39d380818d0dd12fa07390336c054e3ea386a25b0b13dae8575c3891b6827e2a

Analysis

max time kernel
148s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
Size

56KB
MD5

04ed680c2a506e88b9358cfb1519afcc
SHA1

f47ee44d3119fcf486549ebfe737ac8476140512
SHA256

69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e
SHA512

82c5dfceac3109fd309dc7392993b1280280c9c0dcb2b6460126a408ce4b3d1c0f154405bca59b77aaeb953cb148cea664e63b31f3bfe7e3c44bff55c8cc74db
SSDEEP

768:MXUs1ZmxDMmje2mxDMm+STZ5UW0Z080t0M04E7c:MEsyxfkxft5wc

Score

8^/10

discovery upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe

Executes dropped EXE 1 IoCs

pid	Process
700	exc.exe

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000900000002346c-4.dat	upx
behavioral2/memory/700-7-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/700-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000100000001daec-28.dat	upx
behavioral2/files/0x000100000001daeb-23.dat	upx
behavioral2/files/0x000100000000aee7-19.dat	upx
behavioral2/files/0x0003000000016222-16.dat	upx
behavioral2/files/0x000300000001d8bb-13.dat	upx
behavioral2/files/0x000300000001e7be-41.dat	upx
behavioral2/files/0x000800000001e669-44.dat	upx
behavioral2/files/0x000600000001e068-52.dat	upx
behavioral2/files/0x000300000001e7c3-67.dat	upx
behavioral2/files/0x000300000001e7c2-65.dat	upx
behavioral2/files/0x000300000001e7c1-62.dat	upx
behavioral2/files/0x000300000001e7c4-70.dat	upx
behavioral2/files/0x000300000001e7c9-83.dat	upx
behavioral2/files/0x000300000001e7c8-80.dat	upx
behavioral2/files/0x000500000001e6f6-99.dat	upx
behavioral2/files/0x000600000001e6f3-91.dat	upx
behavioral2/files/0x000700000001e6f1-88.dat	upx
behavioral2/files/0x000300000001e89b-152.dat	upx
behavioral2/files/0x000300000001e8f0-190.dat	upx
behavioral2/files/0x000300000001e8f1-194.dat	upx
behavioral2/files/0x000300000001e8f2-215.dat	upx
behavioral2/files/0x000300000001e89d-209.dat	upx
behavioral2/files/0x000300000001e8ee-184.dat	upx
behavioral2/files/0x000300000001e8ed-180.dat	upx
behavioral2/files/0x000300000001e8eb-173.dat	upx
behavioral2/files/0x000300000001e8e9-167.dat	upx
behavioral2/files/0x000300000001e8e7-161.dat	upx
behavioral2/files/0x000600000001e870-146.dat	upx
behavioral2/files/0x000700000001e86e-140.dat	upx
behavioral2/files/0x000400000001e86b-134.dat	upx
behavioral2/files/0x000600000001e869-128.dat	upx
behavioral2/files/0x000700000001e76a-117.dat	upx
behavioral2/files/0x000500000001e71e-115.dat	upx
behavioral2/files/0x000400000001e71d-113.dat	upx
behavioral2/files/0x000600000001e6fe-111.dat	upx
behavioral2/memory/700-274-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/700-1234-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/700-1777-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\sqlwoa.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\davclnt.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\KBDNE.DLL	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\KBDNO1.DLL	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\networkhelper.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\RpcNs4.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\sfc.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\updatepolicy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WordBreakers.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\dsauth.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\newdev.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\rtmpltfm.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\threadpoolwinrt.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\pngfilt.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\RADCUI.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Web.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDIC.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\sbe.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\altspace.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\kbd106n.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDUSR.DLL	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\RpcRtRemote.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\spopk.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\altspace.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\dimsjob.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\dusmapi.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\KBDDIV2.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\odbcconf.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\tpm.msc	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\Windows.Web.Http.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.Analysis.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\cmdial32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\GameChatTranscription.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDSYR2.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KeyCredMgr.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MSAJApi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msvcirt.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\rdvgogl32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wlidcredprov.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\CastingShellExt.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Query.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\srpapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\cfmifsproxy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dssenh.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\scesrv.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\DialogBlockerProc.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\KBDIULAT.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\mdminst.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\atlthunk.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\CredProvDataModel.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\diskperf.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\hcproviders.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\icsunattend.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\joinutil.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\riched32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\SysWOW64\tpm.msc	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\osuninst.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\notepad.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\Professional.xml	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\hh.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File created	C:\WINDOWS\winhlp32.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\write.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File created	C:\WINDOWS\bfsvc.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\explorer.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\twain_32.dll	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File created	C:\WINDOWS\splwow64.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File opened for modification	C:\WINDOWS\system.ini	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\PFRO.log	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\HelpPane.exe	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\mib.bin	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File opened for modification	C:\WINDOWS\win.ini	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
File created	C:\WINDOWS\WMSysPr9.prx	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	exc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
3748	msedge.exe
3748	msedge.exe
2292	msedge.exe
2292	msedge.exe
316	identity_helper.exe
316	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 700	3340	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe	84
PID 3340 wrote to memory of 700	3340	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe	84
PID 3340 wrote to memory of 700	3340	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe	84
PID 3340 wrote to memory of 2320	3340	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe	101
PID 3340 wrote to memory of 2320	3340	69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe	101
PID 700 wrote to memory of 2292	700	exc.exe	102
PID 700 wrote to memory of 2292	700	exc.exe	102
PID 2320 wrote to memory of 1936	2320	msedge.exe	103
PID 2320 wrote to memory of 1936	2320	msedge.exe	103
PID 2292 wrote to memory of 3560	2292	msedge.exe	104
PID 2292 wrote to memory of 3560	2292	msedge.exe	104
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 4928	2292	msedge.exe	105
PID 2292 wrote to memory of 3748	2292	msedge.exe	106
PID 2292 wrote to memory of 3748	2292	msedge.exe	106
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118
PID 2320 wrote to memory of 2272	2320	msedge.exe	118

