2aa5fbc9852cea14c58a5bdcafafe7564baceb62e3c541684ebfdb38e40d3666

Analysis

max time kernel
56s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
04-05-2023 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ost-viewer.exe
Size

18.1MB
MD5

7920bd60326278c1bd912f4146f604d7
SHA1

be5029cee38823d08bd395eff446e5d81bc05947
SHA256

2aa5fbc9852cea14c58a5bdcafafe7564baceb62e3c541684ebfdb38e40d3666
SHA512

1dcc7c24ed80aa62a97969fc0b190334a0614fd9dbfb5fbad35ce777a31df47bf90666c5a617e5a963e81540f88cc78bb6128aa29562c351b94f0173af93b38d
SSDEEP

393216:Bt2ieM83DB3W+0Lr+RyOmC7Gdg/VN0x7FRV/L6RL:BwR3DB30r+RbGsVmFH+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

ost-viewer.tmpSysTools OST Viewer.exeSysTools OST Viewer.exe

pid process

4312 ost-viewer.tmp
1296 SysTools OST Viewer.exe
4636 SysTools OST Viewer.exe
Loads dropped DLL 2 IoCs

Processes:

ost-viewer.tmpregsvr32.exe

pid process

4312 ost-viewer.tmp
1856 regsvr32.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
4312	ost-viewer.tmp
1296	SysTools OST Viewer.exe
4636	SysTools OST Viewer.exe

pid	process
4312	ost-viewer.tmp
1856	regsvr32.exe

Drops file in Program Files directory 64 IoCs

Processes:

ost-viewer.tmpSysTools OST Viewer.exeSysTools OST Viewer.exe

description	ioc	process
File created	C:\Program Files\SysTools OST Viewer\is-N5T1T.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\log4net.dll	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\PDFView.dll	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-15AVK.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\UIFramework.dll	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.htm	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.txt	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Images\email-examiner-archive.ico	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-3EQU3.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-CKT52.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Images\export-html.ico	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\XML\is-JILHS.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\SysMessagingPreviewList.dll	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.C	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.doc	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Icons\is-4G7NS.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Images\NoPreviewAvailable.gif	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Icons\is-3G8HM.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.pps	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\XML\is-6M4J5.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Error Warning.log	SysTools OST Viewer.exe
File opened for modification	C:\Program Files\SysTools OST Viewer\Reader2.dll	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\ACTIVITS.ICO	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.pdf	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.vcf	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-BFQ6R.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-TD4MV.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-LTJ6J.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-FNIFE.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Images\other-file.ico	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Icons\is-G40O7.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Icons\is-14QPJ.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Images\Copy of Attachment.png	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-DA8RL.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\en-US\SysMessagingPreviewList.resources.dll	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\XML\is-HLPFK.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-L6038.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-Q4HEJ.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Icons\is-VJ9CU.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\test.txt	SysTools OST Viewer.exe
File opened for modification	C:\Program Files\SysTools OST Viewer\IWriter.dll	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\SYSLocalLibrary.dll	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.bmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.mp3	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-7LEK7.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\gouqymks.newcfg	SysTools OST Viewer.exe
File created	C:\Program Files\SysTools OST Viewer\is-EB84E.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-UNHQL.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-TIKO9.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.mpg	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-F3041.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Prerequisite.txt	SysTools OST Viewer.exe
File opened for modification	C:\Program Files\SysTools OST Viewer\SysHexEditor.dll	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Icons\is-2OBG5.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-7QEK5.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\Images\is-SHRIE.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Images\pdf.ico	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-OVLU6.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-AEC1Q.tmp	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Icons\Archiving.config	ost-viewer.tmp
File opened for modification	C:\Program Files\SysTools OST Viewer\Images\eudora.ico	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\en-US\is-69SL1.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-BNUQK.tmp	ost-viewer.tmp
File created	C:\Program Files\SysTools OST Viewer\is-SO47A.tmp	ost-viewer.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeost-viewer.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ = "_FramerControl"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11d5-B7C8-B8269041DD57}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\Version\ = "1.3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	ost-viewer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\DataFormats\GetSet	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ = "DSO Framer Control Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ = "_FramerControl"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ToolboxBitmap32\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools OST Viewer\\dsoframer.ocx,102"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\MiscStatus	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\MiscStatus\ = "131473"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\DataFormats\GetSet\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl\CLSID\ = "{00460182-9E5E-11d5-B7C8-B8269041DD57}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\ = "DSO ActiveX Document Framer Control"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\InprocServer32\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools OST Viewer\\dsoframer.ocx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ProgID\ = "DSOFramer.FramerControl"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\HELPDIR\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools OST Viewer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ = "_DFramerCtlEvents"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\DataFormats	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ = "_DFramerCtlEvents"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\FLAGS\ = "2"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\DataFormats\GetSet\0\ = "3,1,32,1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\Control	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl\ = "DSO ActiveX Document Framer Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\Content Type = "message/rfc822"	ost-viewer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\0\win32\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools OST Viewer\\dsoframer.ocx"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeSysTools OST Viewer.exeidentity_helper.exeSysTools OST Viewer.exe

pid	process
792	msedge.exe
792	msedge.exe
2100	msedge.exe
2100	msedge.exe
1296	SysTools OST Viewer.exe
1296	SysTools OST Viewer.exe
1296	SysTools OST Viewer.exe
2672	identity_helper.exe
2672	identity_helper.exe
4636	SysTools OST Viewer.exe
4636	SysTools OST Viewer.exe
4636	SysTools OST Viewer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

SysTools OST Viewer.exe

pid process

1296 SysTools OST Viewer.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

msedge.exe

pid process

2100 msedge.exe
2100 msedge.exe
2100 msedge.exe
2100 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

