44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46

Analysis

max time kernel
116s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
Size

829KB
MD5

691bf3fc9e4f9c04ad12b2bd3a672700
SHA1

279eca4d93c29ead5a0ea9669e3400f83d5b53db
SHA256

44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46
SHA512

30428df198b2a76beaf37533c4018542cda8dc63fd2cedf1740c002320ed9c747489c68b11f9cd4a6b44631bf6f6b4e4174354dfbc5ef3ff57318ad0d33258f9
SSDEEP

12288:JGGGGGGGGGGGGGE4heZkw/YoGRyAWE7g3KQfAYkzVf10:JGGGGGGGGGGGGGE4gZkw/FGsbZir0

Score

8^/10

discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe

Executes dropped EXE 1 IoCs

pid	Process
2052	exc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Win32.crAcker.A = "C:\\Windows\\system32\\crAcker.exe"	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Win32.crAcker.A = "C:\\Windows\\system32\\crAcker.exe"	exc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\DevDispItemProvider.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\dot3dlg.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\KBDSW.DLL	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\MiracastReceiverExt.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\PaymentMediatorServiceProxy.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PrintWSDAHost.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\ws2help.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\aadtb.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\KBDFR.DLL	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\srumapi.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\glmf32.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ideograf.uce	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\BOOTVID.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\Query.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\dmcmnutils.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\KBDHU1.DLL	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\KBDINTAM.DLL	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\MFWMAAEC.DLL	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\Robocopy.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\timedate.cpl	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\AudioEng.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\ifsutilx.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\mscandui.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\RacEngn.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wsecedit.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\iassam.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\imapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msltus40.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\SyncRes.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\uReFSv1.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\SysWOW64\vccorlib140.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\azman.msc	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\wpnapps.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\WINSRPC.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\d2d1.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\els.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ErrorDetails.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\SysWOW64\msvcp140_atomic_wait.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\odexl32.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\RMActivate_isv.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\AppLockerCSP.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\WMADMOD.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDBASH.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDNO.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\softkbd.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\SysWOW64\vccorlib110.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\VoiceActivationManager.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\bcryptprimitives.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\elshyph.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\ffbroker.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\msrdc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\oleaccrc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\perfctrs.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\TtlsAuth.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wlidres.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\d3dim.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\SysWOW64\comuid.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\PFRO.log	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\system.ini	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File created	C:\WINDOWS\notepad.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\explorer.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\setuperr.log	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\bfsvc.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\hh.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File created	C:\WINDOWS\twain_32.dll	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\winhlp32.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\mib.bin	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\splwow64.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\HelpPane.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\Professional.xml	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\win.ini	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\write.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\write.exe	exc.exe
File opened for modification	C:\WINDOWS\lsasetup.log	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File created	C:\WINDOWS\sysmon.exe	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	exc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
3724	msedge.exe
3724	msedge.exe
1500	msedge.exe
1500	msedge.exe
1820	identity_helper.exe
1820	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2052	1204	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe	81
PID 1204 wrote to memory of 2052	1204	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe	81
PID 1204 wrote to memory of 2052	1204	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe	81
PID 1204 wrote to memory of 1268	1204	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe	92
PID 1204 wrote to memory of 1268	1204	44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe	92
PID 2052 wrote to memory of 1500	2052	exc.exe	93
PID 2052 wrote to memory of 1500	2052	exc.exe	93
PID 1268 wrote to memory of 4144	1268	msedge.exe	94
PID 1268 wrote to memory of 4144	1268	msedge.exe	94
PID 1500 wrote to memory of 2952	1500	msedge.exe	95
PID 1500 wrote to memory of 2952	1500	msedge.exe	95
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2872	1500	msedge.exe	96
PID 1500 wrote to memory of 2208	1500	msedge.exe	97
PID 1500 wrote to memory of 2208	1500	msedge.exe	97
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98
PID 1268 wrote to memory of 2080	1268	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe
"C:\Users\Admin\AppData\Local\Temp\44b3b093b82219c83c92e4fc56f26effc5e97f99977c0cfe3bda2c19057a9c46N.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1204
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xe0,0x104,0x7ff9fe2446f8,0x7ff9fe244708,0x7ff9fe244718
      4⤵
      PID:2952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
      4⤵
      PID:2872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
      4⤵
      PID:4284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:2532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:4220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
      4⤵
      PID:2920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
      4⤵
      PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 /prefetch:8
      4⤵
      PID:2328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
      4⤵
      PID:368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
      4⤵
      PID:4388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
      4⤵
      PID:4788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
      4⤵
      PID:4548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15494398895796646358,17300477898851260994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
      4⤵
      PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fe2446f8,0x7ff9fe244708,0x7ff9fe244718
    3⤵
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13328642426049765415,17742796464166286389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13328642426049765415,17742796464166286389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4a8
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2549ae7e-dd93-4d9a-98e7-29ee6a3c06bd.tmp

