA512
ebd4a5cf91fdcbb3a35cc0ad2ac99e4917d3bb9b290ac64df6999eb5e3827aa22a450b6d095bf3f10e649bd1cc83fcf00dbdda66e79181c5b39b18570184138e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\components-all.min[2].css

Filesize
197KB

MD5
02d116bce543e6bb4fd3834eb5e3ea3f

SHA1
84923d89ba1f7743cc10a3f80afdcfd845de5295

SHA256
3f858e488c447a1120d57c6b4ec77b74d35a142ad89ee7570a53b63cf7d4d89c

SHA512
2e222c3ffd723f3df119cb1cf525207481d10059a723b7d2a3ebb126f49964565c06d4f8591b9617f6a166b2cc84fd160d1a93630426b72695c163447d66ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\gtm[3].js

Filesize
287KB

MD5
1bdd8908d18ec1729e38f2c28717fe4e

SHA1
5de5577de2c9ac6cfb616274e785eb1ade284baf

SHA256
cc3fe5b23721a23ae6f6fe1685859589c2f5723f2212b90cb07d1747ce3d62e1

SHA512
c748e082a01ccfdbc5f170d418ee36b97369e05ea757357b67c849e085829ce2034fde765ab1c31068d4ffbeded11c28395d5e32c2c524146c3847839d371d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\otBannerSdk[1].js

Filesize
421KB

MD5
65d6272013fd813bcb3bb059c3611dad

SHA1
f3d451ec0b826d15f1d7dd7b6f3f56f9d5fddc4b

SHA256
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437

SHA512
b800d2bb9d3100ef9baa8f095e5f574ee665414664ced3f9e334725ac155a419dbbde7f242b21e8868038dbd9e9f1eb4ae9dec39b3c39f98a234cf9c22cab400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\otSDKStub[1].js

Filesize
20KB

MD5
5c4b768820444afadeac19d7ed7902ae

SHA1
b3fd3a19ce89627dab0129976956fd3eb11749c8

SHA256
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2

SHA512
4664a19499181d9d8c1a60e2e727293423edc33b3359a3a585be215bde914c4425473e8532a7bb2e415c845057e61f1833c1ae6b4dfcfc474bfaf7e27bae017b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\9F3DH-WHDX9-7CG66-F4G3J-99FEC[1].js

Filesize
140KB

MD5
b1290dfc24cf0fa7fc8086f1b9dd99a3

SHA1
9e3ff4c4b46853c46fb8f6bfa46939b92b1bcbb4

SHA256
b38b56cc66465707f7a28c32aaa60859276bf30d268eb6d3a90a02bfb6d74ba2

SHA512
f3fad1e09005557fa72fc402fd3024c15350a5c30a3532989253cd4e9d1523719b7c7c6a5ee673a2b86b61519c7e3e73febfad60527f9774f59ea60feb7288b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\one-trust.min[1].css

Filesize
51KB

MD5
39ad837e1a331dcf6654116073a3ee0d

SHA1
05e7811d2bd3ccdfd5bc1ebdf063c86cbd1a4e0a

SHA256
7a905ec7808e96434796bb7c6876f39c05f4ba72b2c54cb27e9e87a7fbe7127a

SHA512
32555fc33526c8e0aee77575cf25694ae81358cfe2105720adbf96f8f9283ef1d113a1781709d2123e61518baf3cd0a8eca4dcb43a193b2b13dc119b13f470db

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF6BF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFAF5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
21fed892074147956c1616fc3d199c59

SHA1
28fe13de5a80defb52e0984ed840ae8b83c997f0

SHA256
c01fbaeb4faa6ac37a475eeec513afad2d8c4cd4e20063cf8985e7c4c5104a5f

SHA512
aebc844f26b420bf287a6460a732667e69424e446e685bdc9bfe00d7a1a8823de406d431a385a7c20557c1d535adaeff760ec88b7d74b345b14b672346d41b1b

Download Submit
C:\WINDOWS\PFRO.log

Filesize
60KB

MD5
105ac2682cad85415237ddc0efa47d38

SHA1
6f2888373420ab3fdf42400dde355d92ade0b71e

SHA256
47b58072d81b2a70deb3edcadfe56a8e0a130fc1d75c64647f61b7843d91f1d8

SHA512
98521ee18c44636309f3188122b141d27c8b6af094c2384e172bdd35f91846a747965170a4073e32434a9f534cacd5836bc3984c9100d27b192b1365108467c3

