c7fe2c3a04c23b21739ffbeb71676aabc54a310e6c798caeeec26a99cf139928

Analysis

max time kernel
147s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
Size

399KB
MD5

88d705da35234b38645abc4b377f4ec2
SHA1

468ea73baa6306923582fa293e2282c39c0f4974
SHA256

c7fe2c3a04c23b21739ffbeb71676aabc54a310e6c798caeeec26a99cf139928
SHA512

bbf1c09d2050724eda6650784213737c78d3d958d7080e2f5b7d914312c6450312e08679563eb4482219583b27377d2461cbf7e8ad6f0ee5aba500d9f721ccac
SSDEEP

6144:MZgZmgHJZgZgZgZmgHJZgZgZgZgZgZmgHy:MmHHJmmmHHJmmmmmHHy

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
628	exc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\bcd.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\fontsub.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\mi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MSOpusDecoder.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\vpnikeapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wmi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\sxproxy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\timeout.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\d3d10level9.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\gnsdk_fp.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDOGHAM.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\msjter40.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\rasdlg.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\RestartManager.mof	exc.exe
File created	C:\WINDOWS\SysWOW64\vds_ps.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\cewmdm.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\FdDevQuery.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\MSAMRNBSink.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\vidcap.ax	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\shutdownext.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\spacebridge.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\BingOnlineServices.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\D3D12Core.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Geolocation.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\kbd101.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDGR.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\storage.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\uxtheme.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\WF.msc	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\comcat.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dfshim.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mfreadwrite.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\qwave.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\rtmpal.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\shpafact.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\winipcfile.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wsecedit.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\cmifw.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\deviceaccess.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\iscsied.dll	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc100kor.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ole2.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\utildll.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\auditpolmsg.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\LAPRXY.DLL	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Wldap32.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\regedt32.exe	exc.exe
File opened for modification	C:\WINDOWS\SysWOW64\vcamp140.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDNE.DLL	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\KBDRO.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\mavinject.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mfc120chs.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\provlaunch.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\wpdshext.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\CredProvHelper.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mdmregistration.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msimg32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ndadmin.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\hh.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File created	C:\WINDOWS\winhlp32.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\splwow64.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\system.ini	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\notepad.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File created	C:\WINDOWS\bfsvc.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File created	C:\WINDOWS\write.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\explorer.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\PFRO.log	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\win.ini	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\twain_32.dll	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\WMSysPr9.prx	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\lsasetup.log	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\setupact.log	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	exc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
1632	msedge.exe
1632	msedge.exe
1684	msedge.exe
1684	msedge.exe
2832	identity_helper.exe
2832	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 628	1040	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe	85
PID 1040 wrote to memory of 628	1040	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe	85
PID 1040 wrote to memory of 628	1040	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe	85
PID 1040 wrote to memory of 1684	1040	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe	98
PID 1040 wrote to memory of 1684	1040	88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe	98
PID 628 wrote to memory of 1356	628	exc.exe	99
PID 628 wrote to memory of 1356	628	exc.exe	99
PID 1684 wrote to memory of 4012	1684	msedge.exe	100
PID 1684 wrote to memory of 4012	1684	msedge.exe	100
PID 1356 wrote to memory of 772	1356	msedge.exe	101
PID 1356 wrote to memory of 772	1356	msedge.exe	101
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103
PID 1684 wrote to memory of 3792	1684	msedge.exe	102
PID 1356 wrote to memory of 4532	1356	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\88d705da35234b38645abc4b377f4ec2_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1040
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdaf9e46f8,0x7ffdaf9e4708,0x7ffdaf9e4718
      4⤵
      PID:772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7594070467708967856,6766636150246532505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
      4⤵
      PID:4532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7594070467708967856,6766636150246532505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:2588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdaf9e46f8,0x7ffdaf9e4708,0x7ffdaf9e4718
      4⤵
      PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xb4,0xe0,0x104,0x40,0x108,0x7ffdaf9e46f8,0x7ffdaf9e4708,0x7ffdaf9e4718
    3⤵
    PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
    3⤵
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
    3⤵
    PID:1676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
    3⤵
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
    3⤵
    PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
    3⤵
    PID:6008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
    3⤵
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,521206305889648705,6771021542114625213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
    3⤵
    PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdaf9e46f8,0x7ffdaf9e4708,0x7ffdaf9e4718
    3⤵
    PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\52a441b0-aea2-4aef-a38f-37747caf59c4.tmp

Filesize
8KB

MD5
8b52ec5704ec3eb18e47b6d5c33a765b

SHA1
b0e03739c424a9ecbad03333f843f7d6aa055d77

SHA256
ca8597daf4186a60c4880ff02fa46f940425bd31d30650684bff529045fbaaa5

SHA512
4f25bcc8d4e3568a4c13a339a4f0edfff7e126db3529d2d4634aeb220e3a18af27ec3ec6fe2335b4bf802e0157f34e44dafd35670f1a0eb43dd457809fa711b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79d809cb-106e-43bc-8341-35858bdb78db.tmp