SysTools OST Viewer.exeSysTools OST Viewer.exe

description pid process

Token: SeDebugPrivilege 1296 SysTools OST Viewer.exe
Token: SeDebugPrivilege 4636 SysTools OST Viewer.exe
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

ost-viewer.tmpmsedge.exe

pid process

4312 ost-viewer.tmp
2100 msedge.exe
2100 msedge.exe
2100 msedge.exe
2100 msedge.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

SysTools OST Viewer.exe

pid process

1296 SysTools OST Viewer.exe
1296 SysTools OST Viewer.exe

pid	process
1296	SysTools OST Viewer.exe

pid	process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

description	pid	process
Token: SeDebugPrivilege	1296	SysTools OST Viewer.exe
Token: SeDebugPrivilege	4636	SysTools OST Viewer.exe

pid	process
4312	ost-viewer.tmp
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

pid	process
1296	SysTools OST Viewer.exe
1296	SysTools OST Viewer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ost-viewer.exeost-viewer.tmpregsvr32.exemsedge.exe

description	pid	process	target process
PID 1976 wrote to memory of 4312	1976	ost-viewer.exe	ost-viewer.tmp
PID 1976 wrote to memory of 4312	1976	ost-viewer.exe	ost-viewer.tmp
PID 1976 wrote to memory of 4312	1976	ost-viewer.exe	ost-viewer.tmp
PID 4312 wrote to memory of 4824	4312	ost-viewer.tmp	regsvr32.exe
PID 4312 wrote to memory of 4824	4312	ost-viewer.tmp	regsvr32.exe
PID 4824 wrote to memory of 1856	4824	regsvr32.exe	regsvr32.exe
PID 4824 wrote to memory of 1856	4824	regsvr32.exe	regsvr32.exe
PID 4824 wrote to memory of 1856	4824	regsvr32.exe	regsvr32.exe
PID 4312 wrote to memory of 2100	4312	ost-viewer.tmp	msedge.exe
PID 4312 wrote to memory of 2100	4312	ost-viewer.tmp	msedge.exe
PID 2100 wrote to memory of 2648	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 2648	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 796	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 792	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 792	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe
PID 2100 wrote to memory of 4988	2100	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\ost-viewer.exe
"C:\Users\Admin\AppData\Local\Temp\ost-viewer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\is-1I5N3.tmp\ost-viewer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1I5N3.tmp\ost-viewer.tmp" /SL5="$F0064,18708296,53248,C:\Users\Admin\AppData\Local\Temp\ost-viewer.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4312

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CDTPL\SysTools OST Viewer\dsoframer.ocx"
3⤵
- Suspicious use of WriteProcessMemory
PID:4824

C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\Common Files\CDTPL\SysTools OST Viewer\dsoframer.ocx"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://license.systoolssoftware.org/Thankyou.aspx?ID=133
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcfa2946f8,0x7ffcfa294708,0x7ffcfa294718
4⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
4⤵
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2056 /prefetch:8
4⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
4⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
4⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2928 /prefetch:8
4⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6f6c95460,0x7ff6f6c95470,0x7ff6f6c95480
5⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2928 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
4⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9090849576981989803,11783732442028879676,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
4⤵
PID:2536

C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe
"C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe
"C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\CDTPL\SysTools OST Viewer\dsoframer.ocx

Filesize
99KB

MD5
efa590365ec1fb105d595e06ff29046c

SHA1
7fad7c762ea3639d6d8ec415274a4ce193b257f4

SHA256
4a089b681be0dd93ff1c193df9086d511a38bf8602ba658b39b5689f6fa3890f

SHA512
458ca9a8fe1d03ac87720b57447e23217626791a05c95dc4d2cb0f636a615e5da131c10a878326e8ab0f8933d91ddf5b61729d8eb07f4729a40795d93c5694a2

Download Submit
C:\Program Files\Common Files\CDTPL\SysTools OST Viewer\dsoframer.ocx

Filesize
99KB

MD5
efa590365ec1fb105d595e06ff29046c

SHA1
7fad7c762ea3639d6d8ec415274a4ce193b257f4

SHA256
4a089b681be0dd93ff1c193df9086d511a38bf8602ba658b39b5689f6fa3890f

SHA512
458ca9a8fe1d03ac87720b57447e23217626791a05c95dc4d2cb0f636a615e5da131c10a878326e8ab0f8933d91ddf5b61729d8eb07f4729a40795d93c5694a2

Download Submit
C:\Program Files\SysTools OST Viewer\Be.Windows.Forms.HexBox.dll

Filesize
92KB

MD5
70b1e23cee42acb79a048e3e5cce9351

SHA1
42f9619cdc42a47cb8324a704110d110df349e1c

SHA256
cc8a4098f3daadc890cd74da282cf90fc82b03816651d26231d2aafd281c9b68

SHA512
f355e44ffd423f67a4bf5479dff40098d38087125fce7a3b34ea469e8b9b1b16398599ad6503fdcc4858173e441936f723e0961f8c8d10a0392f29559bf3a435

Download Submit
C:\Program Files\SysTools OST Viewer\CG.Controls.Grid.dll

Filesize
956KB

MD5
a003a8c42d9c4034ce27d04b5ec09de3

SHA1
928317fcc1e4c3ed451e46ade4537f4eb6c45192

SHA256
1de2296f602a78b88963df5406e6b235dc448d1e7e57206467bb4bf263adaa65

SHA512
490fa4e5652e3cccfc773bc3ad1210fb7693308d607dfff89118d73d80fb402dc505cff5b3f92c4aa26078b8513bf6fdbd5198fafb54006ac9806e91a5590fff

Download Submit
C:\Program Files\SysTools OST Viewer\DevComponents.DotNetBar2.dll

Filesize
4.6MB

MD5
3f4009771a5fbbe131564301215f1e1d

SHA1
b77f416bda4423c19c0327a55e5c5c6be1dc07f4

SHA256
e89f3a8a068f7bd71c22a373bc3d660e6b6bad3549e1d9ffadd2234ce810f828

SHA512
96bf8dd1c3e352d0b8e95f04588ade40ac7afdf93b4d505681fad336b7fad4a16bed16127c559e442540fd6f93f1bd67dc1c6850dc68269d0d71c406d1891447

