Malware Analysis Report

2025-08-06 00:10

Sample ID 240222-1k1hbsfh37
Target Proforma fatura.msg
SHA256 307119554d57a79005b8b76c692ff226ca961b17f7f9ad0d43590556632d3745
Tags
agenttesla keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

307119554d57a79005b8b76c692ff226ca961b17f7f9ad0d43590556632d3745

Threat Level: Known bad

The file Proforma fatura.msg was found to be: Known bad.

Malicious Activity Summary

agenttesla keylogger spyware stealer trojan

AgentTesla

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy service COM API

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies Internet Explorer Phishing Filter

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 21:43

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-02-22 21:43

Reported

2024-02-22 21:48

Platform

win10v2004-20240221-en

Max time kernel

147s

Max time network

275s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 21:43

Reported

2024-02-22 21:51

Platform

win7-20240220-en

Max time kernel

282s

Max time network

393s

Command Line

"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\PerfStringBackup.TMP C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh007.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh00C.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh011.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc009.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc007.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh009.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc00A.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh00A.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc010.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc011.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\SysWOW64\PerfStringBackup.INI C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc00C.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh010.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\inf\Outlook\0009\outlperf.ini C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\inf\Outlook\outlperf.h C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\inf\Outlook\outlperf.h C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = a0db4d67d865da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C524661-D1CB-11EE-AAE3-46DB0C2B2B48} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000dc772971759fb508aba4d47ecb0dc13d5e612ba565ae2e2051e302c7d937ef8c000000000e80000000020000200000000c7e481ad77b233fbd4d0455de3488a62f010d7e926e58ae3af8b222baf40cba200000000c82cc043ca5b054bf1de765d7d8ed954b623539ab6e4e7608ad728397f127e840000000ac482b133e38a8162b874c11e0aedcc1da94e62de2ef9728d01c3f8ca477452f4d3a6ea52ec21faebb062962cfee90cbeb2c30678648c2c796862eefba82158e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000008ab5d9305acd2a16d3a17b060cd10e389b60ef7d666e803073509b44e69942e4000000000e80000000020000200000001573bc33beb5beb492c214dfbbd0d2fd5d027cfa623e060e221fc5c0d15abec290000000d6f118eb77e09e14018140e7b6f3629a1512d985fbcefbc541a8ff297f0b2456f2ab2ec2aba0fb22fafbc3f4e1a43aaf49a8652095037fc9cc25d0abb8620c0f127c1de7be65a9eb916b3b00e38f70c26cc0725ead1bd2b11b3372d086e2d90ad12f896eb40c1e9330e59f3ec1dd2224bfaea71a6850852c2f46cde10a828606a14aed369c7d0d7eae61f8fe9b037dd2400000009192184507f0679ff1ee81b88f33f451eec68116039307f40d56ca6aab65a39223e213f48ab39acee8c423d08133fc78ca97e47013932c3628008e096e883153 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ad1472d865da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms\AskUser = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414800160" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\ = "&Print" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1740 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1740 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1740 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1740 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1712 wrote to memory of 628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1696 wrote to memory of 612 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\NOTEPAD.EXE
PID 1696 wrote to memory of 612 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\NOTEPAD.EXE
PID 1696 wrote to memory of 612 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\NOTEPAD.EXE
PID 1712 wrote to memory of 2932 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2932 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2932 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2932 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2544 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2544 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2544 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2544 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 964 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.mediafire.com%2ffile%2fn3pynq1ahyj3sp5%2fProforma%2bfatura%2bpdf.tgz%2ffile&umid=FF77B1C9-11F2-F806-B0B2-939DC61042D6&auth=63cded8e322153b72c43efd522ce71164e75829b-43e5315b7c99def4ba82db1e7773f265cbe0e71c

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Proforma fatura pdf.tgz

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Proforma fatura pdf.tgz

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275477 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:1258517 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef41f9758,0x7fef41f9768,0x7fef41f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1744 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4192 --field-trial-handle=1228,i,10726309673505095773,14269929853413752203,131072 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Proforma fatura pdf.tgz"

C:\Users\Admin\AppData\Local\Temp\7zO4221D27C\NNvx4SRO575DPub.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4221D27C\NNvx4SRO575DPub.exe"

C:\Users\Admin\AppData\Local\Temp\7zO4221D27C\NNvx4SRO575DPub.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4221D27C\NNvx4SRO575DPub.exe"

C:\Users\Admin\AppData\Local\Temp\7zO4220B7AC\NNvx4SRO575DPub.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4220B7AC\NNvx4SRO575DPub.exe"

C:\Users\Admin\AppData\Local\Temp\7zO4220B7AC\NNvx4SRO575DPub.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4220B7AC\NNvx4SRO575DPub.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 config.messenger.msn.com udp
US 64.4.26.155:80 config.messenger.msn.com tcp
US 8.8.8.8:53 ddei5-0-ctp.trendmicro.com udp
US 34.214.238.40:443 ddei5-0-ctp.trendmicro.com tcp
US 34.214.238.40:443 ddei5-0-ctp.trendmicro.com tcp
US 34.214.238.40:443 ddei5-0-ctp.trendmicro.com tcp
US 34.214.238.40:443 ddei5-0-ctp.trendmicro.com tcp
US 34.214.238.40:443 ddei5-0-ctp.trendmicro.com tcp
US 34.214.238.40:443 ddei5-0-ctp.trendmicro.com tcp
US 34.214.238.40:443 ddei5-0-ctp.trendmicro.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 download2294.mediafire.com udp
US 199.91.155.35:443 download2294.mediafire.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 92.123.128.195:80 www.bing.com tcp
GB 92.123.128.195:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.195:443 th.bing.com tcp
GB 92.123.128.190:443 th.bing.com tcp
GB 92.123.128.190:443 th.bing.com tcp
GB 92.123.128.190:443 th.bing.com tcp
GB 92.123.128.195:443 th.bing.com tcp
US 8.8.8.8:53 www.virustotal.com udp
GB 92.123.128.195:80 th.bing.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.190:443 th.bing.com tcp
GB 92.123.128.190:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 a4.bing.com udp
GB 184.28.198.218:80 a4.bing.com tcp
GB 184.28.198.218:80 a4.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:80 th.bing.com tcp
GB 92.123.128.195:443 th.bing.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 92.123.128.190:443 th.bing.com tcp
GB 92.123.128.190:443 th.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.187.195:443 www.recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.185:443 th.bing.com tcp
GB 92.123.128.185:443 th.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.185:443 th.bing.com tcp
NL 40.126.32.68:443 login.microsoftonline.com tcp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 a4.bing.com udp
GB 184.28.198.218:80 a4.bing.com tcp
GB 184.28.198.218:80 a4.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:80 www.bing.com tcp
GB 92.123.128.154:443 www.bing.com tcp
GB 92.123.128.185:443 th.bing.com tcp
GB 92.123.128.185:443 th.bing.com tcp
US 8.8.8.8:53 tria.ge udp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
GB 92.123.128.154:443 www.bing.com tcp
GB 92.123.128.185:443 th.bing.com tcp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp

Files

memory/1740-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/1740-1-0x000000007375D000-0x0000000073768000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 f9c2492d07b6a0617de2475b160d01ca
SHA1 cb568236413784ed2c1da06e793014f00e92f489
SHA256 8169a5aaf2f57870d62e9a113dd5544089f1983c864122f29e2fdcc9d90fc798
SHA512 f13829bf876d4df7edd4fe425e2ea606bae61c93e8fd1d32721fa705df29d80c058880e6ef447a1b0d2c15c506ef2efb50af11e0023a980009701ca4b206a8e8

C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

MD5 48dd6cae43ce26b992c35799fcd76898
SHA1 8e600544df0250da7d634599ce6ee50da11c0355
SHA256 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
SHA512 c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

memory/1740-172-0x00000000696C1000-0x00000000696C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{C0D6F5F0-6F07-4801-AD1D-E03158EC1494}.html

MD5 adf3db405fe75820ba7ddc92dc3c54fb
SHA1 af664360e136fd5af829fd7f297eb493a2928d60
SHA256 4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476
SHA512 69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Outlook\Outlook.sharing.xml.obi