Filesize
6KB

MD5
7e10611b2f43cb7c63ffbf255dee43f7

SHA1
40da76cac230b087fdd12f06efc76254684877ae

SHA256
9f84af787b01c5a28d0d9a2bfc7a50959bcf9612a726deabfb32b97fba294e15

SHA512
fc12a9369c22be8fd557a5b101db9609759f48ec28996059093a79150117493dba80d8aa881e14c46ea45d3b5c9fe1df06cbf047328bce4de5622e934e84142f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
13863f60254a2172c0d743f917007645

SHA1
9853507cdf3120f3309a46e9fb2f9e5d5db65611

SHA256
b8dba471a5784c3c83dce3a182c527dae3962feb02990ebddb23c223238a67e1

SHA512
6744ef76d63865e6b11c248c646cfe899f6d67f7970c7cfc20a5e22d4a43411c996e59263989d9c55df4ec7dd50482aa4d3ac5012f8e0a86fa240bcb0a121b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27a608f85c26e4ec029557c35a7942b3

SHA1
70481f247907744200afdb25da33b66e5f828f32

SHA256
58d16d4189519f775d5e207647e59adc0c4f80000609227d974e5625e9b3e5a7

SHA512
3a748f07b028497d8c76ccb0b270d7d7334e82706adc0b8c01e9a3800f794949b6f2c8a3cd2eee5b1e04710de01649f590ec6029d6fcdac7c8a07d37fe677221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4cb187837705ce6d5eb99e50ffdc896e

SHA1
bcae77d854289c65ce43099cf01dcecaef468778

SHA256
3b638a575865546ca670e93e52af76280b691811ae2c26a6863d6a3646bc2e43

SHA512
efbc684d40f41837dd2ae2d2d9f154e2a973eb9d8e79895612d9763bb9f797713698f93aac6a968d732c245c1310ef412ad332a7bc991a6c522aa7659c0070b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d44a6551f418ba50b86a4cf28c7de3c8

SHA1
a1186472a1ef9bd16ae34bbaf0ed9c63e52133cb

SHA256
530a9a18d02f9bf695a3bc142cddfb61b55c4db73610862442fe39cfbcd5bf03

SHA512
36ca152ff73f04bac4aa2bcba47df48611206b26093e7dd2acbb8dbb402a9ced7337b3271f1adfae242c8cea20c50c27e7eed78290eac3580925fc9b48529b21

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
78a3c99eab1054bb57358d3bfd48347a

SHA1
bdc457aa4ecc1c904b2f290e5b3a56c046f2d067

SHA256
4480b8f09ca51482607741ff844f498266744cb991d4c0c92c596120a5fe20d2

SHA512
7b1b656a74bb979589fd84a2505bdd9c758adbbc34a659a4e4889ead04b30f34d203021b8c84d12d4674cc6c89c3e958b6d3475ac06650ceb78cfd53418c60c5

Download Submit
C:\WINDOWS\PFRO.log

Filesize
56KB

MD5
cdc7887f022c89c17b2c93338601ae23

SHA1
88e9da42cbae5677a330374af7131de80e39bb8b

SHA256
f38fce616f93c4c00f69bd042b8cec61355aa5381bc575f96df1ac45f808d1c9

SHA512
5967f5daee94286e0e2956112b67af2275ef1937708bf3992abda5b808591a687e099db53e8ea168c605d008dde12b5c390dbde3804678a2bad4cb19095def26

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
3ecca28d9c4a9a3ed6f160397d46778c

SHA1
aade31014d78c15371f16765309b248a6c9e1360

SHA256
502108b956b61f622cee840c35364795a81b57f4919dcd07b72ea503cca5852f

SHA512
5d2d5ba8c78d94918817e61c708ffdb880ba5e447cda883aa19247b7d71680c1d7f3adccd070c977faf01dce2fcb4b4984fb0d7ce3e16b3406d38fe428d062f2

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
d81ea5c2b7e5acbedb6ba24dfcb8f5ba

SHA1
27959086766d2efd0d94f40e7b921fa16dab7a81

SHA256
37880860ac124fa97aa7762341243cd9a164f2c4fe5fc054992d9a18257f22ff

SHA512
c9b30fc80daeb92a7819e3ea5cb530cd2cdccc49c8fbfee60a2939072f929da6c5b3285dd35a4958f827db1a72a50d48f5186f6435a695baa1ad6899585d55a6

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
188KB

MD5
ca7c6efdb3608b010901460c8ae1b47a

SHA1
6b1ed1a20178a5f13b2902666709cf5c84c57753

SHA256
3381dbcc56baf4d0a284a5cf58996ffe584479c681d7aa768f988ca0f4a0db08

SHA512
335f4c1ab1b17399f974c7676aa385e20b55f810bdcd8e92981f22a70334806eeb9942fc91b9dd9dd83d77052e8eb4bf8894dfc151bf543302a8e5cbbbdc016a