C:\Users\Admin\AppData\Local\Temp\69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe
"C:\Users\Admin\AppData\Local\Temp\69fdb37330ae6075d1fc20959c891559406a8478cd602799347bfa75ec11bd2e.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3340
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffec06f46f8,0x7ffec06f4708,0x7ffec06f4718
      4⤵
      PID:3560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
      4⤵
      PID:4928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
      4⤵
      PID:3528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:3964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:2752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
      4⤵
      PID:1500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
      4⤵
      PID:532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
      4⤵
      PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5744 /prefetch:8
      4⤵
      PID:2272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
      4⤵
      PID:4548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
      4⤵
      PID:2156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
      4⤵
      PID:1340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
      4⤵
      PID:5960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
      4⤵
      PID:5968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
      4⤵
      PID:2944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
      4⤵
      PID:1692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
      4⤵
      PID:5944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
      4⤵
      PID:5952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8833461384854312941,5746885310349887412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
      4⤵
      PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
    3⤵
    PID:5988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec06f46f8,0x7ffec06f4708,0x7ffec06f4718
      4⤵
      PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec06f46f8,0x7ffec06f4708,0x7ffec06f4718
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7505984830855129981,14691409096330791434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7505984830855129981,14691409096330791434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.antispyware.com/
  2⤵
  PID:5884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec06f46f8,0x7ffec06f4708,0x7ffec06f4718
    3⤵
    PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x39c 0x49c
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
0b6f20838c55b52c8ff22888281dc786

SHA1
c8e7af58227c4df65cf1584a0461383fbfe91751

SHA256
cc9d4d4ef7e0e4ab05ac4f9bef80a14b12a57f51c0e2ddbcb22830be88aabedf

SHA512
fe26de45300f8a7849b9bc5abc20ef6498998ca4e72ddc3d7b24654a994185464933c71c4ca22d6750a213691b02dfdf3f930aa0790f814fc6ffe149beb0941c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
f717441df001493991aa85f723297e46

SHA1
276edbae8823c23c42124785cbcb33f527b6a879

SHA256
727a0314109c482c63c1686d8ffdda104b3cb3b00ed594806a6670cdcf54409e

SHA512
a0f6db095b9976f8d3a1013c28993c7e6b307dae294f1e9ae9c42ca33a29e261e4a5a71a3a98845158782f820a84f96df4fa491a7b888de3171059421a2722a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4c3edf4ec4dcbd534622ac9a57739cc5

SHA1
469c38e405dfef74084010e3323f76a7d453aea8

SHA256
4d3eb24090ae8aa1b859daf6820499206ace75d2771fdf09078a42e271bc4650

SHA512
515f7f2b64f98484bfe4715b74e30d1eb9aa52feb5858c37e375d8a982b1c9487e30d11b717735cd455aa987d7b8ca7b17a986b59a615406d95497a83446bfcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e555b6217cd66a8b32da3f7e90634ca

SHA1
c11e6875b6cc874963d01a16e6f3810a429ec8ce

SHA256
0518aee8b3f8a653c73c9138b1a0bede873cda37826993e6eda1792ba21420d4

SHA512
edabec6732fa8b203b67ed4718633fc1426fe1ca49413999b9fdfa218b9806e93a31313800c4571e102f2c1930059ca43b20f87a4632924078d2f64a02a8cfe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
089e0ed0b75bef8daea5539fabfe2346

SHA1
8ca14328070dc6953b8bea758649f4aef293eccc

SHA256
ec2504b675d3919eacdf16735fba32621fad24d6ebc58bedec3530b4adb22a22

SHA512
4f2814ee6f64bc3923a8f4187fb7b46ffed364ef95cf9cebeecd0b07ac7cbcc960635179976cf50a5c8d735abb68c44de61b445b3f9274def7a952bfa49d8532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
945dcc9ace164c69b21b8b9a77275f70

SHA1
3f48c6188a5ac54f34028aeb9a76417aa857b370

SHA256
6e8347f0aa41f50ef654f23bb44b7e7d0a4d2cd22d9441e66058bd37535372ba

SHA512
abd0564c1345c1a0ef33a286c5ec2871a83791e3b6d4d46e98bc91c89d69b3cb4dce09d6919083240e45e5d69aca18d8b634f6a0f42d0aa89ce3e2316001d646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7faeede3931c477c215c52c6421f657

SHA1
a37dedddc310b1556004b14a397905da79a90d26

SHA256
c2d29c1b3cf6057742ff35fdbde718fb86bb8b2fafb4a98a2326fd8bed38fb85

SHA512
fc07259f4be9a1fa18a83bca0c6f9f326be754b60b253f8b0359ba6abd76b55dc881426a8760824c6948f5a35b22314297ec7f91f07b36f839c7778732b1c531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e332.TMP

