97f58178bfe012b144e17ffe5213b2417e1b3fc85358f89f435c5998aac38360

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
Size

884KB
MD5

eacb90a2d5dcbac11d4dd90ad9656f04
SHA1

323073226ea8edae68806e532491ce8e9226dfd9
SHA256

97f58178bfe012b144e17ffe5213b2417e1b3fc85358f89f435c5998aac38360
SHA512

fdfafebc84eaf9de6c16ed0ab1ce90d77b5e880e2129577a4e95fa573e4ed9ca208c660a688d6451543fd4dc855a6ff74f65892fea4b0ab0ba8c794d05f59d49
SSDEEP

24576:Bfx2UnwMAmQApVtJiFEgwP+iVDgoNzf37Xj3dXzBZDWxU:ty5mQ7E3FV8Gzf37XbLZDWxU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3556	sethelp.exe

Loads dropped DLL 1 IoCs

pid	Process
3900	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Ec1Vr2\CB5\Mastdet\MASTDET.BPR	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\Prnplot\data.DB	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\ABOUT.CPP	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\CalendarMaker\Main.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Mastdet\dm.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\PRNPLOT.RES	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Prntext\PRNTEXT.BPR	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\CalendarMaker\CalendarMaker.bpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\PrnInForm\PrnInForm.bpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Biolife\dm.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\DM.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\2DTable\dm.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\Main.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\About.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Biolife\BIOLIFE.CPP	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\CalendarMaker.bpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Data\debts.DB	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\RepGrid.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Envelopes\Envelops.res	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\PrnInForm\Main.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\MultiLevelHeader\MultiLevelHeader.bpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Mastdet\MAIN.H	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Biolife\dm.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\AddrLabs\AddrLabs.res	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\Envelopes\Report.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\Main.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Mastdet\dm.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\2DTable\Report.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\MultiLevelHeader\ABOUT.H	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\Rep.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\RepGrid.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\AddAlias.ini	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Biolife\About.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\PrnInForm\Report.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\MultiLevelHeader\Report.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\PrnInForm\Main.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\Rep.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\2DTable\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\Report.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\CalendarMaker\About.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\PrnInForm\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\Table2D.bpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Envelopes\Envelops.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\PrnInForm\PrnInForm.res	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\About.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\DM.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\CalendarMaker\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\AddrLabs\About.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\MultiLevelHeader\Main.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\PrnInForm\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\AddrLabs\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\MultiLevelHeader\Report.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Prntext\Report.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\dm.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\Prntext.res	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\AddrLabs\Main.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\About.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Mastdet\About.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\2DTable\ABOUT.H	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Prnplot\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sethelp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXPLORER.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
892	msedge.exe
892	msedge.exe
1484	identity_helper.exe
1484	identity_helper.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 3556	3900	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	89
PID 3900 wrote to memory of 3556	3900	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	89
PID 3900 wrote to memory of 3556	3900	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	89
PID 3556 wrote to memory of 5012	3556	sethelp.exe	90
PID 3556 wrote to memory of 5012	3556	sethelp.exe	90
PID 3556 wrote to memory of 5012	3556	sethelp.exe	90
PID 2828 wrote to memory of 892	2828	explorer.exe	92
PID 2828 wrote to memory of 892	2828	explorer.exe	92
PID 892 wrote to memory of 2468	892	msedge.exe	94
PID 892 wrote to memory of 2468	892	msedge.exe	94
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2020	892	msedge.exe	95
PID 892 wrote to memory of 2384	892	msedge.exe	96
PID 892 wrote to memory of 2384	892	msedge.exe	96
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97
PID 892 wrote to memory of 4416	892	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3900
- C:\PROGRA~2\Ec1Vr2\sethelp.exe
  C:\PROGRA~2\Ec1Vr2\sethelp.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3556
- - C:\Windows\SysWOW64\EXPLORER.EXE
    EXPLORER.EXE C:\Program Files (x86)\Ec1Vr2\readme.htm
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5012

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Ec1Vr2\ReadMe.htm
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4c4e46f8,0x7fff4c4e4708,0x7fff4c4e4718
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
    3⤵
    PID:4416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:3608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:4112
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
    3⤵
    PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
    3⤵
    PID:1236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
    3⤵
    PID:1980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
    3⤵
    PID:3964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9834133120289807902,1703303535988096043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4428 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Ec1Vr2\addalias.ini