Filesize
6KB

MD5
6d089e6451d107bea9d7fe322397078a

SHA1
c95d4fe84a9ca81c27739aec66f58fdd0bd46cb3

SHA256
b5480ea67cf1003eaea23d2726ba28ed5a2b19dcaab0731a6d8adb495b7b5d7c

SHA512
e1538248d49763ad805f3627148bd70137c4d134c742767eee36cf79f4d8d1f2a80b1a8f83d48ff635b5f78fd392259cc8c8884b3e8d541a0ec97b1ae4be9e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ff2074b10212b02af0faecbf2b8d754d

SHA1
d681b562d924310a40bbe42f4b99e114a4ff16a9

SHA256
684740c8b0edaa1e5f48408b92c4b0b93f27109676d36ebed4287186cc08c14f

SHA512
7038a2ea5f013f965da24473ccbd6763f63af40f07fed9a5150fef02cd6c3cabfc07cf5a283c3868cb48676c22c99d7f6a57642513475a646bfff2d9f315aa0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77312800b33e131fae2e7b9fb0d59c23

SHA1
75243aca32973aa8d280313343473e39a47a8547

SHA256
6f94d4dbfb87f12bcfd6ef7e6f840a3bfff5e7163ccc1c8e53dcc5cc4436c532

SHA512
b5095b5cc14982a6624072520fa5a5a895bd9ee323be62cbd40d882fa292208528ca4c2067e2a57a7f09ec19d193d58a186b5765c40df6ab6e382c11f8f1a228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9188b15ae0d6d4c03479efe12a1156ed

SHA1
7ba35ff8d2d5c37a7d24924859c3487f7b9655fe

SHA256
b2a697886ba33060bef1a91bb4dac81ec47ab8bf4838b4ab8d46329f0e84283a

SHA512
582ff6d4db0ca13b9e9f0693304b37515ae3413efdfa5bf4f079d8c9c13437fa585e750dd644a8fc03f0dc4c11afe97c64481e11ad2e7f61dda11bcb8649dbc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
358b9a944719a42a80e856009ec9fe00

SHA1
e0c137509934f94760844324f3f32e611f1416eb

SHA256
8c8cd590d16ec212d5724770e0e39f8738bf341eb384b0bb4bf0a847ad7348f2

SHA512
6485925c49c38bc536c7f0426e31c41714ea091ba842a31aa7faa4f22755659953500936133ef06a88766b73b3741b95db77f7b55fc9a1cf2b31820021926147

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
7f30791b9df81305f7678ba8075174d4

SHA1
e539f15fb871165250934c1e64fbbc48737cfeac

SHA256
637be560e173e314ba8e3195ca75d8c80acfa24171d850ba61d53ebff587f0ac

SHA512
ebe1919d0fe784a4c7d222953a7b40366cf9931f1e9e6a16878197bd172e01e3bd2fa42b76b05b999969e5e8c27f1010034139d7727ae7dd037bdaae59329910

Download Submit
C:\WINDOWS\PFRO.log

Filesize
56KB

MD5
568180f343c146f3abace0e80d295277

SHA1
724207b3fb71e27d63cd2a8acdfc86c67ef726d7

SHA256
fca89416c0c6dc7ad8b7d2faa7e0ffa2e5cb7a8a7f73fb0ec24b0dd47f27c1db

SHA512
f6c83d53d37f90efa7323a7b5dc2397ce73b8efa10646deb046f17a4ce5d551ef9974912c2324fa64d6e24b6b20518ff45217cc0501ee737a6f9d8aa1d4fbd6e

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
6c93ece5b2943b06682ac7d456b554eb

SHA1
caf21e3a20afb62d8bbc99a7785ea498c29e29f3

SHA256
21089ca08f053620084879959634ba411ac096dd77e5782e191e7e9c7311462a

SHA512
1dabf7a3937edb93f9262477394ba408bae8d1c008699da6fe296f8067824f6717ca535c04fe8c8806e13a87d99fd534611db38d9ac0b6f927804a19aba66f2b

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
870270b9f39d41a630c24292451729c0

SHA1
a62336cdc54e99d49cdd72b69532bf9f6b391cac

SHA256
84cb05647ed8822e7d3c4ec428c36c869c0c698e8ce826953e167c2f32a22d3a

SHA512
dfc1e6e0ccdf5e603d6bfb8b879e38bb96fc77f01d54f7ca151d7559ebcf7f6919aeaa02a5f01ca703332d9816c341f358e508e6c4e3529108987d0996f35abf

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
e8979f602187ab443219855ebe301e2b

SHA1
afa458bd13b8ca55d18fe186864992579892f689

SHA256
65d1e519bb773beae0a1564d215ba95d939120a2bccc3077c7a46e415adc247f

SHA512
b6e6518f761ee78b168931383226500f675cf261dc32ea2d4e0c85a1d65f009fc6664d6c7c59ec54eb693212d4c481f51e9ab9f46d6682746262e7a2a2d1ff2e