Download Submit
C:\WINDOWS\SysWOW64\crAcker.exe

Filesize
829KB

MD5
3ae5f8157b786dd5a458388689cb05fd

SHA1
f76692220c1fe80f6d50aad09b38d5ccd2a77ec5

SHA256
a3f3e58cf3bbc6333e73a94b04f6460ece7eeaf809e2b0e2fdb25a6e007814fd

SHA512
4a063e90fe6ebaa8ef4ce5115b5ae41468a5a9ba84a701a814f409ab45d726c80c54b9bf5c36c1b09439d11d672fe5dac61b5b452d66d6db40624f5402d87108

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
28KB

MD5
cab8a587f360c3999b83364f7fb91905

SHA1
6eb2c7471380316ac4b98665a676ac971d0fb269

SHA256
9ddd75690f4ce7f5ab4e9f145b6228df48c04ca42f31bf0c51e3d10b32a10b3a

SHA512
8c9660d2dba086f58f4052257b3dacd7cfd2155ace7c593479260f07bc9969e3ab2b8e939f048ead7de9f6ff74efa9bb6b149d631b2e94ccae0a9abd0afc0a00

Download Submit
C:\WINDOWS\SysWOW64\mfc100chs.dll

Filesize
62KB

MD5
5a7ae52104e47c64b1f21297db6bddb2

SHA1
d7c35d11d51081b2a13b8d9936d5b1b7ef4d35bd

SHA256
4c452b1a90acdadaaf95ac3895f4f84ad92f179d1849b13679d8d83e2332c508

SHA512
fe36626925a51fc9bdcb9ccf2b12dde22cfa0e41ce0843acca0d5910baa54f1a6082249dd7ec7d7baab49349f0150bf877544df9bb62f0370a315a687ff3233b

Download Submit
C:\WINDOWS\SysWOW64\mfc100cht.dll

Filesize
62KB

MD5
893689fd66e4fa3cd79f5a9f4e9f1d22

SHA1
b5632414a962eab1ab1dd7c119915264e9148797

SHA256
f52d04e44bdbf87b26d3d4f3b10b7667554228013043df75135247322d3df8a1

SHA512
9dea4cf143af0bb2f91ccca21a451c6c6c352ba0e6f9dc5171131dac6b3aef1f9e01663e0a0f609452c9930b24da0dfb44ea382f527c6f9ad9de69e109dec943

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
90KB

MD5
0a5153c3cfd6212fbdaf69906b2a6a5e

SHA1
3335950d99ebf4af5ead67256b62ad0af0746c13

SHA256
be9fde4d7768830eb2dd7cb9d375efbc97de0b290badffa687922e6fd3980adf

SHA512
68cc025230c7e7b105929b068cb252afce619500fe2db3df2c7ec2a26ea82afe207d6e95526c66b90ff2172164460b2d249f5aa0a714d2c458af15b13369dfd2

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
81KB

MD5
42846bb0a865b96057182c20a1abb991

SHA1
e1d0fbbc589791b1283ddca46312f8f98fcffed1

SHA256
674ec74123d212207e6a44452b6a45870f6216132e0c8735e03fefe81739f71e

SHA512
71375dae033ae6802a1b3ae8c0b393322d246dd92743e60612f50365276c0cf153314f820693c26bc232ca74655038ce83a067945d415f85c35f230c5cda1666

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
386b4081a6823fc6e9c12b2cac68742e

SHA1
7c34242a4e2ef0a3257b910a2f441e960c5542f7

SHA256
85667ec78f692b893e45c051898913301d5db91243a94e8ea07a839491e9f40e

SHA512
be4ecd15cb3d768755f653eb82498802bde6e95e73fb4f621c36a1516b8ae04e0497fd4b84c2df49b1bf06979c2b523411cf0fa530471617bf79aff615c8d421

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
90KB

MD5
855318b44950d95e444cadf2c6a2fbc8

SHA1
16b84247503a08674bc4f5ec4b6d293ba0cf032d

SHA256
e0ab1ae48d688f47159ab89d58257c420229c001f7dbb55cc9d99b8a71895875

SHA512
d1cae681f01b746fbdfa633e0dfd61a076bba98611ad9dfca97d10a14cbbaad1be9592b08b26b7c1491725ff0ded22338758e9597d678f97040590827abd9147

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
88KB

MD5
d5bd9149b1d32c59a5c77dabd89f2578

SHA1
54faf3c0e61e022e3b52d2b9d4f0ee95564ba788

SHA256
b5b0a076b960173cffc73bd77be76cbbb2c310ce0bfe2eb0de4791b442163e70

SHA512
6d1b56e64a8346392d52ce750faf28026f94faf36ce85950eeccbe2f2e8a79c6e4209331c0eee1b5ad554e8a2f71d1ed146b60d78ec4a6763522affae02517d9

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
70KB

MD5
bca7ad56b7631e8d1481ec3a935aec03

SHA1
911b607d2f4f8b0af07183cd26c4ee3955029753

SHA256
fe0b28ea05940bd96b92067e10d242bde3c80624215af2d551b820e150bdff43

SHA512
53497726080f66be3d9da42c618cd93e2b96ce818be6cc7d9b43793e06490158cbef3a3b54bccac1c973e66f443d4d878f0094782359fcd9c114505777561500