Download Submit
C:\Program Files\SysTools OST Viewer\Error Warning.log

Filesize
1KB

MD5
2f1f65c10e3129e902c1c0eff5ab0e72

SHA1
1e259dd5e9b1b5169f6e91295a0a9740f7349893

SHA256
42fbb6de5e658c0b59a997922d0a57528d5865531c7b4b76f4a53ccdfb2e4786

SHA512
a7363648c4e1d4e79f95d92e9b6121a007518dbb8c9a1f3bbc0f1ffb98956505988a44efcbc68458fc13625d0c9b97b55c294b859ae65e6a60c50cb3885668c5

Download Submit
C:\Program Files\SysTools OST Viewer\Images\Copy of Attachment.png

Filesize
314B

MD5
8c9d30d3fd93e8d163d79069723a32f2

SHA1
0e1fa1540b1007d162e647a0d2158879915251d2

SHA256
13e2f3c60d25bac7a8055b039fc0c2c8fa8535137be79c2ae427adf6276cf4a3

SHA512
99d5169285aca99426ef9d6e120e0da497b5410dff7b8d3b914c3e6b20f78e7ad5a0a7eeca893337358e85b53f7b12ba4ee22e04e4b00c0105fe26bab58e74b5

Download Submit
C:\Program Files\SysTools OST Viewer\Images\Copy of access.ico

Filesize
2KB

MD5
420232302e8a5dced91d5030abcf52a0

SHA1
13368de793924f91a6b2346b6bcd68007240c54a

SHA256
b511c68e248e35849203731711edbdbdb3e8e2cae04f5e54cfa2954ada08e5bc

SHA512
843175efcefe2b031beac619b461bc9fadc76d08f2640fee56c3a19b2e4476ff3a874d455e1f962fa3287e4b89e385960e2ec5e2b241edf3f5af4e725d4108fd

Download Submit
C:\Program Files\SysTools OST Viewer\Images\Copy of aol.ico

Filesize
1KB

MD5
25ab073d3ee04ac5b71176389835a5bb

SHA1
3ee773ac9e6a9fdc57db713728eb73358edf1c87

SHA256
32908e285dc5a77f1438d496646c7dc2d732f1cd0161ccc230f43753ae343828

SHA512
f0a328370f8d350c97876cc20a411f83dbed4a909c89c1e145263175b94ee25182dcca7fc575889a2bdbba85831d6f46979e4ae9ff602ba597be5e3bdb38a2c0

Download Submit
C:\Program Files\SysTools OST Viewer\Images\Copy of auto-detect-mail.ico

Filesize
2KB

MD5
2e01c0fd167a200c04ef9ae9520d3c3c

SHA1
79566dc754627ae07863654c5c21716765e47ef1

SHA256
810ccde0b55027c657dfdb47220135400f55224211aca3f2974f1a04a8dc610d

SHA512
bf0f9b47e3395daa0352f60be3506108d3868321e25fee057ed82fc451c37072d768be47966b4af0d9faa553ab838aa4a98247a619e5200d6d3153a6bf4f9af3

Download Submit
C:\Program Files\SysTools OST Viewer\Images\NoPreviewAvailable.gif

Filesize
13KB

MD5
085fc1c0cf4c6201a1a4f55942e907cd

SHA1
cc47c846287a8dd8fdaad2731b92284eef777faf

SHA256
95edb89c6bca4b4f5412b4a719dfecd926ada8a632af1ea61012d38c90ff7687

SHA512
374fae0855516201daf38c65d8cef296812aa147410c7ff77ac584039ffabd06e0d64a90e2bc76628d8691d3aff57af7c6bb0ad97563cdc7820e2cb5ad11ade4

Download Submit
C:\Program Files\SysTools OST Viewer\Logger.dll

Filesize
26KB

MD5
9431ab2b05b2501e38010f2d4fb4c6de

SHA1
dabf1517718bc3dd7499ef3291c098669428533c

SHA256
9c0e15d522fee05abd92d33e85ce8cc81982aec5609f6b92bd2af97ea15371b0

SHA512
3fd9c944ee8881b9a4945d747c6a4c45d509079c7380baf902a92edf6de82576a609e3ddecb3592c891e20f378c7f5aafb653e003410240955e18003808123a1

Download Submit
C:\Program Files\SysTools OST Viewer\MailExaminerCommon.dll

Filesize
45KB

MD5
45156d74acc4aad848642872e3e7973b

SHA1
11d344731fb81ec8a95f808f43185cfa508c91c0

SHA256
e6cf155c2bc6c8ea1f46c71b91a4befb4d4d3ca5967191da621ecff7271fbddf

SHA512
94b0edc0ff1aff697904e53e58c63eaf86e67f361f78fee56bbc1f51bd75f2b8252b3cbbe0c6706d8a38e90291efcd529e9555c622828efce39bd5811cb77393

Download Submit
C:\Program Files\SysTools OST Viewer\MailPreview.dll

Filesize
142KB

MD5
4c316f8447675698521536783412b536

SHA1
1a2d3dd0e69d025f883278290f5e6cb03e3f7c33

SHA256
1b714e2cc4c803ab0ba53c758c0868a19a236307f1504235301db512a032dae0

SHA512
8769f623b9249d686cb9d8c65d0d882462d3d98835f8945de496020ac2b8e9cfd2e1f7a5e5fd6dfde75d5421cb6aaf564c86234d888eb5b6320cc4278d4c935c

