16ac200407b4b2012c7e80ea57dfd15b254f7cfabf7499ee6405b215dfd780dc

Analysis

max time kernel
146s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
Size

457KB
MD5

3d4d90672a3439a7130869841a30d3f1
SHA1

1237a90c9bd395370f5f2fd3385c9b4fb03cb4a5
SHA256

16ac200407b4b2012c7e80ea57dfd15b254f7cfabf7499ee6405b215dfd780dc
SHA512

b20cbbd845873cd307de70bba10dadf7ab24e8857d8c175280cb637ce72629c288a0cd6458697fae15c7f4e00425d147ad3533ceeae8171126ace2d1bfd0fed9
SSDEEP

6144:t515R5b515R5b5R5b51515R5b515R5b51515R5b52:a

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4800	exc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1916-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000600000002325a-5.dat	upx
behavioral2/memory/4800-9-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/1916-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4800-11-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0001000000009e64-22.dat	upx
behavioral2/files/0x000300000001d8ba-24.dat	upx
behavioral2/files/0x000100000001daf8-32.dat	upx
behavioral2/files/0x000100000001daf7-30.dat	upx
behavioral2/files/0x0005000000016477-26.dat	upx
behavioral2/files/0x000100000000aee7-28.dat	upx
behavioral2/files/0x000300000001db3f-40.dat	upx
behavioral2/files/0x0001000000009e6c-38.dat	upx
behavioral2/files/0x0001000000009e69-36.dat	upx
behavioral2/files/0x00050000000006bd-34.dat	upx
behavioral2/files/0x000300000001e7d4-42.dat	upx
behavioral2/files/0x000700000001e5c7-46.dat	upx
behavioral2/files/0x000300000001e8f6-48.dat	upx
behavioral2/files/0x000100000000c0ba-51.dat	upx
behavioral2/files/0x000600000001e07e-55.dat	upx
behavioral2/files/0x000300000001e7d9-65.dat	upx
behavioral2/files/0x000300000001e7e0-78.dat	upx
behavioral2/files/0x000300000001e7df-73.dat	upx
behavioral2/files/0x000300000001e7e4-90.dat	upx
behavioral2/files/0x000500000001e5fc-118.dat	upx
behavioral2/files/0x000600000001e600-126.dat	upx
behavioral2/files/0x000500000001e8b7-161.dat	upx
behavioral2/files/0x000300000001e8b8-165.dat	upx
behavioral2/files/0x000300000001e90c-200.dat	upx
behavioral2/files/0x000300000001e90b-198.dat	upx
behavioral2/files/0x000300000001e90a-196.dat	upx
behavioral2/files/0x000300000001e909-194.dat	upx
behavioral2/files/0x000300000001e908-192.dat	upx
behavioral2/files/0x000300000001e907-190.dat	upx
behavioral2/files/0x000300000001e906-188.dat	upx
behavioral2/files/0x000300000001e905-186.dat	upx
behavioral2/files/0x000300000001e904-184.dat	upx
behavioral2/files/0x000300000001e903-182.dat	upx
behavioral2/files/0x000300000001e8b9-180.dat	upx
behavioral2/files/0x000600000001e88c-159.dat	upx
behavioral2/files/0x000600000001e88b-157.dat	upx
behavioral2/files/0x000700000001e88a-155.dat	upx
behavioral2/files/0x000400000001e889-153.dat	upx
behavioral2/files/0x000400000001e887-151.dat	upx
behavioral2/files/0x000500000001e886-149.dat	upx
behavioral2/files/0x000600000001e885-147.dat	upx
behavioral2/files/0x000600000001e884-144.dat	upx
behavioral2/files/0x000600000001e882-141.dat	upx
behavioral2/files/0x000600000001e62d-131.dat	upx
behavioral2/files/0x000600000001e62c-129.dat	upx
behavioral2/files/0x000500000001e5ff-124.dat	upx
behavioral2/files/0x000500000001e5fe-122.dat	upx
behavioral2/files/0x000500000001e5fd-120.dat	upx
behavioral2/files/0x000500000001e5fb-109.dat	upx
behavioral2/files/0x000600000001e5fa-106.dat	upx
behavioral2/files/0x000700000001e5f9-103.dat	upx
behavioral2/files/0x000600000001e5f8-100.dat	upx
behavioral2/files/0x000700000001e5f6-97.dat	upx
behavioral2/files/0x000300000001e7e5-94.dat	upx
behavioral2/files/0x000300000001e7e3-87.dat	upx
behavioral2/files/0x000300000001e7e2-84.dat	upx
behavioral2/files/0x000300000001e7e1-81.dat	upx
behavioral2/files/0x000300000001e7de-70.dat	upx
behavioral2/files/0x000300000001e7dc-68.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\fixmapi.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\hnetcfg.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDINHIN.DLL	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDLT.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\mfcsubs.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\systeminfo.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\dvdplay.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\dxgi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\XAudio2_8.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\odexl32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PerceptionSimulation.ProxyStubs.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\perfmon.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\shutdownext.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\srms-apr.dat	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\user32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dimsroam.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfcm140.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\gpedit.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\RADCUI.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ComputerDefaults.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wscapi.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AccountsRt.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cmdkey.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\gamemode.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\MapControlCore.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mfpmp.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\RTWorkQ.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\accessibilitycpl.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\expsrv.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wmdrmsdk.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\d3d9on12.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\NaturalLanguage6.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wscproxystub.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\iasrad.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDSF.DLL	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfcm120.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\modemui.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msdrm.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msftedit.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ndproxystub.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wcmapi.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDCHERP.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\MCCSEngineShared.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\WebcamUi.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\ssdpapi.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\vccorlib110.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\cliconfg.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDLAO.DLL	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\keymgr.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msxml6r.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDIR.DLL	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\LicensingDiagSpp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msrle32.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ctl3d32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\IA2ComProxy.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\WINDOWS\twain_32.dll	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\hh.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\Professional.xml	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setuperr.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File created	C:\WINDOWS\bfsvc.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\winhlp32.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\sysmon.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\mib.bin	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\splwow64.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\write.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\explorer.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\notepad.exe	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File opened for modification	C:\WINDOWS\system.ini	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\win.ini	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
984	msedge.exe
984	msedge.exe
4292	msedge.exe
4292	msedge.exe
3472	msedge.exe
3472	msedge.exe
4292	identity_helper.exe
4292	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 4800	1916	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	83
PID 1916 wrote to memory of 4800	1916	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	83
PID 1916 wrote to memory of 4800	1916	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	83
PID 1916 wrote to memory of 5068	1916	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	98
PID 1916 wrote to memory of 5068	1916	3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe	98
PID 4800 wrote to memory of 3472	4800	exc.exe	99
PID 4800 wrote to memory of 3472	4800	exc.exe	99
PID 5068 wrote to memory of 392	5068	msedge.exe	100
PID 5068 wrote to memory of 392	5068	msedge.exe	100
PID 3472 wrote to memory of 4236	3472	msedge.exe	101
PID 3472 wrote to memory of 4236	3472	msedge.exe	101
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 1480	3472	msedge.exe	102
PID 3472 wrote to memory of 984	3472	msedge.exe	103
PID 3472 wrote to memory of 984	3472	msedge.exe	103
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104
PID 5068 wrote to memory of 3016	5068	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3d4d90672a3439a7130869841a30d3f1_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1916
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc401e46f8,0x7ffc401e4708,0x7ffc401e4718
      4⤵
      PID:4236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
      4⤵
      PID:1480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
      4⤵
      PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:3212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
      4⤵
      PID:2768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
      4⤵
      PID:4560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
      4⤵
      PID:3428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
      4⤵
      PID:1932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
      4⤵
      PID:2216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
      4⤵
      PID:1996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
      4⤵
      PID:2648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1356 /prefetch:1
      4⤵
      PID:4532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
      4⤵
      PID:2680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5967897804338463520,18428140596152765929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
      4⤵
      PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:3996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc401e46f8,0x7ffc401e4708,0x7ffc401e4718
      4⤵
      PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc401e46f8,0x7ffc401e4708,0x7ffc401e4718
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8769536657929872604,14438144390463914757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
    3⤵
    PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,8769536657929872604,14438144390463914757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc401e46f8,0x7ffc401e4708,0x7ffc401e4718
    3⤵
    PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1773fe4957a1e9c2f453d49f87f5492f

