e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973

Analysis

max time kernel
115s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
Size

120KB
MD5

b1c68cd6043cab6fe3a1bd0c5d808202
SHA1

bd4dafe50570079235d8d54e6b36db2125256341
SHA256

e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973
SHA512

077fc23e837b186fabd91a59e4afd759c77c3c25f91e1c0deb36674e2276c9323e4e0dbbdd16f616c440d91132df3f1474d1ed24cbd5b73c8a978137c76f91c9
SSDEEP

768:MXUs1ZmxDMm+xhe2mxDMm+STZ5UW0Z080t0M0+fqth26iN6NjZELqIYImN8YxAay:MEsyxf9xft5ANPqLqIQA2SCHj0jJf

Score

8^/10

discovery phishing upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

Processes:

exc.exee494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

description	ioc	process
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\drivers\gmreadme.txt	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	exc.exe
File created	C:\WINDOWS\SysWOW64\drivers\afunix.sys	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\drivers\gm.dls	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

Processes:

e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exeexc.exe

description	ioc	process
File created	C:\WINDOWS\SysWOW64\wintrust.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\wintrust.dll	exc.exe

A potential corporate email address has been identified in the URL: 67C716D751E567F70A490D4C@AdobeOrg
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

Executes dropped EXE 1 IoCs

Processes:

exc.exe

pid process

3892 exc.exe

pid	process
3892	exc.exe

Drops file in System32 directory 64 IoCs

Processes:

exc.exee494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

description	ioc	process
File created	C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\aeevts.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ARP.EXE	exc.exe
File created	C:\WINDOWS\SysWOW64\dmvdsitf.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\glu32.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\KBDGKL.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\perfos.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\hgcpl.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\kbdarmph.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\lz32.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\mobilenetworking.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\ssdpapi.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\WsmAgent.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\sechost.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\capisp.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\d3dim.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\IEAdvpack.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\oleprn.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\OnDemandBrokerClient.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\rometadata.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\enrollmentapi.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\joinproviderol.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\msdtcprx.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\sas.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\TapiUnattend.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\certenc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\LaunchWinApp.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\mrt100.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\mscms.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\wpbcreds.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\dot3hc.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\ole2.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\RdpSaPs.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\shellstyle.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\regedit.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\MSAMRNBEncoder.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\MuiUnattend.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\prnfldr.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\rdvgu1132.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\icu.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\playlistfolder.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\wmerror.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\mobsync.exe	exc.exe
File created	C:\WINDOWS\SysWOW64\opengl32.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\Windows.UI.Search.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\BCP47Langs.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\DDORes.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\DfsShlEx.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\ir41_32.ax	exc.exe
File created	C:\WINDOWS\SysWOW64\PlayToDevice.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\SysWOW64\PrintConfig.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\SysWOW64\atl100.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDSORS1.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\KBDEST.DLL	exc.exe
File created	C:\WINDOWS\SysWOW64\MSFlacEncoder.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\daxexec.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\iologmsg.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\msdadiag.dll	exc.exe
File created	C:\WINDOWS\SysWOW64\adsldpc.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\SysWOW64\netiohlp.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

UPX packed file 44 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\exc.exe	upx
behavioral2/memory/3892-8-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/3892-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\WINDOWS\DtcInstall.log	upx
C:\WINDOWS\setuperr.log	upx
C:\WINDOWS\setupact.log	upx
C:\WINDOWS\Professional.xml	upx
C:\WINDOWS\PFRO.log	upx
C:\WINDOWS\lsasetup.log	upx
C:\WINDOWS\SysmonDrv.sys	upx
C:\WINDOWS\system.ini	upx
C:\WINDOWS\win.ini	upx
C:\WINDOWS\SysWOW64\atl100.dll	upx
C:\WINDOWS\SysWOW64\dssec.dat	upx
C:\WINDOWS\SysWOW64\mfc100enu.dll	upx
C:\WINDOWS\SysWOW64\mfc110.dll	upx
C:\WINDOWS\SysWOW64\mfc110rus.dll	upx
C:\WINDOWS\SysWOW64\mfc110kor.dll	upx
C:\WINDOWS\SysWOW64\mfc110u.dll	upx
C:\WINDOWS\SysWOW64\mfc110jpn.dll	upx
C:\WINDOWS\SysWOW64\mfc110ita.dll	upx
C:\WINDOWS\SysWOW64\mfc110fra.dll	upx
C:\WINDOWS\SysWOW64\mfc110esn.dll	upx
C:\WINDOWS\SysWOW64\mfc110enu.dll	upx
C:\WINDOWS\SysWOW64\mfc110deu.dll	upx
C:\WINDOWS\SysWOW64\mfc110cht.dll	upx
C:\WINDOWS\SysWOW64\mfc110chs.dll	upx
C:\WINDOWS\SysWOW64\mfc120deu.dll	upx
C:\WINDOWS\SysWOW64\mfc120enu.dll	upx
C:\WINDOWS\SysWOW64\mfc120kor.dll	upx
C:\WINDOWS\SysWOW64\mfc120rus.dll	upx
C:\WINDOWS\SysWOW64\mfc140ita.dll	upx
C:\WINDOWS\SysWOW64\mfc140rus.dll	upx
C:\WINDOWS\SysWOW64\mfcm100u.dll	upx
C:\WINDOWS\SysWOW64\mfcm110.dll	upx
C:\WINDOWS\SysWOW64\mfcm110u.dll	upx
C:\WINDOWS\SysWOW64\mfcm140u.dll	upx
C:\WINDOWS\SysWOW64\msclmd.dll	upx
C:\WINDOWS\SysWOW64\msvcp110.dll	upx
C:\WINDOWS\SysWOW64\msvcp140_atomic_wait.dll	upx
C:\WINDOWS\SysWOW64\msvcp140_1.dll	upx
behavioral2/memory/3892-276-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/3892-1146-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/3892-1574-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Windows directory 44 IoCs