Filesize
1KB

MD5
688016d6065011ed7b2a20e9250232a5

SHA1
f3e4fcfb43617b504b93eda2dcdd1faee100fbc9

SHA256
db4e77c2bb59822aec2150a84b8731a447c8a5839b6550986d611e7564f24a98

SHA512
bfaa8528467775212d8f0557e8a23d0d2b7d4420e4e478d1ff5dfd75cd40803fe69f4a92804570551ecfa2d78fee4fc020906c7617087c2b0637c2d448f8ce8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
73cdc5de0b1df3161cd4b7fe83e13944

SHA1
b01e70363b705bd04c674bebc98eb2a269d2b5a5

SHA256
1738a66276e2bab6f73e690abdf4237ff99f44e1cc523d6dee5ca4384c9b285f

SHA512
0fa184892c75a6190c99276b70518bf2378af6afb080682337d1296975ff80d2524a819007dbdde43534531bfa93fed389ced825437bb2dba94d3f282901fdf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb7254f39fb6e436c667a24700b7eb16

SHA1
79e98a894bbf013affce7cd67efdb7642c5e25f1

SHA256
7ba367cbcf63ee66c2668a4394ec0278400606c7c53fce3195b73f72f42c57ab

SHA512
27c5a0e2af3f0ee660e43919a3c2e2b7a69cef9b073c606b9235cc739468d5bbef6084b0d5ff7eb6626a9d1a623df38080c6b6cf52ad0dcfafb243449f983a9d

Download Submit
C:\WINDOWS\PFRO.log

Filesize
28KB

MD5
8d426f347d26e1a7065848c4ebb07a54

SHA1
51410492ff0f64b2d2cac218cf2c61b443f3417c

SHA256
3d3d6a94c06ce1a8444a19d5775827559998d5281a35fd92a4b82f27b5eea42c

SHA512
355994e19dd322a7801f8df2044a0752fc981ca21629f16acc4dd9a439b4b98dfed34212b349e8d3f81b47be15b5c2a73182409595c2506b35f670e4ebb4dd3d

Download Submit
C:\WINDOWS\Professional.xml

Filesize
57KB

MD5
59bd4f0a66396762fc2420ddfc174973

SHA1
58ba3370873265b05fa6b204a13aa146445a616b

SHA256
78eff9867ab3ee9daf536b22d17733e3110933784e43a9d9916ed4df7995386b

SHA512
ce2cb75b9fc3c504fa6f0a9968aa661c5dd4dba2e3246b870c46e5c0c921094cf6f00dfb2e9fdf09b4548e38b1a28a627b8447a6f6dc68f12f7ca1bb383389f9

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
9f843d6cd2c761dfe974e3e5562066e5

SHA1
f610b63919183db78bac9f6915b3ed50c6675fc4

SHA256
68991de9f98d502be95e77eff21e038af872d3227dce783c9bd8427bd8c289bf

SHA512
004822d75cd87e9d29c0abc54b5364f682233a73763f8c7f530e6604dca21184f91f02eee71999b329826e24308a87bd94ed3e7241febd1907fe06ce20a54b83

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
48d9f6efff5d5f143d7deabd20189a8f

SHA1
2a9919263031c91623321fae340e78900108c030

SHA256
e0d15479c91fa4f7fbb0320dbd2b17c5da533e22f7a341a76244e80cc1d7e64a

SHA512
8220766c01c236a550ec8210a31c125d6a13c4af6bf8fc8aac2f5a5332e44e244b3d01cc5709bf846d71eb31d52b84d65b622c20c21d921d36ebd32b5deca05a

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
1d56132a97f909192f8dc186d7794ad9

SHA1
fd35d3d7240d823c3e522fc954612ddf2f4a8f18

SHA256
c3ffbbaa2b885d314e1aa39cabd42c49722d7b03687231256fb6f5569374cb61

SHA512
3255e30d98cb0d71cf034a19f9db25cb54f66767083498ccea884b12aaaff31b8505b9d8ce4f264059d27d7c96a10c51e81b211beecc62c292e40595b351987e

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
28KB

MD5
b93d24fa2a3ae0d49fdc000560e36273

SHA1
6352f68705026b10722337d815af7cfdb0083cc2

SHA256
6b3644d7075c0572f40cdd0096c15bd4199d2e0cfade83d529fc3c24c8eaad4d

SHA512
3e261db072a2e5f35b2e453434e3542b80c8a3a46dedf9f47dbadc4be5a7b8f2fe7f467b62578663c3136de93b79e12d41f58fcedd1d738fbfd59da98e6b4c03

Download Submit
C:\WINDOWS\SysWOW64\mfc100.dll

Filesize
4.2MB

MD5
1b0d017f6f56d4d4d8b9b1331e3f351b

SHA1
174b8a0d0bf61e68666d40a134dcab59310e2e9d

SHA256
125fe897f797f44fc99e5afb00e00231d7e175314ca64f7ac22c201a7688a7d5

SHA512
1f0daa22a0ad49d3d306e3d0b29cc5d6c259b212e8b90536dcd8f0c83a2828f3204a7a455e82ba1b8fa39191db493eff581d99ae6727ddb7e54eaf66547eee6d

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
62KB

MD5
231885b6886f7bfe5ffb5d797d3cdd00

SHA1
8b560ed812e3b4668492318edcf6377968ec9603

SHA256
6bffe51b7507028b3701e1b982fc6f73452d1f86dfdc10d292cdda712de5939b

SHA512
5a89e33a523659da7e2ab628aaba03e9dbf7776084ae24845ed36e89d8ad9548a7a28beaa0edecb59adba899ecf7ffd9416cb2226bcaca9eb268947a6fc3263d