SHA1
2a7a5da6049d116a517f8c6d69cb8ac9850474b8

SHA256
e0e0ce9851eb8dd04ec3ff654376beed233af832fe519e91fc205e5048bb05df

SHA512
5228af30ed154c1a084ab58e4f08a419b836d76c918008bc1f07d58e31cd59a6bbc9818451a943396ff0f6246b3a81656c40e04102477e86b3067365aee463a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
18fceb24adc103177d70fb5f42a53ebc

SHA1
715757a30e169f33e1df51b01b31da002cacf4c4

SHA256
964316ee529a193638290c744e4a771c2789c2cc7741f7cd9a8ca3538125e41f

SHA512
62f4d42d257209b2e8e5a2ca1cb7679f91d76ce0325e7832f0d446c68a0ecbd6cdaf6bfccb3da1b2740209b970f5ae10cce9ead82bcd47eb4dc6e1c7a5163fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
70c61630a8d825770ceb9614526bbd6e

SHA1
0073862380cd22a0a395bdbb802024ab860bf8ce

SHA256
e9bbe49b39c0e59c14ee21cbc735f8bb1584d5950aade7db55444acf65b73e40

SHA512
349bfe72abb9a2b849f6246b319678ec6607b919c9128ef75d921ba6a5fe0f51a426e13f920a02ff15c42a89fbb06ceeff9c9df03b79016751afc41d05eb31c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31840bab7bc5bc5297f8d5e38efbb55f

SHA1
294eab37dc4419e9a131b46969db6035fa5ddc92

SHA256
1106db32309210c24fd25bd8eb05321cdb8d1643d3a503029caef1d202cf8e95

SHA512
4358a94dd5d7ec722d74f2283ef4422e69d78193ff3a8fc4d336edad2a129de543d84ab6577affc17c519c3b342e6428ab5c92d033104af2832a173c8dda184b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ef4f58315344ba47330397ba2a9d4d6

SHA1
bc4fcbbf1774393ab7214127bc8481ff67ce3c77

SHA256
3025c7cd07d7474d558c1d43369a44abeb22f6523a2e8c9f416c16212b057c1c

SHA512
354a16db8d3fefee2be5e32dd05a0f2878d9f61af44081da327d0562d28ff73ef2d26bf78f052cee0ffc403d428bd7395f752d7390fe6eac32584e72da8fee7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6383a9faf72d4c2da4f4ca730d162ed7