Download Submit
C:\WINDOWS\Starter.xml

Filesize
102KB

MD5
000373bd1c237dec842693aac31c2471

SHA1
bfb3406375192c3fdc9ac96fc56ae25913b42e95

SHA256
278af8759256458b0b3472331af2f36c02daf91385d8f6378d0ec6565e307807

SHA512
6e9a3a9926e7ea56723c8a115733bcb4435316df4ddacbfededd94ae63d22f5ab4160147c25f49422cf30a6837245a6b2343bfe4d7713f949ff5e8442f8a7b56

Download Submit
C:\WINDOWS\SysWOW64\aspnet_counters.dll

Filesize
83KB

MD5
1d7a55a0aea534526c52ff200134c882

SHA1
20155cfd29891e210563b76498e50b99f8428fe7

SHA256
3c966d80c9c2d9b337a557097de78792747e33e9cf6c885cb72b6d5efbfd1e0f

SHA512
5d10dded2e5be206989129b47c3ae60cd860f41608c209c32f00dce258f2cfcea32bf33d45f48c8dc6b18fd6280318d01efaa90ae529cda6e86c968ba3e5a432

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
190KB

MD5
b6a3c8836b0eef9aa0ca567e059db67f

SHA1
77bf551c1649978e7f1c175f76f0c5eaba604350

SHA256
d9f6f5605939e11f633f9490a21be6cbb375e86d456009192ab608cad6db9dc5

SHA512
f6c1609f7cbea20e00d66e3afd02d2375da1d07987cd29f359583c6d027f616b027068c9b0deba2c898e16f1930cafcb62503cedc5d6594a69a9ef6ca78c48b1

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
215KB

MD5
4d4a2cd400e5996046531f3cef155827

SHA1
76340ed5a7539a23e639aa6309696f29460bb355

SHA256
813a7aa333ba80920b605a9696f7ccc5dd4c92b5eb238ad230f49cc891f51a2b

SHA512
5f8d3187e963661b274203f18c093f0f93ccb706c14ffc228f46ba9b3b52c48189f17931b10a036a5afef8483dcd465c3effd6b6bfa7787c758284ad5948ba78

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
4.2MB

MD5
ef782e6047a38545e1f8451469bb2d22

SHA1
5d0219e2b63247c0b38500f03b746fe8c06db58a

SHA256
cd0b7ca1009a0aa50133efe4375cac807fb65061841d0ec0c77f27488e7c3f3f

SHA512
6e18123bb16ac2a44b951bcea62800dde16ff0aef2896c2853baf50a24093454c5e812fa8a93ac43c3747c06fe2b1ce44f5ade98593809b0bfbff8b156e119fb

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
90KB

MD5
34d9832f7e4b00a7b8435ca5edca3c42

SHA1
42b4c55b8a838cc50dfc75ec90d194046f5c3f2e

SHA256
ccfd5698a12828f85b7c457b42eba0ede29e0f2434632630d07e760add91bbe3

SHA512
694150f7203e4479e78ade812b4ac3219ef92e3195aa48c074ad8052cac93253c901387a226c671b64b8052832f07012dd39f75aeee698082382f6ddbfa84e39

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
118KB

MD5
85631e9062b87ca695f4a65f2125e458

SHA1
4b18d5f9152622868ea909b1204b3b241d06f84a

SHA256
1c0395297eb155b282317001b0a413d892a782c240d6384c7207ee9e1382c5a2

SHA512
2577f355b9f74b6b3c5f94c122e485b85ab9fd70ac5f462cd09cdeed3498ddd8df0e3d8c6df43eb5e7057882c0f8040523213a7f1559a7dd02b24374f41350ea

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
2711d0d3860dbd266fd811c405b38da4

SHA1
fb11c77ef85c0046588225e73f96fe079d57aa03

SHA256
3718ef1cc53029bed82fb14c2057a38515841e07f5a6a57b05a5ea084b38a184

SHA512
0309dd7e8d3a93d63ec68f591f88e19092e7cda378607b6e8edbc9c2fa69e56357752f8db8ee8eaa039d423f729f74c366630c716197754337a3b7bd092cd12a

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
90KB

MD5
51fd2b6d491a165cbcdfab0bd423f5b6

SHA1
4f214ffd779b019e91f102efd08d88d178ebc03a

SHA256
f44f95e6b40da8f0d89b43a3753187bc7dd5880cc204f4d6629b8ab6d69b9770

SHA512
4a07c7b0da65515a9c680590473af4d14507bdbf7c43f1f1487d00ce1ab7810e932e12be0b3f6e2f5f94a68b4eba8ea9885a7323f91ec41ca3ba1ec10f56e3c1