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
69KB

MD5
175a29cf4ddc4fd8d5bfadb0d1e90541

SHA1
bab816fd7b4c3dc6239469b90f2ad3222393eed7

SHA256
b90f86fddc661fb75c791b5cd13ea27b46e50afd3287c2b750d6e188367de001

SHA512
96cf06e8358c60f721bceb8bda792d0a8b99e86513e9cb99993a7c21d8c3a903dbf63b0d87ef5d6651b355df322ea4443c5e7fee084f4f8be93beda0a6460260

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
86KB

MD5
aa4cef6d149bb4b5914b0c954304da90

SHA1
a57805902d590071ad2e486e393168b07310a37d

SHA256
832bfcf9ac0b35aa4c08db5a9c5b24a1b3bdca1894fdee9198f63cac502d3039

SHA512
08c3d9f9fc703fa852c59289c68e87eb5c9fedafdd089f13acd3bdf202c76fc708c765f8eeffa0599307afc56687dcc6f4baf6cfb1731c9c56dea7e4998a9165

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
94a521f1e5b375f2865b19e445b18155

SHA1
28e572ad7024994175defa26f06fcc0b76610db8

SHA256
00e925948c6a9fc391429a41a525131b43fd5d103937e6861f88947196d7f8d6

SHA512
482478892915ed1aedffd569232e2917db895817c04a4d1ec52e20f0d902e0939b39cd7b19e1e3b896bd46df6313d7be31fee8296c069cfc8ecea5e9cf9c9855

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
100KB

MD5
b08ddfc41c322dfa8b945296a7885a98

SHA1
602032283d6260003d02a66adca0e52c9fb20ae5

SHA256
da11ea51c99e7e201ceb28affffd2745b127c9279c903bbabd19cd5239b9cc5b

SHA512
5b0fb9f14b3612e925e8ef733acb6f71b05d31ee5fbfce71d85ca14d7ce262a4482ca4e1ad7da5b9ba0f5b6e54ed90ff95452cec9389217aa710f78f24557f58

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
2bfabf948631c1b1cf60dbbfd2e842ed

SHA1
c36b7dff9bc0904e796ceded0b6281b2523b0f85

SHA256
756fd05e01d74381ba6f29e3f2aa0ca1e871fa4601b76d53573c6234dc241e53

SHA512
55b07e76f132a7e7f119803fce368f895166abb08b1989d4ef5f22738b50ac51dd53e1e37426ad5a8aacb839be6ab1f184009e4fedcd4c5f72758c8725ad0ffc

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
100KB

MD5
fc9a6d6c42837e7f4665beff327fa286

SHA1
28b9450f2f9af40f1232c7877b3cb9184ad35724

SHA256
235049adb18b5a84a8b2a7f47e90d15a52d589c00e16668e0408d70790b38df6

SHA512
4121b7e3ec605024da60737522b2c26f6036194b96582b97856cd589397b8b1849c0800d2491ad9018a2e7014c8347eaf7ec2160dfb5c1d4632bb64771fea251

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
91KB

MD5
380e45c97d735f306af8bb61baac49d7

SHA1
52247cf52cbe932ecc1876c4aac6ba373d5937b2

SHA256
6ddd8271edc065cac7ab4a917337ff77fbdf13981de9a734c7f6e84ea51755a7

SHA512
a334ffb8b023ecb8a534ac7efe121945d70baf5228814e97f9ac8b3fb5035d6e04e9fecbcbb07712ff768654c7102b8a5cfe154cab4c7ff34366e47ba3c52f59

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
99KB

MD5
462adc5b00e5c85a1a7c069e642b2ba5

SHA1
d8ae1bc893e2a4a1bf01f36f27fa26ee0dc37410

SHA256
c2b025d7953d3532736df21248b2d98ef3d3b905c6c780ae7b11676e631c5106

SHA512
92ab4e75db59c534bd063a8a82089b68a3844d6280693d8b147d2081c2ddec9eb921531de8a530d5a7625a229ff1f2ad2ee1f79f9507404730d3ebd50e42c050

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
100KB

MD5
c683a4c22b26665e150743b0b1ee6897

SHA1
94302ba78d70a7c987dc3d09c2641b08319e3461

SHA256
a3dcd17291d7ed3412c39b417ef9b2b7f3feea4f950b646200ba51ad0296d371

SHA512
d5f78ce75f81f363d57326abb90de9fd0c9cfc54eec8f36df62182e8255c712fc75c3de8957e58ea0387944532c022ee0b0e37b44411c5a11f804b8361143bcc