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
90KB

MD5
9e45816e26adb8faa987aca9450e6e5d

SHA1
d30c8d8536b55551974430e6ab9feb58a929f2cf

SHA256
3530d68bb59230bfa8840bfb8c3c866ce111124d1d028bd0ee442bc82ad41064

SHA512
0cd3370cd8aad0f485985004af70eab13c1e322ed23bf0062e6b66fe2fa306e3e95ebecac837280fc9e33159c36476f2ecc9393d82c668768a49123e1bf722fe

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
118KB

MD5
a5dadb8e249c75e9594f14338a1b9301

SHA1
88005b9859c2d8b41dfe44037492f5342eb4e73b

SHA256
898ab0e2a6935cb8e437080e26f3446b8bb07a289ecbfda915c6edcf310503c4

SHA512
0742d04a3803de45ed0a597d180c3b8ca318f670f004167ecd257b7c48500d296151bde87e393c1c241063c6dda77dfc4746ffde151d2b41a89a51fbe6e3e12b

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
81KB

MD5
aabfa70e17f9ae55c3c609d8c55870ac

SHA1
e697be81c7960cd7f2fb191cb54611a33d324fa0

SHA256
0cfd8ecf9227d8cc2b3bb6728085041362e630ff989680dec754f8b6fff50850

SHA512
cc8d4f97fe5fbe22b9c59acc5bdaafb1e09647a4bfb5b6ff3ff73642e760c5f4eb203ae6cc9046c789abd20d886e87b06778cd87b974e9085531c0fb768873a7

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
945c335913429e107f6b80ac2ba1b565

SHA1
059976fa0f01393971a7befcace9e6e097b6ee75

SHA256
2889aa0ecd9759da3fbc8900c940bb76f3bab0d3b60b1b91ac6ac41c90cc50fc

SHA512
744b20a46e013c27b7e10bfe88ec26d3e43fdc2d2a4663e00bcda8a7dbfe5f20f133f3662df767f0488888f8f3a0e5f2ade2685648ec5295e81b515d13ed4c64

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
90KB

MD5
7575806ec571edc2b1c5ce77c28a03e0

SHA1
90810c6184f301b8b2cc1101756b6030d689dd79

SHA256
d982e54ce311a699278c0437c629b4c501dfcd7fae7b114c886a58d3dde95bfe

SHA512
4213ccc73c5f07525194f9df80fd6e4d49eace98981cb10595226128d2d0c07ebd48f8d2b06ac4e9e756abd2af0f690f07d5d3dc7a950bbf11448a189b2bcc76

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
69KB

MD5
ef326e30ee5ef02445ea8780f9992047

SHA1
edd09886631ec898963b84574bc84e4b63e3c553

SHA256
b25bc18c84f2b03d8b6463da2433289a70d7e3da3487cbede28ac7395e8fef5e

SHA512
f7faf6d5dd9a49a4ec8e8b7187655c8ccb40655904284cd8f41f635a2278ea86eb0876d042a9bc98441be77819868c2433f2c1f752447e59c9325fd7285c9b8d

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
86KB

MD5
eebc37b221af141c65a73352005e9bc4

SHA1
ea735da1960452d40b11d2bc546f89499b8bd530

SHA256
fae85afb21e01ba17ef5b0a9a8eaf52c809350704d5651b22d13de7f8bea207d

SHA512
bcda409f027ed88972aa84931ab94f598384287028dc0b52770d74f63cd0708d912ffc9fa2b18317cad542492e51ea1ebb3dcbbb311f7fe5ed30786e6df70f36

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.2MB

MD5
6347750bae7d957b590e46945e0eba4f

SHA1
fb005e598eb4be2bc44f9ac8b3a7fe6f3c1d9dd2

SHA256
8fa506eebf8f6a5434fd69aa58fddeb2a043e004172aa0314d50baa40d8096a5

SHA512
610755a3b96322a0435a12381fe23453138781d74b1a89e69c0c34246cbf1600cee9dee31f00ecdc47a1a6a6156fcfe1e53849a600da566e38e20193353554e6

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
72KB

MD5
05bbfa67a836e13cd7cd9456d27fa28b

SHA1
c476281ddc98afa3239ab3f3f0ae9072208d0e0b

SHA256
a8b504bb0031cbd7a71f076be1bc102f10cb92eefcbed3dbd0946fc2875f18fe

SHA512
1fd65c7a10761f4a574a124f1a4ae9e1f4bd23f4a9915e12e870e26969c3fbb60f04bdcaf36323cd59ea76ac2e04c941c1ef3ecfd03ddb2cb01b7c1321595762

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
100KB

MD5
55b2483b6a502e95a6af2de01c348225

SHA1
55d468021a1daf0c43df44063410c04ed7ed5cf3

SHA256
2e26bc637e99f43e24bb65aabdec2bd2157daa0e7560df324b15e4198a52ba06

SHA512
34befd51b46deb1f5fa46aa7a5bb711f374ab426646c98a2ee9c5639e32fbae482fa354336ff7e96407a5f1823685a6ed77226ffc2f37f673674dffad0baf102

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
91KB

MD5
9f57149411900758bc4d90434bcfce06

SHA1
c9d558bdb1aa14f173769580e36eaaf67aef586b

SHA256
82f774e9c40e7b907e350f4829640f9ef63985525ce24deaf730958e07a7679a

SHA512
637d82d1b9d6ea5f00ee7d3276330340bf9ffc0649b3eea60f89e536fa8535868d353f7b799528d5811882805eb86301923d2e7b3ae2266c5c9485eaaee837f6