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
4ac9e7b21419db83db4fc471dce537c0

SHA1
d0f38d005ab9ce7015ccec1d3945081e383b43df

SHA256
a23155ce96fab5b3acaadda5ab792cc0b716fcef0a80586aa1063541b3a54b4b

SHA512
6e6184b613ff9408f3eb15cdb08b628d7e5d9a2b25f8cc946f7ef29f275db8d2b782e56341f6ec95837dbd07e8bd0891ddf92a18aaf236f4cb769450c6413e4e

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
a00cc4d882e1e90d8c3d0c92b2823274

SHA1
a0e40f776a560bda3a8751a8e76a5c1cc012158a

SHA256
a0cc313f4b67fa7ad712b624e1edb402c16d3431e9e28691c0ac5153e1d88051

SHA512
6662b0c5f600486faadd2c05515d2b0c4e35f102122dae299b8627654346abf11765e6b429891f32d41ac7fbb28e75c9cfcbfbb7b5527818919650dbff6202cc

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
97KB

MD5
bdae1b9791fbf53c59b13c17eb5e271d

SHA1
9b8aad7557af0cbd8d765bcabfa7130c96742908

SHA256
73e61cd9f5d17e94dc1a655d110c289d24bf0a86694892ee57067eb65fc14c8a

SHA512
9c292f00b68a0c3e03cbae75fc7606e4f3912ea90a8ed501592ee3cf135df9f5ce2cbf179087237f011756f28e21701b2d94f69a36f831618d6ef8d047adea2c

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
114KB

MD5
befebc1463610f3724c99efc9252dcc4

SHA1
62abd4d1c2950df007acf0c1fa815dd148709e74

SHA256
01f156560bd32b6c1ff781de763c0e1bc7beba0891514b8d2e109a2b350917ff

SHA512
6fccba6c6521da793bb13f5c34bc1a4570cb5bce1c63b498fd3b688f471ff35746223e29fb63177858d78e529764ddb2e413bf4c3f943338385cca41338d8142

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.3MB

MD5
e2bea6b1020b8f15ea9473d914bc90de

SHA1
8b33ac0b04c6e672984eac509b0ab56c5bcf9d21

SHA256
b221d9b7352c193f7ba24c16e8e894ed6801b1f3ce7d2286be936e725e787286

SHA512
947cec70b13416838dff0e7e7bf6974f53ec6859d2b4fffaf209e93d03279e2cce20c4cfd4a9959c8857b6186f76964d843d1eeb329ff39cc820f6b2759a9be9

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.2MB

MD5
e47c5df1c56beaf1d938affbaafb0fe9

SHA1
2d6b2fb6f09e843f050e8dfdaa4b8084f401988f

SHA256
a680b89eb317fa5a7a5f8023534a17d3a3b9e287dd811cc7e8845ce09aa313e7

SHA512
118aea2c9a8674e0942fce52908ee8df82a9a8b4c2c6bfcdb97c6b16385bd5954122cc1a64e304fce17e23e4b1476f939b9895e8afc873697ba5211f7703d45c

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
100KB

MD5
5154f37fdbba09f555e6cc4aef87b91e

SHA1
67938d36167316bcff097b56fe49e81824aaf1c3

SHA256
d0c92b45bf43e8a0064937471cfd64b398dfbed2bec1fd6c7c6a1e0587067bf7

SHA512
3032a7f2dfaeecee8a6d21fc20f5ae94f40f759503f626bd792f19858f55ceae86ca8dbd6e6f0e8a828b4ab0d209ddf72f34516a46c86f3c7bd83175582492b6

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
b10c0e8866fb35ca3b82475f462a38e6

SHA1
79fc13acacc441daecab1b200e62de3a6682dcab

SHA256
1e3aa0ca0da93148877299b312203cb8e727a694d6d069867185a969263bbf58

SHA512
d5f783837a0632807a9388bd30b2949a53648399fe74bf573ded8925ab8dc4a4bc90565b5c85444e0af19eaf45f4c9b389f3e590314513b90a30bf37b0f403f8

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
128KB

MD5
806d325965e74066f01979939099e810

SHA1
3f90ea4d7fe7f0009498a9d0bc27c89a427344c9

SHA256
f22a00913514beffd7f5af9e13a4d703d0085fe6879474146eae06e17a9f5136

SHA512
c5c0a9d24883b522112a8f9ca484a61f0fbfb77fc418640a412b2b5e652161692286c3ecf7f22ace667175594575775ca30e4adc63ecc6d60fab48a4d83049e9