SHA1
5d429d43f2de70e4539ce5dece9b4e384a86565f

SHA256
429a1d0758d0a0835c20d2922d20638e03217bb0f7dfd37957c53c456c699ebd

SHA512
fbbd0b464d23468580e4cb6b5b5bcf53b39a541e750b689b3cbe53d017188ad57f98ee1b43170db696909aa015a023a4a9aae644e6897305cb157a5293685775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
75cf1868de866d4f4b19b02d22178e5b

SHA1
06eb2d6682078869f44c026a470bd7fd951500c3

SHA256
9c57764d45b2d191f6a73cb819ab5bb996c55d3f9a84ae5a63f9f58de66e1a0a

SHA512
450ed1d7012c87ed8ee06c317f35c823f6872e0af1cef238763384259d64f30d8ad532ca70394707678b1f5f5eabff0b5b1a9511e79c54d7ee9450d61e936305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
fb406eccd1db7effb105c2c4a23fa825

SHA1
36bf362e76568e596d11bc945e5e8eace4bf31f0

SHA256
e2b0b5ca77cc0950771d0cd00b8a788aeee10b601c939c250d0ff4e840b34fbc

SHA512
2a41d8f17a3c4533791e445f974826a76fbaf43654b465b2858d5bfeb735c4abf232097905f4360fb949d9bbbf6d2fd4e1110ca1d728b09faedd43300e38d0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b986c4111592ed1f186f5485e61c030e

SHA1
2c9643d0b23f1a6cb4378db637755be78a92baa9

SHA256
5f3803eeb8c906345a58812837de0ed6275d392ff3ad360bde57354dcd50c423

SHA512
83d04d2cfec4ac6fcb61af926cf80ea6bf395d8a2806efc83982582e91987ecc7552c1a1faeefa8a5098653ac80464d6e865b1cb1ca2799335b42e19e0f9335e

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
db0452ffa563763cbe06a3b2dd5ae007

SHA1
0d9d7a2f732f113de521664a27d305d524b4a87e

SHA256
15f1fff04aa1cdd89313ffef6fa5734d57926736db027ece70d7880808068cd8

SHA512
e785710c33e0e2f6948f41101e39de31a9fc1b481e0cb074a61aa45be3d999d794e6bdd7b32abdad6ba84a6ee21a875722596cf3ca30ee253ce9b90e2ea0c37b

Download Submit
C:\WINDOWS\PFRO.log

Filesize
56KB

MD5
76e12b0e638911d91f2b51ec0688442a

SHA1
f71ddb70d8e2e91e8d56815ddae865446a2338eb

SHA256
0fb2a9ad67d6f958065eec91e88ab6aa4c05e64067a3ee29b263aba4f397b818

SHA512
97d366eff2821ad49b940e4897ae219c9e293f58cbf4e77318c90b7030bd529c88f694c94ea02dd9c9905b44d9d7831fb66115dc514f2ae228ca00421370756e

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
778d57ca834f6a588a092ee07b8b0402

SHA1
38172aba802177f44e07c2302eb9835af676c837

SHA256
f69b8a857ae192331107722ed7b8fabf91b13aed5e772d34d2c9e159d584bc86

SHA512
ccdad0a672496cd70ec49b6ee0c84e2405f10bd3b9245d44ebeae711fc5d3feb7b1c094a385fffc33615fa8b17f8f051a83d00c7fe9bb7c9849cbbe9b52683b4

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
9f843d6cd2c761dfe974e3e5562066e5

SHA1
f610b63919183db78bac9f6915b3ed50c6675fc4

SHA256
68991de9f98d502be95e77eff21e038af872d3227dce783c9bd8427bd8c289bf

SHA512
004822d75cd87e9d29c0abc54b5364f682233a73763f8c7f530e6604dca21184f91f02eee71999b329826e24308a87bd94ed3e7241febd1907fe06ce20a54b83

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
215KB

MD5
a7b490861394f7dee0108cea1093472d

SHA1
ec2bece3c642e1d11cbf4034b3a73ca04480046a

SHA256
118c7cb87943bd3c5a80ab7ad09c625bc40aaca0a61b4b3db11958bff53b8fe6

SHA512
3d1da3c439e46796fe79e51d698ade3e83193e170987f55115468e7d10f1f68a7c1808759673358a1c5087a1a6b99c044d5bedae2c448e8782a31dd7546ff55d

Download Submit
C:\WINDOWS\SysWOW64\concrt140.dll

Filesize
269KB

MD5
0cb2854fb4b0eaed6441f16f14d907eb

SHA1
ccde96994d288ad0936376495f1c52293c53dda4

SHA256
5e6972c5e6788233cd3a62a456f835be704a1fc09b3649b88b9b964172dbcbfe

SHA512
6793b47486902dec2010187fad25022b1236bc2766c0e6d587b49f26ccd8f627cc5df9c839ab835e213af8640039c43757924fe4b0ae25a22662a26ad1857d46

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
27375a3a2c1b816f1eb569b0cec27286

SHA1
8942a90cf93133639ba50cacc968ec5c5f2a5280

SHA256
df6acf37277a78abf5d506e9554946d9c2f31def73a51d9779fac66a7f5b33e8

SHA512
20024ebda817e06df697b6ec5f5f264b08f289846214e605198450a01189063a284e4517156a8cfca24d74f143c6db39b5f978cf9eaf49b37a7568b2d9686021