Filesize
59B

MD5
d606321ce7af92eecb9e0e9e5b735ad4

SHA1
b466c07a787cef588f59e3ea180f3acf9671037c

SHA256
85f88dab0de0ad5640854e0e98f972c3376381d9091c3acbf3cb5e14fc1bba25

SHA512
3052ca858064b65bfca58e29ddba77c95cda8ec55c1a61389edc16c41c2ed207c171d98b693b38d572d9d72ba89a64f5c41007c2ac22bda84f2c6d92a6d1f7cc

Download Submit
C:\PROGRA~2\Ec1Vr2\sethelp.ini

Filesize
60B

MD5
2d002ea7e85ba363d27a1715aba80568

SHA1
a0818f0008cb02150424c145a115a71ff8b0e060

SHA256
49a0cb8290fd6ed7f62f8a42e50a59ceb556e62c5386395c4f425d52926230ef

SHA512
3880fe821f2b2b9f1ea44959e0e8934f4f3f88a2d432c3bb0d2df362736a26d567e0347da4dd15368e2bc5f75e2289870834f7eac3079868c6d09fc435ad233b

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\ABOUT.H

Filesize
968B

MD5
f54e36c8d44357ac7a1aba6160ded46e

SHA1
521c986e38e9db4b4e7c53cbb8f56d79115173cf

SHA256
6d0de8d4b914eb9a2920d78da62096acabf7a57da9b939826b6f32bb8b101b14

SHA512
69eb273e7e8cf71ded66238481f788f63e778759d547f60a6474cf54a7bdb05e644e7fdb081ed6a5020da5b949932369d98c7bbdfb6e8deeaf1fc1d77b4186fa

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\About.cpp

Filesize
477B

MD5
26726328b286e76e3f23cba9d96ae9ec

SHA1
a84fe20e5c6c0084ad94bdfab62c2e192ad57edf

SHA256
af2f472c4fdcf8d51a7fd4888847c1adeea667f359f3e2b30b0aceb75949b769

SHA512
cee37d7f8102b62b8d831ec4202d63efa0d81e2012fb048fdcad03917e0547aa120f1dcee06dbfe23685977473662914065ac013fc029252a31caa2c71df4ef9

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\BIOLIFE.RES

Filesize
876B

MD5
80fb7871c9d0ea5254e6d610380c310b

SHA1
33032b33031c467b1c6fb5e8bbf83342a90d707f

SHA256
7dfccc4fdbd99affa893134229b53cfe942142710cc6326f3c975005e0f9b457

SHA512
be20d6ba5717fab4266b5061e2d527cfbe781818e8b2e1db1411c1df285886c2a4f07aaf36a9d5e8f0f075790e8e44ac06dd66c0d9d925f97995c2cf6ac9c7e1

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\About.dfm

Filesize
11KB

MD5
0deaa1348e0d6ad44108589eb3d83157

SHA1
4e7a4bb855d8f79a63f19760f55aa63b61039f97

SHA256
85dd3bf382265daa5a5e680510e69c51664f2d7e4d1350a877fd78dfd3952b08

SHA512
192d597767d0073f6c8e7478e2c72559f1dc1cab33740634c126bb2fc04dcdc979e8713599d8c41534ef9cfd9489c928a1ccc19a3d1705cdde8b3c330d8844af

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\dm.cpp

Filesize
531B

MD5
e0d94901907224fb9dd5376e6300dd62

SHA1
04f41add07b19a7003e78852163db8d382450016

SHA256
8e83655226b6bbfda55f6960dd9b7f83c8ea37361b36b8cadf3d3aedb04b8339

SHA512
4b2d11c16ebcfc63c9a4a4ba0b03ac263ed914da5b784206796bd242a3ea0caf857e88cd46bce349cf45505951bc97616b2d69a601afa0dad1140384827c9009

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\ABOUT.dfm

Filesize
11KB

MD5
910bfa8f16d92bd86d2638098f15f348

SHA1
d65e1a0c27676904f9802e14c09002477d739745

SHA256
1bb070861d7da08cb6342a6e0acc069cc1d46d64c3c80c3e7e8053d0bbedbb86

SHA512
b8b768129c7a5c09a63b0c82d6420cb27cdf8b947d34621089c3edf4b7c56df5eb2a21b1edff6525faf1cbcee93bc6987d97edc049f46534ddd6ea5fcd2eb5a1