MD5 157da47081002c9eec2cbec1417bc96b
SHA1 47b35b7f02f5fa3f77910d58afaa79ebef8a3f88
SHA256 20e827292a985159909b8c62c33bd79eb191b3bd85b023d9ee7edeb1eb33db57
SHA512 9f7c1c917286b17951efee0cd4d6068572afa46dc10117417b3b7753ec130ee60b61c6539848fba9fd24482f6ea3f87fb0083c1da48ed87b71df14f6f39547c8

memory/1740-206-0x000000007375D000-0x0000000073768000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab7B09.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar7BE9.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdad00a4ce8d088555d4f5d13e80c6d1
SHA1 27bc8c67ff41a2e3b13521889ff1b999acdd42e3
SHA256 d77f093c3a02502751331b3a7928ba338f01e86b95f1abdbb0215b95bf5f286c
SHA512 7481f14228a4f283627cc905b5ed1f7d25a1e7093310216def72cc9bcf45b9c9081d5565dbaa6294e92f6bbb86152ed2a5677d3f92159b505e1859ab3a05129e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 441b83759bf26d293526f03e7d109e4a
SHA1 b4b63e8d1fe6ed6b92b10c320f917e2b527b43e4
SHA256 6ff3df4fabf9ce1d4a68d783bebd81d6b1c896fab2dd95a0afbf012621b8c0e3
SHA512 9f5cef108ef6712ffd78bb5e2dfde9e48c6d75697c9394325c492890424fe6eb5bac9685b65d33750415d08b55f1c2b054f696721334a0513c55770a574d499c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b12e005d741eec864827c11832e232c3
SHA1 509ce7f4448f96791272cc13326c681c0e07da84
SHA256 0a18be6f5e82201a8b15cfcdf8c76963df5f8f9920b81e37867ea902a93e3e03
SHA512 44c196b67898f6432b514d14b56b67e8e8f287045c9135dd7d36739984668b82506d4d49bc6ce1ac35e87e15fccd83580c97927c4ca0ed1b7c90bc78273280f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d090c1752b73e7ad80554303e31b15d2
SHA1 499cf8679f128d384153875f7d9f49119b27c933
SHA256 8c2826cee31dae651a417e063cc7426934cb124008e7fa0dbfbabbf51785b2a4
SHA512 51ccc6419e67620cff67d3f9703374669445c1daf81917cdd5a2e3e038887e7ce0c754ca0f0deb45966992cb55a2f864d68576bc787d233df7905e17804862ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 439220c4d03e80f737005d4dd3802ea0
SHA1 1fa8a59cbecacdbd46a41088fae6e108594ed08d
SHA256 d943b094cf5f5b2e999d843d3d6d41c62619fbd64103de2164caca4f482646a0
SHA512 ac037246501e88e765aa3062a357781e842d97ef792294947724775bd59888401a8f06c33ae598005766c8c614b238920facaf6a8b88fd916f086d2984f6be2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0cf2a2e900d9d3369b394f0f8e252cf
SHA1 92578bf0423a0af0e996670a72aaf372aee8b0a9
SHA256 7b2fb1dbe5b5473cd3f36b7381378074c2d378edc7c06aba7fc377ba7d830cf4
SHA512 782162825747f083ae080e1e4b203f806d4349006887da6874e17feacc062c6d8bb3da6cdab004ee2eb3f43351841386d14fdc963bc187691a2e9785f42b1684

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f50dead82a18befb1becf214d74f28c
SHA1 cb75e7414c3e77aefa4aabaf96b753e6f7bd6e7c
SHA256 90756b450de6bb697d17f46ef7deb3d0efdd2c239d0dcce081159b89bfc2bc70
SHA512 93427d3ea5abc4ab14abca09316dfc1616724fbe9b709633704b286b758613aa767da701640522038ab7df761d84c9fe88607c271edc3899d85d807d0583dab6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb91467329e522fc4672d5d86d6d6ac4
SHA1 88b8d758dbd40b72827879e91091af9973b24cbe
SHA256 afce39c2adb6c0d43589bed72558f22766d2d054f92c28e9635247b614f4cf15
SHA512 33e1564fbfea74256b108313eb85f5a807e5dc84aef179513d86f2d306a5b701fb77a5e6e2d1870c0c14b79944a824495a1f6475b9522a1a0384e5a5ee772f6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c202b59fd0c6fb7701f9a36a34654f97
SHA1 0f7bfd1fbed1ba0b6a20b20aef3cfa61c91abaaf
SHA256 c67c77f265f1232d1c761f49335494b93ccea23d756b921c2ff9809678e1e5c5
SHA512 76a82822ea492d50626f8afd99e8597b208ccfd385676f157a7696165ff2bb2c6ac0b3f9e6e248c1a0fb939e79f6a87eb9f1b41593ca6a8227f4da75ffa3d1c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b181080dd5188e7cf12b9b58c3a74e6
SHA1 2b29f2820fefa2d960439096bbab5cbd5e659fbf
SHA256 02494384318ee4d33a543909399b67fc41772ff3d77401bb6b9a7d13a2801ca6
SHA512 10dfe033048d67fd62b0698aa3ae50816f8f0138d149217c794e1790f7f84943d6d4200e6f6126add18401771444d21a531455b82e59d8395de3e1495d32408a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5da927e5bee8dc53f3819f39fff838b2
SHA1 768c2a728dde280228d292efd387a6ea886bd4d3
SHA256 78dc6dcb24ce4a5cf3f1079f4377df6def926acd10732c5c9ff2b63db4fdd76c
SHA512 080542cfa942ae457cd5445d222da25a1e2dea06bb0d3ddd08e781c37bc4dc8c0ec688328a536698adc03412724c57ffcfed0c58502abd86dd214de6e8161ab0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bfa1f1c33d637bad0c73ace5eb03ab8
SHA1 d42789dc4b39f371e133ef5b05ba9437070753dd
SHA256 fd486bb00926ba1570d590cd83d49cbe05f297782cc32cc2b271f12ae0712392
SHA512 501b2b406cfaa2f3a1bff1b36e1b3acb23f0b1825199ecc2041719e58d8fe2b18b3ba52cebf9b8bf31f372e5a27c43a844befc4063a655d2b4cc7c2263f78d4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc87acd73beb93b10b5eead6d0d01d9b
SHA1 e126f5442de675b48675e01d2effefff8415273b
SHA256 5dbad2bbd2800255acdcb4e1f2473d6e374928d6ad8edb829d7d9ab9b439565e
SHA512 a844c87f4f1ee1fa006f8b20650d2f5f8f2f0e1785a83967abf942505f51ad1951ec30e909738d48400243b0b9875775ffc4a74fefcb5eab4c155a89c4d6b217

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 958f75351d529254cf36b7156a0c292e
SHA1 dbd087cae109d13acda78d3c90f08e3015c80bed
SHA256 ad1855e7faee8f799e221a09f60f50068be04c95a750394ae3cf34521f94bb91
SHA512 309d6878980d509e7b583bf7dca44e8c506baae9f40185cf9c97d2efebb3c6326f76ea56cb60dc25d09174ac26d8fa358108a5548ffbc50d892a08f9f9cc850f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bf2c1cbc6f11d35e96d149bf4d0de43
SHA1 d9f7c64792a9c67ce706207cbedccd69b4a946a0
SHA256 4dd518377cd79fe70eecd9c21d6e70f6b9d04d20cad4f70d9035809a6c372476
SHA512 c4e77419293f3b91351cee1c355c1d1a6e8959462a75e2d9e0b110239c87545dbeb93095198194793d8203d4527f21225500b1fd88e94c5d0641386fb35d0e91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65a739b1cddff6dbf429560ec766bc0a
SHA1 2bb316ab87c35ebcce41a7743acf4a2ab6289b11
SHA256 fd149f5233df3ad539092e7e611729f8bff74bfb03c8179d57aa7e0efa907a0c
SHA512 bbe6e843fb054f17869df843a17210893469511727898012c80df6796188e722440db5243f2f8653d76a7c59ce1323787e68db08b076377f08258845d5b25b34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4cdc20efc8bcd5b203d951deb26f03d
SHA1 f601e7b5deec2b3a23247207dbae75e606788904
SHA256 9d628f6f1f74bcd07e1e15e82e4f5f71b8661b7fb2912256551c8e596fec7723
SHA512 a4aeced26abb85b92bae774693915f7d5055de13a8bcc3d6132f4c9b2b774f9b819d626a3a8c8f1513237e448b584905114f5f3bff5951a8336e7edc1302a732

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\Proforma fatura pdf[1].tgz

MD5 9183bc7aae722187d0965f348260711b
SHA1 6210e4ab866e595b9b30e60259587465d5b9a2e8
SHA256 ed0fe8c8e92dc38eb12cbf7736c52fe76f4fb26eb139976d516d4edf33ee2384
SHA512 d29a73bc162c04917c286bb8ff3ad4a2615f97091e83b28526774557e54a112205e87c042634a113e6ce5a885e49e79e1919e0f0d2a2b84265a7958f37b5a05f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WMJNBF6P.txt