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
f39695efbda5ce6328d41e37a73bebcd

SHA1
9ef867f6c68959b4522a796bd132f5dfa2667cfe

SHA256
ead2653452b473b01f6bf5c933e0cc967f533bf7dab0baf617be6abc27e40051

SHA512
2e8eb1b71a36c37a79f3f9806ceedfdb3dbd163825b3327405b1c4ce947b400cc1d44ceebcc4aa8a79e8366dbf6b793467b44442cefe43143f3a7308a1e85fa3

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
28KB

MD5
7ea3b6220ac88f83dd420f3552e892fe

SHA1
0f0ac8ff6e4a7382f0865b2a0540087c22d98113

SHA256
73fb2268cb7389ec3cba8e0172cfed4cb9c5fc53255314be02753534f10601e6

SHA512
ae6f2a69092908118cc3dec9fa185559ba2b0c05815863b2adb8a01b1abf78ed6ce50c8d52197a3f5ad199186c05e164e1819fec663b6f7a0e311471ee3809e2

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
4.2MB

MD5
b73745a64e5cb624bae4d97ad8ebcc5c

SHA1
1c47b0a4feb98af197324d62abae9f985ecedc00

SHA256
edde34f55aa6fee6b1d77efb2c84d3171ed7607b89e3c9d040cefaa595675df4

SHA512
475fe2aae6808af37e6431be2a80d0c2fe8a8891ac9d827fa5e53aecf289747566617293a4274a76957f55abfeec4d11682e4fba78f9b43a1b950207584af944

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
62KB

MD5
0d599e503eaa14841d23b966aac05dea

SHA1
dff32da53d24a7754720476fd38b0e82b5209cd3

SHA256
fc6b5a3ab8b3782589002337998124369d6ddcac50f0c9bafc3e1f08a7937fd1

SHA512
729e8f79ab6f3e414b6cfd90648310984a9a1b8f6b9d6f2c3d34b44048efe45a33e49cdc9264a9e11589de7aed1c4cb9a818308abf35703c761300c20562b7ab

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
62KB

MD5
94f2e04c63bbb162e37d1de34cc5e9c7

SHA1
848bb13c5eadd832c56b10e218c491f2d11b9d1e

SHA256
dc28559eac1bb340364df9811ca62384ca124c1fc7b2b3e389bb28f18b26d81f

SHA512
53ba347d36f17e0a4a1ef32c16a8018825f099272afb5c13f9b619ea7ef8567c79b16afb074f2ec19640936e066727530ebacfe1020ba21f58108d5ff07956df

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
90KB

MD5
24bc22ecb0a55548d9bd658aa7b3373b

SHA1
3c41ace74d2ebf94ab0614e87bdae2f382fdb25b

SHA256
8d62afb60691f2d68bb40cf38327f2538f30c59560d3388b2b8b2539ace53064

SHA512
7ddc288f882220d64334e71f08b038c75e2d3a4a53769e16113a028595518213045f9ddbbf804c26e68807bdbb6fd0054f3aa1f6700341ea20894d1de3b7bce7

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
81KB

MD5
68119d9bc0f77557805c768008dd13d2

SHA1
1b3a535a3508e571f038d78a554d1424d832a2ee

SHA256
24437462646fa8f8f6994654070d9bc4f8c4966ba3ec662d714d7e7fd944a0e5

SHA512
a5417560f8b730b67bb65d3a06825ae95be0a3c905a39fa8fa0061b7872fffc4219289a769770da3d2ba1e9700561d20b2768972b42f3c5dfe81605c5858ff00

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
5a0b5cb496a5d1168cbbe97a0591dee7

SHA1
569442a6a8a2734195f8a7fd1aa88c9d3c5e137b

SHA256
ba3ec0a2e61381e7c64b4b39e3195c315e832a533a1bb84c5f8f3388736751f0

SHA512
34851bcb778cf4487bcfadce462665ef74a33fa084ea6a0cb70d5f2977daa1a6e1b8605c22739ef5f0c5f41b84767053af9ae2090a2b4d4e6caed61e46becab9

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
60a2f244f44bbedd24fa6c1a7103ae45

SHA1
1ae15216cdf037d9a284c9a09d4ebdd5954b8741

SHA256
15bf7880649ebba8484297741afe9ef4fa0ff2d22ff25de79b314328b7f28466

SHA512
a14e10141ed3b80f67b576f8f3a31400a3efb6483e3c655264058edd5ee997121954cd48011bebcf1e828ea0f376f412f3ac6cb09c0a2610e90cdad4a7b0fbe1

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
48b9cf8e44b4a47496a3717900060c33