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
55KB

MD5
f84d979d5bc09979867b35cf26e665fa

SHA1
da84ca3d7ca33d59a1f9caa5b2fa0b1b4d222212

SHA256
d23806d20df4a6708e1b6108bb72b87320f39af12bbef737351aa9d14f3b9234

SHA512
59403742bba64915698925b603ccb70a112ba8de5a0b11e43549645a777c2abb19e9a51632ff27ebc00aefcdc2075d14fbeaf9b084053e275b6a8ad2ed9a8f28

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
4.2MB

MD5
c23e32e62016a0fadae81f4609d81a96

SHA1
1a054256c7e1f8305645fbc33d6a99716f1ac1c1

SHA256
89a0e41aacdb1b6289a73bb27502d2b5a9b5210316d731720920e18028ece3e9

SHA512
bced78dc2eb9c70deac9a08c6a125d0dadb26f76380029fcd01e8d94adcbd2df0cc0917a9dbf87f35e8d34e4b3c99605490aa1e17c1887df364c5461c6508760

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
90KB

MD5
da3bdcfe66644e2a4708aae11e47e8fa

SHA1
28f9d6c82a8614ae228374b92d6a0dfd7a176f37

SHA256
9e4cbf32264ca93744e8f010213028dafc1788ed73d3676ce140a208fc5da491

SHA512
7a7b3120b95956d5c2c4b9c52aa5c799959e72431e39edab9ad7ead13fef332402f022e1654b0668278a66d14f4a0d4a189660021a491f861bd706fc4c0014d8

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
90KB

MD5
34d9832f7e4b00a7b8435ca5edca3c42

SHA1
42b4c55b8a838cc50dfc75ec90d194046f5c3f2e

SHA256
ccfd5698a12828f85b7c457b42eba0ede29e0f2434632630d07e760add91bbe3

SHA512
694150f7203e4479e78ade812b4ac3219ef92e3195aa48c074ad8052cac93253c901387a226c671b64b8052832f07012dd39f75aeee698082382f6ddbfa84e39

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
118KB

MD5
85631e9062b87ca695f4a65f2125e458

SHA1
4b18d5f9152622868ea909b1204b3b241d06f84a

SHA256
1c0395297eb155b282317001b0a413d892a782c240d6384c7207ee9e1382c5a2

SHA512
2577f355b9f74b6b3c5f94c122e485b85ab9fd70ac5f462cd09cdeed3498ddd8df0e3d8c6df43eb5e7057882c0f8040523213a7f1559a7dd02b24374f41350ea

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
109KB

MD5
fad8a1f42d72d7cd6f081773af114541

SHA1
4b3ce28de2576df2a48d53e4bfee0623ea5e0793

SHA256
5be7d7780d601e1719eb2da45814659d8b08a80ad50caec1316cdc53b028ce26

SHA512
49a0a6522da1910725a3a6441b4f8bddf9c7e22cb997a4b8542509e6e372e883e489827f39e14a5a063df348ecb46ab18d865acf796799272897f21fcab5c6c7

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
117KB

MD5
b40740a40100abc03845405c174ef3e6

SHA1
720195ec9e4de8e508acc9eac2c614c6ebe81357

SHA256
d7c63ce1a09aa391a389cc00a0f1afa77f13835721a3354e2f1e721730acd174

SHA512
ffff27052b6819f82047abbc6f09a09756ad65a072623fd4cbcde840dcc4b04cc5226b7412d00478ea1a1b15e45312a36073e2f6b265e49ee7d8fcef437c62f5

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
8ae1a6148dac4f00a1a614c73e08c489

SHA1
57a5f1aeb0becf415d1c859ce816407870adcc27

SHA256
bfea11d66de29f6082809986009645551b172aa7a8966ce2940516fb416bc768

SHA512
0d297559ea18dbf902d12bf25ee726d314d1c51ddf370fa1ef9db948e01395fcc383adbabee8cc60b2e673a301fd0883c6e7a17d3f4b0bc9c6e4420f985fecf3

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
88KB

MD5
dc19ebe08b448e792e6741ec5c818d38

SHA1
c3570bc861ff7e994440d55f653cbaa728ac0834

SHA256
d0325536cc556e1989ec5876ebdb47d0ef47215c4613ba7b9231b8d0ea3144c5

SHA512
76f2595c9edf3124046f6000bde125779c808add563c734ada4316b9efa379f0deba4f0788811b232e502f27e7f24afb5cdeb3c9f8defc98c843dded8a4bcfee

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
70KB

MD5
d8fb138afcd14360cf4671eb5cc78ddc

SHA1
0aee162c002fc09dc5f91040db60f029afb0bd8d

SHA256
bacb055c8efca5fcdaae07d0651bd22155c67fce8bb2f47ed254e735c147e912

SHA512
0691cbdef5e90323f044d0ce5a1b87d638048c60b9614dc09e64d9288ffb5bb81318212b5b523cd7164fb353bd6d6c2ef62f0824c7442c177fbbd6f7529004a0

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
69KB

MD5
ef326e30ee5ef02445ea8780f9992047

SHA1
edd09886631ec898963b84574bc84e4b63e3c553

SHA256
b25bc18c84f2b03d8b6463da2433289a70d7e3da3487cbede28ac7395e8fef5e

SHA512
f7faf6d5dd9a49a4ec8e8b7187655c8ccb40655904284cd8f41f635a2278ea86eb0876d042a9bc98441be77819868c2433f2c1f752447e59c9325fd7285c9b8d