MD5 79ab2ec68eb73a78406feea22031a2c7
SHA1 817aa6cab19d79bb208235c6af6433e6bd8e41e7
SHA256 f2c7d48b4086992ba6dc2ece17d4bb3892f786d75472b809b49be416b034c4ab
SHA512 dd4c76f5b7ab83e61d3d8b745a96cbf27363acf1424381936f1e6259b037dbf6d75cc595d45d4dfbdd436c3eece2fe85771d4d9ae5d7097962e016fd7532624b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\qsml[1].xml

MD5 e369bd00ce14f260ae14ed89ab24b64d
SHA1 33d4e20867e9af05ec9b19effcff07927aa6848b
SHA256 376a47fb15ff535b657961ed9b0f19d1ca7f9ae0cb3c1a5d6dd53b697d3f4fb8
SHA512 4a1d7dfdf2e2d69d746d51e3fa09c3160fc3e5c7e82e4962ffb872129de34237c524b65aeb13350c97695f52666f9df8ab0a2253fd0ff132497b72e90ef55dc3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\qsml[2].xml

MD5 0c8b9009e35f29f683c67f0cc0311855
SHA1 735ae4a3276be4f2a1fce76eb31f9595836981ed
SHA256 bae3ec5c837cbd05aebffe1ebc43e44f6712b3e34a4eb86b0e58536fb68f9cd4
SHA512 3533dbad369747a8574df5005f2b372d53324914ece674033457af8c094444eaa8d3ce7aa5ce93594aa8f2e708f717e59e4c3fafe40e6f3b34d07698a1352f84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fd9b9afeed1e89ee7a6d7f6079d1343
SHA1 624e27301158cebfd921d307e561edf6ed74c35b
SHA256 3c84e0aa809ded73222ddaccf92c9fc08ff0ba8e83b430ec2bbf627a2f6e015b
SHA512 eec0a7431ec9f86fbeba4d576946d5434ae31c0eda32f5e4322b58810d40044dd19aef0b7f3157279d92196197c2c763dc99e202dffe6a76d47ed9be3ef7a28b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00aa488e4f802d6b56f1308a7940e7c5
SHA1 2dce92f4abc6dc6acbefcca42eb632e64a13db0b
SHA256 c63f6de5f30ea2e8590e66b421faad59861d1cdc1e1481eab97c8f1827493fd4
SHA512 37940b919d4a26879eaab337e99fbae50a8fd18ec3a5c013519fa169e06035096f7f32c172d631385821f15ebfdba7d96a13428a13942978547d2f97e7421991

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c83f75030b639502d50373089a19a9ee
SHA1 73c6f04878e8657260c4545fccaf8ffa7f331834
SHA256 aec31c490ec56c37d3073650e2048e4b882db897114430e21a5b287ed6f9ca90
SHA512 108fc168140a9e6b5ea3cf86a681b43710c0e7ae0ea53e91adb57e080867e0556f5398e26c79374f577ab9db82d5732206f7d1408c9bd9da21a3fd457c3ab861

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02364290edddc3210f51a7f70845a078
SHA1 000b7013c17e765f2821e557fc48011c668c8392
SHA256 fe79552ebbe1ec3fd580546ac1fa02b5f787d8e2d0934dd530f4460f28dcda09
SHA512 d0f79097c3f96dd1b7a13d159e8a9b9c667966f4993225faeb0b9d6323be7448e140e642be0221fdd2403e140eed57032d9c9fb2a9788ead25f37250937def70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a187f0b8ed1786179e8694856b281d9
SHA1 d900f5bff1dfb7492f22c4a50e1fd6ccf7f077f6
SHA256 6981e42e87062e6201973249cd6272fb6faaa633fb2de746199a7c02e71fbbe7
SHA512 3fd9d401de578869d9cd609f485d5dd97e53063ee15295421053df8999aa8aa55967334dca2e44c96371541cfa31d9a91803a36acb08c0797eda5e2bc2eed0f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 114d75e8aaf9e898817dcb73cdcae60b
SHA1 b2f64802a70902cb229f693987961d20adc3f104
SHA256 bcc05e290dd8aa544ca3d7f16c9cf9a49376e1c822a72d37cb2895dfcef7fdd4
SHA512 60df667ad78674f7f8a501f204fc8c1ed01ccbc598b339caa77dbaa403615ecbbb2d3228a013310267fe2128a761b5d6bd8ad0880bcc60d695936692ccba78f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0f9ba0f3c468c1af7073e2d55f8f626
SHA1 ed895dcce9536c07f09e608a1fb4721b20c875d4
SHA256 1de733e07e522afe5bccbb05ea567e9fb1834a76d866c928841c6b0ff76de1ec
SHA512 3e04172bbac7c037945c530ef2820d8d1e90740c760f01fd8c29a3cec62dc3496e635e0993fdf01c3da9a7b97859cd05aaedf322533c6b65b0e16901c38fda8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 b41239d599662c8740d76667fc4f5b6d
SHA1 445ceceb6d69601f5ca7d550bbe1401506f72039
SHA256 621b6f29de1b061be3607864ff5d5934d1f82922416cff97d9ce43bb69be4644
SHA512 07cba8ab76f5c4e5a4d18c0b472223214b024a58ee683c76d3f89e85c5afd8a9b8e2c9b13f62102d56df369e97df2d217bd3c5ef38b9f86d3e110c7ab36a1711

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 720263df79ced5e9096e85d0841de5f5
SHA1 4db4907ee7b1b80153dc852be47ccc141ceedbf5
SHA256 debb5c7d20d8ee7f8275ef07e9eb15e9ead2d1573d6ac26c8b9e7bd40acf8b78
SHA512 573d5ae5abe75cdcefeb15fbe1e85c17c01f5088fbe2c724e3b16aaba284bb50bfaa9caa7546e5aec9249f4d61d03e456aa2f3610a8647ac8001236eb795f68d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4abe8e4266c06033f789784fcac680c
SHA1 51e8bf77bf7e0ab180a163f8ae57686f62d17b36
SHA256 661efcafc35341cdf1824b6b9d941e3420ccb77e2aa0869234d630afe390bf29
SHA512 aa440cad5927967a11a6edfd16c96c1c32d729853a4d182de932b0cc97481431c777e9325f259df64ace26d7cc9c8fb54577eaa04f637cb33d2ec4377dcc6899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d79516088b3737497715e2dfd01aed8
SHA1 f2054fe113c3d38685ed3e2676115f32a5875a60
SHA256 5fc7a0bce3825de5d2ee2649c725e788902c3c803eed3597f1274269e018b91e
SHA512 81540cfa3c2db96b3ae73d6321d473bb4fe68adaebac53f8a92886caf3d2563c7e448ffc57a44068fb4ba159515112513ae656b38f2bd7c2af764e9f4b8a651c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40fcbb3aa35bded9beed8fc18b608287
SHA1 ab32cd502d86ca4ca538f696f9f02f5c33aafd21
SHA256 d5d4c3af1e0ab6bc5b8527604a8a0b80a5c62e24f3413cbed3f14e737db7c4af
SHA512 cde70f21bd6f2b314ef2f31c710a614c405881e42dbc625c6dee98131e276993eb68695848849aaef26efda41d5f7f94150921aa5295c141cfe1c5bff7e498d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd08549f4aa653581a6ccbb14dd2f266
SHA1 53541e7d186f7c51e97ae100cd6345f2916d849a
SHA256 387f98865f8323e5ac063dc0885eaf9e0cc2eefb3e4becec23f1e36251062526
SHA512 4a8ddaafadac34a18fc07d2441e750ac3504166e529958683719e2fd4916b8488792c10d06de24af393bc7a4fc194ac72105a7dd57e8a512af650b68143da6e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c9d6952887635a1e333a0b6b27f1051
SHA1 be5b1354a94d36d296fb082f2159b47663465038
SHA256 83389cfad407aeb3b76ace8a17c23e34bf8e2887ce76797f7703ce2fd13fd497
SHA512 0e0f3c67c83da3f2fbdf61b4c82164c640278ebdf6a29ebe88cfafbddf1b516029ce62f0c880da3554a0a4934f4d9579e3d4e187e7db34759d0c54b77502beea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36deb789f23437797c93933bc1b28bb3
SHA1 71d4d0c542b0e303f1e05ec6235eb2ac2a8728d2
SHA256 3ad4f90f6e4dec52f36c7df868b227e96d6de7374a4b1f63bbcedfa232eccc0e
SHA512 452144564ebcde1cdea9a207306438515003ff999d3d9a9447ae294ceac8fbc477cbcb64ae08bae451c01fd29ba9a803858512a1798d49092ed415aed8f8ee3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09920f52ecbcb3ff869a871e79f7c09b
SHA1 96b6f1d5413ace390864d1d7fa7ccbc7ba61ab18
SHA256 fd50d6ad5d4549dbca21cf6a05cb01798f620a59caf7377f06248259e6cc4e21
SHA512 fb9e413f06308eccca09c564fbf827d293051374a682e9b67d53df3a03504e10bb28ae599734ba2e61f3e34dcccd31fc330ffe139c7f29eecea2ca4a6991f78f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a91a95a8b6bbe8cfc5a3bbdac2c36a65
SHA1 563ba6ed6a4d18455fa6ba5936b4ccfa641f842f
SHA256 9fbe5b9c91d1a0cc623bcd4482a0f85ac16d79f6d07bdd11ab713b6a82c258ef
SHA512 30360951fcaf3dac4c66da9f493a3e64149b66e197d05900644df4c5c30e76437b4542ce7d83a06d9c48b9b128e38bc2d408157f9399b9c2178f5c6f80b0b660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23052389a5425a995b00ce01d69fb2d6
SHA1 f65e1f4821b11f08f246b5db57c7fb562a5a44a1
SHA256 c1dcf3a82b767b6461c1f659e9107254a74d51a406cfccfd8cb2d44eabd983fc
SHA512 9c702500a7ec72150961d8537e551591125ff6a0959f1c40a45b92a4dce361cb1f7caf9fe14981a2fcc065efa2309cbbad47e953225194e2f9de2ba6fa5bc034