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\about.dfm

Filesize
11KB

MD5
9ef65ac16af8f6fffa39657e407e6c9a

SHA1
fed637788acb2ddb986ddc8515ea80272c1daaac

SHA256
b91291ba92cfc7ba925727452c0fa57a726f263feb89cb6df1dfb2b299b58952

SHA512
7a0f8b70fc2d3d537e8957d3dbaa5dd8180b4702ba216b6ba84104d33cded2487fe5689cae6b94df844c714ddae7d6851041d6915670c490ffee774933477728

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\Main.dfm

Filesize
10KB

MD5
2dbbde3d45f9cfd3b6ee8980980f1fe4

SHA1
2ab9e23d5eef34b87742ea210ebbf9ae7eb3b382

SHA256
5ea7119cb455578fec469dc97cf82421e37f3efb15fcb521e8c46ed68724c74e

SHA512
8d0db676a4dca99b6cace5f28071b36dee9fa2bdecce683f07ada6c7764c07f015a8c5b3190cad471d53175c88d51002205f83667e932ee315fa1fb63cca9e09

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\README.TXT

Filesize
565B

MD5
636b8d36bc13ed4e20171d0190d5a510

SHA1
3d174521bc4fed17cdbfb0d723dd5d6ec042750b

SHA256
65c18fcee70c19a3fa079fd35ed94f02a9d452029d46ebf0416e205567b7670b

SHA512
7cdc91b95a76f961a7e32c95afbfe01dc84c262ffb82f275ba29fd201608086dc2bbd8cb0f3a00fa8eedd9014f80275ea5261276dcfbf750255851843e0abe2f

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\Rep.dfm

Filesize
5KB

MD5
8a0f889788b8232e5d59ab34a161187e

SHA1
0cfa4f7afc647c7ae28753dc0a2f04cb4390f25a

SHA256
c5ffbee61929115805fcc38332c2342f20bcfc0f179f727dc1b6e22cd3de2b57

SHA512
73ac72658cb20788a1ad851a89a075a2a6d99b782b4ef1b53da78f97f054558778c986a7251a549528223ffaadefe68415d26fbe066b3ea3da4902935935e995

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\About.dfm

Filesize
11KB

MD5
b359e1399706f099de38b9db798b3d81

SHA1
f4587d3141f3649cd92176265413d8b99874fc4e

SHA256
636f12cc417fffe801d35f04aed3028bf317ee28105e7aa40947375af41a0198

SHA512
8cfec2667ce9de6d021778f67ae882218147d5b77dd4a585f691be4ba2606544f5e5ffabe6b5bf4f4e4dc50a4284785f0d3eaffa9b25769c5304a82c70ea64ff

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\README.TXT

Filesize
529B

MD5
44266472a06f19d22d4772b283b3c419

SHA1
b95b2f56ff0fdf7fe794a11c17f8f6907625a37e

SHA256
9938172311e84d38d6388b2f9da7f0d9892ae4750b55642a3fa8659430bbadbb

SHA512
cda64ae3fb4aeb1a94d456aa0cda9bc2c567eb5061f64afe6652dab9fbfe2aa588df8dda8ffa294ef9348883a88e953bcf872eacb20534c20e3b6f1f54f0deac

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\Rep.dfm

Filesize
4KB

MD5
0f18999bba49fd4ae998bda04ffc5d2d

SHA1
4a730b7aa4fe6ed9fcd4e3ec117cf6e07a8a43d0

SHA256
2f46850c1031ddd5709c8a1285184974e6bca25ac6ac3a581de25c4b808d2929

SHA512
cb8cb1a21525964668c7240ee0ba87b69ea4fe0aa404f0bb377157cd157447e71623b01fd00cb9d93a82c68154b94718f083e060e2a6337b72f8bbfccd78c940

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\About.dfm

Filesize
11KB

MD5
0ee5dd70c8058d412bdeae519eb0391b

SHA1
053899d94a73d358a573990383844d21c19c64ca

SHA256
6243b856c625ea76451ff9d2ec5cd9384b68812e10321b9557436d7a6c1bdb97

SHA512
6df5560fd421f4b89e32af9498a2516fa29d054fa1cdb3d418ffef085c16625d21b0edf4a6b4d49098906c32ceb8e2a728199e6dba8b66baedd523586d07f9d0