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
98KB

MD5
92524c81131cd5969067328a8e82b994

SHA1
19c12132efcc33d9ad15af38bc477588cd8a3053

SHA256
ade5d86f2a1d60ff91fd8a6d67dc680daa462c5e7e936da6b82f14a31e0a82af

SHA512
c98d268609ac7ee6124ceead999c69be2c9d7e8aef708ae8a46d88703990ff800a01bcd77f2f007363af5bded32353aedde1d5e5e1663f895e715034ecdda702

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
80KB

MD5
724d8f3a5ed178b306bb38a2e28730b9

SHA1
9abcda6a7e7c78af1627c970df3219be48ae94fc

SHA256
4ea2170673d34aab0920e34a1b09d18a7bacd7069ecc19cdb164c42c2586f897

SHA512
e160ab597382632014b9bfd84b43fe59eaa5c5a883d512719516f958af010217167c13e96b4e18970a80c6a9a488eb05c171c071b40eab248778418638cf216e

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
79KB

MD5
e61efafcabb7f5cc8258c44f5b5c1912

SHA1
6af63031555f54eec9ee809e7976a185fc51b14d

SHA256
f4c4b01a329660b45037c4650b7ac00e960c588749b64e39a2f7e9012a38172a

SHA512
b1e98dbf64a80dfa20dd8ac7aa692490b5bdd31c4eb6dddfcf6573052d5509bb43010deb010e6915f1f664fbbf02641938a4eb32e662972c0702d52c45658b6c

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
96KB

MD5
cf10f87c61ad5a6f47549fe673c912b6

SHA1
2fb71f02e0f6bab8930572a545e4b68142db85fc

SHA256
1866278942139343a8ab478d31cbc64a2d1c1d02936d31fdb91a742e3c04840f

SHA512
f3f908f74a804638af3e7524b185fb12b30c0a42f5f959ff956f7da7353a009e513d19216f95f7a48cf326730357d3bf1a1fe602cb3c13e1d6c5c1879155902b

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
3d369eb91e87579bec55973bef1f5819

SHA1
ac7fccbb90bd0bb80130d8949ae00008ac206dab

SHA256
fb7dfe1874d1662769a0a9e72a9880e60f96007155090a7043f423feb29c6265

SHA512
8bd11030e90e90cde2805a32e48a4e76d9ab37927c48b07d6f120e40ca3236375b534a51a4dad706625e13a06382e4c3c5ab71fda5e5ad84111f91b455fa0cd1

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
c2b3676323472e4e4a6bb63c74aafd26

SHA1
643a263639c9d66f3b1c0bcb56cadc1a2c54e59a

SHA256
ac626fcd6b9342d412a5d92512200b2089fbd281ffa9de1405d882859cda493b

SHA512
1e128bb451f15c13a46bdeadc9daa696f07266e6c9b3374f7c49665e14d19f15685ed22ee54e5228346f124b23ef67ae56ebda5e8a8d5dbfa854e6e91575f7bf

Download Submit
C:\WINDOWS\SysWOW64\mfc120chs.dll

Filesize
100KB

MD5
c32defaab98004c1ec850ca1b65666f8

SHA1
163bf69f257a191b9e6fa5155167ca6c92482d74

SHA256
273fb819a023d565dc8be9e6cfcecf0b47badcd458091bc0d9d26d7cce198e41

SHA512
8f0530ac6a80bd31837b352108fb0b3ff1838b78a4b5f183a737e663416ce7610ef8f49c313ad03f3a49ed48b2f54e6c3e8d37933e5ec82702082f68445814e7

Download Submit
C:\WINDOWS\SysWOW64\mfc120cht.dll

Filesize
72KB

MD5
543b59b26b0be8836cb52b20ed2a6119

SHA1
fde00fcdf17fd1309aa41ec6674f14bace8088e5

SHA256
c2c59e23a79e93927e40e7b10756628141b48f9e31b5f1b05a5cdbe87043602a

SHA512
6810e708ade75e4f0837dfa202da5a56b33624a3a2b4fb272d0f6f97b90d902e6ff45ef9d01fd35def7f80540280e2500cb861149c8d09939353001e5207697b

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
128KB

MD5
a3f8af19f18cc29d2402b8b66cdd43d4

SHA1
a354eda4a2614d3b2e0bc356fa9bfa2b10808c59

SHA256
adfa9ac1e4a233717013139b268c5d7c29ec25bbc0b01a5108481a001a273935

SHA512
568e745c5809718e339049ccdbc2a0792960f3cd16d4f71e9479116560f6a73a7d448c3b154ededb53aaa132d9ccfc326f6521853cfef24055afe396849f1156

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
118KB

MD5
00d7fc159098405fb7c79d48c9f37358

SHA1
7de18dd5efbf76337282a688c9328f5243dc886b

SHA256
44d8e6e9617e177e1725a3c025b8ad5d12aff85810fedf206b17dc3e4fae10a2

SHA512
46869376d5ea9b92356b623955334038a3335fd8777592a006e46520c6bdee3ac3baed4ea131f950cb68f372c75a40a39a1ded2dd7b9e53946443f3685268e95