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d70cad85e8ccc458875f0d552d22f64
SHA1 ddd6c91862b828f7677dd4cc60e79d96ec37abbe
SHA256 bb90ee589008df139fbf535ce476c7bbda35fb9827729185dc6cb3277729b9f3
SHA512 11f4a8259f7539580dd380b523bb481956efd617b1457f66c69bb573c6b5d96674e7504ca41d1d1ffa5b8bd23884ec8bb89bcae9f98df6774f09cb6b9967d043

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59ea6a36a5d40e1c2645bff4e61d68d3
SHA1 f9c2af895fe9b40765eaf2129c6767321f66270f
SHA256 f25cc69267ed36b2312b032bd7d69666254579d9f20639c509eb9ac572b14ad7
SHA512 ddf9d50fe074ec1c5173a101e07222ba40d8e74baf0c3b1038a63742d902bf5a7c23c2508cda9b6ed18dd5da7162d1dbc6984c5ea286057b94bd053a75891150

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FOR112MD.txt

MD5 bec5021e629eb263b331cd8fbf3e01a6
SHA1 83d86f220b4e96c46bb376d25159261ab69ea9b5
SHA256 44e144c35a7386110d39b3290bebf5650cde12ffe861d71d329d9903ac26a2e4
SHA512 4212aaa25de08106c252015cae3d7ac69cdc3a49a3a335df3fe6ff9d9f881acc1bd1cf7d576e9047cb50b4b89dc26e9610ddce02c863eb45ec5e9abe8ca05d8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 874c79a81912ca3200396ec55ce8ec6d
SHA1 9498238187fc5f75491272bfc9357e02f8c07a2b
SHA256 f6a39036d0f81e0f90f983774612769d94c9f655f09c0e4762d0269890eddc30
SHA512 3761367345b8029f745bf669b2ed7a4b6caf58be7c14eab00d7a6fbfb218b022b8e03fee582da74ee1d8f0ff7bbb19abe15c125a183cb97f7cbcb1de56ca9ef2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 983a15232a06399bc992db844e2ed088
SHA1 8e6e4d2d8a6f299024c029c399c6946917e6896d
SHA256 92ebfaa2f105183910f07170b8cf43587ef71693ddd2b85792ff0bb1224119b2
SHA512 d8bcad7204fe2c88b4f1314b451aed587e2d7842ec3cd6847bc6237728268c9bc23472e5411726a10b1214d5bea843f56667f177d99df66e0025e87cc325aaca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1efa2107153b79c78c1b62aa33724dfc
SHA1 36e2237aefd24019003a0593cccbcc8bee41171e
SHA256 39355755cd4550fdf6a954fae3a182202d5d0823adfe1c28eb187ac640ac39cd
SHA512 c0c73c7946dc1360a40821f1809057de43f831cb61142f5ba9db54f12ba78b9c6b7f20954322da6b966b360d2f125697003d5553b3e6414c56560eec6c1b0c9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99781831eaaceb6c074a7a26f853815b
SHA1 60ec6ff4337e9d60daa3d02ce3aadb0ad01a628a
SHA256 3a8f4b98a63b4a6a1b0bda9da8a27374c43772fd9f626a27dce9a9220e518c1a
SHA512 fdd11e49757aa5707718941ceef6a0e5a98e857641e458c17a9c428fe119b1d0e71cbb80e30e23e8ac5c8b946f607fe3f396d0fa672154b0c78f5b95e9442a02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c7a1b051519244d824de64e10418f34
SHA1 ebfc70fec01f0a9638b155c45d473307b916a5ae
SHA256 9b5b209a983e92b4195e946d24f0a83791d0c08715b55ab5fe9829e34dea284f
SHA512 7043c94014b4f53c8f268ae4d6ce03aca38b38311883125bab4c64b889441ded4e759d9ee47b59819812697692ee720c0f3be0c966e0bf60b3d4c5bd85cd1efb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bb535aa5c03161f0a0864cf48c9dde8
SHA1 48531ff01fd5aeea23e6d81d9c3e7c674c475430
SHA256 fcb5b7a22336cbda57b975b6bc04e6b348b282c57e223e99c7730afea66510f1
SHA512 c781a822263f5bf7e41611d53e70262ad22815140aa178602202bc5885c51c95f8abddaac1eb1a7e26a5ed41767790459f1acfdd50382cdb9cd30d2e28b1fd98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08d531824a3b6d3723063356961eec50
SHA1 72db72d151d107f01df40f3a3afa2e62fc22e61f
SHA256 62cada43487513f920ecc59b28cf8d9fc13cc6483dc1d50ff77b06a648839335
SHA512 f7821c3a2a566e93e29faf2dbb830d8c0d5e45b80e0f1936eb8ef764d280cc3e0caa286c87d269ebfeec7c271af9727a913ecf5f54721fe2bced345bae8be40e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2799b5e3ae47b7be65a7663adfa90127
SHA1 2c6d156d9a0a95fb9f6c4ba6463eb765b6a2813a
SHA256 5356f2fd4590ce7496c89db1af5d8f6f91b268fddb8a74b1568bb556bb5ddb37
SHA512 93fab201e159ffdcd23d165696bc063ed5393c0bd782d4de4ec8fccd492ad4edd95aad6e174b399ebd1ae1bbbebfe2c188788c13b95698d5ef51fa5300bacebf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84930507d66d190c2e551b68f89ca244
SHA1 cf0d89045d9542d873fa8131b07c0a4d7d7f41dc
SHA256 6352f71d18f432f38f5093e31bab73b00cd661511824c1abc2be9c70d2c48dbd
SHA512 6fb433a672cc9f722a99ebbe491a10bc00b270a1d33b5cf6695fc67943ffdbf1a11e81ff03eb4cf59af81ae59b22aa324e217f991e8a279f57710114e935146f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f888cea8c7acdd7e274d6ee607c95748
SHA1 b7f14ce79103fec8ca5fdafa866f19d6e6f5dcd2
SHA256 83a1a4c904fec29d751fa38aa694bf5eae9fca266e5c4979b646fc2af0f748a6
SHA512 8faeb7cc7d787c8b0a26b12e87f6c973e93d1eb119129e0c9a44b2f03018e719b6b56676592402c73dc8c6da88a026ccdfa430f7a35185689adb56839e447616