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\About.pas

Filesize
450B

MD5
7c54d094199ab373fd893b2708a12746

SHA1
fa8039205447792e2e07f263f74c90f318da50c4

SHA256
20e1e2bd8bb5848c475f3cc9da0b0b5ccc514ae4036719047d352d35a7f70327

SHA512
cfd07a97fe7a57f8b79229618b7a07cdefb0f8437bd525f260cfb2a0147b3f35002053dbedb52ff06ad3877e122e3a6511c72b77a10ad73cc36cfdd74a560f1d

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\Biolife.res

Filesize
1KB

MD5
c4a1e1fec40451f65e347b6dc5a26d98

SHA1
f0f327ba0bc88976d9d81fc8f571db7665372cb1

SHA256
1ebe807b9f1cc705ede0130d112a712718b37b14bdaa7f44b71282657b92b6fe

SHA512
675faf9d9d97705ca1e86e4980f6654b41c4a3031661b451eed7a13f5da9ed0c39ac33e6d615a80436f89e7b386b6d07d1636ec4f4e51265130a46b25009ef32

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\Main.dfm

Filesize
10KB

MD5
1ab09d7fc67689a4035ba3b5bdabf69f

SHA1
40a5b580bbc0f775ebad15cc804db08f58917a7b

SHA256
6b75b0da2d4242a4599b5c6a2dea1c69a54e6d488464cd323839305c692849ba

SHA512
089dde1156336478eac5e146f7be817105a8ba81b1c75fb004f5a9716da247e2aa40202478cabe77323a05231bf676949fb182930022189c7db15aae4e70d5ca

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\README.TXT

Filesize
628B

MD5
37c60d69675bbb97c4b67c10eafb80e5

SHA1
9aac9296ed58f84c8796f9b6955a30bbd783193b

SHA256
92ef35235be9f1af4089e3aff7f4c9940b6edc5d3efd928841558b61e274bd8b

SHA512
292f2cee593b6d5dd6c2fc285b77f83a2d7477c09723e8feb278160204017ba298fd3989feb2cfc62f63dcc72262b421a6e26e9a386e2b1df08189aa1eb381a9

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\Rep.dfm

Filesize
11KB

MD5
5751cb9ba04a8df18d5c0b6f8eb664fb

SHA1
b166eab64f504397e87f1c33623100459810b7d5

SHA256
69b0d009abaa91489b1c4fccfde07a734c3f44e6246a351583c2149959549fab

SHA512
5fd24414d3ae691e0c2ae3001389d2f657d741ef5a8f9194331b41c62487fe4721d8e73f550c7aa57570a3bd64eb3f1d6021a8493b3e1a2a3841fb0e9c7201fe

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\CalendarMaker\README.TXT

Filesize
772B

MD5
6bb02316485e84f9ef652a82524dffd1

SHA1
000bf6670be555c6e8e7a3990481e581a30cbc02

SHA256
08ed01dd69f830bcb5c7131f595a08a7cd61a286d51408ac92d157184773aa30

SHA512
e13e83300c98ce0b54fcbb187caf41f57cb0400df0f8d0ade932f2c9880353e3f0673cfbcd8133a3e99a4a75f7df86cc0ac197e83e724da048e56819a2dda342

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Envelopes\About.dfm

Filesize
11KB

MD5
5e6a3aec63351018f1165d3d10f1987d

SHA1
1ade013d074a6951a44bed157d4343f71ed6fd47

SHA256
738571fec15daaf5b4384623b37f21be2867ee33830c29d1a95ae5b6d562a0f8

SHA512
572e439d60cd33037d6077e51851e6d9e65b0efa1de7ac6b0c06b474eea948b3356f2d7bec33594e4f1d05d8a863d93a1e6351a22e07abcaad528fe90ef3e7d6

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Envelopes\README.TXT

Filesize
568B

MD5
e6fe7414adf8ca74999c9a5b9205e8cc

SHA1
308e4f8c915f45c6aee87c66726f5b0dd1fc9250

SHA256
0bd0dfb0b246ecaff96e6abc7e9c036d2c93bf1c89a8766d9450a07f3b1b171e

SHA512
580ca864daf8c194b69f446a4f78098f70688a4f3ee70267f7b05ef636f7745e386c852d919caf9c7199295d00367aa51c0621848c9ad3c02d62847c7e84c46b