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
19b128a55bd28e35a201f48274fc02e2

SHA1
a5cb6f063a485eb0e764747f37047e1b56f9717a

SHA256
23e34a46ccd433d24d1a2db04b94dcd356c1341eb15279b122558fc3f4196a51

SHA512
6aa468ad4002477b9d7bdd9612320bddad8ca142084889e050dcd7966ecdb2f90263f266775039610c1419aea2aaa98331d5ab70d732948484abcbaa15da70c2

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
127KB

MD5
cc1b75ff81b4c3ea0d535788a176c1a8

SHA1
bf27796191f1042488d797487be3ff7b7ba0afdf

SHA256
e9ff09e5b2fb225fe31879d1fa990423e40f2a829d074efa51ada4fcf5bb5a97

SHA512
302a2a742f61610af74e0bdf18aca31679dbc58a61e0c3f6055b7b596370d115413ee0c424d23ab668a6a9503e4c7ce599fb3315ab0fc4debd04720a7e5f85e5

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
2c0362e6821f73df0aaa70c02e7ae883

SHA1
873890efb10b7766f96a70169cdfb74ca0a33c22

SHA256
6ff07bcbc6e4bb0453e2b6165e57cc0577d5ad4488a893b0406648bc7e73d64d

SHA512
8ec63aec82abb2aecebfcf04c884109951cffd3ee11f614821fe9e30e01f266993d97adcc18ef8eb9f0a01ddfd2e690a0884239827134ac854960d040ad44a19

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
a46b8dabdb839c80bffee0dd6bc84dad

SHA1
a72b29c8961bbc574f33bfb901fb49e0491d7e44

SHA256
a8ef2016c16e5f99b7353c867b05d856f5023eed848a0062c83df9bab4f72d59

SHA512
a31229d2fd732f4beb1db9e8cfe784d765ee02406d32087b68eae2345d8e2a6eb95e510c6310640994c083b1c3575f472b7c624fae5e2096d08ebabfbec4b464

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
73c02fbf31392d91707fac8c4faa93dc

SHA1
f1a4533a04a81de23abf29a7b99cbe0d0648de32

SHA256
5ec62d2d0cb50819101c6a1cb4aac9a6a4af0054ac817d0adb47b58de8e56523

SHA512
ea73211e0365e6d32d081dca59f91a876b60fc27b1087ee09d1ca8f4f82c26aa428624aeefcf2fd8fc86c7eb231fb3cad2d2c7c5321d18168b06c200b3c41bfd

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
208f39c32e742c89e94c52e045dcd352

SHA1
6f4a11af93a331a27fda5e454e57cbdecad0d434

SHA256
5f0b9ed0272e93d91a0745b28bf6c31472a0c4bd7792f33830e6741eb77c5aac

SHA512
48533ac027ac70eb7ab1e1969712a2417d2b500b845648102fc496acba05dd3631d9dfb2a3794cec1f62c326d64f764b9f5cab089cc2990ea0bbba19e15fb7e8

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
cd25d2ea287ac1d2bd7e85deeb1a4c1d

SHA1
78d24f6dd4dd51ca7fef1bf8af14ce055f4c08b3

SHA256
a39f0ea833e6d542cdba3d0bc8bf785c0072c592c43c42f853284b554a487295

SHA512
247333165f79d17603a894a0b95790ea31f1b5f43ae119425eb67b272fd07f00176d525f55361d09f7e143a3900a2d2d3b4d6a6b4e7aaacbd8e56295520b2e96

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
96492df734e390fb532a0e213fdfbf79

SHA1
d6b20d56aff1358b26f3e0811b6bae055d6006ee

SHA256
c65c832e83c646c59ab683fd53edb9afe4538f681f581cefaa67d8b3d9e57be3

SHA512
a383f3071b7350ba4a285abc88218e9961ef7df1cc4877e15d211e5d950310a2166197d4c92c929838855239349e161ac637e646d79b726aaaf047bb1352cdd9

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
c7e3e4141f17234de1dfd0e94dfd50b7