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 368d005e5f403993275452c8ead711ea
SHA1 63af5ba0c9202cd095de86f40482579a6122ae62
SHA256 f94910499c92d7f2f3a4e95a136f24433a5cac0499aed1c90b8201cbe3309431
SHA512 6e1d768d0fa4a02095e1227187247a44d8da374743a6695b921351d699cc3fa152ee0c5af23d8a97e64b46bbb705742396c638b414e8290c14eda4bf6d2075af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 654fb92032e57f5e35080152ac9b3df5
SHA1 b39abd5a74a724d8693c2bd190db0f64c66fa48d
SHA256 5c70c0606a6b99de29a24827240a3d95503b6000c590f4441b22312498352053
SHA512 a60f9a492d4dfe419a35ac54c5e50423ce11183a333eb1e19350e7b7c0e7ed12ffbd0eb41eee765ad963693835b7981bb71778cb3baaa6e92a37d6f27a86224f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d579f6c98d85b877fbc281f7a413b94
SHA1 754df0f423c679e4b99dcb8943743a8d4b7bc926
SHA256 b50fcdff29f8921442addd468f8c494d4dd83affec10f7c5e224c75d1c2f2c29
SHA512 7db23a016fddf176b9e909523fe9d935be3e07f01b200872a1cfada00e5e04c09ae10152db582348c8671af19b51ca948bc9daab533a300ce8a9681880bd8ef5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cc8e1d00882535a40f20be89d3c70b6
SHA1 e14f63a1841c5d0325ee1dc58568aa4a580a7d0c
SHA256 821b0659e9f457515a3d618adebc265c824dfec73b3b54a55c53c49efe14adda
SHA512 d3c12580f8137a7afa7dda9a7a0650c65af5c112c343207c3a805ca0621a50b3ae5d6f2859e366c58f83de91faaf16f5747dde7ea8390b438f3161983522717b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7003bbde0426de69ad99853db3dd1e7
SHA1 4319100d4a2fc8490ecdc09e8d67d079c6420bdb
SHA256 a2d96313c8867ff7cb3a547310dea3b09a3d7518dd5500699679a47a19c46e9c
SHA512 000302752448d34ce3d1b8165cbeb9b24f3af52d184e9ddbd7dbc293c4ace936b4b24a0348bdc908232f92297e1e84583bc2424384a4cef81e954d7584c129bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 458469ec0f76dd1f697c95b1270ca465
SHA1 42088bb60d4d558c434a2b2ea455de290ee9d505
SHA256 363d7b6d9fe206e7d96bc9159141e8f7b8b6b30026b09a7d27faba1a93134615
SHA512 48a6abb9226662085a1210425ef6faf0d42824a29b3769af978fd6fb24cd4675b502cdef9dcef94612a284d9334b9e6033b977c377bdbd72c3063093d803be1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e3e7dba30f2ad062b4b41c59c9baf76
SHA1 ce455ae41a51f42ba0e74fd485339b1fe15a5c3e
SHA256 e5af260a574b6f5235cdae5d2ec1047224082bb4d6b525ab021a503c70b4828d
SHA512 c2768329b4bdde42efa2482596ad8007b9dd77b0eb35368dba13ac20c54453ef0425331e18682765fd72ac9b33feb383809a9792d6c568a3da4b922b40b247d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c34b6130cc251cbbac83eca87b86eea
SHA1 90250a41c36ecce2b6fe189cff8028d1e29f3ec1
SHA256 fb43b5afe2447f9cbb79295c7e6c12e869a71890f030133e38855e15fed1a120
SHA512 72a3474577afe2c5528947e9fa34e9c326a6621e89f84c024c2c96bf76e563474064631450c414ac34f67e7319ab0bb2aad6471bf98057fbdcc3c0b63f61d122

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0f6f7f702ec61965a4fc38a34474a3f
SHA1 bbe5ed9751570fc1cf2752ea0547f92642437dec
SHA256 7041d78ab6c3e5a256b6c4c7abc91e491a947e72ebed60e75b61b816c1843081
SHA512 3e06c1998395c0a9593f5a29c8580586e77a6e525c2001c65deef8eda148b037549bc4336a953744cb31701c8433d2add8f0b8df01bf110d004469f6e3660207

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84903cafe56f1c41ca2afe2a8dd3f558
SHA1 d195e651976958e162cc2e00cb2500d8cea2b5ec
SHA256 db52c515ddf533ebad3cd71ad3fd7c25f907655c5f5e9cbba6ce8411a534b43e
SHA512 2ba4f952f6591685a94828f1716e73d63dc081dd044b65ae5e5e212aaf90208d17049a4f33c620b1f16dbb349866c4fdb0eefccb12fd13bcc9484c285a1e7d60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2d5849be278ec12c81afc832a72d427
SHA1 e7181821abfc635a4fa3b1ee8f7db81294377b56
SHA256 24a91c489085a76602525d1c19e4e091cad8cbebcd30e90454a8711671141df8
SHA512 98d9cdf7d5d249c83dc00b6ea0de64f63ae8cdd57cbb6ea61201d109488c5f1ff458a862004958e9672952bbc71e53848c0683fb6878c9d11242f4ac368f40e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 075682f039d72860032e82e5c412bc17
SHA1 15b18ba6a42c5740ef6c9ca3801ea58cce848141
SHA256 47d188718374a51768ad0397b5064ae7c6582bfd7b4f1022a84694da8535b707
SHA512 19c8f582e9992c191033cd3aeca2978b7b7e144df212677ae2b98086ad5a17d4ead7fb3f8032207d18d86a1855525e4d595118452287f75725d4225272c2eef8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95f70679132ff45300986c0dbdd86579
SHA1 a3996dad8fcdff2da47e35c38e4ca46728ec0875
SHA256 6e56ab9a755b7031a22db15ce1970ac82ff5bc84843ec8f13d08a3ffab4a26f3
SHA512 87258848a9a34eae35eb2bd7a77e4575089a37c2bed127b8c3200bb331315fccdfec9d8953997bcf84991b540aba98567bab2968e658f3b1e5bcd7a99b8c3958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 418374182dee6e7aac131799cad9a513
SHA1 68c7feefaebe311589cf9da73b48a7c9c433c439
SHA256 d2424e0231365f0270af3b1ce818ebe70565c5bc45faa8a938f3ecbce64cf67b
SHA512 1097ede2bd7b141354202a9b107ab7c309c273674fed1899c284b20b721e98cfe9adb21bace534272dd60b5ad0ab46dc98fa0053f3dc44b2bcbc4823b30bfac9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63a255158af91346322d7b48592df963
SHA1 23559ab8d6701ddd56303f6afc3a90001b0adbda
SHA256 3e3325916c77f0d803b89a56598078969d9b8bab9bb25f5b78089063f4698bfe
SHA512 20d18f8106c0773b63c6c130ec6b1d0d161315844041e83d98b4003118c3ca4a337a274c0e7d5a1e29f53c7aab6dc69d9bb6035609a56ce9b9da4b1cea01bb7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e493e5b557fad72c8c1f0818215b31f2
SHA1 6111f17a51b3a1b18dab3e4f6f87848e4ccfeae3
SHA256 c0a561a4e12a009e944da89351b8a50a3e5a7560bf70895a3b4c7443092aafb7
SHA512 f666bec01a47e5b48b1ee088e98d32cb86936d3d67a93407555df4c83889628bc2ec93b4857545df4c0426c2fa39c03e2963cbdc70f19d76ea83a1036d641acc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5204d3563e69d76d9bc46bc20d8573f0
SHA1 66b0c201445eeef4f8613d7ff7f4447ca9894f2b
SHA256 30cfbad96d6b43b737f0d193a756b619ccbfd6095af3045b168aebc7e5e2c401
SHA512 3a52c3651f8b8fd4c478a7c2be33c6e7c98645a4f4717a2e7c03cfbbf1007783d6262bc67e57fa42793502e4ef9765a18cf0c58393925f5c157292092b84a4f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47355dcf37d633b2cf75f4fdcd3a2c73
SHA1 778783754855c37f7b38e6c41fc51cdc3f5fd019
SHA256 e340c521c2ea151521d23a49e56e9d10607bdfee3021f5b056d257ec535849f0
SHA512 8eadd74a39f4c2c1505cab10a5e03e7f2935c19290cfc0658c0c59d8869788268b1801ec5588f218e220673e8a17a7220a86745a1ed734ce22f2d65ddb186d9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 014977749d8f62e68e2780fdd460a260
SHA1 8d67e3765d1deff919559d77b8b39f6c82ad8abb
SHA256 112421b6048f99dc550ec622abe813bb4dc3551694b9eec5413a0dafb78f892e
SHA512 554289f66bd88e81748cfd3762a98c813df5d99c63828e745c85542aed4342acc596e609623ac8f171a2ede22d4b532507449e480e3d2b36d89e4a39e79a005d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b395a5658128c5ff7bc392e7df545cb
SHA1 cea5118d820ec20ad8a3a73d0ddbdecdf1e5ed05
SHA256 05348e5cf90f38eed9ec345af639ff692151416a22c38d14c1f0380e36c3a05c
SHA512 798be30f7787484e649d80079ce3b4bc7cdf4c89712893339e059c300bbf335959843f90f7237ffc2286b47ef397878d889f52212866539699ba472f12b4b61d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bd1ed06a7d43ecdcff28bdac3c563e0
SHA1 cce2d4b415844c5df0dbb61ef231c6c4b41c7c53
SHA256 29f91e320e5b18e1622593709e6463da4138f26be27eb3df10a7b2424c733eb0
SHA512 29a199bf7dc03e1a6072e9161b018da2f20897a9f348b55b6a671469f116d77ce356bd2d3ce9167f9c35dc790bc31e66b9556c367ac0c654c1c12d5283dd4358