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Envelopes\Rep.dfm

Filesize
5KB

MD5
fea2c7554450c5099f2657c233c8d2bc

SHA1
7290ca48e9742edd3795184bae485f2082e60d2a

SHA256
ef7386cef5582cd8a163d35e44e5d292fec2adc31a307bd4f3474eec9dad93fd

SHA512
69a948ad3f3a1325260ac00855020e3b38a0666416a5c04ddda103f48134e3d6bd8ffa122bfc7f3520d3704908b7650693b3f7ad9edc83fd8b7514abbc02f0c5

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Mastdet\README.TXT

Filesize
671B

MD5
62ffec0325540bd5c926e7c1d48f4469

SHA1
29a6d97e816adf0695f765b70697c43d84f2f1c3

SHA256
74154bad7f785e8d98dc1d8982bbfee5788b9e65278d5e2383cea57dc62c14fd

SHA512
453074149d4fb5a6ff9613ff894aca0cf3b82a417d4b266ceeadd4a6ff9bf68292473140a3a5b1505d55ccf914d5a332d2648ef56898395cc8075e0a572013e6

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\About.dfm

Filesize
11KB

MD5
7d8413a700283571be6ca585f38650cf

SHA1
189aadd666b5f50b55ecd2e65bf7be024704ff73

SHA256
45add276c5a718bb9b8e9c31d86868e6d0fdf9c0d6c459dd0280ec45c3340ed7

SHA512
8d99a46518d2bfee8978e24c8d25de628a0a795f41c75d7b6770141167369876384563b05cfc98a97115f5d19a9dc6e251526894ee005744b04412f1e44fe4c7

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\Main.dfm

Filesize
11KB

MD5
5196eb567196e97bf903ae26985dbc1a

SHA1
485954ab314bd2c0309dca0cb467742346ba7e35

SHA256
5dcb10463e257c4655b42e923a00c5b6ce8f4fb09a8aa81e16b6a8ab3ad86f31

SHA512
5f18b82e954cd242e6c720d83931eb07c530d4547633d0d519b1844b0bd641b678ea33f44b6510319eebad91a2e45c0abdb23513e4f025da920d9dfe088ed7e2

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\README.TXT

Filesize
547B

MD5
3109b5c7590d103342962c1fc324ac09

SHA1
b15c7717f079c36b19ff34f093f761c22469844c

SHA256
1dc80191ef94381dfdabe66709c8b83e14f4ae240fcfb18a57b6df064e733060

SHA512
00ee2193730dcdcd0bbf4798caf59d728317c10b0df2190a41463475b8431833094780b6c5746bcbca814a0a16b48cb9a4213a66383d182c28b96794226c34bf

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\Rep.dfm

Filesize
14KB

MD5
f3e7ce6ae48e6bd1311d90e2b36275be

SHA1
6f20475a4da0a7b9fb3a1b513219a34c830c25ba

SHA256
ccb842d3259f1aca6459e8b43f7e73ac388d7c7b5490700a477a8f4a3c8f250c

SHA512
64bb0a935d7e1e4012a1b03cee310600224f346106d40feb0a5df2dcafb6d4853daa96b77d6bfb7d904d857b67be1c463700dafa5bf2dbad44099c15d7f8c637

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\Main.dfm

Filesize
9KB

MD5
b0c1b95ee12e05006b344bb6fc4983c6

SHA1
71ea8ea7e4092c2a81607fb6d9a159ed6a6dcb4d

SHA256
7d3fd6c849b8510d47edc3f420e2556aef45560647cd3ac72fd091909a87e1aa

SHA512
74118c3ce2f84a870f49cf661c7dad1e88e0fdffe22cf64c7508272cf6e8b20915d95cff1d270c4cb087b7249a378bf270f5c47bef7e46773a7c1cb9c3e82a91