SHA1
7b2be27e445e37e67b6b8baa1d49ed709ae335c4

SHA256
6ae100554fd0eefcb305b3f5c52846cf535fdc381696e84f804b77e0344b50a8

SHA512
9dd7130f07310c08acdbaeceb62af9606f7d02d10880e77aef5438399a0cb75bb4612b07041c0421c6824d1d1d7ac0b82be8497a662b65cdf4a9b9e8cb09c07d

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
3d89f1e5706a57adca3859a1666b59c6

SHA1
8410ba871d0782fc6dde27ae330fcd9db068c807

SHA256
0738e80a6303ee5c7d61af77c47826ce2da2ec4830f441dc9dae722d7b1036df

SHA512
3fa29153835470675cffbd4ff025b4f347e7ad7a1b2ba5e460e20d68cf4d80e05ad89d77069ae2afacfb4fc6373ff22e8a327bfda0e9a823eac583115af0443e

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
654e52341859e4956791a3e62039a010

SHA1
9238952f0dabb4bc80e2248ab7b56cc1ff895bd5

SHA256
9d5fb97d5de2e1b605bfc4b63b1079b475774cdd9e95b7aefbe50b279f9275b0

SHA512
a9c6f3ff04488c0489b9c92d735267191249395a42b0418d378d93baf194b5f980d39f1d713844fc67d2fed1b8df302232a9c547fbc5f612be3c50e1dc4cc06c

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
13d6571e957ea8c43951bcbda2c3b887

SHA1
496cadb296079bd5a0030c11b893af1da6e563fb

SHA256
f22e664f61eef44189aa81dbf911ddc839ab54d4a6c05ed6e28ff49173e3fdb2

SHA512
8ae6e2a51845a91febae851f16c0792749b07d49b8ac2ebbe6ae0fe3b98dd7efbef28bd86bb97b392a7e8f0e00e4805714bd61e534195846245d331d4186d0fb

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
2a37bc34efd4cb8cf7ca8f38403a3188

SHA1
0a85b18210ac8a92010bf4bd98cc95e4d138f854

SHA256
b3d46ed5347c33868e7ea9a1485a35681ddbaf2acd4319ab659acd9701210bf2

SHA512
566278efe3f1b359444b110baf93320ac04fd263069987bd067a156c9035fa01eda29d58c3b6859639c2aa65ed5b1a9d198ac7338695b786f71cfcf795058679

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
3b1a04f616c8704d8b8ad89a8d44a395

SHA1
cb40531e9fb242e156ddb0db4d633e79b5b67135

SHA256
935736c77f09bc1ba1572b53262c03bc528fff8cfcd2856a385407d4d4d9cb53

SHA512
0537445faebbc2b95cf7fdcd79b2481ae9af133346f3d6c25ae19540262e993bf49b7fb5f5f2dd22f09bb5a31ab439e51460314ffdcc71a356e99694762a6b04

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
b5ec1abd45174d5c0ce932da4455044f

SHA1
1c619c60df3752139affbcaa2242d3635cd8b82c

SHA256
954103f9a5dbe47b84883a558c7b0850ea2b739be66a70a5759570973e713bc7

SHA512
85658894840bd15b5dd5ad776d452f641e2f74f02c82185d2d2347ed6ee65f37c3f0739c6d1d7095cc755c78524e695d60603ed1291af1f070fe64d08a567f6d

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
43596614926b956b48cddb2ec94da451

SHA1
080febc43820d3908d7b00378d2daf72072b84bf

SHA256
e16b5d64cbf2dc712da9f17711e24696a8eaeb6c64e214bc07cf1ccfb0904d00

SHA512
f705436658f5bc77f5b6f547223f023b08c378926baa9e76dbf775af44a0427e30f67edc8229af7e6c33f3acb963e47a8879fd341c8ec5817f7c3569eb3bf378

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
6924c13303e7d69275e568be1a34ec54

SHA1
aa4b2c965efd5f49c78201bf5350b7aa526ebdef

SHA256
a9e617bba78b65f0f15c533f78d6e5bced6818023a2c454b2cc58cdeb857ed40

SHA512
161ba28582bb2bfc4bb297edfd3ef9381fa75b30fff9d8168e3d190204b14f5b97eb9016cc0218721e960e6aed2d50e456d84d475aca0ab90f7ce7c3b9687e7f

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
ea936862ac5ece074d2f073d37922c0c

SHA1
f8cca529a5cefc03a264a3b71f862a0aef3456e5

SHA256
cefb26b8a42b41a16c80460ee1cae0567e62e12e2cbec55cb3fd034461b3a217

SHA512
f78c11f6e1670feaacda1074ea81d502e1f84a53d69af4940f5103a470579b5a8b78e6f808a70dbf6b4c4a83a473c52b4a2829c18bf8a4092b59f4fb0ed852a6