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
86KB

MD5
cd46b13ae0a4e38691494611194f0a60

SHA1
d678729e16ed685c1cd0578ecedf9822f27af6c6

SHA256
541166cb0e0ccb058b71df906aac68f1ba2ee19a53b6bc08e6882d0c045ae4bd

SHA512
14e4149b7dd8186f2119dcc780bec73a4fe282b156c8c283065613985239b1f8a609c3dfdf9e840c5c31de6e41bf7eb8bd2687b547b2ebd7558df48ae335cafd

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
0311c007e662eb519b4c3e93466dcffd

SHA1
52c2807a41b03083a9446d77b4616df5c44dc1e3

SHA256
68d9d55edb141fa803b19b02f6276b59875ba1a01015756e7e7249d795e821e6

SHA512
408983fa78e0f658632a7b8942bd9349209e649a524b3219c194943498b84ad1fc60a159275330ed62486554195214d15b177320911f1aafdb2ca631fe987a35

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.2MB

MD5
faadab922c4df6eba56cded6e2de1818

SHA1
19b16eb8fe0d04f89ccc0244a6f59b893ba2fbf4

SHA256
301021534f394bd90bd744a7f7eab5c3e4cb7ba34e1f9759aba00ac3fda89426

SHA512
78566984f83298fbd54b47385d92b4ee2ae6379f804887c25557ecbad1b4a0a9a93b4731b019a64f50629857972e6107cc15229ffd8f82927dc94137c7ac2461

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
7373037abd68b3ea22085a17a6c2a8af

SHA1
4c0d97916f8dca5940a3fe858bbfe14c09abca6d

SHA256
fa1ba07bd360bdac22235533278c6bafb54a4956a8b7f170e2a77a7ef4fe53bd

SHA512
0b193267b1714f22d21b52f7aeffee715f2851b8e7330acab171309dcb62220cd047db7e405b230d3da32d1b373de826c4ab6c39dc9e8b55b598e8b2b8ac8ad8

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
72KB

MD5
15761877946299c46eaea60ea8a3f92b

SHA1
48c967c700f8afe468fa9128293c9f618909f170

SHA256
69a91b2fc69e260b7f12404030671f907eae7ac067a4d9fd356e728a56f66aaa

SHA512
f015ea3e9dd46abe8498d03115ad4f709288f222d26d5547b2b5b1036f28e168827f8cbdb3d25df2b9a1c2714ac3f3e5c5a67216cb05d2c6ac4b37bd3766bd65

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
100KB

MD5
e083627d9887808443b8f84ececa8719

SHA1
76f4e44c710f94e771a7cc79dd42e4210141ca66

SHA256
71917f18cc1174f66613af9dce607a5a0cf4c8cd389f0c683b4fecd0fc285327

SHA512
332ffef13b304bdfe2ed49347e8fc9497911c0f7aac682541bdca397d8022ca6f8c1df3194c65a98815c30b3269e1b64abf55511e7ae3aede1abba2289f8be63

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
e7885bec0de16de39636de9e520ab431

SHA1
6eb2546cc4cfbe22d35fc7bdc2d97d44e7debefb

SHA256
bd0ba6668f17c3332d6d07d89a11cd4fa349c71201c31918da26edf3280fc058

SHA512
4f07ed13b376e2cdfd2bd451d29d825156b7a7427df2d6a9e6a9a66a7403949ffae8fedf43f9aa4f67e205e26f08cd8d91bcbd139b1217ea55be3fe14eacefd3

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
99KB

MD5
c96590214653a3d9ab1aee47a2d25d31

SHA1
8bf36569fb1129b3f505627dd800493ebeed39bc

SHA256
f2296e2fbcc5cd014c0c4c134e1a0f2d86359f556296b3a9ae8cf6f2fb0f2496

SHA512
9a2397820a2cdda169f9efbe10e060d07a2d52361a0cb163b3b652a3c54dbfb8052c28b2d3918122b6bc7f533db73ad09a1d7a54f473a2606e4a6ec053e682e7

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
d18616837c145884cad414d15ff9708b

SHA1
ae9187eadaffbf87464d4359031800eb5f2f3c0b

SHA256
2d34055cb527eddbf711aae8191e515c9f7aa6b94235764c5ab89ea26c92af12

SHA512
b1fe2d42f9c56709c6aa6fe2074c76ecdb89f1f7155fb45c7342332334638f4d580f309b767c6aa4309948f18d96eda8f22531c6017f4479a9710b46e91ccd48

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
682d26567e2496c7cbc37653bbc0ff34

SHA1
e6ed0996c07a287e8d0e606652146f6d0166ea01

SHA256
e59f17addb6910de969574ab860877ba5ee467292932fe984e6eac228cfe00d4

SHA512
c8e4f1aafc59168f04eac023e8ebc5b693ffa0c719b4d65a9853a68e0144867b334025a0adde0c1b3bd7fa4046f06d29c121d8b32a6cb14e0aba066a92385179

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
5506393dfc78a7483cd3be9c8d038916

SHA1
b48922ea97c2811464c3364e227535036925b31a

SHA256
44555fe3ac95d2f3251b6dc52371eaa767b8f29ae60763b513b2afc47a7fd7ff

SHA512
c8fad41394200d1e32ba4869d5cd5981b8ab2ae45d064054757294bd29fc498d684c6cfbbaf6773c9e1df87b5a400c82a4af8d7634d5119c3831fc9252844b5d

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
f8582df81e6ce85699057eb364b691a0