Processes:

exc.exee494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

description	ioc	process
File created	C:\WINDOWS\HelpPane.exe	exc.exe
File created	C:\WINDOWS\mib.bin	exc.exe
File created	C:\WINDOWS\splwow64.exe	exc.exe
File created	C:\WINDOWS\sysmon.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\twain_32.dll	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\setuperr.log	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\splwow64.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\sysmon.exe	exc.exe
File created	C:\WINDOWS\twain_32.dll	exc.exe
File created	C:\WINDOWS\notepad.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\system.ini	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	exc.exe
File created	C:\WINDOWS\write.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\notepad.exe	exc.exe
File created	C:\WINDOWS\bfsvc.exe	exc.exe
File opened for modification	C:\WINDOWS\PFRO.log	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\system.ini	exc.exe
File created	C:\WINDOWS\winhlp32.exe	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\bfsvc.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\lsasetup.log	exc.exe
File opened for modification	C:\WINDOWS\win.ini	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\winhlp32.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\lsasetup.log	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\mib.bin	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	exc.exe
File created	C:\WINDOWS\explorer.exe	exc.exe
File created	C:\WINDOWS\hh.exe	exc.exe
File opened for modification	C:\WINDOWS\win.ini	exc.exe
File created	C:\WINDOWS\WMSysPr9.prx	exc.exe
File opened for modification	C:\WINDOWS\DtcInstall.log	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\HelpPane.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\Professional.xml	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\setupact.log	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\Professional.xml	exc.exe
File opened for modification	C:\WINDOWS\setuperr.log	exc.exe
File created	C:\WINDOWS\write.exe	exc.exe
File created	C:\WINDOWS\explorer.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\PFRO.log	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File opened for modification	C:\WINDOWS\setupact.log	exc.exe
File opened for modification	C:\WINDOWS\SysmonDrv.sys	exc.exe
File opened for modification	C:\WINDOWS\WindowsUpdate.log	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
File created	C:\WINDOWS\hh.exe	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exeexc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	exc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

228 msedge.exe
228 msedge.exe
4320 msedge.exe
4320 msedge.exe
312 msedge.exe
312 msedge.exe
2036 identity_helper.exe
2036 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

312 msedge.exe
312 msedge.exe
312 msedge.exe
312 msedge.exe
312 msedge.exe
312 msedge.exe
312 msedge.exe
312 msedge.exe
312 msedge.exe
312 msedge.exe

pid	process
228	msedge.exe
228	msedge.exe
4320	msedge.exe
4320	msedge.exe
312	msedge.exe
312	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exeexc.exemsedge.exemsedge.exe

description	pid	process	target process
PID 2500 wrote to memory of 3892	2500	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe	exc.exe
PID 2500 wrote to memory of 3892	2500	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe	exc.exe
PID 2500 wrote to memory of 3892	2500	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe	exc.exe
PID 2500 wrote to memory of 3484	2500	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe	msedge.exe
PID 2500 wrote to memory of 3484	2500	e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe	msedge.exe
PID 3892 wrote to memory of 312	3892	exc.exe	msedge.exe
PID 3892 wrote to memory of 312	3892	exc.exe	msedge.exe
PID 312 wrote to memory of 3012	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 3012	312	msedge.exe	msedge.exe
PID 3484 wrote to memory of 3136	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 3136	3484	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 4564	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 228	312	msedge.exe	msedge.exe
PID 312 wrote to memory of 228	312	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 2688	3484	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe
"C:\Users\Admin\AppData\Local\Temp\e494fba1c5e35a4b83ebf146da444f3233e554784728d473388093c1b74f4973.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2500
- C:\exc.exe
  "C:\exc.exe"
  2⤵
  - Drops file in Drivers directory
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
      4⤵
      PID:3012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
      4⤵
      PID:4564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
      4⤵
      PID:4776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
      4⤵
      PID:4936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
      4⤵
      PID:744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
      4⤵
      PID:4536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
      4⤵
      PID:1416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:4660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
      4⤵
      PID:3260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5532 /prefetch:8
      4⤵
      PID:672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
      4⤵
      PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
      4⤵
      PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
      4⤵
      PID:4236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
      4⤵
      PID:4928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6471124915688771940,10530087817847674562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
      4⤵
      PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.freeav.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
    3⤵
    PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11710673785798965476,17566063130155037580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11710673785798965476,17566063130155037580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4b8
1⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
e867acc472150c0c2afbdead660bc366

SHA1
f5f57bbaf684824b97728d50ba9f9da9b3555c03

SHA256
d032ed064faf35df5139ebde472f8108e16819e0bf51ef2085c56b9002a70932

SHA512
8c27d219e4874662b6de2a883233d35aa7f4fdee556438decccafe3c2c9f3148301ccb685a1eb8768890f33198014a8089fede417608e6a4ac41eca57bee99b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93a0f2ff7fae11deed8e89661e50b529

SHA1
57d43fc5f95a4c2906966a1fabb4011fcb40dfed

SHA256
aefc227b8820b54f797bbbf2e990ec8f7946742dccf2787197c21deb91bf4a36

SHA512
d0cc6ecbc9dce196890a7623ad946aafc36e7f5d8a39a9e557b5482f0315d44fa110ead6265f3bed16db95487bd1893ab05b5077cbb7c9c50d940e0d3b424631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55217e220a0fa9e86da3d34e1ab023b7

SHA1
acba80709ef1f32c4b1247302d20f91725ae631f

SHA256
b743d8d04f63e545a99f233d9eb7c73c4ad9e94f8103ced1f55a9175bce6d4fe

SHA512
ac0eaaf1221e611e688a09219351b9b32b53be8b863902b071ca6b2bfaff2e7f9a18aa3b1bf080a76a5e73ecd4f428517780e83383e7ae86204b7b6201bdc4fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b92083c2f9ced3417f33071ba8a775d8

SHA1
83e5b1b57b11a67738e57a9d181e64312489ff47

SHA256
407e03bfe3dbd85f5a60f38e5d0c7f860be7f6bc32192737aa0d847b2d5400d5

SHA512
e9c36567492546e7b838e9d8bef129d04598975e6b8d96a3ebfed9f79b78120b8ccb5fbac1dd11ca8d057e68af9b61b13c12d3229a22ee284ef7bfff2da23104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
10359be814330d4b660e69a679ee2755