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ec5bde9f05efa729ec247234d4be9a9
SHA1 b956432bca3beed708010ad24ee67ddc9b7a74e1
SHA256 978ca9652d6c51c8e3b68c287fbf077edb49d429b930be07e3922d0cf2c56d93
SHA512 887d4686df20522206b885c50075a8a758193894dee87929e0f9eb8af45b3125d39da8bb1a3cc5e34422ce531e4ec65a8eba92ab4298eb3f9dfdb4fe26d7a152

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce38ab5f130b39103a48184251c700b0
SHA1 4438bc89ce9cfa29a3190454b240b151bec593ec
SHA256 4071f730d103d4a52ed552add9efeae03bf92ffdefb42ec1a132f786f46cddce
SHA512 1ea00493bcacb3537e4355618dabaf1e702f42b12d1a775b7af3c17f66120ad14089ea323912e39ebc2caea66019f038ed32ec9f6c60e0f5c8b46b86acdf92db

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon[1].svg

MD5 245b6f249b722cdeb1d29455e7781fa4
SHA1 6364f43aa6225e642c1b7001cd436f2aa50c92d9
SHA256 f0d88cf32c5ee0030df2abb579468878f3fb8472e18ad74dfd1e5bf99d54351d
SHA512 13b2f5b48c151220835c136d838ca2f3256692d93c609d75415b58ff98a60e29b890f5bc142d1febaee599ddf3dbc9298f6ceabd596b8e844d2f5ddff4566b72

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\favicon[1].ico

MD5 0e4715af1205ce06ff57ce9d076d32d6
SHA1 a755af5816f39d6a3a95ef84a05ba6e8bed1e525
SHA256 39a6ce45d727a3267760a5c9d9af63cd4c9ebae4b64f6cff47ecb5a6b3dd0b2e
SHA512 2ec2933f0603e2d4a22650609231d1fd5d71b4cf81ee38300b3c8b875c813a479b5f17634183d66f5af8705dbba3d5964ff4cc55973b54b75c333f654bfa0c68

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 e1eac61462f2a87083f69b66ebf3dff2
SHA1 89f5659798e3f9edc38f4b09251fe7b5eaa30b34
SHA256 200b427d36a731f6f0b2e4bd285af71cd50f84c43ad7b6b611a04c8e74112561
SHA512 2176d3650adb5a0a5d500c66258656e53ca30b1ccd182d4469d90a959e298d05e7af61ba99e61e55a2b72f119262bca1168318f3cbd3d1fe4da74cec67952e5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 166927589e6f652d1cc45543e1d6048a
SHA1 d66d526820e5c96e22fdf45fefa41549d00fc9cb
SHA256 99bfcff89b42fafbe9bb60d40b6ac055400dd892e8f324922935fbb98bb631d0
SHA512 ae36bb7fa3701b42f7e422e16da41a9becb1c74f16476519e66f460288c8a3b623f196fd8c1b36ed3aecb85fafb01c7f6debacf5b71d4be735847233a6bc3da5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LUTLKITO.txt

MD5 daa7f93ecb1c3a669bf56f434378b7e9
SHA1 51c13640ac89d032f2a97d755db5d1fbe9eb2af4
SHA256 cc537786141220fcb35539d8a1c53f1d6fcfc39d8f8ebac39abf315888704e20
SHA512 d0a3f774bec0dc2046cf34c20cc5a9e77127d9a95fa33918b4aa392153826f1f1ed547b50a7880b0fbea8886497fbf0dee89bc9a8c4563149189ebe7a4b92f24

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\qsml[3].xml

MD5 5f34de5d1a5ed13e44d22e9fa3003795
SHA1 06f6c1e41905e5c99a00769282b175138d3b5b94
SHA256 5e1fc40bb9b460e8be136a4beac2f980b38a98fad376872c6b55cc85185a812f
SHA512 55659347fc6686b46c682f778855b72543c75a601fedb2143f2b57d3269ceb727a218a11fba88647155954264b5a71dcec7d932059a579e99284a1afe3742149

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\qsml[4].xml

MD5 9baa5f425b1cd51327894994d7906287
SHA1 c357adea7183265e9b7f0bb0913b0600875c311b
SHA256 b3ca3d81f597ce3c9e932acc3283cca46ea952ed899c7b191079777595330948
SHA512 25c54c1ac8e3453fb39e4b467f266941e4f694d9c03a005fc8e6566b65d945693333687c9173f48bfa3c4b78be1460b7d22bd1f868212cfbda314680ad263b8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\qsml[5].xml

MD5 93997b78da0d6266c46fc2cb452ab461
SHA1 222421684d4255520fa55aede43fb9b8c529f80d
SHA256 7c05c4dc2354c249e71af85cff96d060e434f573ee115cd3126d18d1982a9457
SHA512 1e3a4bba406f4c9356f8f8cdca60f066adcc40f5ec9cddab28252cb1698509a8b5e10fea6f262d3a37de2bcfd9f02dfaffdc8231846236342f14d1dc72b36509

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\qsml[6].xml

MD5 7c828109cb3a0a31b8dc87e9944a78b8
SHA1 61b2d77ab451877490306038de9572c9f11cc7bb
SHA256 980a21414b2c77294aa8fcff06440a1f97582e3da7f1e4bf3e63dd93560512c0
SHA512 652937119d78942f862fd3c5aa5de42e29b42c2021f07f4a837e2ad4d1910e8423c0dfc3655661f236e0016dff81936926d12621117d47d85053da0011383b11

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\I7IPF1RT.txt

MD5 92014ffeb2b17af1a8d22f3285aada22
SHA1 8ad24a0175edda6c70151585b34e4bb6c09d618b
SHA256 3848c7349780ef54c896df70d31c560d577fb11d7167101f28453e6da90bad76
SHA512 31d96433d2835af7b039aac9bac47a5604b233bccf31f2a18ebf6be8c478552be72e4c66c6bba17b9b786fded17b76a8657a356d3462cf7da58f30730d57c05e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\Qk540QN8GIaMmT8oEUEVF6N8IF8[1].png

MD5 2b72000bd97abd9a99e022bb9d2819d8
SHA1 424e78d1037c18868c993f2811411517a37c205f
SHA256 243caf63cd77b264004cc0c27ce4f75fdfa762eed9dd2560b7a771fae873f2d1
SHA512 661e518c023a1b67d71de24b9fc58ae6789b177000421b1466a30a20612bbb9332892853ab05e18224690e27d62866876a5fa949220112cbfc32e72361f215a8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\b5XvfNix8_OHs4DhTF-ooplQTMs.gz[1].js

MD5 b3ca28114670633e5b171b5360bb1696
SHA1 683f2fb3d4b386753c1f1a96ede3ca08547f0e02
SHA256 a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490
SHA512 bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\WJ5Zr3KXGmLOfRuanmzz65HPIU8.gz[1].js

MD5 09964116a876dacdb4e4a92a44a1a2c6
SHA1 f411874372672002dccca49013012e92fafddb7b
SHA256 521063381dda828e51930bec523a2d9f442aed51ddf3292446acac94daae65d0
SHA512 c89e7aa94c1d8ad33c7ae62e6f3ea0e0cdf8bacf228b33e03b731e74d7f8e04a960d7e44bd430c26bbf6740a3ac5cb1feb622ad2059cac76d492e22d21f78a8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\DQQTu0f9ldw9QQHZ9i-TAYjSeD0.gz[1].js

MD5 30280c218d3caaf6b04ec8c6f906e190
SHA1 653d368efdd498caf65677e1d54f03dd18b026b5
SHA256 d313c6fff97701cc24db9d84c8b0643ca7a82a01c0868517e6e543779985c46e
SHA512 1f329898fa0e68f65095b813ca20351acfeaa5f74db886508fd4f1fa85811a8cc683c6fab9d9f094f596c8957219f8e29a6307ea0b2d470bdc809a4b9c9d34dc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\9hmJA6-cnVArHFzYmc0jTDznMxg.gz[1].js

MD5 dadded83a18ffea03ed011c369ec5168
SHA1 adfc22bc3051c17e7ad566ae83c87b9c02355333
SHA256 526101adc839075396f6ddec830ebe53a065cddbb143135a9bca0c586249ff72
SHA512 bd1e5bad9f6fb9363add3f48fe2b3e6e88c2f070cfe9f8219dc3ae8e6712b7fe04a81c894e5ca10fb2fc9c6622754110b688bc00d82a9bb7dc60f42bd9f5f0b6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\BmRJAuTc8UgOeXgJh_NIObAa5HE.gz[1].js

MD5 55ec2297c0cf262c5fa9332f97c1b77a
SHA1 92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23
SHA256 342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467
SHA512 d070b9c415298a0f25234d1d7eafb8bae0d709590d3c806fceaec6631fda37dffca40f785c86c4655aa075522e804b79a7843c647f1e98d97cce599336dd9d59