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\README.TXT

Filesize
606B

MD5
77b18a849cb5c632f05b157de5068314

SHA1
c03b2b21f5d9267bddaf158a7e7fa08c02b20ef0

SHA256
da6098aada3ee557b24eb13d42e34bf2f917c395190e5e2b03df72b69e969356

SHA512
adb61c92d9e71d1de8c0b638d1045f8fbe84877e0dada37d2d580e843fd7bd0ab2dd7c2528cdeb1b60736edf02b50bd9d07d1d6532bce1eca6513b2cdbdde7af

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\Rep.dfm

Filesize
60KB

MD5
ebb0e422ee47fb243bc4851cfb0da49b

SHA1
9bc580ad1cda82500de43906b6167c1e1bcc5ae8

SHA256
fd1a5f00555f39621c13d2379df15763a66b60931ee89f9ca85adf0df6619d83

SHA512
54ed9d85c274067347094500d95a71c144a4306c4955cb6b592dde8379510f45e8103f3eac6ee33a63c9bfc995e57473e290822f34ac8cdc22cade990d08b2b7

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\Main.dfm

Filesize
9KB

MD5
89962c5845bb2692b4b138ad2507c763

SHA1
bfe28e9d0cdc98c1314603f959f3fcd322abbc79

SHA256
d92a0f75b5e8265f118bac7f4418276bc85e5de667799a3b8a7c6fe17af5a09e

SHA512
5d317f120d52ad09aeed47461e020ae3552baf020479899e1ed377c650d5a42b187554ae37b6540a1b01a148cee913f3db089599214f6f4ecc662f14cf7a4773

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\README.TXT

Filesize
514B

MD5
a3ce61db9d113a60e3da29b345d42dd3

SHA1
e42ed60d33635076b29ed21e7056faf05b54ada4

SHA256
e5b62ff0ea6e206e1f448e9de7c2e300252c8e22b4bab995d067746c06cb08db

SHA512
02e2d9138b481f8402bf7571ce9c841d18a4cd1d4956405d710650b4c7759d6781a938007c2f861eb7caf9ccb8d0de79bcca79ec90867065cce6686744419f13

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\Rep.dfm

Filesize
12KB

MD5
0c839796edd44fd53885219f583a7cfb

SHA1
b80ce1214eb109a1900507fbcb10fa06dc3ec237

SHA256
d18c0c7f7b43c1388179c23e471c212ceb2fe5ce564f573175356f93c7ecdad6

SHA512
1fe51ee25ada665b3c41d8384bc9fc7fa48092f6305d0e7f80b007650e74feffdd2559a36f70b040ae759b89dd14bfda2a17828a4ab6531ceb3ebb023d87f353

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\Main.dfm

Filesize
10KB

MD5
e6dfb8e3ae855623512727631e284570

SHA1
c372d98d328a824904913e97ba01af1a117b3e69

SHA256
1b1dc9c4e8178ee53f8617ab0e3b5c1dd777a10391b2425a9ffe91a8fed59e4e

SHA512
971d992f4a149afbf4c1205a1047b15c846667b37a4b6e0c06c9c74e7d55d936ce38c16a44a8ee76fad2e091d929446ffa4d823bf0ee79a4cb0810df8504f503

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\README.TXT

Filesize
530B

MD5
71d6225c27f5f02f6459f83d60a984b1

SHA1
86b4c919c48454cdaefabbda44b71061cc322a37

SHA256
c032bc7741d7825dc34c19829796671573236ff9a5c43c32a36d0bb9f1190c22

SHA512
4b86e010ea6fd2b5f65fd5ef0567a185628c91ed75a90a958cfb4eaf4961a01b515c7f20acdd5b02bea25dae7693b59cde52c0b19b7cc0d45b3ac73da4feefee

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\Rep.dfm

Filesize
3KB

MD5
f6e03e70e99b7c1e2b538c10d008f4a5

SHA1
f8ccd90f7ef4094d7ae64ff7000a96cfa251d667

SHA256
f09c6412f08824b4e2880394e064784512815d741db5a40b6db91274bb8b043a

SHA512
ba7b1d903856627f5c91af96d1a71d2ce429fc413cb87224626f0a503ce235443898ba20839106ab3eaf49293c5f09fc15a7a90cb7aa7d03960caca1081c20f2