Download Submit
C:\WINDOWS\SysWOW64\mfc120esn.dll

Filesize
99KB

MD5
6472ba2be5dcec48bd54d4cab2cacd8a

SHA1
d01116c4a40d2dc172bd4512d6dfc3d2be02bd00

SHA256
3b9375a7f89787b35df38b196b3a59e38829a9fa23ea3fdd7910956a734c7c7f

SHA512
e7416e5ff776bba1388abc14197b18c2e15fa8a06f779211ac018b290f81f77a21b9b3cfa3e4c2739da564aab296e780b283a6da69b36e5821bf48d67f50125d

Download Submit
C:\WINDOWS\SysWOW64\mfc120fra.dll

Filesize
128KB

MD5
83d371c747d8022b8a8dd6d337ddd6d7

SHA1
0020b5842890ffcf0d512ec186555ba279cc7e7d

SHA256
a93cf8a8b034c548f0e848de1e44e7523264b744aacbc2829ee18cb9bfa63ab1

SHA512
54235fd585a2ae45855aadd1277d6bf1d3746098a6ef799bdf1ca16d8e7b2d3527df5d9245e1ca4fd473c90251cd054d0fb0a94bbaab01b405323b992c16a326

Download Submit
C:\WINDOWS\SysWOW64\mfc120ita.dll

Filesize
126KB

MD5
cac1184148ee01a6cb9caa2d34daa951

SHA1
6b023f92f779b28c1b69396f427a66cba424a13e

SHA256
eb7de3569abe06cd0a53da7018310175a0d04b476c054b12a779f9861a6ccd61

SHA512
309f70f32820ed0c43f108a0405d6df487180553dc963494e8a099acb241f04d54537d6d367ea0cbb7b9dcfe6b28aac1f7f4c370362df297fb5a6ce1e2cb3f09

Download Submit
C:\WINDOWS\SysWOW64\mfc120jpn.dll

Filesize
107KB

MD5
7c90ae2af505564557ebfa4ed76866fe

SHA1
1ef6bdf8a7986ffd508208c7ba8fe87f446b78d4

SHA256
5f73ed5f9e642b06961126536cc5d1ed71d242db88fdf29b888e3f0c94d42665

SHA512
ad528fbeca9d6d2ef02a503ed70ed701d8aad81788051fa01837ba7c032c21d3a50aa55c39533d7aaa3c692ae452dd2dbc42d234c5a819cda500d048c717c73e

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
107KB

MD5
0bd32c0857fbec7b10850aaf364b6407

SHA1
1ffa5eb4ce2d6053f596433259aa0e8b3514a22d

SHA256
735579bb725687e9066daefd6489567949aacd0ad07e39c2308f78a483f0ccc2

SHA512
15b74f21ed690bb907c50b093e46167b840e6db51dc8c3152e3f1306a26c7b4921b9d714a43cb595f7c718850401df297e46196ccc9e50d360b7c835496299ba

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
124KB

MD5
6e14c18c22b8a7b57b4db124ad2180df

SHA1
183893371c175b634b12640fd9cb986b68e180a7

SHA256
476ba9f31c606368bfbc6a71fe4d5719513d92fa7b781ce3f149dddbddf536f1

SHA512
1b27a2d5fe3b265c6e354375a263e9ed4b460cbda3ba385b41a7087ec5bbf047903d22becf95ae64bfb63bdbb44ba09099862ff78b7cc686f71e83cde901a76c

Download Submit
C:\WINDOWS\SysWOW64\mfc120u.dll

Filesize
4.3MB

MD5
17c8284aa7c1ad838172ca8897cd1aa7

SHA1
2971575570b032f6daeaa6db51cf8db17262c3f8

SHA256
3e8b15c25b0a83153f904453956e76e24ed4e818020f2f0c4915612b796d62e8

SHA512
1d3c443baab6aaec5414ce312f0225bd5371f1432931d68dc73e715529cb385a31fbfb71a9bd62f433234312aa7e7ea4394eb28fd4ab49aacca9e27682ab803f

Download Submit
C:\WINDOWS\SysWOW64\mfc140.dll

Filesize
4.6MB

MD5
370fd84c292151e3e7ef7219334c8a61

SHA1
c83ca0d0e980d0b2ece62d731ff8be95f33cd95c

SHA256
316c22a6d7f0bcce0f70ac321d1d7a1f3c1b0ee18bf48453ed4baefa124fa914

SHA512
e5e801a56e963c5748228c72927fc9627d235ed47d1045c6f7d3ad5e056303352d7ea69ba845f633b96613d065c73ee3f44bcace8171222d4cd6addcfe6d15b1

Download Submit
C:\WINDOWS\SysWOW64\mfc140chs.dll

Filesize
66KB

MD5
cda05b02cfcf30e0a0d9c32d97bd60d7

SHA1
8da887d88c989a5d6312e8e18d3775da1cccd2d2

SHA256
3a18739ad94fd9a89246ad3ec2a665e5816e5698e4f5bcc19374546c9ac648da

SHA512
394763f19e7a71cc3af724fa1c8e863ce18010e680d65ad7d5f987e78efc1a72ea3702b7473df9da047eb47183842d2bad00f3c847467dd17cef7a4b32e56876