SHA1
57d329a966d2032538a6775c1023a8e6dfa17783

SHA256
f3f0d6ffee4ec13767a957b9568d481397c68f04d69dda7a197a010e5f19d63b

SHA512
5548bd6724bd18fea525b5f28c40c70a6f3191c53f0bf26e58e0a57b6c8717151501e3a2c507bddda62eacc711288cba513c9b09e97f34158643bc247e3e44d2

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
5fe53d748033d20c38bc177fd6106099

SHA1
46ff86df205e0c985084f0e1244a3587e4c4d5bb

SHA256
dd1f2f4992d7126a31678efafa218e24cc7cd5c998cd64daf024e4c24aa3af24

SHA512
c00f54975e69474c4332af927ac0583acb46d65ab940dc958242b1d58f1ab2bf71b2ebe63609b27e6ddb126b095628363610600b293a95a9ce0932d612c6e62a

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
97KB

MD5
e6b6bc0ea1a02b6ce4bedf7767f358e8

SHA1
deac93986fc44102ed88d6ddd9d53c85f12ae12f

SHA256
6bd1be0908bc947815badc2c67ac25d8c822a61f85d9c39a31662e8fca161dce

SHA512
a761fc278566b150133830050a987945e40743bdfb6b6157aa5526574bfc657a883224642ea917d0646a31c8a00791331426af9b43737b1fe18e2d0cd7c29070

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
114KB

MD5
cdaed313fd56014880bffe604c5481c6

SHA1
c0e19684e3106cd822732d2c577267990cc16022

SHA256
e1089c54c394b811dd0bff40aa453bff1c188c276e87f9a335c74084b61cf363

SHA512
6ddac31fc5e2dda97b9225349c4c5c5c8a19fcc36236fd4df1958c8d60afa89125a9ebfe9af4459a6e326d33c522d871d87b412aa3b6852be091e187e577f145

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
bffdc997f4633330ee6a4b416b3b9931

SHA1
88af2ca6586c6bc0c21b7fdfedbf2cd06550542a

SHA256
baa068b1d6257c6f7b66662ef684ce4cd85913a2b39729d788f58802b7279aaa

SHA512
464c6187169fc5449e68bc5d89d38b06734b6eb5e45b0504b0fcfce5e58abc939c7894295e68bdf4f53b95ec5aa8042a25a489d753b072ef131d11674c8b9dcd

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.2MB

MD5
c0537b200559faf091d3d72e21239b80

SHA1
93bcf3183f989e1801e185cb8af33e7388c45b5d

SHA256
1a188a4c9761f8045d82f1b3bb6f79d6096ee4644f979e5ba0de4dd1d40f4ac3

SHA512
80c2f56b7f68b049f1ceabf42579cfd021206177341aae596e00225d713ed9ed2bdbc3bd64f353209350a6872a1c87d6ba952f88a9eee515190a9a70e62911be

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
100KB

MD5
e8a649ca6d69f17ff0bed872fdf1d54d

SHA1
d91555c050a40c340a5b6d30016da7c8a4561a18

SHA256
2fe68da77486269a21499ca6ce0cf8dda5aa73e019cb34c89b0b37cbbb71c963

SHA512
491ac4541530b15662a0182293056f06f0dc6a4b750f79c547657601b7a2c587bce926605321857688c73edb0a57bb036017bffdadbb8fa5707e09c5b60ca55b

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
89ecde0352e236675b1d7bf1f59ba987

SHA1
6e93c99aa9a47a7e08a3915d1e692dc552ad3759

SHA256
7322c7fc2916930196d83bc87af12e82ceb539b5faff3a807631fa6e7e7ec1af

SHA512
83b81663aaea35704454f7604537ab5de69379ddcc822d04402165f4a13a5046b8095d55646647f26846d7f3b8ee5c06ae018c134c4720ba17e4abb7b9c34df2

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
128KB

MD5
a8e59e4aa6f68abc03f7dcb74ac96cc7

SHA1
0ca1d182e9555fb8a11fafa4348bdcdea1571889

SHA256
53c63266a082d3958b1b268f5d16e737e75ffc0a125dccb2b6a239b802bbbb38

SHA512
da20cb3dc3f9ca0f0ed192d70efc8c54a31f925860679cc51bab20739639212114f7072314b810cad5d97b27c7b2a2fd09109fadc03901efa2d555d66337903f

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
91KB

MD5
59edaa8988b09e9613d7ba9e993761d7

SHA1
d6c00085351b2c373eef06c1ea323285d005c167

SHA256
83761d73e4371aa9599eaf17ca189e88cc55cef28f31a1df826975eb3c203b6d

SHA512
e84a46dbefaa875032fb1711ba8ad19cb7fb175a48d4efecb51cae5449e41c8a42492953bc2b308d3c8236fe490e1fbc52a2408a3a2c8a46bf4c8f96b917ec1e