SHA1
c0b8e75a7b7308c57da154e8e778dbf2d15d052f

SHA256
395e17266b6349a3df473a4d4941255c9bf6b43d0a1f28a79e167c37c268a9f9

SHA512
9bf9aae2cc963fa088dac07dfcaff9f5334d088e136c68ec48e57d28d3d1f55f11162aa592043c2ccbf79c37567ceec492f5e4a8a0544e76c98740bef5175d28

Download Submit
C:\WINDOWS\DtcInstall.log

Filesize
57KB

MD5
b73d496ee2910c4dd0e8f8c354b18ef0

SHA1
0a9093c35b522fd300f287d8e8b55a64789ee370

SHA256
01ddf0993909bb7f96bd4699633bc86ef1c9d861c55c956cdcc4bac3cde62192

SHA512
f911c8dc141d8bbd367847c9f83cd8cf95189c23c2a1d737ddc92761ba10f4f8e17ceb711aab32d19038fe25b7a14f587de2f9427a129b4fe76e5d4fa4821639

Download Submit
C:\WINDOWS\PFRO.log

Filesize
56KB

MD5
f19ef1002dd4144238655bb9830c6195

SHA1
8b6a7ad40882c5d399e4f95d6ae19168cb02b414

SHA256
10bbe07e92f64f23679b2f15f4ce932f7a04767684d38cdde765469107532998

SHA512
3cf5d3fc18f98be6e746595794c320ffaa8c509480549ed4217fb90343e6fc3284a8242390ffd1b005785b760ba7c35032ae544cfa27a6eb11f9f1fdd54be852

Download Submit
C:\WINDOWS\Professional.xml

Filesize
85KB

MD5
d79a0faf70c896f5d037b990aa6b6dad

SHA1
71449336cb096aaee662027ba04c0df23988dd7e

SHA256
9a62e795d6bd6e9759bf642841d57b89e26c37579d5805264ccea6be22b680ed

SHA512
dd101771e1e1366546e1fd9050acc637da499c719f8c5d6faf1953971fb0ed42268704fd8815c7d3a9befcc76fe62b3d8d839f56d2d15c235a04a9b2c0cb9693

Download Submit
C:\WINDOWS\SysWOW64\atl100.dll

Filesize
162KB

MD5
9c248e5942f5a4fec8308f8dc678863b

SHA1
ac67473c988b99c1369847cb603a8ce7fc0fbd77

SHA256
79c6eeb2be9027630c9b22e4bb51fd6f3a2e816eb18a9168e0b973d6524be888

SHA512
98d83c519d0febc933c7cdffe948574922c2601c00bb386dde3268dcd1e11847f99a9c12feebaca328e278f11ceace3192ed6f01d31b72aaddfe7097d770b4e0

Download Submit
C:\WINDOWS\SysWOW64\atl110.dll

Filesize
215KB

MD5
1c8ef4c8d101ee317e049fd0f34f4dbd

SHA1
8ba57822ae5b301056d30c4e48b7ba4173c2016c

SHA256
c166f3843d22b5025983d3ab023eca0ac54ac476111513760aed88644ab3c4a9

SHA512
abcd00c3769377da04adb1b9f30df2023ef5c72f682003e076ca3b3aec2a7dacdfcf5ace09a9b7ff5f4ecac33d78834011f19396086d7b6912c3882325cdb493

Download Submit
C:\WINDOWS\SysWOW64\dssec.dat

Filesize
238KB

MD5
e0e9d16f1187d696474c9e1a453c23be

SHA1
42c1b2b9c7694adafe71dd3d619a3053abbc7e01

SHA256
7fe41bd7ec70063d25aa10fa6e55ae97f5d08835cb797cb4a5aa3a5b14313d6f

SHA512
b2afa28385f223973e751c0f39fa9d4627039578344364291b67922e2b51d1fa35892c1318e9bcede1dd059cf530b438e0a134ee6df770ed2b9b986a61baa734

Download Submit
C:\WINDOWS\SysWOW64\license.rtf

Filesize
28KB

MD5
881fb7543cc5be12943338c0d66b5f84

SHA1
9709713f47c1149a5b4468aa05655d8082951501

SHA256
df1f4bd35c04676a84d69bd25c1a3f3a7a78754c1efbaadd791cfa5ea4166394

SHA512
6aeb7bbdee49de83f887b25606147c4c3f749d8cdcdb2e777364c0cf0fe52290e513c183f979daa5c698b4d71a3f2edcc88456bfaefd7898b8fcf5602b636c5a

Download Submit
C:\WINDOWS\SysWOW64\mfc100deu.dll

Filesize
90KB

MD5
955473d48ef88d655d9a5453d5d879cb

SHA1
91f378432104d026c8da9209a56e859d94c7d6de

SHA256
fddbde54410efe1262f9316a98da4475460ea4c4dc023d6f1260a183bd052418

SHA512
07fe22e729c263ce408c316f0df3245966599c66a0c53d4ededffa9a1d294e68f3e413742d77e453f9250ebfe13c783668fc92db10e953a42c4568642f27b0b0

Download Submit
C:\WINDOWS\SysWOW64\mfc100enu.dll

Filesize
81KB

MD5
7043a430ce1e86a800511c4f5f3bbe60

SHA1
43fe5a11b432aae87dcf80dc5f6004722d5eb861

SHA256
0ed9cd54203eda150dbfdcbbf1dda7dc18a364dd9b5978e729e002b63ba36be5

SHA512
99a528665e80c14c7a6686b34a2c115f64d51cddf15a2bf42bdfda01579364eda056c0799deaeff9a0ceb36de4ead73ad86e90998e54e5ee4765fc067c707be0

Download Submit
C:\WINDOWS\SysWOW64\mfc100esn.dll

Filesize
89KB

MD5
666398a79fbb2ef9a62e289f928b56ed

SHA1
b44c97b085b8fa2180801e2c6b8c6b3a0b98fc53

SHA256
791562c68b9552670291a2119ad729e1b935a73b3598ded757186ca2b1583792

SHA512
54feaf493992597496acf946407187dc400d1cfe7ff2e0f2f80851ca518d1c704229a4753bc87262555f9bcb191ad65e7fd718c8c9412610e26562545e8100aa