Download Submit
C:\WINDOWS\SysWOW64\mfc140cht.dll

Filesize
66KB

MD5
793cebe803c89eb9f3d01aa3a34f9c52

SHA1
d433ee7ef4d6e5e7cc57030cf538eb2f45018811

SHA256
49762d6eba28198ae83ee5f9d2c611a8cfd1989bffd8566b6ac7a142c1853c15

SHA512
6881dd2e1588d67414c604d9439e7886256750e7769842c802542c80c88ecbeac062c6ca25aa99d3a71a5e7910e2a3e555fab5f60cb5a44ae3e64b196ef815cd

Download Submit
C:\WINDOWS\SysWOW64\mfc140deu.dll

Filesize
94KB

MD5
8fc902e5bdac9042d07265ce7040a041

SHA1
68f01dabd44e2c50ebb16aced2ff57d5164d2c59

SHA256
5d35720c2300a60cc1062d3d8b2075406eb63f9c94a0bba363e78a762cd1d068

SHA512
75dcf669aa90f3fa023b97950ecd91a3a9c202ed62cec78fb37b8ed1b858ed5973c9c365b221476119038cb5b9371872ae77df63c3efd612e646cb0e77285e9c

Download Submit
C:\WINDOWS\SysWOW64\mfc140enu.dll

Filesize
85KB

MD5
06d095903982c79d1cf6419b17a303fa

SHA1
0163549cbc408bde22c7e28635a0d29ca62bf2ec

SHA256
a9e7d25191d1687f210e282c631482c473d621903592a5f1c81ca14433c9c2cb

SHA512
d998465ceb8b96715e4874b173c8197592ce131d56f5047509143193aaec59ffd6c219666dd3fe781725984bfb8a1e7103d79ebeb1099593d78b80c68d1dcbbf

Download Submit
C:\WINDOWS\SysWOW64\mfc140esn.dll

Filesize
93KB

MD5
b82757904cae8aa21922788a1d56e4a2

SHA1
07ad836b26222ffffa971e0952dffcadabb104d8

SHA256
67a4d54d7a463babcc35dd74f99524effb0944e984b9c0d1bcc61bf27d35a4b7

SHA512
4b6e5e8e018523e5e3ad06231021b0e9561a669e694fc2869735ab661d2ba1ea685921996df7480ae5aeb85148c01e238e4ed0c6643677899aad34a250c52ec9

Download Submit
C:\WINDOWS\SysWOW64\mfc140fra.dll

Filesize
94KB

MD5
fad5ec1b14cc86903d357d9388213588

SHA1
0cce6a4d0c1dd630480f85c78cdf0ec15c7225a8

SHA256
7c0352617b437c819827746d0a163042942681ceffea7940bc2b6dd217f03716

SHA512
d0820c9cd3fa4acc5adb51efc091100b2c05fbd9700106c1828531eeffc2311fca10ab3c4ef42fc874ed48875b2ed50836d59ea8c1815dcaac6a5a6590e51dbb

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
92KB

MD5
b46cc079e51d41e3974d711db04831b6

SHA1
e2c3c28b80fbc08ad9392f55bcd013599a0f5dfd

SHA256
e0ed33ace46174a8d8b7dfa54f725613ff853faf36def085a4abd1d8cd4eea03

SHA512
ce0a3729d578711add63093ca0f63b1bdb0f197e3dcc733d57ad2cc6ff88bc478471fc396c891f0b5d89affcf311031ff4a2bb385576eea73bad54e15888fcd5

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
74KB

MD5
27704da32fdc1265f24d38bffb298604

SHA1
f31e12bb44ad9409a787ad1fc5dfccb51318ee97

SHA256
c5716fba0a747bca16dc51d0f80f7ed43d577655e35c2d9d6989bab9e824382e

SHA512
0d819c6733d9a3db9c821637466a8f8c4dbbc48fb04ea9834750d6926881e12ef4a2ca937202c96b576fd1b0cbc7e9d37d1084fc2c1d886c05b32cf953f70f8a

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
73KB

MD5
8b06c0e00ae836330894db0100e113f7

SHA1
ef97eb61d1cd9e400d95f570b0981751f49b3934

SHA256
59675b5a9a88d0f850536a0ac81767aa346f48de2047f388027deeb633a92be9

SHA512
b7179d191606846ccf149a31106f7953495829acf339f1d6dcfbe242d0e17ac5ca46d188be70b695bcfc062ac2ccccf5dcf8cc3e14c3454adcc2ac6fa6210dc8

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
90KB

MD5
13fb868416b4045fe00203d38fd6eada

SHA1
1d6fa5ca5ffe611bfbcf54c9f14219ed3a494c01

SHA256
825bdc6bc3cd7add579937f90ec2aae72cc5ddddcd5e767ea1ecc29e7c935649

SHA512
a03d4cfbf188684699ae22306a0934a7eac2887086931b8c82f285701043c886f539be215d5c3cfe774103a37237566f60083110e63045f5d04c6338232023f8