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
99KB

MD5
aafde1162cfa2de97b6ec469a9e4f895

SHA1
dc8bd0f115f44c1b087af57614df471667e5a4f7

SHA256
b3b7aa824c7cdb8249fd5776297f8383d87249ef7082f42fd6348686cffeb3a1

SHA512
b29a723b88c4e25a35f37f3470a029532bfd14eadae577c2e61743001cbf2e3313b4ad09f98586627dd7f584828f6408956267208d687aef96b1a5aacf8dc25b

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
100KB

MD5
9a4ad98c74eda68febef5349cbcc7839

SHA1
d8e96a7dc4eef2ef2102d4075bc6be2d592fa273

SHA256
05d2a409fd45bc96ed019baece76d346cf1f90d55255f4881412958d084b3a8f

SHA512
964f0e949eb63c5552ecd027c45e82d2a2e31d63890b8a595dcbbea98197d5f55d4fc8c08a1d75cab3266d70d608c50417c7da2647a271f9fcbcb29f0c7c4e11

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
98KB

MD5
2df100a078cde00506dedc659723a575

SHA1
5562bf29444ffd04114a309e5fd1914270eb783b

SHA256
bcfab740a8c4a94b82254893482a9f66b58ce6e6ed9b6db878a62c23ec3feff8

SHA512
c8bc2fcc0123f553799f1c00d7077ec59966c9cd06c697257fe2d6598f5a8075132fb0f2268e33eac482c23094074bed408575fa363ae3959e0404e711b0ed82

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
80KB

MD5
099697a9959c242006c582447dc2be61

SHA1
d73f7589b7eba84a1812aaa736e7f43b39bf16b3

SHA256
5c7c3ac2a36a373cb0c8adf2b3383b01b83f1a9928e804315944cc2b3d909bb7

SHA512
b6e3d1f48311cceb921b5351d0609c6d3a80a126e7cb1f2e9674ae872e57a6861a17dbb5ef6310127c0b995dbcbf6c45cb4104d35cc00b8668967c2d406027d1

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
79KB

MD5
db9b988b78518098eb5b3aa87b799bc8

SHA1
d56674f4072208a2a627517412280015d316690f

SHA256
1e35db87f1d393cc908b1ee2b52944350db69a8a7f1705200d369b8413272add

SHA512
fa5a262c31d165ef3a2a75367e0f9d63c2eead08aeab10d9a3a0ce73c08f324fb7554ea82facdebbee258d4f8dc6231a3a6332bf049fb4c8c6b60491a40fc70d

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
96KB

MD5
993ec028d266ad71d5a9ed7b93b9b8fe

SHA1
18ba2c589e1095531f5a396d6f10af6cc366db27

SHA256
3a0e8bd2d622d85ab75e974ccae81fcb7987e04f26e43f17de02445444c6f8ff

SHA512
9438aa4475e4aca84bcd7eb6f24b0ce7977e5057ba6e803a7996404eb4ecf8a6b17d576a749e1db4d597d51a59e1700392e7c796d72cf2db6ce4f6abd754d5f4

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
c87aa35999db3a8b1963b93771ba80e2

SHA1
cccc0bcb543ddf3f452715c6ffbe6a3706ca682d

SHA256
61e404575e59bda91432e323800d2461656ea84cd1591ca73158c8598b4c49f2

SHA512
92aad575923002b79f5fb420f4fe046081e62b2d795ed00e1466c190ef59ee13b21aa20e40b6a2e600eff6888d6af14614b0cd7f0574f9dab696b79a151f201c

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
d458a97335fd25ae3ffdabfb2132a845

SHA1
b83fb9b3c8781503505514603c9dbf8373fb6ff5

SHA256
c64d3b04a5527ef2133ce8038e05767c1287075dd56d529ab2866648e032a8c2

SHA512
7f96e0bc8fbf7b9bd1b07f63f12f25134dde09a1b0b39d39f05a859805d148d0d0fb8876fdabca5da5b876afccefe1497f71b7342b92cad74395ee24c7da519b

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
72KB

MD5
f90e15c0401080ab6666a063d46524a4

SHA1
d2e7901073e63261e412f49e2bde71b4abf1796b

SHA256
45e4fca3a75388ee8e143e86aed4381b57fa8c3761289c475f49cef318c34dd3

SHA512
fed693cd965372e7a2257efccd252aa90e9e2f095d86d2c8b78f239615b7978a2dcf50a7b4c5bcdcab2eb89e1011edcb35ef5d1565ff4ca9250f5f48c4a7f8fe

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
72KB

MD5
3d32dcdbb11cac82dc3cdb283d8c986a

SHA1
a664b0655cb7d2a8e3060370593240e797276adb

SHA256
9b090b2d7741cf3699caf07b5a68b565e67a7828d28066b76a137295c9190bd8

SHA512
741d86089540591615c17b928be01df827cc0c7b4e3ba24f8134459134828bd2f95376aa3e389210ff8c9a3b69fc7b93c0dbc71f465380eb704366d54b533257