Download Submit
C:\WINDOWS\SysWOW64\mfc100fra.dll

Filesize
118KB

MD5
6fc07d752ed3c9baaaeeaa1f75086b06

SHA1
1fb1f2a7d1d33173ae607c34290bd53ce2f21cc9

SHA256
24be351f1bbbc78084c1249427c2ec9ac7a4c0e68c06e3d83093cc2f5f61ad15

SHA512
b998307b52bb8c73a317d06ac668cd413c5b509f3a35d027e65cbaae16efe597848b618375652cf65715a9e62bdefde472968a98ef587a77dc45819b795e3b47

Download Submit
C:\WINDOWS\SysWOW64\mfc100ita.dll

Filesize
116KB

MD5
e62bab377afc1c88d39f92dc2b05e9f5

SHA1
27a92dba3decb8266cd5b5b57a04c0922b098820

SHA256
80fc7ecd4393de90d7493ce4750972830d980b7ff204a75131880c4137174c4c

SHA512
0372edf36f02d941eb7f60a464891467d508f439b7d203af0f30351c82cd0b1a6ab67ccd43e7aab3f55101d32afe0822418a941d8a2a99d6ec3176295d4680ea

Download Submit
C:\WINDOWS\SysWOW64\mfc100jpn.dll

Filesize
98KB

MD5
556f166168f4d6f976d91398fae5eead

SHA1
7f4cd0cac61c35de453f3f5220bbaa454632e2c8

SHA256
f4aac09e3bd350cf79589435e2997881bfcf14a81dde94707b1a622f4c54fe22

SHA512
136a55338dddefe82580c316404dfb18a28703d568f8a71b5b4478c93b08b3ae9920a50e0006db1f10d5dbf391b849849c2a32bc8847aba922ecf343f68aaff4

Download Submit
C:\WINDOWS\SysWOW64\mfc100kor.dll

Filesize
97KB

MD5
77f2f37ae93cc6b1189efc0bccf45fe5

SHA1
73ad60a4c969fb2ca2334b95c57fa9e19d69a674

SHA256
0e8a6baa55f67f7a789eaa760d5f0fa5344463c86149a5556d2754d56e2e1d72

SHA512
0895baec23bc24254cbb98c216dee022954808006b21f3531918615ba2970b02402a198e49f2d5ec52f87a632565c160c6b1c16e02ce4785297f16a58f9486ab

Download Submit
C:\WINDOWS\SysWOW64\mfc100rus.dll

Filesize
114KB

MD5
e9e893bd174566a1319058615ed385fe

SHA1
e022fbc02f297d8b4b43c107fb883502be101b9a

SHA256
d3ab0e34d142699409eda60f6359cbbe2f3c600fe461fe62fa123f429436c4d7

SHA512
b2f29b0da8e7977b21da04161778292fe71c44ea9413b709d6115440443d0eeb4860a3b5a4c75427cb5cd9a2ca84393de0ec24a57fd1cf466c5fa1c104111023

Download Submit
C:\WINDOWS\SysWOW64\mfc100u.dll

Filesize
4.2MB

MD5
9ff85761f014c567b06cbfed8bd39ba2

SHA1
7887d488878e88447429adebfc5f22529aee93c3

SHA256
749fb5f4270d71897cd26c12eaa39f945833f9f48d7ff39861e8fb755fb455d2

SHA512
42021bd6371693f658038210e9e7a99df26b75753c2b0a862fcbb360d6408cf38b779a0c76e64564a34ca571783c7e34f3a60fcc5112a3d6fa43180d0f975465

Download Submit
C:\WINDOWS\SysWOW64\mfc110.dll

Filesize
4.2MB

MD5
6f8179313f0a7781cced07f41b3c4f42

SHA1
a29d7f5ae7b889c794230600b2134ccba64a9e93

SHA256
73ada4ac3c9a41e8df8c2299543e2a1f345c3d8336c0b66074e32c960e22e525

SHA512
4c62e7fb24c8fbcc37572f27febd6fcc8c236dfa4b4fe5ca92b963db4f94e1b9838a2998cb8e2ae89f3312b27bf463e6cc9cbefb822e802f6901a824c485d03f

Download Submit
C:\WINDOWS\SysWOW64\mfc110chs.dll

Filesize
100KB

MD5
1a74578a6f6a34963cb8c92676e5ab35

SHA1
5c0c43721c4f3cf9b80cfbf4401f3c0d2f7e8bd8

SHA256
d73e7efe00541e400621aa644e582fefb1a17918de71453e914f4780492ec06d

SHA512
c8949081212917266afbe606881ecf06071368d865a836f9ef78ad9e0ad5feb44b22f0e13d387adc6208824893cb9110fdf3c72f04d4dc32ff2c4025b2963a6c

Download Submit
C:\WINDOWS\SysWOW64\mfc110cht.dll

Filesize
100KB

MD5
4305ed2ea0295d9f627ecbf0a0df52c6

SHA1
e36a8953849ede24010dd1294a981195cb529c99

SHA256
4be022bed853d4a83d14a2ad19d7ebc8a0489a0425fd5836fe7f815044678e99

SHA512
6475229f3a8fa9198bcc7a52df54f6a32d1363f4ac3f720506c0d96729060c0d248b2db8a623a147bf5b8b0f1029cfaf937d4f2052cc93558261bf0aaa97d5ef

Download Submit
C:\WINDOWS\SysWOW64\mfc110deu.dll

Filesize
128KB

MD5
c12bf7e41578e54975dc91f5907bcb15

SHA1
5f90f3c330ba0f96cf81a12720c0ff70bb4440c2

SHA256
7bf3b19afa0a0a7284aa621d9b4388541f0de94a7e20c94be9e538d1eadb8b87

SHA512
bc7ffe67752d476e40a34530eba0d36fc03ea4d13fe57c9b80a425be0f6014f59860aadc1987bcadff9206e89cd3f2aea36b94a68f3ad88514339b2f74d3fc6d