Download Submit
C:\WINDOWS\SysWOW64\mfc140u.dll

Filesize
4.7MB

MD5
aaae09188edc4765dbe2afe43ffbedc6

SHA1
d5d65e825504d5d51e8d922aea71a361d7a554b4

SHA256
ce17117956b9bffcc1b24c66cc6efa1e5e07c7ce908b8889ba6c6dad15c57547

SHA512
b0cb391a7b405e44e4966c4b822000c49db272540e75d951fdf931870182a04af48dae31b8a7049820251108a0932d593f15dd6f616204e3cac0b6cc1e68c6a7

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
193KB

MD5
5730167460fb8dde1c70c1403b74e150

SHA1
5399a1fdb63df0fe8c27e7d8266ab2f370e7ab77

SHA256
d533ae0f1729ec0f3656d2c20e3cafa6a3f9080a24c79831295b2a7ad6e5ed98

SHA512
3306be7b7586d334e4aa2e5db39c4f2873a1c6083c253764a304dcae33ca0e14525f4af4feb2358abdc81e188dd577038924af4bf3eb55c0c269af156e071595

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
d50f5fe84c673d701e1b3fb30e8ecb3c

SHA1
41c671ecce22d4428264234331e6f00054396cee

SHA256
2551a26eb5d892af3b0fd381122240fecc510d3db8547156747e5f7db2d034d6

SHA512
754bcc8cc3b307e0bcc82aed59880f6bed620072796ae4de696c1eb224ae9d9fdaff91f32b0fade90e8b25628a823acad09ce7277338067b98d49ec16d65534d

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
f725a6e8f7b28132f69b96c3268041e4

SHA1
78f276fb56e45a67a098454f32c779b81739d7f9

SHA256
ad701b415fd822d2eb763b2962e709f826a8a87d91ede3e24e1c073593eb3e33

SHA512
8daee60a115bd9e9892c02bc7329a4b2937937475f52994839aa30d7e430565d449c0ec78946189f02a7ce0ad53a3b20a03097c125c2a9d44f3efc1ac1b71d95

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
1e0a92486a058d3d1abac256ff49aa00

SHA1
25fb767dbf029d5c4a1352943b34f2ad854babcd

SHA256
08eb7dcd71ae13246f6e00f991c5779c1a84aa5f13e21d49628e3037b2e81f05

SHA512
6abddb16bc8e3262ba55a1c02eecb27338ac1d76b024fd034773ba8369a463a877b2bb807691d7eceb5d3560774e064e65656954d9725351ebe3e977fcd828f4

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
406805ef0e151c1791649caf91d74d65

SHA1
36c765a4bd585662931449c511d20f01f92c3531

SHA256
4b0149eb6e59033db3cecacf41526c8ea43db7a745d88f19534008f760ae44db

SHA512
5e3187c1515af2b36bf0964a489d6858d06b19b61f182aee4d058cf79169e6413bb883b57da21ab14d18802cff51c9eea331b1750b040868ef85734409054282

Download Submit
C:\WINDOWS\system.ini

Filesize
55KB

MD5
1212e87773f8ca2d93d8111f7186175b

SHA1
90fd830302c50a1eff6f61cf7d4b96516148e788

SHA256
282b1f6b4f406dc1012c6b612ede7636eba2d7eccffda4292ee94eaff4abb588

SHA512
a1c09e9aae9d865ad1ca51fa46aae509dda16db8324d4daab86ecb0d6b82adbec1685b3159975deff1ef6255a6bd5fa9cdace307e6c60075d96525ac0128186c

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
b0e5539da1c724951bbe7642454ac282

SHA1
15b6c2b5c42890aa4adc90f7cd1864a02be7b2a7

SHA256
4222020764e2965f6b4284e0766fef024796be3a27b3fb3925568570e0869f47

SHA512
5874bbcf670b9aa9e25aae453e76e88d20fad9208aa492a76e71e7b7dab2e379124b860feda605a2e9d2381a5d7d6711d9fee6f8af56d19cc9e7fa5ecffe01b5

Download Submit
C:\exc.exe

Filesize
802KB

MD5
5db738bc57a9400b20df4d6602ad5b7a

SHA1
973926f7b08087d5a3d09d66c5214809241d511d

SHA256
f5ede319322c768805d3d28665f8a71bfdc5ca20f5a77bf1ab0e5ffee9d6f8c4

SHA512
509485a4fc4da2b13cfc2b0a9c56e8f9b1b38ba5ea9d77a018847975ee7205378d30f405dd9fc3308109c216f86dffcac394b138688d6af4ac4844e704ca58cd

Download Submit
memory/1204-1199-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1204-280-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1204-523-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1204-278-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1204-11-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1204-1683-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2052-279-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2052-1200-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2052-12-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2052-1684-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download