SHA1
d7283cae67d8f92b043e947dde622979e460caeb

SHA256
2229c62a387dc5b9c2614eeaea6d8b8d4669598ffa3ba61c6991a660c6913fe6

SHA512
6ec820a65f7779ba3328c0b5a0b08ffd241f900a10fc9bd80c0944db83af44e938f3aaf82fefdb2383c269d00ccaf43f4385e2bbecb3fb603e530f7a0d1041e2

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
303a9df65a5963c226e38ede9469aec4

SHA1
550c2bc0d2d196d5a50ee3b84b55e97958df1dfa

SHA256
1d09d3e36fd5be96cff37b28b2ace5215ea921f88c3b96ee3bf97954af422c69

SHA512
125e44b6f04788642fc86c6fd98bcaac4a8185587d828f1a7293cd177dbe2cd1486751000e73c932decc022edea4a804c8b2e5bcd34a273475f78267d0628ed7

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
b6853f173bb95e54c47609c9e0c947e9

SHA1
cf71466982291e0b091bc9860eadc25c643fc7ec

SHA256
46a1e9ae61a2a06227bc1cf34c055ac6bae4710ad1f1d3f424c6b283996cf011

SHA512
fc9d88443804885066fb4ecdfda303b8a50099de7c4a195d5f8d12c40bd2235a91d3a8eb0ef881afe19e661ea06ba60f9411bc73684d92aded79fb7ae7b3fee4

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.3MB

MD5
6481f3599d29fd9bc0799251f2020b21

SHA1
41fd343bde539b78ec24a2a4ff7f01f3ebe290b3

SHA256
ebf645ae641e62f3155630a468b6317e3e51f14934a3658004922966e3f6d99a

SHA512
54afe41ecc5f8a8fa7b48ec51a79640305b5950f47285dc4b059e02bc46c11a5b0c2c23ec70f81c59543959dc77577466d2a2f1308d35677c824db6d37182aeb

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
c7e3e4141f17234de1dfd0e94dfd50b7

SHA1
7b2be27e445e37e67b6b8baa1d49ed709ae335c4

SHA256
6ae100554fd0eefcb305b3f5c52846cf535fdc381696e84f804b77e0344b50a8

SHA512
9dd7130f07310c08acdbaeceb62af9606f7d02d10880e77aef5438399a0cb75bb4612b07041c0421c6824d1d1d7ac0b82be8497a662b65cdf4a9b9e8cb09c07d

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
100KB

MD5
3d89f1e5706a57adca3859a1666b59c6

SHA1
8410ba871d0782fc6dde27ae330fcd9db068c807

SHA256
0738e80a6303ee5c7d61af77c47826ce2da2ec4830f441dc9dae722d7b1036df

SHA512
3fa29153835470675cffbd4ff025b4f347e7ad7a1b2ba5e460e20d68cf4d80e05ad89d77069ae2afacfb4fc6373ff22e8a327bfda0e9a823eac583115af0443e

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
654e52341859e4956791a3e62039a010

SHA1
9238952f0dabb4bc80e2248ab7b56cc1ff895bd5

SHA256
9d5fb97d5de2e1b605bfc4b63b1079b475774cdd9e95b7aefbe50b279f9275b0

SHA512
a9c6f3ff04488c0489b9c92d735267191249395a42b0418d378d93baf194b5f980d39f1d713844fc67d2fed1b8df302232a9c547fbc5f612be3c50e1dc4cc06c

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
13d6571e957ea8c43951bcbda2c3b887

SHA1
496cadb296079bd5a0030c11b893af1da6e563fb

SHA256
f22e664f61eef44189aa81dbf911ddc839ab54d4a6c05ed6e28ff49173e3fdb2

SHA512
8ae6e2a51845a91febae851f16c0792749b07d49b8ac2ebbe6ae0fe3b98dd7efbef28bd86bb97b392a7e8f0e00e4805714bd61e534195846245d331d4186d0fb

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
127KB

MD5
2a37bc34efd4cb8cf7ca8f38403a3188

SHA1
0a85b18210ac8a92010bf4bd98cc95e4d138f854

SHA256
b3d46ed5347c33868e7ea9a1485a35681ddbaf2acd4319ab659acd9701210bf2

SHA512
566278efe3f1b359444b110baf93320ac04fd263069987bd067a156c9035fa01eda29d58c3b6859639c2aa65ed5b1a9d198ac7338695b786f71cfcf795058679

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
3b1a04f616c8704d8b8ad89a8d44a395

SHA1
cb40531e9fb242e156ddb0db4d633e79b5b67135

SHA256
935736c77f09bc1ba1572b53262c03bc528fff8cfcd2856a385407d4d4d9cb53

SHA512
0537445faebbc2b95cf7fdcd79b2481ae9af133346f3d6c25ae19540262e993bf49b7fb5f5f2dd22f09bb5a31ab439e51460314ffdcc71a356e99694762a6b04

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
b5ec1abd45174d5c0ce932da4455044f

SHA1
1c619c60df3752139affbcaa2242d3635cd8b82c

SHA256
954103f9a5dbe47b84883a558c7b0850ea2b739be66a70a5759570973e713bc7

SHA512
85658894840bd15b5dd5ad776d452f641e2f74f02c82185d2d2347ed6ee65f37c3f0739c6d1d7095cc755c78524e695d60603ed1291af1f070fe64d08a567f6d

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
43596614926b956b48cddb2ec94da451