Download Submit
C:\WINDOWS\SysWOW64\mfc110enu.dll

Filesize
118KB

MD5
aa80e769684055bac4dd2c6c29cdd475

SHA1
b57daa2956d6236c82e8016e1e8a84baf87c9362

SHA256
052a7f10d7307d654d47ed6e7fb44430cce75f0981768e3bc567d0fc7af2cde3

SHA512
dbd741cd5b6b29cfc40751d4b29bb75c5e21966bab4a19bc9e104ff5f78323e900bed77fd7b23db91242eecf5708b3896012aeb7c9aa9b0fcf485efbb39cb150

Download Submit
C:\WINDOWS\SysWOW64\mfc110esn.dll

Filesize
127KB

MD5
6da74d46ea7986a23aeaa5e744a69f07

SHA1
a9755b34ad41d8655daf86e5891902250e28e102

SHA256
325acd3e534cd61db2799e05dfa2c2607f6145b3f8b5d64e87d18459772945ff

SHA512
7a7253528bae8681739259b63768b9d39f0c26e6badc66ff02e4485b7831e998af2858e2bd042cbafd0a46e4b0b7a056df29d9717b001b0c0cbca9e88534505c

Download Submit
C:\WINDOWS\SysWOW64\mfc110fra.dll

Filesize
128KB

MD5
05d1705099ee60965c73f4d2028b7a60

SHA1
73de2712ef6d14655dba8a73619f834bfbbb7ac5

SHA256
eb04ac1701e3aed49225efb6567693163ea446a7eaca6e2de1ec06b396f33d65

SHA512
2395a6ab84a4be2182407f20c7694c4b32af81017ff11002e2978304d90f4f56b448b4c01af3e08342c07e0cac3523295fad8afb36d25b8a9ed2f7f008e78bf3

Download Submit
C:\WINDOWS\SysWOW64\mfc110ita.dll

Filesize
126KB

MD5
7b2626c71cc5ac05c22e2b07438b49e7

SHA1
d38878f8e1cd7b9fb053ec99be9f6c4a82a3eb1e

SHA256
ef564cfa16af4f61b82d5c9bef1d0a3c57cdc96d22d14d1df659aa24ab43f852

SHA512
0ebd2e0c0f345eef75a2ffede8d3858b620ea8632cc682666b67ce6108f4e28c0c2dc0d9b7f793eed41b850f774241d0a5a1b5d18e57c6cf471422352dc13ce9

Download Submit
C:\WINDOWS\SysWOW64\mfc110jpn.dll

Filesize
107KB

MD5
604cda6c6cae7682b364ab761e8c882b

SHA1
4f2eb77117734da955f1788f0f40d2590f6d11be

SHA256
794b0985daff6e34dece181e85d4585ec7005d926127fe117d0a61e2476bc956

SHA512
09b00bfd4c660ce0acb3f326df7a8537c9c4921fde53808eecf022ddaf2185f838672e2677e6112c7303597070735ae40fc5ad611cb061c314733d5f24f0ba22

Download Submit
C:\WINDOWS\SysWOW64\mfc110kor.dll

Filesize
107KB

MD5
80dc8eb8a0732ab3736221e646260636

SHA1
2a89cad2061fbc34c29803c112321cd5b11b360c

SHA256
2126985a058ade502490e061622ae28b62a34b488a6d23d01ec09b7746d03ace

SHA512
b39b2605808e9a70217650756db6a69b4808b2ee50d13316189fc28c2b258b864457285876ac0c5297ed28027c74a49e528a8c998db431c1e92fa58fc7d4b6f0

Download Submit
C:\WINDOWS\SysWOW64\mfc110rus.dll

Filesize
124KB

MD5
c30b8034106946415edeb9245c6126dd

SHA1
cb61de447db225c9acb8f7848adcd5ba27ec57c4

SHA256
be26dd49a8a0b1e187d0d998b50aff38d430e752f75c9f7d8b11ab0bc6d7a8a3

SHA512
8c59c4e63591d0acb24de7e4e70276e21424811ed5bf36120c711bc4de62a68e65edd7cfc865921b64457352d0897d6f06cc7115155c6f694eb6b459f62f526b

Download Submit
C:\WINDOWS\SysWOW64\mfc110u.dll

Filesize
4.3MB

MD5
117b7fbe645e31b1f19f40c873c9749d

SHA1
cddf0cdde2af37861ba7aa824572e4cf0ff8403b

SHA256
afdcf649dc157ade501ada681cc1814168223bf52b65d5ac05762e7cc166ab3d

SHA512
30f3914633a833a45f64f3cd9f8bf9d536f1608945cfad5f89383fd0875319e081475ac19acc285ca060d9ae76242ec097f613ff6a383886d62baf0a86fad622

Download Submit
C:\WINDOWS\SysWOW64\mfc120.dll

Filesize
4.2MB

MD5
e223ba4a1d2ac05fe75651dd124d1940

SHA1
cb169c5d71e753583442babfe0c3901c92e70d08

SHA256
07fc26a0edcd1ae70c62608bc3a7911318062cf12cf05f1abfcd9b4421c7111d

SHA512
34ebdd6b3b452f9efe79e7a60ab03c3b3393c6c01c75f9b95bc1f6b9b6a5f386e5e54b41ffc8bfb0492e7d98032b54b5627f84e69d5e39c5c3fea680057980cd

Download Submit
C:\WINDOWS\SysWOW64\mfc120deu.dll

Filesize
100KB

MD5
f9c3e03d316e61b0fe23d07cca88f25c

SHA1
9a8337a128bce42e77ea84092d6ac1e0a2cedc05

SHA256
59b849c13491a92986267b3e80af1a03efb232f67162935ef30d8f16dc10bc2b

SHA512
a9282fee1d8537e8548d2cbd621306561a2e138e961460e2af33728009953739bcedabc8c9733d9e34c3881955a95634f5d4ddaaf9182803cc195b20ac481f41