Download Submit
C:\Program Files\SysTools OST Viewer\MapControl.dll

Filesize
55KB

MD5
81d5689e0b00dd3dcb40b75e68c6339f

SHA1
f5131d665633a7ad1cd47b8457a553e5a280725d

SHA256
c5d35bc73a213b947ecbd19f9b127ca9e34d54de9019e584f38df18160c97ef9

SHA512
cdd79a84ba6d0fdf81ff487c7e3aeca59932dcf4f8f3d833c8126cbf9233bc0ea87e4f0de03fc147f3274a53c4e566ee251a49e503fa9357c7c9d34139a52c98

Download Submit
C:\Program Files\SysTools OST Viewer\OutlookComponent.dll

Filesize
3.0MB

MD5
71a76b35990148bdba1fb624c1a9ab10

SHA1
d7ab8521bacb7629d7a5cb24aa803a9bab81a0d4

SHA256
f1650f059a1e9bc78cb64209033f5602829181f4e83f99eb9c0e6cce5b77c3e9

SHA512
90518fa8ad744891bdf7105c1f8bf5f1d8ac462a4ece37041d077c600350869a7cafb20820bc4d3e3214d6193feec65e6f63939ae91ea5fd23682493f09397e1

Download Submit
C:\Program Files\SysTools OST Viewer\PDFView.dll

Filesize
170KB

MD5
a9bf6b15ef141dff98ca53b84a96e455

SHA1
085bbfb2d88012fb0f445a124e613d114d350412

SHA256
6d375547a71e11cd2a757edd58c0ceddf178d24eda9d3472cb20752b2e5f21c5

SHA512
bb4089d87c303cfafaf5b369e7637116982ce4c99e6634da29eeda553c5d16d762a58bfbcbbd4342cd16e947de377cb70c51217a740934f2bba6877b1c5fe363

Download Submit
C:\Program Files\SysTools OST Viewer\PreviewHandlers.dll

Filesize
46KB

MD5
7699dbe073f1cbb1ad5404c600f7d29e

SHA1
0f03de55a1fa10f4ed633c3a3c3ef9b3f3b6edba

SHA256
316ab80b4274b807b25b7c902b03d934ba2cfd9f2dfb9fea8d8a98ee41896d43

SHA512
22e456978668648b11fd52f713e73d059da29b2413a46c50bdc3114acc73a08730fb6acc7d59b04035ad77facef882814be9c7af0f35c8a4567a0ba9a1a29214

Download Submit
C:\Program Files\SysTools OST Viewer\Reader.dll

Filesize
21KB

MD5
9819c38d26b6b5e44d1b3fa23d7f214d

SHA1
9ba66e15193b475cd4c4694ec98691a0214b69b0

SHA256
68fd1ef1226573aea98103229ff6e2e83c100df41b25dfb8f60ff7ef3b240c39

SHA512
2a2343791b5fbac40b83855ee9d8fd2e43f599083aeb96d040f944975debc206a0ba1744a05b44e8aa7212d4170cb7bee1671dd028fce845377ba213eafe32ae

Download Submit
C:\Program Files\SysTools OST Viewer\Reader2.dll

Filesize
22KB

MD5
97bdd8afbbfb83bc0aa531b4aa292f28

SHA1
166b6d936f4e24f9f7902bb98ed7136de32171e7

SHA256
9cd2f6a13d77c3f1ae410d58663e7be71c7084d54f1bcb0e203362782a3e89d6

SHA512
d06491cc083d0215a587bf2372b09230b80801450dd08d02ed9157d0319ffd96ce7a640877b0553039e9870e13a85f809caa1da805f8b44da89af74c35413ff4

Download Submit
C:\Program Files\SysTools OST Viewer\SYSLocalLibrary.dll

Filesize
21KB

MD5
08a64cab5b2f21764c794108b5cdf78e

SHA1
8ac7cf8ae6bfcca2ee2bd4c9b28d5bbe4244533d

SHA256
91b63eeee57c2e83cda6730605e9db3702e252abad9dc56e988976637bcdb9be

SHA512
88dbe69f1985285ed8fd60afdf69aa83f97e00cb33aef303ae21b3c287be2874c3777eb3d5c2ec7e429299235672cc2ef30d08dd5d549e4f4afae95a18904cd5

Download Submit
C:\Program Files\SysTools OST Viewer\SysExceptionHolder.dll

Filesize
23KB

MD5
5658cc43cf23b4729934d302d535e3cd

SHA1
52b29db63ba92ce8b4adb2e43c68d1320ac77623

SHA256
d0e4c3986e618060cb89b2cebad33f0cc80eafcedb6814e641ef39034b5b5d68

SHA512
3668e5cf46395c316b649b73b1a6f67d285ff1045caa2df2b9afaa2b26b5b234290e30d0d47121c2228fc8aba65a50182b27695e18ed6d61673f7c43223925cb

Download Submit
C:\Program Files\SysTools OST Viewer\SysFramework.dll

Filesize
1.1MB

MD5
348d4bbed656a42ebad10a52a5bd3998

SHA1
423d691c06dede79d1128afe57ff48257a5c933f

SHA256
bcb5ac7da392c803eaaba5efaba4a05aadfcd44f2fda14f4b7817db93a68de73

SHA512
c4c78212752ca5fa24937c5f0e6ff2cc4d86b312d0ca395334bfe1664c2e13a8e8955aef2bc3784f3a54a59ca24f50ccc910bdb712c86b72f5a53504e3314804

Download Submit
C:\Program Files\SysTools OST Viewer\SysHexEditor.dll

Filesize
71KB

MD5
ead6e0e9ff9cbfcb28124d98ba97b2dd

SHA1
e72dae9d02d07247ab725c83b9e22ca1e4563da3

SHA256
468d8f8799a60fac7d542670d0b6c28bb2343b84e3034c323bf7d6f1b21794d7

SHA512
8e915b26a6ef919463e30347595ce6d91fa73e29a3ae5893d946252f381a3e930b0889598f060ace90f36963043d29f21baf675b98b5344ce7a81bcf45b3bc09