Download Submit
C:\Program Files (x86)\Ec1Vr2\ReadMe.htm

Filesize
5KB

MD5
f4fdb04f34472f36150558ab12eddc30

SHA1
8351313e3066f32635ff7b9f8dfcdc46aa0a40a6

SHA256
cb9ddf78dc320b9887697d3648f63c6102d24035ddaac1edda49ca203ee38f8d

SHA512
d75f0d419f84fdfc0e15dc96f09cae8034ffdcc63481a90a305732a4556d6312cce5c58f4d49be833f45468c87f1c008a3eabd9a6d3e224571d1cf70c1009aa8

Download Submit
C:\Program Files (x86)\Ec1Vr2\Sethelp.exe

Filesize
199KB

MD5
c3ea6fd6c7582fff36dff4cf7bc7bccf

SHA1
17a1143e61792b83a207ff4237afc2d51c19001c

SHA256
b414a3e2f7a08a22bb335d7a41d8d37152edf0df60448aa4b7c163f3f7cdf190

SHA512
7f4ef95f44669de592d080b32da1f2c7a4278f4ce7b1ef3c2486c399f97ee982efdd5ef748bbe3096d030bef504f84843fcd1a3e2d90504ec501fa07b0780850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9305a36f-3df0-40a0-b7c1-bd0fafccef27.tmp

Filesize
5KB

MD5
a0796d7417833589fdce13ec989c03bd

SHA1
fed1ed93a81a94eccb638e5e57a927120ac3573a

SHA256
b81eca596760d06a87faf4147262b47562e36d5766b4ef9d470376cf1ddd9af0

SHA512
626cf54f45376b1032f046842e9ff8c42cd0875911cd507d8ba15e6076fc0e1fba4c190022bb54fd0c0c17b64d1fa6fdfa6eb64a13b94a0512b91546760c0214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae7bf348702d24faed3a4eb142ca852b

SHA1
373cb08894dc7865b3224d3fdeea80da003bc25c

SHA256
4ccb2a2fdbe2cf00d5f2f7cc0b1d954550c5435864cf81d20b2035db6c9b0017

SHA512
9e2fccc8ca456d69d7a489422da2704b732460d05b68bce40bf854d31cd621296892b9157793dd4fdc9a191d14d3bfa42505e76c00d6e99cc3342d51d046b0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
330b3bcf10da895f02778ea0d8b7ea81

SHA1
32ab2f9fea25933a2b64611323980bfa0f3c392b

SHA256
d984c21b14b41caeec455a781702f45e72de882b97970d3805cc467788c7a7ba

SHA512
9c3045fb191ee5deba20287dfbf8a89fc600e67273294fe4c19cd39b913447dbdb9e908eb2d6ff7ba71bc45e4a56f508d7c246c9765604fadb096f05cec95d02

Download Submit
C:\ginstall.dll

Filesize
53KB

MD5
909d7cbc60915bb280dde2c706f86ae4

SHA1
25f1fa3ebdf435e809439cb8bf8badeac23e35fb

SHA256
0b76cc6506a41bc34a054aa55581e7e6e982f630a100967a9d2f00ca631f3a37

SHA512
c53bcc10874cc50176638da822d074f025435d4beba1393259b45b8955f1f1d0a8557cc13210de8477ee7d3b13ababfd1e29fa5ab4b5178fac35438389a1fd8b

Download Submit
C:\temp\License.txt

Filesize
580B

MD5
a601cac3942f65f260ed053491460225

SHA1
cc6d1b2693ec9514e59315759e7089b9649cb8d9

SHA256
1d4149efe65294b4ace63e426da9c4c9af94b92c34ee7e86f52fa7cba2038a72

SHA512
aa5bcf4bad5e9c8193b555f28fe65669e3ac137241e5fe7c76c603509748123d166a048a93a09d17406cf1e51b3822a643ba81fd63aea42e0a22889665e6b1bc

Download Submit
C:\temp\VR.BMP

Filesize
10KB

MD5
449c3cc681c8c52806c42640d7f7a82a

SHA1
6e8aaa77799873c63592264e5af49d5ea944029c

SHA256
adb8aee628b0da5e93f649024faf6c5657ed3aa544be2e35ca41404d0a887c0b

SHA512
bbb1bde6900ec956393cc17d47cbaab1e6dcccf913351c6ae69e7b823b160e7511dfbeba4a984c8326c77e29a8c3027d04d78af8cb6668b1d17926b0b2dd5322

Download Submit
memory/3556-853-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3556-868-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download