Download Submit
C:\WINDOWS\SysWOW64\mfc120enu.dll

Filesize
91KB

MD5
ecb1335729181b0351329305b0bf4370

SHA1
bbe8dc8348acd935b8aae6ae627b3fb6cfe3e9f0

SHA256
7d29d3420cb2eec2b88daa02887ec4e2d8616401a6755d1d2163d32cee81d87b

SHA512
bc9cfd39332414c9e2fccf94451b4529a21577e2d0812c6812eb47ce784d8b342d20ff37c91dceb04e3362bf38c7aacafd1129d5b829c6b4cc32d4a9cb66aca3

Download Submit
C:\WINDOWS\SysWOW64\mfc120kor.dll

Filesize
79KB

MD5
ac217cc553ae4c09f637351b68001dc2

SHA1
d90f4ce5889e95916753583b3fe2588f48904c57

SHA256
398a8360aad6f1e7e8db8930f617c60509eb508c094c3629f9200fdb2fb0b605

SHA512
d104093a83c551885d78f9c16c5463e7c6e7455f785d22095f8e87f9249851bbe45156369a09312867095588038ce55517b2b6083264f788f9efcbe914f0958d

Download Submit
C:\WINDOWS\SysWOW64\mfc120rus.dll

Filesize
96KB

MD5
36f63db2acca95280534f8e24f1d9e7e

SHA1
286caa6f04ca7168060a752a2e86ae201a3969dd

SHA256
18c25d0caa5ba2949825a2be233d67e66e9120445b8936fb7335f96dc5ab8489

SHA512
c961cf2d2c9e7698a6a754e92ef7eaf456e77c8690e112ab023018859104b728147129aa7be237e9cfbeffc4ba99963a5fb7f3f720d867155d5b5875b58cc6e4

Download Submit
C:\WINDOWS\SysWOW64\mfc140ita.dll

Filesize
92KB

MD5
dea5e2f8c4d483b8f6c2f47e14733ea7

SHA1
1372d36c377aed13978149c7fc94ef8493a3a00f

SHA256
8ea1b1b6f2dffb917d1028d5b03ca5fb37c3b42cb49e916d1c5a2e43cd763a2c

SHA512
0794897bb7a013fc0ff5d40d2a2834f555e1cc2b1315012b34254aaeae9ecbf67e8830095831bdcbcb77c58bcad31a7134ceae80b9e467c5c5224f314b554054

Download Submit
C:\WINDOWS\SysWOW64\mfc140jpn.dll

Filesize
74KB

MD5
c90103d3e203269260fa706db21f3e9a

SHA1
676620eb606b502ebf77da6a8bf0081b5cca26f8

SHA256
f52179240a8241a9afadcbe1d267577a14eb7068bfcdab8c1b7a006141914634

SHA512
4087743f7df3c24e94ac9a43323506c670538db8d88ead355e45eddb19aa848e86a4943ae2e339c901246842812fd44922668539718e115e0ae6df00efe2f497

Download Submit
C:\WINDOWS\SysWOW64\mfc140kor.dll

Filesize
73KB

MD5
8bd9a7af62a09a722d8a67506a1fe7b5

SHA1
0e3c117be8754924569a718dd61273d9b2595e64

SHA256
acaea1b82d6fa3a8a4e2bcf128d5499605478aabe2de123ad81c4a7f1855790f

SHA512
93b3505dc2eda35f8c05644cc8e88dd04128159e40bdcdf8ee56cea3b3d6fbda0c30613875c88c88e70b6f12e96ad87a4da3e410be68f82dda965c2d6ead82a6

Download Submit
C:\WINDOWS\SysWOW64\mfc140rus.dll

Filesize
90KB

MD5
9033ec01b0a1a557612187e433b6ae3a

SHA1
3fc086d2ceeb7b88d0b9c50c08d744996986d4d2

SHA256
6db229ab5cc5b5718d42ba470756878388c8a1cbf189af230b4f9a1584b08ec9

SHA512
17ca7a9bfd52182a1f789b6c0e265719f33dc51c4d02d69e490a5a64428b30c15d0dc6e02545bd160d02156e13975043aed5ee67759bc90562a79e5a069dba61

Download Submit
C:\WINDOWS\SysWOW64\mfcm100u.dll

Filesize
107KB

MD5
20700ecd771777472524b74fff9c8f15

SHA1
fb549d74c09ffe63fca80f25a8e58da2c100f1d6

SHA256
109c4fc264b918b0025512fd5a7a1072e5d5fdb07c0945ea4a276159e16297e5

SHA512
3caa2e9f797042fd469d9be116840918f0a93794cadd09f9a63075054bb306dfa3314b03d4d0bb24164f0c5daddfcb287edb9e1f4b9d2732b16b684a69c1bdfe

Download Submit
C:\WINDOWS\SysWOW64\mfcm110.dll

Filesize
108KB

MD5
51ab7244604c4330d101218d08843f04

SHA1
49f9a7e2983d5aea0db16b613bcb915407d079c4

SHA256
d259307b8881cffefb95a88cd5cd2bb6ceaf0bf3901fb03754ccfe7c125528c8

SHA512
5bd760f04fd7f0431b6713947198e3641e0787875f696bcf794e73c071bbe419f5a147e34395c488237ffe7b8b36c00877c3b47e6012cfcf3b9200c10ef8cf21

Download Submit
C:\WINDOWS\SysWOW64\mfcm110u.dll

Filesize
108KB

MD5
2c51492d272245c9ec5d117a7b343cfa

SHA1
49bff1a567680b9af3200abc69b0853029af2f51

SHA256
9c3ebea040cc17f3dddc0a2fcf0505dafbcdf02af2d266382c177fb3d44846f9

SHA512
954fce5b4e8d64cf97e4926204a8437ba175ed39b19bae752aaf487af71c0ac9bd36fd5fa813f1accea93f84270874954a324af4afe7fc6f64d14f392c2678ef

Download Submit
C:\WINDOWS\SysWOW64\mfcm120.dll

Filesize
108KB

MD5
e0b946b21704b07272253eb5de032d59

SHA1
16102783c75dd39332421aa9e6c412b256db980a

SHA256
7ac48773b606c77d65308f67f024fbc3d6184c1ab83227953f3c1774012bdf0a

SHA512
fb23b110b86207e938f7162a2355f9adcbfbb135e0f0330fb9449396779e9a39f62dfd4736f365c267ac3027415e70f97a60afa50af072555409f4e7270f4db3