Download Submit
C:\Program Files\SysTools OST Viewer\SysMVPCommon.dll

Filesize
79KB

MD5
97d7248b6608b6d0e96bb707ca16c029

SHA1
50d518b8601c889966d4f55ad90666f454d2d0e3

SHA256
e30474d5ebb72b01f45d0310501521e184f839f06f21bd5c959414aacf5d07ec

SHA512
d03f51268a6260811e394f0bcbebb438377ebb51d41cb39b70e34adfca5cad35ca879b49c0ccb57dcc803c74d8975c8b82dc47b7e855af3b6f517f074985eea0

Download Submit
C:\Program Files\SysTools OST Viewer\SysMessagingPreviewList.dll

Filesize
652KB

MD5
6fde30b248681b4eddb5aeffd9dfa456

SHA1
d9de4b35fcbf1d2fb9ff5b426707f261e4cf8710

SHA256
9ac105ab7c2a8d7a17360a5b8cc4011a1aa62835c112bfc1b726b13a627245ed

SHA512
ae987ab4f92c31c40e3c9451ab9df1156308d32eac271e5a06de86f8feda7e0e13b4fe4ec5df7285300686330ed3561425665ab47b67ab5b3bf18349988bbd5e

Download Submit
C:\Program Files\SysTools OST Viewer\SysPreviewControls.dll

Filesize
248KB

MD5
963dc3a2f460570c3b2ce726947feb23

SHA1
df0e871fd69830237e5809fe72ffd6f9206ab5fe

SHA256
cb9aee6cef4d0bf1555dee41b5a7f3930e97daa065a517da6a0fb9df12cf0b70

SHA512
7c36adeb790939b3627912be2a742fc4d1108d842fe4840df62d9a03a16d8dbc0a163fb174871afdd0e8d5f543dc13f80810cee75d51ae8dcbf7e1eac96adec0

Download Submit
C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe

Filesize
236KB

MD5
78c60e4d8abfe432f1a7d83bc72ede5f

SHA1
34cc2f969d25ed9aac139c0b6c17c03e9d82fa1c

SHA256
0f00ebc14df46e9abf298a8da567725180eaf903f8284c9e14495992ff0c8e3d

SHA512
e4565726b22b0acc80dbfd6e36bf27d2268b54717210f0f507cc4088edc84a70ff8b2dbb9ab0753859b538a4066fd0beb8efca4ea8efaa82516d8b86429575a1

Download Submit
C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe

Filesize
236KB

MD5
78c60e4d8abfe432f1a7d83bc72ede5f

SHA1
34cc2f969d25ed9aac139c0b6c17c03e9d82fa1c

SHA256
0f00ebc14df46e9abf298a8da567725180eaf903f8284c9e14495992ff0c8e3d

SHA512
e4565726b22b0acc80dbfd6e36bf27d2268b54717210f0f507cc4088edc84a70ff8b2dbb9ab0753859b538a4066fd0beb8efca4ea8efaa82516d8b86429575a1

Download Submit
C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe

Filesize
236KB

MD5
78c60e4d8abfe432f1a7d83bc72ede5f

SHA1
34cc2f969d25ed9aac139c0b6c17c03e9d82fa1c

SHA256
0f00ebc14df46e9abf298a8da567725180eaf903f8284c9e14495992ff0c8e3d

SHA512
e4565726b22b0acc80dbfd6e36bf27d2268b54717210f0f507cc4088edc84a70ff8b2dbb9ab0753859b538a4066fd0beb8efca4ea8efaa82516d8b86429575a1

Download Submit
C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe

Filesize
236KB

MD5
78c60e4d8abfe432f1a7d83bc72ede5f

SHA1
34cc2f969d25ed9aac139c0b6c17c03e9d82fa1c

SHA256
0f00ebc14df46e9abf298a8da567725180eaf903f8284c9e14495992ff0c8e3d

SHA512
e4565726b22b0acc80dbfd6e36bf27d2268b54717210f0f507cc4088edc84a70ff8b2dbb9ab0753859b538a4066fd0beb8efca4ea8efaa82516d8b86429575a1

Download Submit
C:\Program Files\SysTools OST Viewer\SysTools OST Viewer.exe.config

Filesize
2KB

MD5
27bd46cb0e8726ce0a19df6b77d32c7e

SHA1
14c072cdda6927739f3adb5046e9626a013df3ad

SHA256
00f61d1316ffbab8c0f242b34c76a372c9ca7abffc169518d37214f0c3d55d7f

SHA512
763440e5d87b115a97114104689a8323d4abacc16fe4782d06020c6481e0b1c3c727902171973cc901628d2f8dcb95d6ccce14c576360b083a544a4911afc7eb

Download Submit
C:\Program Files\SysTools OST Viewer\SysWriterCommon.dll

Filesize
26KB

MD5
2748a51bf97f3b66df14bec2e6a36b75

SHA1
32bdd7533da6cb6190ab27762a3b22be7b402757

SHA256
c95de2abde3fa008add11b7f30baf06ff33a70c33bbaaeb757a09b07070bea69

SHA512
198019a8799127865f0e0a6e5e75db708df868b8153d0731bad2a4a06a978b390acdf628747ca8a4281e3e59e949829ee37f3d1e47ebde6adb6bcfd6a1336eb3

Download Submit
C:\Program Files\SysTools OST Viewer\Tarro.Windows.Forms.RichTextBox.dll

Filesize
28KB

MD5
907b3d3391a1259ab4213d7f9cb70b19

SHA1
18239a5136c5201ea1571805002bc8d53c052fd7

SHA256
536084b4a5b8456fbfc49981d620ead3d585e65d47ea6d115171411dded4df9e

SHA512
9091c63eeca42cbeace4683eafce7657cc69581f4c04ec0d2acb801d5abb157a620a76f6df5fcdc7a332dbbbb5ee55c431afa35dd7837f75937c599020c129ce