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
100KB

MD5
d39418f387c5bf99637d96ab9b8abcdb

SHA1
5da10499c1256672bde6d08cadc78b915bb42159

SHA256
bb96e964149023a0ec5b977a348f5907366f9e28153e5efa7e7a5c662a8f19a9

SHA512
564e3bf9045efcad539a6889c96444753c1b30d0b8d85b9150be6f70d780accb65dbd4fc180f2038a0ca833d8c84179a595a7f9ff1a66e7530e8c0c6fce0b184

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
91KB

MD5
eca634a738b3eb286a7760ef97bd8c1f

SHA1
51c2c0bbc5dbc990f6cf9f1db4084f5536243b2c

SHA256
a9c066984302b41df92d74a951da9f527c048924f48cd307049af48b654ac92a

SHA512
8af037cfefbe3b13b79d84b7b7ee883f4226a1fe5f7bb6320541aeecae22b9644a339aecdd0ec691398ec39d5861cb90b10e1536f324f2c10887cbc932c66f86

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
99KB

MD5
964b650013c74ece808cd9df7b3edf29

SHA1
22a2f571a0233f75b10d5e0543e7eee98d2a0488

SHA256
d10d1c68711a0e9e7d84427497abad0add0a57b767216acee9e5171476c55709

SHA512
47def65c8e23b3568cb9796ed06cc73513cf4ceb312b708f7de0f4b5e01e378946d82d0afa8d8395a8c182ca885eee9ddd822419f111d1af2cf626ecd7ec185e

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
100KB

MD5
454692c4870deb36a627e73d09e349e5

SHA1
a37e7349df64d0e5de938707575a20fd7539d878

SHA256
be4262d09ae118c4a256bed054e977bfe626fc9f85cfa63e92870a7ed24aebca

SHA512
bbdf0feec64a612a43548e81912ef0c8cf73966b09cae64f0e09f98edb42ab508f78df86424c46ac5480e276b635323287d793aa6354b36b4cc91f08b37209ba

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
98KB

MD5
1c272a2389cffb9f0c4a1aad7a1e2b7c

SHA1
9da6b364da9615d6da596e5a4f170d3d20ad9d69

SHA256
bf2ae3d0bdf548d4e214de3c710182a6b958e4cde76a7b2f7695b91ea92a5fa1

SHA512
25b5d60f2c93db981ef2f93aa8344c617d4c380146d16ecd1eb600026966ad5bb3f0e517954dd1a2756aff4781e7b4c6e4ec794d3eae1a8e8b43277ee053c943

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
80KB

MD5
f4103cec00e317b16b430088c2761638

SHA1
7b792036891028f66fe19a64610787f15ae380f7

SHA256
24b5f649f0f74d23fcf1f5eacbd0612f9a3a2bd1c624d8d563ee6a5a4ae1ab01

SHA512
7f41f535d06d72611d968d6682d3d96a4051f4bd09d32ab511e773913ec0ce9ab172aeb7e90c5e44cb0c3fcff4fa98686b300fc2f470a8ded2beb1696c26bfcf

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
79KB

MD5
e497de6fcc2b9ef5a24a397c35757abf

SHA1
bf072a4cea5f2948772bc244b38c20934737230f

SHA256
84d5a55d2379d279246f4914a88f5baf30e5189bec33aba3575a5bad96a7f08d

SHA512
501d14dccf1d961032ae349dd91374e1c3a30ebc0bbc94ce2f155e3338fe6ff074500ebdadbf1c15ea67ecefc96f0c65b092db71a8333d2a63d3bef3a9c7a1f2

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
96KB

MD5
71e69c110e586b906781db162bd896c2

SHA1
a8c5a4b8c6c0bcbb5022cc0cf0cb72371956f8ca

SHA256
269b439e174491251fb954d5698b4152ef0e27819a9d9e3e9cd7622c064eee91

SHA512
a0074b7a80b7f481b8af008cda060cf3808146db76d36b5ad39b535e21d82ce0dc42f2a9bf1d17aa3133cc4e53b36c2d7b5df5ea8575200f6a4b5c146983ea84

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
a79a2ed5f3c6374ec42780920cfbdf28

SHA1
cbb7f0713021d62095033ae1d2e449b6e02ff80a

SHA256
2f661fcb0c9963abb189d5202bf7db65f83e8e69c055b63884c1196ccf086a08

SHA512
db78f856934b18ea35e9d621a3a14e4c1802eb5d648880f097dee70cb9201a3b545e717f3d707d4e150e9cd8d666b2002a136395194c2570b5a2802466ebc06b

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.6MB

MD5
0464521555ca966692e2a00563d946ed

SHA1
848634891d81884c8e1f94ac8118eb6dd16c80cf

SHA256
e509041d8ce113f8069a1829e0429007c7943e5360878d2878f18854b43c0235

SHA512
5d7ffba81db95e4358cba171bbfa213b05eddb7213c9c2d4311a14b1dd7044cf61dc298cde5538968c9be8b5b74c0d3d1a48d5d9f6cdc1e8f15defab9ce96955