SHA1
080febc43820d3908d7b00378d2daf72072b84bf

SHA256
e16b5d64cbf2dc712da9f17711e24696a8eaeb6c64e214bc07cf1ccfb0904d00

SHA512
f705436658f5bc77f5b6f547223f023b08c378926baa9e76dbf775af44a0427e30f67edc8229af7e6c33f3acb963e47a8879fd341c8ec5817f7c3569eb3bf378

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
6924c13303e7d69275e568be1a34ec54

SHA1
aa4b2c965efd5f49c78201bf5350b7aa526ebdef

SHA256
a9e617bba78b65f0f15c533f78d6e5bced6818023a2c454b2cc58cdeb857ed40

SHA512
161ba28582bb2bfc4bb297edfd3ef9381fa75b30fff9d8168e3d190204b14f5b97eb9016cc0218721e960e6aed2d50e456d84d475aca0ab90f7ce7c3b9687e7f

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
96KB

MD5
ac417637a2be48ff70851d093435bd10

SHA1
b492b17a41c63ee31082af0a04db9bb751cf98b3

SHA256
b79dd5f180ff58a40eb7327dd976ca1298555a86cd11312ff8c90f4ecde4235b

SHA512
a746b223c314dfbebb43cb0af9a1955ac6299417060aabe2b10713c1ec408f9d798d957743be15dfce844297d3541451f7d23aaddbfe280ce907b7458b61aa7d

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
913815595e7c8ede21edeab5663527ec

SHA1
12143edd1a379172208e8ad1d629a43bdb63b54c

SHA256
e776f7a2591f0256a90a7d11f64e02f0bd7553232463c1d93a02b667490dd4dc

SHA512
b99aa27580785288b3aae1478318b11e954cc6ad14c9433e6392ab96922e9142d28e3a43683e08c4b7d393be6eda964a370c91a1782b89e94b8aab0654ff8073

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.7MB

MD5
8f84b8afdea977fef5684c8a2eb47ce0

SHA1
1b4a4f0b4e9c2da7db08a55ded9d1f32d782a1b3

SHA256
abbb6ecf2e6279b12d5abfc8ad8fb79c281842c856d81fd10de40808c633b696

SHA512
2600c82d0f68aaebe9ee722115a10afa5152be950441f66c4107e87713b34046124bac458d8fd63fe47663a4c50128d6f4c3317c5c3feb197413f08049723c7d

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
a52ad056241d053128895017ed14190a

SHA1
e49975f9099d667ea3f93cb2a9f9499f82a7805b

SHA256
c8975952d5d3a80731e2bb4978adca7dcf56479147b5fbdc89557e47badd991a

SHA512
e97ab4bc3640104e5996e10be963bdef177bbf1a77970aea48cc88878f8e75d90fcdb526fd578adc615dbdf53295e43cfd96aa442da9376fcc4f44044f2059ee

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
9dad32960f7991b5ed5950f71bcf201e

SHA1
bbf7fd345cc90aeef4b38f9720b043171191df4d

SHA256
3e91af3a8546bf8e43885c815f3e8f8feaebc4768b2ad86b4d4d8f9fc7a9b701

SHA512
5758046ce2a8a59dbda16e7fe3fc58411e94613e0d195d3571480bd6509a9f9c685a1167fd9525181d97e538b9859320a87f61ffaa10e3fed5ee20a1cab20d15

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
c639095c323df3d81c1576aa7ba023ff

SHA1
4d42c138aa79d5987f2a8dd04efc71600c802042

SHA256
07101a2737022ee924071b70a89380058db948df9d59ea7228d2809c10dfca52

SHA512
e3703125136ff92af04bcf34ad75e0eb83ac8d640a02aa12c4ef8c52f9982c9749456c7a063eab2f8ee39eb63b7a9d742d61f5ab3c32ce5e0264b2593339afb2

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
fc46072e4f7357bbfddf2ae4222b2f1b

SHA1
d807937efff49f874430a274aff79fc726fd56e4

SHA256
93de81b4d3ec48641ba9db2cf0d3aab71fd5c96b01fbacad931f5538fbab5440

SHA512
e932fec811622cdad78e1843789cf6cb9c24ea1adb6ba5065f4a58fcfb8211b9d0f32e30d9eef46bd52167fe55cb110cf5e65d8b9123b0f3d4582eb3c48e9dfd

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
73915a7176c5bcd0f35eca95093d3b60

SHA1
233a8d815999fab01b1816cd8c97b79480a89b2c

SHA256
d6be895941456ba7a4a94c037b2fadfc6f206edb83bc7d89773887f411f8c84c

SHA512
a8c2fac054e1fbaa12ceeba2b3d52c71c69833c121bad3053b561376c570c55dbf187cbfef03f6d50650114dce472b2ff56f08f1a256b71aa4ef925052e42d20

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
d21fa2b801177e946acd5735243929df

SHA1
35b700d6aaa475ee2d572a9f17890e0f6c8350e4

SHA256
efccd79836c8ac5cfe5caee3621fdd650f23cfbdcb54825940f8d4e332528c3e

SHA512
ef9491a299f6aee1f26d475b82732f921f74ba8dce85b50da55e634c1ad3dab07269f1768a7b0117a3ca6e79f32f264d927e82ca0b6efbcc15ca0cb94bfe3691

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
1b2cc880dc23d9640cdad3c1dac08687