Download Submit
C:\Program Files\SysTools OST Viewer\WriterManager.dll

Filesize
21KB

MD5
e73b7efbc7d53105bff68935f76f16ca

SHA1
b39c60d8e03ac14b9659dfea05e4e9625c8150b6

SHA256
1e9b2d408f24e6a8405433f62ada0488b518363313680a5ef1de81cd267458e3

SHA512
0ada2d76721e19b70e11044ea40fe888bc5ac51b6cd93e31db097ba1207ce7e560f8ca6fcae3c63ad19f83cf3a437b3090c2330ed08db59d4a17b5c26110c4a8

Download Submit
C:\Program Files\SysTools OST Viewer\XML\AppStoragePath.xml

Filesize
115B

MD5
fbe78ad98f5397a7a80f08dd826a3b85

SHA1
affab9edfb1209aead8b5791b2b2b3db18cdf05a

SHA256
deae0ec42a7864597001437ec8485c6fca65ccf5c154159e605cf6dd4df0104f

SHA512
6da8e95f27d42e64bd5dc768b6137ec6d2256aee1bf278e621777bec2442afa71ed01a1c12740f8dfc8b3cb7c508bd1b3e19607699b6f0f14813890d48c05d66

Download Submit
C:\Program Files\SysTools OST Viewer\en-US\MailPreview.resources.dll

Filesize
4KB

MD5
66639ba543578366784d1831d46826d2

SHA1
f7a0f8b46469613bd59aab10fd959bc8b42d7a4d

SHA256
5c8ce04c3dd72bfec72c7ebc8c7dec729984957d42d37e9188e2c973fe8eb16c

SHA512
ce6c676e69c291a11e1165577852ea1242a572b8d072ed7107adb1cd85d4802fc7ab3b24ae0c9b78a0b01b42c3538771eda5f9c4f5a8c8674dd868a4d8efecb4

Download Submit
C:\Program Files\SysTools OST Viewer\en-US\OutlookComponent.resources.dll

Filesize
130KB

MD5
7c895bd07c08ea75b4b032af51e1cabf

SHA1
ccb0534f2b2182966a5112ecec3ff85a76ba3f1e

SHA256
0a8441527051727a725e693a94323aad960d89b2113c4d380be9453abbca1b0f

SHA512
87e349805c84aba0634e6c320f0402a7c14633a788a31864e34a84ebdc5f56a840b9e63cf92579ea641b6a2b3c72bd9cbfcf90bb4157925391ac44e8ad4aa3e8

Download Submit
C:\Program Files\SysTools OST Viewer\en-US\SysMessagingPreviewList.resources.dll

Filesize
58KB

MD5
67ab7d8115c227980ad9c80b77f7561c

SHA1
85254f7cff25923898c627f7611f89784c5a95d5

SHA256
486dcaf86c4aea3c3af3a3fcded545b765bcbbdb218195be2d51350a30e04173

SHA512
d08f043993d1108db0161978a010e523a9327b26f634b2c2bc3f6b8ef0a099459d816299a8322179754e78e3558c79fa7d46fb7bd6a762a2ed1c7fe3e8d3aee9

Download Submit
C:\Program Files\SysTools OST Viewer\gouqymks.newcfg

Filesize
4KB

MD5
ddea1736b4a66837e2a7d9d1af617d4e

SHA1
886e4d567231c1146a039426a42d99112882889c

SHA256
989adaeb873a03c015bf93852c73730cf887af61bda0e8602b55656848d2f231

SHA512
7b2e44b5871fe10998c0d6ac426651d56c6e0e18a252771b7c41d5faf93b3d5f457042cc20f323ad7aee08f61cda637254f4ddc58b01f33fe251f1e96c649183

Download Submit
C:\Program Files\SysTools OST Viewer\is-U8984.tmp

Filesize
58KB

MD5
792620390aae5305220283f2ce33ca68

SHA1
d9fee4cb3e2fa5e7d88b45662fd58b30aa9979f0

SHA256
21bc620515ebbdeb125d273c2d8db45577d05408ef624464af26afcfecfd201a

SHA512
470914116f40e4f7216c840ccbc706eb7953c10e62195c9b4d15e73f422625096df6c68edb33c25e2eec3305b4a1b159054f812c4a2307aeb3e49d35ae5f575c

Download Submit
C:\Program Files\SysTools OST Viewer\is-V4HF7.tmp

Filesize
26KB

MD5
9431ab2b05b2501e38010f2d4fb4c6de

SHA1
dabf1517718bc3dd7499ef3291c098669428533c

SHA256
9c0e15d522fee05abd92d33e85ce8cc81982aec5609f6b92bd2af97ea15371b0

SHA512
3fd9c944ee8881b9a4945d747c6a4c45d509079c7380baf902a92edf6de82576a609e3ddecb3592c891e20f378c7f5aafb653e003410240955e18003808123a1

Download Submit
C:\Program Files\SysTools OST Viewer\log4net.dll

Filesize
252KB

MD5
f0d06bbeb3b0b8d07bb9bb5a20e6a88e

SHA1
395027f213cf8727d8c7d2f2f0215432849f174b

SHA256
e992bd921035e732d86debb148344223ea174d3acb29fa54e8147272b7165d56

SHA512
5d30a601f98ab3252e89ec4d441a399e3664e72489b18f9dac25064fce5b6a81a048e8f370bfde2e92655d6652459af0ed6f2d15c39a5e129210301e5f339e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\371d79b1-c875-4ff8-923f-b6ee1e9b8a53.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3501226ca18902c90b58fc8a35da9333

SHA1
6e99f0b35c87936c6d70ec9cd366dc99b1a9e468

SHA256
92b8f91012c40adfd7724c19d723863eee3dce87cb14174f3887e7f692639abc

SHA512
bd0c7c8fb91768e0b188bcfba073b0e9f3c3da80ca31baa125b0da9551a5c48fb081c7dfb06c91fe2988b25203653b26cb708d9f9753c37c89dba523b6b183e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe570f04.TMP