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
99KB

MD5
a61067448da51a5d2b9593532ce90603

SHA1
0f122ab9b2dec1b77ace4233b0cf656ed2dda57c

SHA256
defd7cc7e6395492f29a37b60548c2c9346c9b2921a1354b2cb96d90d31a4d5b

SHA512
aa1e4eb2d4247961fffb4365fc9d119ab76ff1b8c92a42abb9eab5f64c02624d4988445bcdab8a7a6bb020fb0a7e7b2d8929463f946946a03ce578f4f4326bdb

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
98KB

MD5
ee2f3cfa1351fd4de65d59ea08a9229c

SHA1
cd69f9030428b21d63c8f57ca8c6e04a250650de

SHA256
d8aeb837cfd4e1ae70f8b684e842ac74834f3e91932bbb776980d50ed7223357

SHA512
1383d6b66d4aad1122aa1397ce38ca3121628a88f591f4846a7aa8de8f9555c6824aff92490e7684ef9317708989803ca9bc73e24ffa94dabf6f709ebbf1ebf8

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
654d8fcab26c7709b0ce5f027fcc2948

SHA1
edfffc38f3f848f168f7ad19b9085f700cd6a729

SHA256
d6a6fb797e787bc5c30fa6ec670eecff8871784bdf3947f1f0bb27094a01da33

SHA512
5343787e3b224eac8d58f29bd1b3e19579f538685462fbc0c46c0e82dd6b801f702e9beb36e26dca10c6e0c391d92a42fec8c0751021fa17e869818d0508bb2c

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
d687e9b510e2e1f2d379b9c0be7cb17d

SHA1
546e9a8dcee78ebd49357bd105fbf57caecc8be4

SHA256
da472a2fff9cdb0d3fdccd9e4d5e0693e1d5b2e2248c33b5bd7fa38aa34cac16

SHA512
77f7774af76101cc2ee66adf97973af8b32507db9cc680ca92a37a83ad9a8049824e0f9eb6549730eecd7f0108bb8e23e627f5821420442ab5c649d71f7e48c4

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
3c2f22181b36e7d8e5db37287527d9d8

SHA1
58dfcbf30cda39d7bf215c57b359836bac3d8d71

SHA256
b319d391102b90f90bc40d736d58d7bdfb472b2df28df683b757c02b2fd8a0ec

SHA512
49f4fe493cd33ca06618907ef4d84907df34f8218c9a0acf47b4f1743103572b3df832e401f5c445af1f627e2ce5ace7934640fe88e06fbd5d7ebdf329b52405

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
ba46fd965e15b78390b5ef54aec94e0b

SHA1
42a1cb1db8e99e6c99806dc0021704eadee8746a

SHA256
b8ff5ab0cc00b1cdd877a31da024841464beb394539d6162b3b266ced05f15bd

SHA512
3f41e25f2ded96c6fed6e67ba9bbcbe8bd9b9594d1e4c6989fccf46aef18c051a3da6711bf3a20a0da4ef9cc5eef56c0966dfac632ff44a638200100982d4c28

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
edbc4a5785acc9671b606bafba734835

SHA1
82d9d6b410675e14b57a1bb66ab1b8c0d630fbaa

SHA256
e69f5fb347971c0c7e92b3ed4bc95b018026e246bbd96ad66c143200061d29a9

SHA512
a91877efd5b844d4c4960fcf1e079bde8e481ac3dbd5ad4f7d4651367761012983b05157d1217a612c1b5f135a05b38adc58f95ee5686a2e10583740ad337c99

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
72KB

MD5
b1c83b4571277f8e2b8d9c71e54d1005

SHA1
d2d976af9c9306c10cfbccb585879853158262d5

SHA256
bcd5f8ec320b252e5d8b7fefbe4957790ff18c47ceac0353cf3bc87fe786276e

SHA512
aa0d64dde3c878eb4cdbba313aaf899bcff4d9447164c4ed3d3417daf61c14e6d8d1c380fb9cc0b57789c9072a3e68dff81f9e713893d74b9cf8cc0b1326c1d3

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
72KB

MD5
4a9ab788176c01fa2569b634bc554c59

SHA1
82ba0353790d7f7476e0819fd0301d825f7e7b5a

SHA256
7dd2d416c36b759b01e1b78fadaf24653b5e855158ab5f695d248e6aaf0f3dfd

SHA512
0a4d43950581bb24fae1acdea18dcbebc444ea1a6665b8ea1b6bba64413490390dba4cefe2fbb37c4c2956f5603b0248e487eb36693e7e14e7d50a4db699c5f7

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
100KB

MD5
79fb9012e7d51a0de49a90a89088aeb9

SHA1
64f04ffcaf4b8cfc08d9936f80c5af7b9e34591a

SHA256
3dbc9ddeb7f93aa132eea1bfa4bb82c41c1a4aac62faf88e7f6b681c736bbdd1

SHA512
b9ce3a7fda9c47333be24f1aeee89d2e186ae6a2b950f6c86d0425b87caa7244cee101edddefa3d0bd7beeacccb5293562e54f54de8e74387165c95129cec547

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
91KB

MD5
de8a1068d3e7302707ca81461a07afe0

SHA1
7682359953f833da81edc64c1e6275be8647e336

SHA256
e660cd58800fd19bfde850cabe60b295cdbdf8c85417e410094a5c28774d2919

SHA512
9d8c75e18c6d8eabfe7f71b6f980fdbc45572724b055c554790cb08ea1461814fe3771470cde99067692aa6abe87ac89123e66f29438d0fbe4acdaa6fb8ce26c