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
47a70242230fda4829471bc989d0865a

SHA1
1f3923e097512fe45c2cfea5c6b367477ba4c5fa

SHA256
fefefd70ab9034bb3f8848dd810338a6b9e315422640c9928171d76315984dc8

SHA512
a484172a9b7547af4991da18eac3b3c3fad43e9f22ef2dc4e7b3dbfed2757d66629cf5b54fe57b0dbc5b08486a3536c3d17b36be8007dac420caeaa94b52595d

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.6MB

MD5
fc5493340e88e28bf503b5fa0151ac1c

SHA1
00903fc385694646b6f8eadc835f9ecce40a7ac8

SHA256
d31a56c3ea2db2f6ced1db65f542e72b8e2485da831fd8d1cf0771f2bd1f5736

SHA512
6295596eb9707e9193c0ca833cbd65e17938a49e91e733ed5f7497dff1414f8157472b9ff4b7faee1b93c2e5555294c7b865b2533e57b664e52e935b4b688442

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
66KB

MD5
fcaf002cfdddd76597c6a7635a2bf177

SHA1
f8f3813bb4d5f5f07f00af419ab2c69b242e1339

SHA256
fbdb9ea2bf5c6d93f3c87574036e4f172ef256df4ec3210a1343cedc558f2787

SHA512
b0f8f8cb950616bff4fd27e51b9ae9271aa0f42d6d3d3cf3c2bf198b515250f38cf4425009dbd9c56528a97d8bb0cfeae0d63ac05d19c4257312c766bfe3112d

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
66KB

MD5
12f1ab34070fbd6d6f73ada0b996c543

SHA1
c1dae9b654268aa3dd9a39ab7f80d020aeec34de

SHA256
63651d1cc8543ce9989eeba26dba1851ced37eddd01d716e274716fe5ef5eaf0

SHA512
db72f180adc0895e880026224254744c5ca2f76372beb80be4f67314d1d011af014b3c2f16d84599024d0abb07f63c5c48148236a91e93ff9c6555352491b165

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
94KB

MD5
7703ceadc27b5d50c644bab5b5301f0b

SHA1
a2aa143fd0d395c3a90a0ea2aea736454be3dece

SHA256
9a5af1d298ac26825ef193a5dba002489e10af66c388ec2879cc3bd91bce2a2e

SHA512
885eeb8421f63b40fae8609c0270a4f808e9f51e85255a82ce218c45a6bd5ea9be4c142e2859d0fba149d2d278579b20d37888d99ea73d45654d2d29b16e2826

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
85KB

MD5
9f09e8c0f1c2f79dd87e235bbccfa479

SHA1
bf030157c787dd261c031e5c1f8e0f6e2fe85adf

SHA256
a761332c4fb23fcc72d49003238c69fbc7ac477e1259e8f74b456025d605d7e8

SHA512
f7ff88d74fe51a84c9b355e7d60cc79b918ebf61432691b652facc6829c01e202d668df7c4482e43ef71b1119769e808664519e7b78a9c9bf28f4c19febd900b

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
93KB

MD5
6b15b3138b7afa6c4b2f80177c285fad

SHA1
590459748f29d4b29924f53ec0c3e3eedd705ffc

SHA256
851cbaeea01d62cf157ce367f5efb5fdc9d4cbf3c066fdfce6b7c4a018772b23

SHA512
1f4419bb9f818a9b745ac0217ea532919f51c778bbffe23d259e2e678c5d3c0141330e1a9f5d238a38cc7acc72520311e8a21f3e7fb6606be3664f92df03cd0c

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
94KB

MD5
0d6fb592eb39c8b4c464cbcb9f222e6b

SHA1
df3ce22ed508869cbf87d98154e49fde228fd3e0

SHA256
2d8b47e541696cf595a5ca76d2aa058bcda6e956e1f5d802a5f023e74d854764

SHA512
39cd18a31b3c812e97b8bc155388d0ca2e86580af5631bc8e02e19dc51aefdaa53a561a07bd2710e18d87f958460128cb249b62dbbc5bee347f230223d208479