Filesize
48B

MD5
5132071d9a1ded445fd8c13e8828f82a

SHA1
efceb2d8acff3714535fd2b7dee9c20b83ae950b

SHA256
dae2e7810fca933f35d77f2b1706616cb305fc632f86d9952869a63f02559359

SHA512
0b37b1f3ae9cf52df13c87826c420fc26ab10dde1218f69c5d821b286d1816fb43b8540341ece2e0b13402da9e12b500848aa250e08664532015cc1183cbd321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
8f847894692f5b81bc8daf813f811d6c

SHA1
886af90c335f36e97830501252663f67198e9b8a

SHA256
577a2a82b0b468bea661812b7ba772ebdda3ca67416f9cfe3ea3b1c5f0c9aa2b

SHA512
7f4ec98bbed72c4e9b67e58387a0136bbedc8a0b3e7f6b0a7c83a228e97664be3d67c15b4461cbae32f1f93d0460deda4e511dcd2dd9d9d5073a67dc7b29faab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
193B

MD5
bf57d4fd7ac7833d6ab5f4963b1cc0b2

SHA1
b3a78b13dfca9a74f5d2878039209ccbdeaacbec

SHA256
372cc067f4db4766d883db61db189226008b1b67ee4b6b1493654e754f6fdb24

SHA512
774f072bc3feb62b536c96311c7ce8269301f17aee4f6d12dae6d7183cd4c8c43fe0fe80cb4684e39e5d613bfe3076771c5e7169d72011df426580825e54a8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
76c374636fe659c552836608c168fd80

SHA1
6795c7013d293adad4139dd42e06b82524550235

SHA256
58d8057622255b7e86e53f2aa8ecf69ebe67a33dfb361eb42a1c268c5c9ded89

SHA512
547c09e3344f1d3b20e360114a99c5d2fecd8b4916079e61a617d632d51296e0f09eed92e05ec3ca9a9bdf6e3400b7ccfddfed48eb724c94dc160aa0fb7e73cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c556f24c80183db4595e91d112d2ffb3

SHA1
537ea00997c881e621c8119d6e6989b74c3a56a5

SHA256
520102bcb2912fb17dd8e9943a6406f7f8e2261d8b90655c491226642ff3f970

SHA512
ee5be59b79c886140fafce3afdb06b7ab2a14ac9d41f301a098098ba2e3d926114b4aa5f57dd6c9ba67492a616b3a31e7512b066e684999055048796c254b84b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d6e0449a-d2e8-40e9-999d-35e57d36eb36.tmp

Filesize
5KB

MD5
a94f9bcd22eb181b7a9f037d6edc2249

SHA1
202af7539815b6eff5796ef23a66d3df61ae5975

SHA256
162932e8a287fdde7421e148f1c64afd21b32fe6748bbfc325f692eaa55468a4

SHA512
17898811b2fd6bebee5b8502f0f521325e47b0e8be9febe0bf1224c15c21a05bf2e69c43d8d1272f1f5a69e563779b731b00c750550bb4de05183bb25e460f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
b65bf1dad8ba788fba0e4541693a6604

SHA1
8de9cd1783ea90972c72cca4d1af81a769e11b33

SHA256
68697efa8c242175de6bbc6f9fc7ab17fc323c3273956aa94260e7c5d8e3ac4c

SHA512
1738c43281a4a9b36758fe613734d3c2b1f9235b1c3844bb7af1cdf8c624aece31cb26bea364530f58e8bf622de0a4a062d285ea9ebf2e81de017ce6bc969bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
17d24ab43b69e46f85e951e2ef0c06ac

SHA1
4bf77df31c9d06a260ee27c682e27c165608c3c7

SHA256
8c9363105a22e7c9a5c411fbc764620770ba314c0bedcbacdfeef4bc157e8b2e

SHA512
c2e0af3de80202c9229a61161b7337879a5c3f6b19f9dca7dc761fb1d1885f64f616b67abb813a45728978d3773b472fcd55ec686622074d2a9eb764b9b4aa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup Log 2023-05-04 #001.txt

Filesize
57KB

MD5
a2145c92ae02373c6fa7515b5c2f79fc

SHA1
40de86d03cd350e5f90577a4bd13f1c3faa5e745

SHA256
ebd033a94937229502964c83905aa3a98c27711169dcbd72b826692c9fb301d5

SHA512
3f4e6a89818e9c9aef18092d7162f79f52ccc36017433240cdff11db430aacff258122b4295e7f2e7606d60f4b4c64955167498d79d7c559a07462d336a7e516

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1I5N3.tmp\ost-viewer.tmp

Filesize
686KB

MD5
65d13ae1bca738099e2a7b1d2a01482d

SHA1
4d92dbc64ccc29de0bc8fc86b0d48b43f88465d9

SHA256
1879d48c81afc8bc78a31c222f3a99d0254b1bc27edf814e3f2ca269616c9e9f

SHA512
74ef53d8fc70d7f5431247dd869128b165dc4471a4fa4676cddf4e7417e0c6167bf832d127e6232acebd9a707002bea3e5cf34160d80af1933a07be37511b66c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1I5N3.tmp\ost-viewer.tmp

Filesize
686KB

MD5
65d13ae1bca738099e2a7b1d2a01482d

SHA1
4d92dbc64ccc29de0bc8fc86b0d48b43f88465d9

SHA256
1879d48c81afc8bc78a31c222f3a99d0254b1bc27edf814e3f2ca269616c9e9f

SHA512
74ef53d8fc70d7f5431247dd869128b165dc4471a4fa4676cddf4e7417e0c6167bf832d127e6232acebd9a707002bea3e5cf34160d80af1933a07be37511b66c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8EEGT.tmp\isxdl.dll