Download Submit
C:\WINDOWS\SysWOW64\mfcm120u.dll

Filesize
108KB

MD5
8c15f016a1644d6840e0727f18510e44

SHA1
e502eabe2bdd5307e58a46a83edcd399240eadb5

SHA256
44e85eb2f435808622dbacec59763850da9bf38a19543082c3ada77133004c92

SHA512
aee328ef17dc751f353fec6ba4e0bfff748ecd8916492f2d53848237187781e7380547085511ac896df1f3b1c04101b4688ad6c63488dc5c6c7cad494651422f

Download Submit
C:\WINDOWS\SysWOW64\mfcm140.dll

Filesize
100KB

MD5
95fc5f02d5ba9af83c6ea043d7f98a6d

SHA1
17f677e08c2e94ba83e19eae533b004063546990

SHA256
70f36e1eab98ca5de6062df689dc278787068fd173dbceec7e6232e4f8a72f19

SHA512
36ac6a9aeec145deea53bc49ca140e98094ec9301dd741dac280fae0be5ee939ba8673b87a797c0b23c61fc5158adcfb50e3b4d9fb25b2d7777fdc07abd8981e

Download Submit
C:\WINDOWS\SysWOW64\mfcm140u.dll

Filesize
100KB

MD5
9f459fa0d329cafa6bd873d863843224

SHA1
4adef84e08ca583c88ca9f40073de65133b76dde

SHA256
57dce6e787e5b0097205cee704e36025391332fe86d18f2d555178bdfd780c25

SHA512
c6ba031b00e712287db99703b05ce0a893fa1d78708f1fd98aa9faebad26f5352eb7cf757dfe5bf3e688b2bd5ab6f26f87231e329254a42286d3229e056eab20

Download Submit
C:\WINDOWS\SysWOW64\msclmd.dll

Filesize
229KB

MD5
bce58899784b0d4f3e75e4b3518983f3

SHA1
ff659ed91fe52de17a3ccdc1adb9ffa988884d0c

SHA256
bb4c720ced85bd7429516b3a51fdce4dcd6a228fc0b1703d7a5bdf8d55fc8c44

SHA512
a18c93fa66f9a6aa0b9ca573c243a64801124e78be22327dfa20244100fa7d5f2dc6c1bc040ee0c773ac9715bd53463a58acbd90209c766efaa7ff281327e1c4

Download Submit
C:\WINDOWS\SysWOW64\msvcp110.dll

Filesize
550KB

MD5
396d41814d413d480344bc1a0376744e

SHA1
ac56b7fcaafcaa6fc704d5c28f2d8f8460c21209

SHA256
bb7582638346acb749e4835900fe4e045b6cf77e467daefb8f641809a979a316

SHA512
6790b345eda71e8923d08a15ae1f2444de731f113b9de78daf0283711d9ef2aa0a70216e89bb738034a6ac05e61cbed671d1a04b3a4f93c4e5113a2100952374

Download Submit
C:\WINDOWS\SysWOW64\msvcp120.dll

Filesize
471KB

MD5
e326fdf4ed771150cfbb69fd088a06c1

SHA1
3b9cd6dc2a5703f29a3f1b362436c000b3a61400

SHA256
bf2ca0e90da9ca357de759afb4d3a16acd5d9b6c08efa8ec8e5a65c1c4ca35f4

SHA512
2c8545f4e94ecb023a98947f95c52fe5ec7f12a331e2642f994ebb2b4f4bf79621d1f15eb5a96a2eb4df4954d0952af4fe90de65c2329d23549c27e798992b85

Download Submit
C:\WINDOWS\SysWOW64\msvcp140.dll

Filesize
453KB

MD5
9fb6183788a1a053c26700e7ac4a106d

SHA1
54441f7d4993b96f5f169b2bc9938dda49c5ffc5

SHA256
aabc5a16668d61a3dac991e35b37fe173225b5f080c88bd3456b108e66d1c042

SHA512
47f1783cd9607e8fed25699a83fcf4070ede2c18a557843eeee97411f5cccf9d228a09991d80fb9abfa7f57ab2839d8be6ff214ae7bb86165b4d93dd23bada44

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_1.dll

Filesize
48KB

MD5
24a8605a0e080a3a680c9fb205217222

SHA1
7024ce2ddd679f22852f58967e026a6570e2c17b

SHA256
b369694c800984bd99b7e172de175a4e74c0604e34fb4a8a68c09d0ee2f6ae5b

SHA512
2c9c6212e2c69526ef85df285476dce8703a03c45f3c249b455d7dee9941c9b3134fac317f55f463a210a0b9dd901a45f59d8171f5ba7d5828abe80ff7723155

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_2.dll

Filesize
191KB

MD5
b2b95a3a4d136d21add211b212ad9876

SHA1
5f3a72b456963eaa5d2f8e2fb6b54f805d306e56

SHA256
671b595ee60d962eac45459e980f46ce78786ef92f8b8e8a0728b49190b08212

SHA512
195ed9e914e3179938b0d4d8daa75da74f91c2cd34aa82de9ac94a8c454a9a68db14ad6c680a10919d1a1703ed12fc92e6ee6d8546cde53a8d0accf06cb64d52

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_atomic_wait.dll

Filesize
78KB

MD5
6f0c9b34b65bb14023cbe3cbab18c731

SHA1
a829b8b03a207b607bcf1e9b9f8c76aee29993f4

SHA256
0839d081f4d1dea80a8341595b613299b4fe84904f1ee810831573588a099fa7

SHA512
cfee3b0ded840d0d0fd169952c83b0b7f5bef9ec086dcbef9ddead9f3c4a3e4d996ee7311ee01db3745753f94d38ef6b3a278d6a4e2f316102e3b881c0bddc99