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
92KB

MD5
d9c40da01984db894dcd718ccf780226

SHA1
77d3da6cee8e1c04b07f7117315426a95c210e20

SHA256
c57c89f06141828b56d1830c7492cbcd23b5a3ceda3e8e7b0be6cdd6b5bac9c5

SHA512
ed2c72f6133d7a220675d8609c94a9e9f3cc84e283d2e5e907ab46493d48dcab4c9ec18de8ba0ef92848308b5f337a30b689c2a6ea1ce33879b5260c3430cf74

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
74KB

MD5
dc4e91dd373f36bf8635aa5973ab8612

SHA1
61302df0d1efa29f8800676016dd7abea66510f7

SHA256
6570d167899fadc04f9bdcee2468de10942ec3fa6522b2ed75445100fb857892

SHA512
a09a6045e669c599f189c04c21c91d62d76d58cd049562e91a6bdafa9074430f81da3ce3b087d02a20ec2c45c04dd0b45a8cb3fb48cfb3fcfe2f4ac133579fca

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
73KB

MD5
fd56e65f9afce48d62382907d5018f0d

SHA1
f7e250e6084bea7172142b4567d7bb6fa2c81587

SHA256
9000e02342a5acd9611e3a7a10ba2443cbfa9d90f168a7099104ac4a0f88cad4

SHA512
5552f4ab419e8e15b949434dd47821e0bdb4568c5dc2b8f4dfa6f576a4cb0a03ccb4117be2cc6908b433aa117ede63715689572fc9d12fe77d4c45a95dde7579

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
90KB

MD5
ade4687437b55d917c1215a217823d80

SHA1
7e52892c067c9492a11295062cbb8c991680f988

SHA256
6da80675aeb3f16262c3e46203990ec00c459a2611e13cb25dc59a09aa7ec9c1

SHA512
565abffe2ab196b9aa7f1ee21ee66c20b6e176a8aa09a4b0d59ae347d5a999c31e9827ea689904ba6097c7f072c3c4d6c2801a6937977d21e271d9fa7edcd1be

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
c79dd920e8115ca846a9dfe5d6f8f40a

SHA1
e3deed495d594d04ddce980c718d150fa3feb9c4

SHA256
cc48c47b586af850dbfd500516b735ac29b4cd64ceb9fb74501631b8791edc15

SHA512
3d6c578005b3ebcf3b5b855b3619d4cf0320a96668565e782f5e1d363696b44fffd497ec11de0215e3a2cdb5fda055990a123e882c4def107d3fcb3ec016407b

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
107KB

MD5
8c5c941da08c921363b1ff6d9629e879

SHA1
0636de380ede0ffedc89e9de1df711fb1ed4362f

SHA256
121f08c1960b4596cb2fcba523765f840c17971e070e35e9f232d5fafe5678bd

SHA512
fd883d6edc1b919320133870bee659a475c0eb6a299458667e022d923359762cb3bf3e826dc216a9334c232b7593f173cf8dbeba53fa6e68e019d1d594befc5e

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
107KB

MD5
813223f7fb909922eb9127b5ddca589b

SHA1
64877b2b3150ccde81bb21293b89256c093c38c9

SHA256
9e8cf0cd06f4de15af83a5c8ae3f155d1c236f156d4a0b062ae5f9e0ac9d3705

SHA512
80a9e22abcd6e438c499b0d59e57b3d377cc91d63cdeed33e7da6df2fc09fa510c066476512d8faaeca16955c29757e2c2fb2bf2bcba81aaaf9c6df338d22ebb

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
108KB

MD5
c0bf5f1271af12313c18484478410fac

SHA1
b34f787796cef9138ee1d569d9704c587e779aa2

SHA256
f3a9b3c88a307636a57f8b97ec1d195c9c51485d621a29ee297584802e5f436f

SHA512
93e2a50ce42f3e5aec513ff43efb50907c28595a97411638730ed14b093a41ea1d218d5385395c2d30a09ee00f2ce11393b11a03e35db82ee3c39acce36af357

Download Submit
C:\WINDOWS\TSSysprep.log

Filesize
56KB

MD5
684e8abc09514ff0646897841014f52b

SHA1
8f434afa4e0de18d6dfd0849b04e68fa91659c58

SHA256
4b9f33decc3f776085ecedac2f25922bdbdc060611f3bdf2b2da2a3cbf36dae2

SHA512
06600f2d374276912d0c3faab010fa21a1b3a4dd2df2213255d1d260843edf1346de46f5868c798f4b5e83a3363cc736a4ddbf82606bc1bb685e31c08340b47d