Filesize
58KB

MD5
792620390aae5305220283f2ce33ca68

SHA1
d9fee4cb3e2fa5e7d88b45662fd58b30aa9979f0

SHA256
21bc620515ebbdeb125d273c2d8db45577d05408ef624464af26afcfecfd201a

SHA512
470914116f40e4f7216c840ccbc706eb7953c10e62195c9b4d15e73f422625096df6c68edb33c25e2eec3305b4a1b159054f812c4a2307aeb3e49d35ae5f575c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b291448adcb0625d957006baeabd3a63

SHA1
cac6531097954dc0d5fcc2ad74701fc113f2a898

SHA256
e219cd05b889444efd8cc6a98f6c6290e8fb0c7b2c2835af47981dc9e48516d1

SHA512
137fabdc38906b82739496b09d48a947aef3c16fabcc778d976ce6e049cad868722c3cb419b4f1250bde009063a894c5d28e31885ce2221d07f9254774fb672d

Download Submit
\??\pipe\LOCAL\crashpad_2100_XOTNJBVSFRSOVDZV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1296-784-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-1024-0x000001F96C850000-0x000001F96C85E000-memory.dmp

Filesize
56KB

Download
memory/1296-983-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-990-0x000001F96B4E0000-0x000001F96B4EE000-memory.dmp

Filesize
56KB

Download
memory/1296-785-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-992-0x000001F96B4F0000-0x000001F96B4FE000-memory.dmp

Filesize
56KB

Download
memory/1296-994-0x000001F96B6B0000-0x000001F96B6BE000-memory.dmp

Filesize
56KB

Download
memory/1296-996-0x000001F96C570000-0x000001F96C57E000-memory.dmp

Filesize
56KB

Download
memory/1296-773-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-997-0x000001F96E9F0000-0x000001F96EB7A000-memory.dmp

Filesize
1.5MB

Download
memory/1296-998-0x000001F96E8D0000-0x000001F96E8F2000-memory.dmp

Filesize
136KB

Download
memory/1296-1000-0x000001F96C830000-0x000001F96C83E000-memory.dmp

Filesize
56KB

Download
memory/1296-712-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-688-0x000001F96BEB0000-0x000001F96BEC4000-memory.dmp

Filesize
80KB

Download
memory/1296-1002-0x000001F96E930000-0x000001F96E956000-memory.dmp

Filesize
152KB

Download
memory/1296-1004-0x000001F96C840000-0x000001F96C84E000-memory.dmp

Filesize
56KB

Download
memory/1296-686-0x000001F96C580000-0x000001F96C62C000-memory.dmp

Filesize
688KB

Download
memory/1296-674-0x000001F96B630000-0x000001F96B672000-memory.dmp

Filesize
264KB

Download
memory/1296-672-0x000001F96B450000-0x000001F96B45E000-memory.dmp

Filesize
56KB

Download
memory/1296-1014-0x000001F96EED0000-0x000001F96EFC6000-memory.dmp

Filesize
984KB

Download
memory/1296-670-0x000001F96E4D0000-0x000001F96E5D2000-memory.dmp

Filesize
1.0MB

Download
memory/1296-1017-0x000001F96EE20000-0x000001F96EE66000-memory.dmp

Filesize
280KB

Download
memory/1296-644-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-1021-0x000001F96EDD0000-0x000001F96EDFC000-memory.dmp

Filesize
176KB

Download
memory/1296-1054-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-641-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-615-0x000001F96B500000-0x000001F96B62C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-987-0x000001F96C560000-0x000001F96C570000-memory.dmp

Filesize
64KB

Download
memory/1296-1053-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-1026-0x000001F96EE80000-0x000001F96EE88000-memory.dmp

Filesize
32KB

Download
memory/1296-1028-0x000001F96EEB0000-0x000001F96EECA000-memory.dmp

Filesize
104KB

Download
memory/1296-1048-0x0000020173A60000-0x0000020174206000-memory.dmp

Filesize
7.6MB

Download
memory/1296-584-0x000001F951350000-0x000001F95136C000-memory.dmp

Filesize
112KB

Download
memory/1296-1030-0x000001F96EFD0000-0x000001F96EFEA000-memory.dmp

Filesize
104KB

Download
memory/1296-567-0x000001F96B6D0000-0x000001F96B9CE000-memory.dmp

Filesize
3.0MB

Download
memory/1296-1032-0x000001F96F660000-0x000001F96F674000-memory.dmp

Filesize
80KB

Download
memory/1296-1035-0x000001F96F9A0000-0x000001F96F9B2000-memory.dmp

Filesize
72KB

Download
memory/1296-560-0x000001F950F90000-0x000001F950FD0000-memory.dmp

Filesize
256KB

Download
memory/1296-1038-0x000002016FB80000-0x000002016FBB2000-memory.dmp

Filesize
200KB

Download
memory/1296-1044-0x000001F96BBC0000-0x000001F96BBD0000-memory.dmp

Filesize
64KB

Download
memory/1296-1041-0x000002016FB40000-0x000002016FB56000-memory.dmp

Filesize
88KB

Download
memory/1296-1043-0x0000020170150000-0x00000201705FC000-memory.dmp

Filesize
4.7MB

Download
memory/1976-618-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1976-133-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1976-150-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4312-146-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/4312-168-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4312-169-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/4312-606-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4636-1015-0x000002125AC70000-0x000002125AC80000-memory.dmp

Filesize
64KB

Download
memory/4636-1050-0x000002125AC70000-0x000002125AC80000-memory.dmp

Filesize
64KB

Download
memory/4636-1051-0x000002125AC70000-0x000002125AC80000-memory.dmp

Filesize
64KB

Download
memory/4636-1052-0x000002125AC70000-0x000002125AC80000-memory.dmp

Filesize
64KB

Download
memory/4636-1018-0x000002125AC70000-0x000002125AC80000-memory.dmp

Filesize
64KB

Download
memory/4636-984-0x000002125AC70000-0x000002125AC80000-memory.dmp

Filesize
64KB

Download