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\byLmVJQA1UzOFcrs9Jrvys4jXhM.gz[1].js

MD5 2ef3074238b080b648e9a10429d67405
SHA1 15d57873ff98195c57e34fc778accc41c21172e7
SHA256 e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da
SHA512 c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\cLbtDmV8Wuu85z4ohozDWHwPrkQ.gz[1].js

MD5 3ecddb057770ebff27d7f0abb202f54f
SHA1 ca37399b5fb004a544f49bdc9c8bab352e69a126
SHA256 d22f690af5cdfde25765aceeaa4b66b565435117a02cde1d8601c53c2e5db1ba
SHA512 70ee083bcd9b898456bdbf2b29d504ceae331573ad8541ebeede1aa136add8c8cbf63d719bfc4e8ddf37e4b7e1dfd5233bee807dcde4aafe8be14094b4570036

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\SO02eTikN8ZV7bCSXFKur4CKSoQ.gz[1].js

MD5 6c2c6db3832d53062d303cdff5e2bd30
SHA1 b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
SHA256 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
SHA512 bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\rGWTfn1YVmDRfMb1Jkguvl91Ajw.gz[1].js

MD5 08e6ab16353d021ac4dd0d038aa62ada
SHA1 4ec1428eab0a5571344b6c71233a9b6c2d29caea
SHA256 eb9196ffd0add7f34b23df8cdfbb281fc7e3c23faa9363294b053853e68645ec
SHA512 86a6fb451ca8706f79f1814f7bee991c7be3e498abba627d6b2d946ef1ffd30fe95d252f1c1d0d8d0a06a92dd9aff63acae14a8a2fe0e49ab55bf3465410cd5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\NZ_xx32kgeMFB4R7EeBAu8-6yo0.gz[1].js

MD5 1cdc228d8cd5f61a98238f569170816f
SHA1 9676ad0e82e0ba518b797abf28db8cd28bd2b59b
SHA256 74b29d80f350db65147bb16b5ddc2cf5771d06001253e3accc8d7b9bfa530e4c
SHA512 a756da2ed80d58dc44727cea2584e0f69ce2cd17a7ea8749a80518e855a4885995480678c2182522988affe1dc9820424b76b8aee55a2e131df430cb0838fbf9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\fHuyi8cU3N_FKljgNDAU8JiBqx0.gz[1].js

MD5 f1cf1909716ce3da53172898bb780024
SHA1 d8d34904e511b1c9aae1565ba10ccd045c940333
SHA256 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01
SHA512 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\NRudXMsXYtnM1BQyD6xvAZoudZM.gz[1].js

MD5 2ab12bf4a9e00a1f96849ebb31e03d48
SHA1 7214619173c4ec069be1ff00dd61092fd2981af0
SHA256 f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac
SHA512 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\2MNFZoUV19wQglFaxwi8z4iyQlU.gz[1].js

MD5 602cb27ca7ee88bd54c98b10e44cd175
SHA1 485e4620f433c02678be98df706b9880dd26ab74
SHA256 f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8
SHA512 b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\f5M90q9eKVXkGU-DAv9Aa4jef2k.gz[1].js

MD5 8d078e26c28e9c85885f8a362cb80db9
SHA1 f486b2745e4637d881422d38c7780c041618168a
SHA256 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461
SHA512 b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\qu6fPbDnALKf1YOEETSSe8UzB-U.gz[1].js

MD5 b10af7333dcc67fc77973579d33a28e1
SHA1 432aeaee5b10542fc3b850542002b7228440890a
SHA256 d99b46c716faee91274a2d94869953fb78d312857cab5c1a61ea63d7ae90cc68
SHA512 c0afa2847a873b82c83f45a03c40fbb435668465a4dcefa21a31895a4d1106300f4041b385eefff2c85fc87fd9f1d0560d283116294468b710f6ca4f88fca1e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\we5MTeTkjiic9oaBxzZpmSWxZ5k.gz[1].js

MD5 8c8b189422c448709ea6bd43ee898afb
SHA1 a4d6a99231d951f37d951bd8356d9d17664bf447
SHA256 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff
SHA512 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\U5G6p_Tev2pTiyx-qaKz78k-LeI.gz[1].js

MD5 1c0981ac86e2ea5b7f08f34548af3280
SHA1 57324208ddb3a9e80abd3346607d712c999c2e50
SHA256 00ff3483d93259aedb929a9fee4454a623830b18a08f08781ac1961c1e98774a
SHA512 0f7185a8579d9bf1b89623bf126c58789010c76f7e279a3f44064c78b2e3e04bb0a89394e6be185618071153bc872e43a69211255f3470e1120e51ab0d5f2329

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\3tdN5-aUjXHlyFDCP-W57B-Gjkg.gz[1].js

MD5 0c0ad3fd8c0f48386b239455d60f772e
SHA1 f76ec2cf6388dd2f61adb5dab8301f20451846fa
SHA256 db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7
SHA512 e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\8noA6v-veC88Jmes3Le5xrfe-po.gz[1].js

MD5 6fc02be780b0fc89255072e8a595b605
SHA1 8fbd8d519a0c90773437e23e7bf033b501a76dc6
SHA256 892b90c7e1a5e8f33de13423674abbf40381890f2426d36d0d6a7a3c4e00a3b8
SHA512 cab1d3a9896e739d821f30845b9ad318546e01966c96af1825cbe1b2baffd0922e477cabcd1c3a2cdf4b01301e6c1a6bf892d8fd9ed27bee783051374a4d4d85

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\tdTMdL8EdqhqSe4x2qx8qf6i8-g.gz[1].js

MD5 472e4c0f78992e66f029d6cfa0061b36
SHA1 c04a9b6151f4113564346bd2d3ddf4b1bcc3c7f8
SHA256 627cbd6266a53e45d4a8cd0dcbb580dc2e07e7f2327d936c103031c2003f187f
SHA512 c02b98dce8cd787f5bce00c590d08dda6761b3eeff0de4cb92127ef42a277160145c6eed66e1b1372ca723c5fe5ae899a13c593b31290ba6b48e6e3def1c3016

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\YZk8JWO0h-B4ClAA3BQlzKOiVLs.gz[1].js

MD5 3c0e47e84a81f367dab175bd020ac9ee
SHA1 7e3f061ce0fbf6aa88bd4c49ae5f74e5e84fc2bf
SHA256 73c11b91b105e2ceac93645e1d90515326ab52ca600f881504e86fc845ea8587
SHA512 cc89bc0a79abb462149dc8cfe011f4ff7ea9e9adf4e9710fc246c171d509596f008deb7e668099160b02b3b2f010fe8a1997f7d51dfbf0cffbf2b5217deaaf2e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\9YFq4imrseEwIuXcDlV0BNdcqbc.gz[1].js

MD5 6932cd1a76e6959ad4d0f330d6536bb4
SHA1 e2e7160642fe28bd731a1287cfbda07a3b5171b7
SHA256 041eb2e6f2582f4c19c0820acf9a0e9a2c7262edede0d397a5f6f0215e83f666
SHA512 28bd0bb200704fbac0de2d7c3d1c64a38d5567f79bf24b9c9894c7c6a3b80bb69a5c9f0929cf82163c8e8d39cb6667a2ac81dcb4e6d2072cc7fedfb63219e584

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\K59yR1AD9pXD4Qp7EsPhFjZsOjo.gz[1].js

MD5 718c9d9c2d2a498de3c6953b6347a22f
SHA1 b2f1a5400618972690d509e970cc3abeb72513f4
SHA256 66133f155e3a433e9eeca08dfc3b4e225d358e1a89ab0665379eff319f9f0081
SHA512 ac55ef9f45d29cfcf7d80c009df4c55335f7c3b55d66aadde275f580f321125a2c7669f7157d5bf9a34b3513c1231935a461f46eeebdd87b7801685fc95dc6c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\s1oZaswi-q-iLvkSJAdVWI4a4EQ.gz[1].js

MD5 72a034ca33c75d118741fc3b3a584571
SHA1 288cd516a9e5c1ec865690ab1a6246a1b41720a4
SHA256 16f49634dab9d1c1732f465d25321229fb06bd7161fceec77dc62ca9d8fc1b11
SHA512 a166862571adb533286f4e7f5f9f3be56625dd8fbb8c7ecdd1c507fa9a5839b2b75f514b236b62881b983c6a39da799eed5ac56fd20253f3fa061216f7da34b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\6v5u2U4fJjMh954CqHxOmGfCxRs.gz[1].js