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
94KB

MD5
dfb5274308af4faafb956df6bf246d9b

SHA1
1322e79205758a02375e727899a3dfd52ed86837

SHA256
4036ada65e6395b96fd73ac0485fb2088756e0402c4f025ef9bf2acfe1bc62a3

SHA512
e733a2348ccb452c4baa4c7eb0b3690e25263c0b9086bb4b85d3efed5068eceda8bd1cfe8a31ba294ec5130302173a51cf16176f0371e8b94e7ff551e3d0861c

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
94KB

MD5
dbc429d0ae2ded278c66c169670c2049

SHA1
ba8b1ad40801b89a201cc593a20a037e511257e7

SHA256
1c7ec77e1652250ac25820bc5521db17658ff3aa2357af143914c8148780ac41

SHA512
c4c90ba007ef343a1f28775859233d8bf504bb2d287eb17d6fab86b6fa16eccdeded3ea5e5a80b9dc6a4121408926fdfda59fbd6f47efe61d2889e0b22cd3101

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
122KB

MD5
0768bf22c63bcdd948818035c11b4dbc

SHA1
02f5630842d0c72e0680de6a530bdb63b037a7b8

SHA256
da46062240bfabd1d1dfe06e7907d487adf10b284e7276ff73ce2fc641b7f049

SHA512
cf8877d8bab841155927d150f074b9f874bcdefbd873045263eb6478df3269f63d17df8d3d79f0171fc6a1b21aa8201ace57ff484820c6912295400d1e3323d3

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
112KB

MD5
77243e0ad9d0700ba23cbba7baf5838f

SHA1
209247fe3cca5960af6ceb732b0d9f762d089dc9

SHA256
927e59db1765d732adab858a00ed33a782e885e8c6e3690a9b9ad1eaf11c38b6

SHA512
74a91b8a15061189c9f933378f01a39be71a1cc7c080eb2ba9abd33bb72d623b06d51fb3f0808b0be55a297bca64d9b93503e67efd296a1732d31e4456b0bdaa

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
121KB

MD5
fd22f3ea74b9e0e68f952f9564755e54

SHA1
4ea52e14c4440fa61d6da19ba172939ef955b2ae

SHA256
1a20b25f9c0ef8f799372362f8d41725bb0bc4c6555c2264f4639ebce654a647

SHA512
a8e8f6ab3bde96c096702e5557d09dc1b43a1b6184c79e1e735d243ef42f07374b4b412f7cb22e3c1dc08574efaec472536f2ea48217ff6957b512a9c275ea52

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
122KB

MD5
c5a67115b4293e8eac7c899e8ddd0d87

SHA1
3972c3934cbefada8de276987a50b4cccc8c05a0

SHA256
ba767191297e181a8b7e51dbeb4116ce77e6bf134dac8f8be308c5acd6089d26

SHA512
481bc57560a6e708e229ed0b850b07c29504cca9784f0638cbf47f5f0cee42e2c6111ddb7353132f6834fc3181dbec4d664c2a999de341b0a414f38f44dac44c

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
120KB

MD5
59f2da688e59ff98bda052e759ed8de5

SHA1
ba23359c9e0b323d8331f360d1df90123f13cd4e

SHA256
60ac1433a31ca541ef816221df2d560f2d31f3b0b2c98957816d36310f70fa09

SHA512
1264ce6486603e526ef96e6c8ec7efd453bba0bd9891a874b42e47d8fe3a7454f93f5b4cfec6dc266e002453adc847e4244026d48fccb5cbf90c695839436a5b

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
102KB

MD5
66fa376840ac9f1770bcc3dd3a7793c6

SHA1
f1c3807f267b4bd8d47e7f0604da930b9849aecf

SHA256
3c151438cb9a09f2d7920cbf1197d4d1fb5bee14914a21166bd362ec9db881da

SHA512
2fd96e7b71cfffa00fc361820086bcae17b48efdcd80e4c3082d14782a900da6f137ea037e1accf6728af9f177db9b028ac7dacbfbc10b3d4876f90db06e3e6a

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
101KB

MD5
7a17379d762bd479afb71e9fc0188ddf

SHA1
538396f3879b945e921bda245d66b9df55de79b0

SHA256
a7b425a9157bbce64a426e3bc7bdb0c759b17f38e584c48e0558a6c52d9f8a95

SHA512
aae45f68b86dff141328099aa2f57cc15d17c794b8e37d4f136761e7762211850f23bf6b5b4be0122d3f3697346e7f6f5098241b8954b67c04805b3c94e71ffb