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
99KB

MD5
e9bc873c6499b986076aaa300182b8e4

SHA1
29e6edda74e6f253edfb5b49c95c1e4ea7fbf7b8

SHA256
4dad064bfd8fd095d2a7d81abca11d04d1b4479fa93dca1208d7a13995da0ad7

SHA512
47a712f952b6e375f69ef527c3b02b9370a6406080869cbedb867fb4acc9fa7cd57e9a02e13aefd6afce37740c30431d0fceb08de16a70402fe387abfa2a38d9

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
100KB

MD5
9644920b0c4844f769c08bf4d0eba180

SHA1
faafc010aa1ea7d93044b1ae762bbb04ee016190

SHA256
7c7b0021860f297559fd423408afe4f837b81e2a65a2f181cebb84910662dde5

SHA512
681983c8ff54a7472e31b81d81f2278018409c53ac28f4ce6b95759fc934f4ba9268f64cad0cf3da4cbd43bf5aa483b4088b9fc4ddee2c83fba91048764e10ab

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
98KB

MD5
b128d0536f781f7950a04c9d7a2ae3f8

SHA1
c2bd0d9d917edf261bf104275a9ad42780baef17

SHA256
078ce34f061b4c506c258160b4635f3a2bfe1a35bf8c4e632e1cce9bed9ab7b0

SHA512
bb400bfc72f48e1cb95a4b6bad3584f37bf3e63bfcbda24fc046110f5dfcfc28fe4ea6b38c4167dbbec57c52b17c71ee4d54e06f321165ce293ce9d9ca923216

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
80KB

MD5
24b50320ca225e34da842e2e707a960f

SHA1
1bc4d5d668149fb5d33389c29e9d75d7c4aced8d

SHA256
11bd143ffa7d07358c3e030c0aadb44c4b2ac6207099bc59cf5fe7a23344aeb7

SHA512
732880dd4db3757f6cf9800afc4e3093130111e05eda61aa35ad4e93bdec4e457288262b377340b05d6775bc949706060b50ff3644c62a66107e393240e46049

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
79KB

MD5
4d3fe7426a4361895c4840775a968b53

SHA1
2e4827330e2a73bd4d75b55d0723edce47ea8808

SHA256
5bcbef3c5cdf4e2ead0d7f243f3d551454899e2c51603e7710fc9daac55254f2

SHA512
5261abb75695dc6bf9772096cc0161fb159974edfe63d62cf93dd44a771a4e860ec4c737357e8c3783fbcb74d5f42441f33f46cec24cfacd48028dc08a95633d

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
96KB

MD5
79adb5a1276eba0759656fda4f017b3b

SHA1
14dacd1f6fe09ce5780f53af00d0832894de76ac

SHA256
d86cd669615c3d2911f2b07061b2953f34775462f83c02eaa0f05d826cd5154a

SHA512
7a26a7610861078ef0997e76307fa7d6b2efb8454913dd59d47d74e28ae469396ce7c814d45112eece3e9b7d26b1e266171552e53c6b42565c0e9c153c63b35a

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.6MB

MD5
ff81913b4696467e240abe93481c33ee

SHA1
982ff843bf5c6c56c7ff827558b7fbef8758ac35

SHA256
63c9fff2f59cd0effdfd1b96eea59e31a9649617bc423f8e03e8fedf58f70839

SHA512
1fe7f92d539a760667b45a954959dfea13034e18bdfbf4b79c202180664b79e30325612e08ccd577f62ba3e0d58f29e8d61d5b333a8043bf9d02ae42e8020cd6

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
66KB

MD5
ba4acb21dd0e7a60e7b68df2f8b9502f

SHA1
7844d353d9aae50365bfb6855a62cf39bf61e71f

SHA256
a7e1f7f48c6cce2d22d64a17a86b943e43dc988bbf0f666f90b2977b89791330

SHA512
b73b579bbf78d36a5a56c61e4969245f765372eaedd1c24ce5bd443c11d405e68873690898685c2cc17938c0ba8639a9cd0a718b0e7a5f5fa31de7b880838d28

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
66KB

MD5
15fabdc42914444dcd5b89670cf58e62

SHA1
ab1039a34c6593afd33dbe2495fd72b8d19b68d7

SHA256
658df90f9626b9c3be31c1250bb4f4822d50975f4469781348433f6169bb5673

SHA512
fb5e9b33b9ece0d5a066bc302445f35330e9ac70250ba641b655e7b0db127dd15e0337e03b6d7a7ccb286720d377bb34d7ca54a4ee83daa1745fa9dcf0576244

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
94KB

MD5
f39396305178bbce2ff18eb32c7581f6

SHA1
4f99fca46722cc8f6bba5462c4304381156baf1d

SHA256
d27b0f1e51ede433a8d66b2a962f9a19c71406f84be79f898522766aa7b210e5

SHA512
2814c0895a3cf756f40ec546194c84b02a251f6284b3c50c724782ff0a66274ba5b8384682fc33b2c8f83a942729716a4e559135bca85f55b3fd66e12e1b3dc2

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
85KB

MD5
f7fb0b4b335deafae65172393f1943f6

SHA1
4792058fb34d29251756fde540089cece4f0a0df

SHA256
23e11bc05b1d17ad8d19e277dc80f671f89fb3b31db709b550470f25ba509789

SHA512
02021e812ae9b20a785d45158a51ed3b1d35c8baf37cb73efebe3c0aefb68cf7df15d6fb03d4c5dcdaf84b4d515d39923897158633104f4298df7395a13ecf58