Download Submit
C:\WINDOWS\Ultimate.xml

Filesize
105KB

MD5
5d96bf87e9d5485279ed512a8bba4e89

SHA1
9d111644678157b265064c2b3370df61f0af96b5

SHA256
b9ce5384eaf8e0b0aedfd8cf0b87427721d329ec76294cbbeaec264e071f7801

SHA512
89d56d73865443b3f6c6d968f9a9e8ebf48a9465e39b80c8d2ce65b9a3c40ec67f5643f4fe55ee96fb9cc43c115b41466ece35702c7a8246c775ce9a98adf351

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
71KB

MD5
f12fe29f08c6328687b93f84e43093f5

SHA1
318c58e6670cc1b9b07a20ffaedb059ada8ca64c

SHA256
ed052ffa75a6b34f86e96cfd3ba5d873d21969f8002a7a4ca0adc0ffa74ddb20

SHA512
d552be814abea6702839100830a79c1d91b1072a00eefcf79ef818763a56b0c40ef5ef87f189e92dc41571f55758652deb9efeee101829dd6ab7ca6046a27997

Download Submit
C:\WINDOWS\msdfmap.ini

Filesize
56KB

MD5
d7ed96f75d01e2838df0c9cc5c736664

SHA1
33a4c31449077c4218da69fd1f67480b23fb3b79

SHA256
cf31a8b2fba71bec0f6e22aaacd13cb2f9c86216b8e2564abd7bfdba6de98718

SHA512
5a71b0864bb146631213990c13db4b054114b6f4b27205a5f2195ce2a7a4fd5915c9655733b1eea742e34ebf1439e5b4f8fc2b97d3f7cf6a5d70b5168dbc8433

Download Submit
C:\WINDOWS\setupact.log

Filesize
76KB

MD5
9cb7116eb603ddd3f68494643c142b9d

SHA1
ea1179138dd14e130478582e4199aa157b398d39

SHA256
f876e608050c7f6d13d55a280e3a10003fba633cbf7f1f536ed7997d43e2a0c6

SHA512
4dac5025b80a50717a0126e7e85750457fa3e3be260277264f23fa2259a9d037a78da08b0b98798261c921864cda3afa44769eb08787fd45affb7c1499fe15ef

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
24f3a0b4edb67daa347f1aff9427d4f9

SHA1
baa993a0b93eb5d886afbde0310e8578271c9972

SHA256
86ff9f56ad3db9eea8c427fe8fe3959994639d2b75ad7e00875ec7999508cda3

SHA512
3c8c9291c01cfb74889225e60ee82df4d8dfc56bc07bca292c514a2c8c64828d1bb292f1d5aadece3aa1c8263b168308fca001a875dceafd74d8917818c2e098

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
d21a61a53a0e8635127fc5f1d118955a

SHA1
2c3fe9d17cc2b0c9bb833b7558648460fe154180

SHA256
0c01960869690fed5ff4cf783e60ac736bbd8af0ef0d96aaafee4142e243a919

SHA512
06ecb81b24c0413e69efe10b8f14954229a47fe2c905c9aed2bfe4770a8f9dfae45be5c7beca197229e6268c27fd352a9891936438c06ab5addea4185b946ce9

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
f90020baeacb696cee72f1bd9ff5403a

SHA1
3b6bad075af3368060ef31c10939a748bf3f7e43

SHA256
a24abc39200839fd83bab8bce65f1c94e58d2baf8cfd96ec821541662640a279

SHA512
c26faaa1268136a3617cbde60b6f794e1a0d164b2b77e8b343c414a169ad97b7450cf3dc16ef748f424b0c0f03994381ef43acb880d9b4feacb4ab080e820fbe

Download Submit
C:\exc.exe

Filesize
429KB

MD5
e49b2a80d36ad6d3b65155af835c776b

SHA1
eb5b663b633a16885504535121b79c2afd546155

SHA256
93d7733d8a02e88814536a62b09a20907c0df750d6b116eaca7716bd20d80769

SHA512
e21b26351f475ec964bea04c22bb52fce26a8ca023dc417e3096007408d5db4aeae4fd084aa83ac19aa272d35aad57deec48607572f6f9a18e3442b38a01b735

Download Submit
memory/2096-2870-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2096-3536-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2096-314-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2096-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2180-2855-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2180-610-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2180-315-0x00000000022D0000-0x00000000022DA000-memory.dmp

Filesize
40KB

Download
memory/2180-313-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2180-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2180-4-0x00000000022D0000-0x00000000022DA000-memory.dmp

Filesize
40KB

Download
memory/2180-280-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download