SHA1
57351500bcb51c50c91ee781ea9555f153014ec2

SHA256
96dd1a1079e3c284648831379bf3f9d2aae90a80c2045f7e6c4b6383d94770d3

SHA512
801a1514112482d60ac0cf06ffdfd1993bed40465e1bc3560a91ea0aecd455786ae3d141cff55ea44581e350b2c98a785cb5c4ebfa8ec384e42128d18d16cd73

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
ed4a245bf8d0cdc1420f46519be9ef1a

SHA1
94b47133dd0660040df81d22ab9a8a3a7229c045

SHA256
b9be94a1ed7ab924d4d0e4055da173773ea5db5667540008b3cc7cfecfe8671b

SHA512
98636f0d08b82fc0e87f4e65ac08d26b8b054ee7a1757b52dd8bbdc1d3b6b28ffed238af75b711548b430c79ba67a37600536275dd82e89f0cd9d01339fbf654

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
fef8b88bcef3775293648263acc112a2

SHA1
b5c332500f8d2b188740c2940dc19a22054c56aa

SHA256
881e3898c414eb7afafaecd52cc8eb91b7f542b2417c4244573d69d22954d2fa

SHA512
53bedc8a660856d9c6d43ac0ec1acbc302f8f13f864de18f6f431de50126452e34c8d17f5cfce130ddcb57843c7d34de599521eb59e7648f8695eaafe309c4c6

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
221KB

MD5
76fa803635459e2b4a6016b00460898c

SHA1
7dc3ff1f3a3043eea24ad5b9b22d090f62522927

SHA256
5e73742f6fd71884fb052af5188f0e589673356a66f4168e0f751b5e3953384a

SHA512
fd011c12e3495ec6f72c9c100068d919e56fab30aee320514d52be31d3ed16174ea0f9bd570fece99fd5ef3ae61a4de0aebf61cd2d80a5b579bc2771167288dd

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
739e3317306e404c52684566bb6952a6

SHA1
984002267089d0956fac0249d5747085ff9b0219

SHA256
a24ba91ad70d85937a1b93917ad0ae6a9c1c2f0ad6cc6ed847c80f54cb0e533f

SHA512
98ca27879caaf5802683f99bef0e7342b98dcecd212ba5b1b5367ccbf25ea20f8f8fc188a758439fd307f91253936df3ac840931f64f2c828315f06a1136ae8b

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
2dd878618a7e1f573ef991ae34437330

SHA1
283ce294a1ac2ec09a2ea03ccc9299de0ceabded

SHA256
be91035bedf9848cadc2bb58698ac59ed83c60aa01dcfa9f1150eec6d8a17e03

SHA512
8114e58833e989bfdfbeca9387154d1343948a4447ed51159b5e3c2aa37526b6015d303e1a608b08a4bcf4e086250305ece7138470417533dde5a0a141991d51

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
73a3405a77e268dc60120b382f22f081

SHA1
b0cad52e2db318971a7971eea41ae6c2f9ad601f

SHA256
ec6d0077264689651c3d4c280d91fe4a232311a4ea2fe9529f8ad28711c36542

SHA512
2ba338752d090e28c591b50d481027c870e45cf95267e0fb4f6bb90603b79468024593620477b6bae22f2ac57b6a1dc9d29e427de682180db74e7f7554a4276d

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
24f3a0b4edb67daa347f1aff9427d4f9

SHA1
baa993a0b93eb5d886afbde0310e8578271c9972

SHA256
86ff9f56ad3db9eea8c427fe8fe3959994639d2b75ad7e00875ec7999508cda3

SHA512
3c8c9291c01cfb74889225e60ee82df4d8dfc56bc07bca292c514a2c8c64828d1bb292f1d5aadece3aa1c8263b168308fca001a875dceafd74d8917818c2e098

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
d21a61a53a0e8635127fc5f1d118955a

SHA1
2c3fe9d17cc2b0c9bb833b7558648460fe154180

SHA256
0c01960869690fed5ff4cf783e60ac736bbd8af0ef0d96aaafee4142e243a919

SHA512
06ecb81b24c0413e69efe10b8f14954229a47fe2c905c9aed2bfe4770a8f9dfae45be5c7beca197229e6268c27fd352a9891936438c06ab5addea4185b946ce9

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
81b5869af778750de814e0527c8228a5

SHA1
004dbde1868818b93a4bb0d81bb3e5ddd26aa89d

SHA256
b3733181409c24c4a4e496cd2f6509382885cec6b580003936807c6d728243b4

SHA512
f8bd01264b7b2b466210d0bd422739cd291676248fc8e3098d55244ae998d8c6ba490ff1b4d9f00ebe1e76f925b1409deda1735628097ad31d44f36ad60f6db2

Download Submit
C:\exc.exe

Filesize
429KB

MD5
4e49e91408b7d3e3587dc825625a6c58

SHA1
2d46f7229adf7f946aad6fcda8a55e7be31c92e0

SHA256
e5d59bc74ad7a33fa031265f9aa31398e3dcaef98a1b639bb6b2f956fa028fdc

SHA512
ef004617d302f9f53f919538f044d5edc81b9dffa6123fd5c2db2dc3a3368094b10e5ddeb545e6f22147746ca7eb11c1bbb1425beed4ec604c5c893b0fc21b0b

Download Submit
memory/1916-1456-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1916-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1916-544-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1916-514-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1916-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1916-1827-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1916-1258-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1916-277-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-1128-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-278-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-1457-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-1036-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-1930-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4800-545-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download