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
93KB

MD5
6f481b6dcfa5414d93916b0565e4aef4

SHA1
f24bfd68f6e7c55ac6ad854c9552830e2b6caa1e

SHA256
e1ce3a5206e8c0af731dc94060f13f9435a4626350888054d43a43b58d53ce70

SHA512
e9840741c3f7d70b2683da67767114e8f28e5e496ea66137d2ec4408aea3f5ba9d685f1d61696faf81914a76b8c7683837cbd0a7209b6b2a50ff6cd22a53c64c

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
94KB

MD5
1aa35e5d6993b28f2d116365a0b0ffa9

SHA1
d653a28fa44132763bc690aba11778facac60fb1

SHA256
16ee43e05522932bd2ffe7db4d34a9c227a3ea01fb01634a0bf54a62206da49b

SHA512
786028b0937b0f4d17da13a280c52fafcac1d4c06f2f6b2efb92b5c4af76af2856136ebe54394db28c045b684de3501982d34a4ac9a3e3e242439983b7d66a2b

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
92KB

MD5
97f1935b0aea1fe76cfdffa7440524da

SHA1
0aff65195a9aba5c183e8469e71c2871541240b5

SHA256
0a5edcdefc2c64bcccf6ea64ab46be53e02a02ef3e5c379ee33a4daf56329ab1

SHA512
83c8d9ef5fc027cdc65968739969607c4235007edb8922585ce3c60983c1c3c6575b9e0f92921606d6faf1cf41157aa1532eff4f546a8e02413ceaad3ff297ab

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
74KB

MD5
091877e29a09d9975ab5ad3feeef4dd5

SHA1
a438db053926b0184742dc4d7683314572c1da79

SHA256
d9699499588f79f85a8399572041add4e5286bffd091cbc247eb48b84d417ec3

SHA512
26927b8c0eb5ddbc1d568d1aa8aa2a9d2eefb294e6afb57068131d0bbb409d9062362660b0e57f2b8b745a8ab7eb4bf325d7d619988db849e390ab8e2fd9139a

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
73KB

MD5
37f0ef56414cd7ec98952b82831b8f4b

SHA1
20af329f3c7b67230c3c930489b101038c73dcb4

SHA256
daf6cbf9dc94143e7100d6337f8e1fb889c3037da33861d568f37c225ec6bdd2

SHA512
7fd24a110816de52530e01e97527fc685bd015d416ab33062d10601a47eb5044b060c1f9d5a55aab3c196f21b68f39e9de71aec4d2a7225c7617fbbf56c2e45e

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
90KB

MD5
ade4687437b55d917c1215a217823d80

SHA1
7e52892c067c9492a11295062cbb8c991680f988

SHA256
6da80675aeb3f16262c3e46203990ec00c459a2611e13cb25dc59a09aa7ec9c1

SHA512
565abffe2ab196b9aa7f1ee21ee66c20b6e176a8aa09a4b0d59ae347d5a999c31e9827ea689904ba6097c7f072c3c4d6c2801a6937977d21e271d9fa7edcd1be

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
2d784606baafd28af8d8ecd10efcac5d

SHA1
2862278638702bb6e735dd03cc3f5bf5d9ded154

SHA256
4178020910faee1f958af26d01c7bda33dad9d79f9868e2f15e0f05248b917f4

SHA512
7bacd9966b4429255bc98e9b756e82192f1a805dc2647e8954ebc4e2703697a14bb7b21d96db03c63eb00f0317c669c80ea2197b9b56efe4422ee92231a6b1c6

Download Submit
C:\WINDOWS\SysWOW64\mfcm100.dll

Filesize
107KB

MD5
7ebe6f7918fc4fe6c5db0527d771ef04

SHA1
a77496e9df41dbf1cbe148c87f58b0a8be0fa061

SHA256
8f8233b9dfa96c8dba0f538da5a0d94cddada2c5ec79d525ffbd69603e9a9c57

SHA512
dc27232c4dbc2bc089d2eca186b1ea1c95729e4876f6c8b000aac94d6545da5ef32b96f5816d8801f8162ff241508e1a8d4f563ec44422f506c13ed11c69e07a

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
107KB

MD5
6fb0088eef8ff4e3d044111089ea9de5

SHA1
7f14546862d54ac1e5b807046c6df3759c1df4d3

SHA256
c28987b6fd45f1ef36b526cdfb3079d235c87303e9bfdca888695ca04a8c992a

SHA512
36b6aec2f7b1a30edba0911be06fbe4bffa13678facb9faa0a5d97034c742608980c44d17a55442e440f30b8a5b9ed753201b55a71741ac424aafd5f53acfcc5

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
108KB

MD5
640c61f2059930316960f71f41ca41d2

SHA1
2ec6748f4e3588592bcef33cd844546d8d7527ff

SHA256
40857fe4e6456376ee59d71a8fd81ac27d13f058da059e2adc0ccb806f146051

SHA512
c433b6fa571e98178db028f917328b9e00a42ae0e7dd1c163ab559ac8b9487f47d4b048a96b5db65cd171f74412e93250241d87b67bbd74d874c520777d6f491

Download Submit
C:\WINDOWS\SysWOW64\mfcm110u.dll

Filesize
108KB

MD5
4cff3f329f369e08e54cb7dd17a130f6

SHA1
7afa379688e0e31ac0bb238695a5460b10652696

SHA256
b4e0bfd2cc9624cae056ed54f56178c2a45d97056607c11effee5bdffa39264a

SHA512
16562bb4dd3ac1129aaf943d5f6d225a35ef10f42bd61a2b07ead92edb1eaefa18463b85f5478e0273774dba8bb60767a9cff02251099273f429d9bfcd7c64ea