Download Submit
C:\WINDOWS\SysWOW64\msvcp140_codecvt_ids.dll

Filesize
46KB

MD5
0b57880050621b42a739a75bd4607375

SHA1
4c0a0f61edfed329cd51bd584dab98e4fcf5ce2b

SHA256
ad1372672224039d82ad8ab532a903f5df8c740742e1358cfd4523cdcf218ed1

SHA512
aff14c1434047717d3f233fe2384286a909afcd2a6057e299d897e45e639848f2b12831e09910b0bf91e4fd691d451d15020b3a7fe651354d69884eae01076a2

Download Submit
C:\WINDOWS\SysWOW64\msvcr100.dll

Filesize
783KB

MD5
ec890de5c7f8a92fe138af9dd70d1ed2

SHA1
ae69d989bef899781c74d87a3f3eeb2c249a2291

SHA256
333d37a82c7e55024154e1e4cdad2615e296509c70e1d906c4d57f37cdd5a476

SHA512
8676a2c5c1eea56d047f36db1591b120cac70aaa99cb521d08918d0bacc9450b19130653e7df70725d6429f2e99533232393cac6363dbfdfc80fd3b6f26e02ec

Download Submit
C:\WINDOWS\SysWOW64\msvcr110.dll

Filesize
882KB

MD5
f6c5af30643aeea3889aacd19707971c

SHA1
984bd2e306e039b99cc5dc15144972e066cd0c2d

SHA256
215392a9b7c12098c69658fb9ce76181cd5beb66b1510cdee13975c2893f6bc6

SHA512
ceed032f8b134586df5a74cec55dc0f85edf7fed200017027235a546d2fd72c960a636516857e881c1246216ea1138b3302ef26bd7ecf2b9083a6b98049197db

Download Submit
C:\WINDOWS\SysmonDrv.sys

Filesize
193KB

MD5
2ce1c415f88a0f92586b0cc5c941e350

SHA1
240ba58ae06be74a272d9889fe6904245abc3b91

SHA256
d6db2c249c87fbc51f4455c3a1ccfa05726aea0a7d78ceb8ba5a944535e1ff96

SHA512
e020142d64a1679001683772511b2439b990cfef714427cae22ed31a2fcc5030f853d9703fa25e605bb535477ef5bd2440e8c4e4e1e4e52e4eb23c8c056c775e

Download Submit
C:\WINDOWS\WindowsUpdate.log

Filesize
55KB

MD5
6fd81e954cdda0c385f2c9f76b434522

SHA1
9cb1248461c0e9909662333af9dee455c9f28670

SHA256
d14534268196eec28180f5acb80ab5e8e8fbab473e0a1ee3f0eb7a74b8394dd1

SHA512
42ed06a4c11f8e84f957565e92fdd5143da05f58c9c4373b8d150dde3950f0365449f412d1498aff15223fce84cbd970f905e8337b4b7bcdc666807c90c02c45

Download Submit
C:\WINDOWS\lsasetup.log

Filesize
56KB

MD5
25ab975558a01d49d939c1f41e5fa3a3

SHA1
f4b04220fd7914356ec9bd596f857a70b85747e9

SHA256
544156dfe8cde06a678cc0ebc5d9f25558e2993bdd9025cf1820242be9c59ff8

SHA512
937f7527dc1b3aa599810d626de7d464783369f130c3e4a9e299a7718ca08975a03526fa15f908482ae1b5ceb6b8159915094f166305978d03a15f0c5b72396e

Download Submit
C:\WINDOWS\setupact.log

Filesize
56KB

MD5
a6293f70367a27d1833adcf10bc96388

SHA1
1f3bf4eebbca140ca502cd05634a965722487e09

SHA256
d220938b714769602f6526ce386c1a0d9db46a820b35ad06a84fd6d1366d0595

SHA512
b7b3ecda00aa966862b42f53ec045ff4789686180ed65285a58aee3f1b68685565c5b74af41fbc63dc61bd0e34500ef15d454554d67f910e9f09f842d2424de9

Download Submit
C:\WINDOWS\setuperr.log

Filesize
55KB

MD5
9202f5a4768472198c994137894cdde4

SHA1
19062575f6e61289821dd3f38020038cfaa7a8bb

SHA256
34fe35fb84f5d49d313a9e39aa6df358ad4559e284f3f7f67a7d0210786064b6

SHA512
bdbde1474d82c9a1ced5cba37e99a1530e72aadce67af337c5bc1c033e2a7eb0ea4ea233aadbb3ab55a4d90c4fd076381060eefc33622f6251f62386ed50b31b

Download Submit
C:\WINDOWS\system.ini

Filesize
27KB

MD5
ceaa39e67969e512060e0e6b23be6360

SHA1
89f6042e56320944706372edb2f78661b11e6ea2

SHA256
9844c892812cfbc58ed511af4dd34217303ed29c2f5cd90127214acc99fef5a5

SHA512
4a341d4ca892d55f97af74af8fcfad075219af293bebe9d178326a4b0c7ad0c90cee180d530fec2ca27b554411918544484f00d527c1994ca918d6d82cad6c74

Download Submit
C:\WINDOWS\win.ini

Filesize
55KB

MD5
4c0a613bc0df60a2602211b083daf5ac

SHA1
c6130cfb3cc65ddbbe8c6117b3e3953ecf9b7607

SHA256
3b74a2a14a3b265d9f36b50dc0806b417ba4d94892143c6e3817013a1254b95c

SHA512
b209ac93a433cbe2bc4329aab56b288a28f28ab4799caf36150f204eddeabc4ab98dfdb45970a232b53dd3e6aa02097f8528864e34d9785f64f47a3890753935

Download Submit
C:\exc.exe

Filesize
92KB

MD5
9df2f844c335b486b0de9ceea15fce93

SHA1
266a1904fa92ccf1e95824c9f79f35ffb3d1eadd

SHA256
a289955e87d17bf620d7c11aee26f6eee0f19a04bd425237f48775bd6c129bb4

SHA512
66570f4f08f81d5a040e02c98f47fdf97bdcc9b6837a6a1fe4a4892f65568881aa0250153217098a9b46ad4f550899d2d5801afe049c9b9c5c2b561953e181b7

Download Submit
memory/2500-275-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2500-524-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2500-1130-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2500-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2500-1573-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3892-276-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3892-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3892-1146-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3892-8-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3892-1574-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download