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
118KB

MD5
7f4384007e36f7f09141e8ffeceea5dd

SHA1
65c7739ac443fe6af6a4f1430ee8b552dc1efddc

SHA256
0569943434bb6b0798ab5ffe6ce135c35aa49778540eaf88d8c7d7efdf102e73

SHA512
84345ec68f3d041368fcf60d49e4a6e7a4a136c018d498ba47a1e150bc4a3774b4a892b19c4956c3436293666ab51b3a38794bcd53285c0511290ca24d88b2f4

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
81e067577563a68ee55dae870e067f1a

SHA1
9458d6814f62d163f8b2d63e2ce5c485526fa483

SHA256
e8c7ff98971bf8fe96011a708ebf75d6d74fb1bdf1363908289ecfb145ba4ea9

SHA512
735715b1a57d5bf06e1e2dbe38e345a4524d809a8e2abb1202fb45ed3322fc0ab0d210f04dd0b7d9eb8103a9613e1529558a8687ceac9848416ee9f901ed710d

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
193KB

MD5
01fc21636b2a2fee1eb30533f079861b

SHA1
0b856e150ad934c73a0cb1e89b141b116b6fe9f5

SHA256
2a43f178025f0a87969ea890c75e94e219870147a2edeba5a1540304d8346b5e

SHA512
85cbf95a17e8fd31ee528d00644624fe5d77e78712283e5395276a90fa04139ed82cdc45870b13c24affee5906318129d600272acaba67ea395bc241c38d6030

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
45c1b5c2734a842ec268d00bf4b9d9ff

SHA1
3602e10308688821dd1d4070305f86c2f2ace0ff

SHA256
46f9e9d4d5795e86bcf90ee33f37e09b9c12356757be5df469465c48515b9a9a

SHA512
0d92ebace624f4050150b77a83219024b7905e7ef66c83367f1bbad40a4841ef8022b34f12b02ebffec5d18d59009ba413307f0910e6db0b308d374a2f8eff1b

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
f13b1bd76b13bc748ae2038bb3b00c73

SHA1
8dc2274c0ccb24d92a8872329c536f5018ccb3b6

SHA256
e9e39d942cfacc6f2d09d5529d6f112b192dcebfa4d51e836479cd46163da624

SHA512
0d289dce77685ec240314374cbe3f4b4cf8bb9e3e551f8a62b17bfa0996d1f6c63ce956f1cab30e04abada6c3c8fb155ffd1fc2155f5f0dff3d2149f91482b70

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
8302fc5d901254efab0d8d0e43b9ea14

SHA1
f889c55eeeb47a60b4c493b316e2cefcca917ac2

SHA256
432dcb5b2e6a19724f14b5b70a6df57494fc479fa7e61f1b39ad247a5d66016d

SHA512
8cd69e35d878d5efaa7351b69dd5d45b99481968625b190fafe7586d677b1a86ea3d8b74f7258702f16cb2a9d0ff7cdb6b809dcd21d0e36914f8baef3efac06c

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
21d041df02db2933f5c36d7c2b6586da

SHA1
851d274bc55b000903533ff7b45e030c4f0cce1d

SHA256
cc6f03d12df69d73cc30fddbd17e36cf8245f43087bc9c01ca04ab2201b71090

SHA512
2f7e1422e426ab22bc18208084bd15b6e9f0e2bd8bf55937a19c6a78ba738e329facefdfa8389d4f889159a2e1d0559077c28ab9922e00860d49d84dcad42258

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
e8a352db2c8ec35d23c692ccb08c910b

SHA1
954511b97f94347584ffcadc03e7a250f8e88d72

SHA256
9cfcf3935155d024af2d3b9a54f3e8213bdced24fd9afa8d3a84585361783d8f

SHA512
d7dbc5e2fbc72bed6137b60880bbc6c37033acd813656b3905f464be990073f7bf61a1de053f4a2a5424e3c0d9c8ed40a1675bf3ca0bb0040c5205eab0f39855

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
17f6659704dd9bb399562e5ba0a9de8d

SHA1
3fd1ba8d41e2bd30150656742cac558d24cc70c0

SHA256
8d0bd799576510a98764edfd6d109f56b2fbc1804c6a1de938d9dc58f675b75c

SHA512
e42a086543244a68601887f31b0b60fba1c3d2921599e131723edd353920a0736e7ce4ea32904e643fe299089805fd297ac08f0217322c0bc288a3fb34b35b91

Download Submit
C:\exc.exe

Filesize
372KB

MD5
fb4a69e6dc3263e4f25ac9547b353cf7

SHA1
15369757bd99d516ad0b0adb4c534a48faf1415b

SHA256
d9493f42c5dbd27d0b15066d085c2b30109e790d0804ec7cb4a5486db0655eb1

SHA512
86c338f79a13ad47483be113e9c7673d32fda1d1a5d7e39306d8da6c3510aef674f46170ef0199859ee42bc2861a677a30087fe896a317e18b2e293ddb9c68ae

Download Submit
memory/628-1099-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/628-272-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/628-1578-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/628-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1040-1084-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1040-271-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1040-516-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1040-1577-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1040-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download