Download Submit
C:\WINDOWS\SysWOW64\mfcm120.dll

Filesize
108KB

MD5
a6c7132eec8113950d3100a1bd7d72ee

SHA1
be1b14353927b0d302179b202c8a9c442d507225

SHA256
eea40ae0e70f6a86a4706f2ede876e43e0e9887575fc49af2f6e1ca35d25556f

SHA512
7b4aa32901854c6a513643828df8a4774b90fda8d31c1eefbd56a66ba6a91d2bea93b578f03351539847c355236b4136fe22dc465ff5617eeae18897fd962d0f

Download Submit
C:\WINDOWS\SysWOW64\mfcm120u.dll

Filesize
108KB

MD5
dfbe51fb719289a0c2db0daa789afda7

SHA1
37e6c3f68bb0efcfbb66d345b7a8ba220fe23f5d

SHA256
0418819df162f1128c678bc9ad73ffe023a339adeb96c913ad94c40cbf9158bd

SHA512
35ace545f57f6e8edb23345a425c5844355aeecf4463b41c0068841eae701be82460f32c3b29230bf98c37bdb792488a89d6e40c2938358e3246d25356603c2f

Download Submit
C:\WINDOWS\SysWOW64\mfcm140.dll

Filesize
100KB

MD5
d5b6e7c0f51617de27fea5c66df1397c

SHA1
b4b13302328ceb7964d0bfcfa94a42e4c38d80fa

SHA256
2d538e5f2a4f9665235fd6fc49e53b4b8d8c0bba3e92779d1f3b6a2fbb779850

SHA512
6925bfb201c9ac294673d21a55554144631f6ae1f6e7da002381b757f430eb5dd2340de899c317c0f44d6ce73f1e55937139a76735b438413faa8b785d312a1c

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
72b2fc1637f06f8a84244ed3270ac3b6

SHA1
91059c130529e48935e4238bd6b70cffc146cb4e

SHA256
1c3fee6efae6c19a2d33f4b0ff268d475fccb94750554276ce973cdd5f7d299a

SHA512
1be9cf85a548f3006dbabe9714e428d38e2230ffd3bd5f167111cedf87d0a53ba83d45b2bde469d376ada5394114bbfe720e4fafdc5dbb1ca494a6b02537004e

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
28KB

MD5
be3574594c8194fa6955a951f661b690

SHA1
bfba0aa65513baa2cdc57108f9894d64d1a2a29c

SHA256
f5235180592a4b2b2bcd2af16a990524a2a89e3c02db05b63273d45adcccddbe

SHA512
9cf3dd2782957d127f59d0146d87673223f2271d8cb4de032a0873bcd8cf61d5e59ebfc377065233dc9a2b2a9c6ec28afea4ea5745b4fc72b4d0ed973d3900c7

Download Submit
C:\WINDOWS\setupact.log

Filesize
29KB

MD5
45b954b1ff3c544fd0126d678df5e779

SHA1
9da6083150dd463ac9ac8c36496e2c9ad12373be

SHA256
303e20ff04764046fd6867a57bd3ee333fc6376f73e788904f5d85ab359e0679

SHA512
ff28fb29c929d73e6eafafc755398c21e89d7abf8d16f63cdca338ac39e56dd36824b1815619aaa67169727df220d08e161ac8d6eb3356253fcc5f7ce8b267c2

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
c7a89dbee23679d9d6e32bcc514c0408

SHA1
c215e46f435c54b308fdf73042440eedacdce2a7

SHA256
2ededcf0bd068b4e680fb548a7bd639b910fcec9496ece6a5f0a340820c6f3be

SHA512
e776636b2edb6d8760e26776d6d79f3203788991819ed11e8119d6525c23dc51cbc013094362012dacdacda814f27a9d157a55f93a1b645b17461b2ac78bc05d

Download Submit
C:\WINDOWS\system.ini

Filesize
27KB

MD5
4157360e86b2b1d84b6b6665af46fd5a

SHA1
739124736692e4df1c2da4f3845147276cf99632

SHA256
806c3c975f0ce0ccb6291189df4da9dfddb2ca15ba7f63ae9b2709104fd15f3a

SHA512
aec54a26d136cfcd950196c2813f30f61ce816f838124527533d0d8969aa861ea1fe4855b868c98fb758c45947fcb3575f986912753ca300a199b14ec0e8a154

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
ab188bda261755f5208f7850898be10e

SHA1
a28b3195a315bf4e6aabe988ef66b90fd17db5cc

SHA256
00ff99d7c99728507d474f0819e9fb85328624ff35a638da4070f4479c4f78b3

SHA512
b55b7a7bd20a68bb02c4f878c4e9d98550f3e345cb59d4c555f480f5d81f0ce9df26069ced6f60d42d9b149647fa9cd8037773431d67c2e5bf9669f5c827404b

Download Submit
C:\exc.exe

Filesize
28KB

MD5
7c40ef5727951018ae59fb8a23045137

SHA1
2514f09920561c09ec827d2f2a9af33c5be7933d

SHA256
b6376c73f4b9905c266396cf8a1b756329207fdcebf8d15c2f30298fe00280f6

SHA512
d2f115811a9cab41ae5aa52c48a68a2f25f786871abeb8e258c49c74d709054dd441c6b29e5577b708fe946aef4df85ef303816f8530f53b173abe9df74d76d4

Download Submit
memory/700-7-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/700-1234-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/700-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/700-274-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/700-1777-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3340-527-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3340-1776-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3340-1233-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3340-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3340-273-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download