MD5 12ae5624bf6de63e7f1a62704a827d3f
SHA1 c35379fc87d455ab5f8aeed403f422a24bbad194
SHA256 1fb3b58965bebc71f24af200d4b7bc53e576d00acf519fb67fe3f3abdea0a543
SHA512 da5f5485e1e0feb2a9a9da0eaa342edaeeefaf12ce4dcd50d0143bf476356cb171bd62cb33c58e6d9d492d67f281982a99fef3bfd2ebb9e54cf9782f7b92c17b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\dvzAZc08QoRQcmA7yoRfhaItvOo.gz[1].js

MD5 2ac240e28f5c156e62cf65486fc9ca2a
SHA1 1f143a24d7bc4a1a3d9f91f49f2e1ba2b1c3d487
SHA256 4325982915d0a661f3f0c30c05eb11a94cb56736d448fdc0313143818741faa3
SHA512 cb90cf76cd9dc16829a3ff12be5274bd26a94097ad036f199151f1c88534a15bbb8f8dafdd699e51df5c38e73c925c00728f807b20c0b097a5842963525baf4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\2Ji9RDVmC_M43zDGwF-pccsCT24.gz[1].js

MD5 b19ac21dfdc03a156ae40e0d3359796f
SHA1 14b422a6a0b3023e64dd9f90109d8e0214b9a6b7
SHA256 830e0be70c2f2dd3876bf80598a4d1753589ea24f4a09aad4277935ba83fd3df
SHA512 2c3519c0f8930c71fa032d77381a8d66a4ae07dd4ffbb762d59d98fc4e0d8664dc3d5910449a35a7d7d3089c262a5d89bdb2fe4ef5383a880848ebe466adbc72

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\Tv_wcCUoY2fsGXPx2d4MRVc1Pis.gz[1].js

MD5 a973478285784a7c5b007f1d4e611b1b
SHA1 564b804b581d2535eaf8921195ff1a3d9ce94d94
SHA256 4693ba481dd4620177956738d188d21fcd9ad43f717f554d5e6eb3ab0fdf8747
SHA512 0cc310c446e69833bbb663b0aa8c7a57c6c526180df300a6181c988518f50614d2f8a224f72cf2cef8a3227ee5e4ef7d82f801e3355c0185fea7e52075d85ca5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\A6Lh3eitc0n-SCd9XRZUqChp8vM.gz[1].js

MD5 2438834b8d43c04b99cca2ad9949f750
SHA1 8c5fb408c84651cf8581c39be5dc93367bce782d
SHA256 ac7ab806fc753ee2fdbd0b541bf39b2b2d389fa60fcb71e6f3e1da88b4af7971
SHA512 8fb0deb31ac682e80c2c6c13f9ba15482e6021e96566e4f20d6b42ecffca1397dc9c478f2399443d875f87280611edc74d3bae5677bf79b5e5ad3a9be087314c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\pMgv2IcGdINcYpOkU9rVe8Ez9FU.gz[1].js

MD5 e3c4a4463b9c8d7dd23e2bc4a7605f2b
SHA1 d149907e36943abb1a4f1e1889a3e70e9348707b
SHA256 cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6
SHA512 3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\EbWMC3sa1kqKKLU2JpggRmK8hjs.gz[1].js

MD5 072d0f8c7fdb7655402fb9c592d66e18
SHA1 2e013e24ef2443215c6b184e9dfe180b7e562848
SHA256 4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a
SHA512 44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\W8bLYGpay8IFp3H_SrUDKaBAn30.gz[1].js

MD5 fb797698ef041dd693aee90fb9c13c7e
SHA1 394194f8dd058927314d41e065961b476084f724
SHA256 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
SHA512 e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\KWqNO2aZe6YJFeYtVL2of-Fv82o.gz[1].js

MD5 fd88c51edb7fcfe4f8d0aa2763cebe4a
SHA1 18891af14c4c483baa6cb35c985c6debab2d9c8a
SHA256 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699
SHA512 ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\cTjovfJ8fuNtDtyC0VQH35vgAUI.gz[1].js

MD5 d807dbbb6ee3a78027dc7075e0b593ff
SHA1 27109cd41f6b1f2084c81b5d375ea811e51ac567
SHA256 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7
SHA512 e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 5833440e9a644c33a4f88e4b6dbc9191
SHA1 ce160d3be97b3c6d282dc8bd5cc6277d65b795d8
SHA256 762d455bdba4af95dc4d1e58cd49ca5e7f3802b25a052c542b6a971529d74dc3
SHA512 e1eb1438fcf52ab60361a9baeb37c1dc63708ebca157ffb1e0be26e33bfb87c6fa78996fc1457f242b71c9ca148515a647519742bd31fc5785045591950b5c01

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8076cd883276b3b8c5c4d1c539adaa8d
SHA1 fae474c8689f6287845de4e0d9ce0ffdc56b5c4a
SHA256 e07468527c2c3bd728d304f50ab070f2c93decc6ce58f24ccea95c3ccceaa0ef
SHA512 658cea6186054789794528a9bbdc06b88834f4790de5663147d7eeadf517abf2d20a2952c95aa1dcf8a530c0fc81f189706451613b9b4693f96a51c9e4cd1e5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 fb271c49116f85edf60978ce68873d30
SHA1 ff3f25652c9df4607310c3116cc41c334a666e49
SHA256 b4dd3a1d30523f79e4db48927081a766114f0fc24ea7e4135350edba515c0748
SHA512 a1aa45ef440801e2bbc58c303b805485942b3b4324ba0084e349eaf2d9a7c3074608dce4cd5e83591aeb3da022fe1027c942021e4239c4215f4d7d9cb3dc9ff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 da8159bf9d047004f7c57d4c7dd4892e
SHA1 2d3400fd6908a894a14c32a3705c285802d92764
SHA256 3a76934500b2473e7a78fab4bd5eaf3de377a71f199a1c7694918bef30d5bde6
SHA512 bf59d03c7e8b102b7cb38ec0801e9af223d14b9063f09ad9cf83de77148168cc60db08a41ee03401f9957cbf65a95b831ffda05848fa441338bbc1e78efe92b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 647e2b36b62a416c15676357e427d0b2
SHA1 6e4ae8a28722dd1355be48098739f0b300cb8143
SHA256 39d9d5047b3f69365995ccf0b7b76651474b223e12deb307db3874761b0d19a7
SHA512 1b71394b868f6c61372b6c2db0ac28202ea14d90bee969cf15f914b0ff9758c86363f94ef8b1f60584cb05a42bebcb2eea9e1af831a475fa9c639690e6bc979b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62c4ecdae9ff530d8bc35d84ba749b3f
SHA1 84efa575c4ae8c2df206ab2028ae50297702af1b
SHA256 a1fc00878476c4e85d3dcb1a4adba315b3d922fae2a6f13319e8a21bf9de109e
SHA512 d5738a349ca797f668bd358899436b66520148f37be1020965e5f305b8c442ff1872430e3984bda38ae24af42992ca38810dd6f85b876b04f4d1977ee459cb2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44f81e23b30034cb43bc1c886d0cb4ed
SHA1 95dc3af4c1c50bc4971e9f23d06b299cd2da53bd
SHA256 744c8945f444c3b313aeee96c6ae44c4d506fed48b0d96f9584be22f74c0c968
SHA512 353d1875bf700482d050f78e5664bd9e76f225490fe992fa3a93c5d4792778fc00c81c8ef1e7d2fb1c250a032aff45bfd29b4800e24d432ff6eaf92eee2aabc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9a3eba915605809a4ca693090b69725
SHA1 67721e4f90f99c012ea8018ad2f0e5a2acb10fa4
SHA256 25cfc8920f4e70eba8cff113e2d8d24f95d1b5c21d00f9eedd43b2829e686ed5
SHA512 97b013d3d6482b37d0d7cda7f615128ac889251c47b1834a82745bb1f5cb051c03fa46e2222122cd8ee433d25618874290bc3db6bb4d4a010c83dbea22d2efe5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f46e6818af8a680325c9516ee88ee1e9
SHA1 09a8a8fb8938bf51e770287f2e1e8304f62be1da
SHA256 2033134f61c01dbb6daeba5bebfe2fc963287f00e190f21bf8235006fdebcf32
SHA512 7e9fbd1d7537c3f5a9914097f010d4c98917bb247b961f85c02cb4b339bdba24ab69ed6ec2682cefc0c045fda1ffbd5d161e76012c647103cb6a4ff9e5af535b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9a4e7353c7351f857f236d4bbd7740c
SHA1 48923ef615210680f92130b7217724ce3da3c72a
SHA256 ddf7386dba1fcffdf16fafb7a82c87dce8b8e462158fd455a0aae65e713dc955
SHA512 e352a03c5c78a1996659f84229c4235d7bb045907e8dadb1fe7f460d8da60c77916b1748fc82936c8f63bf6c7864ce456f78030c4785509f97972f5ea6fae620

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c894865c92b96f2919bae8e2bc5670a
SHA1 f91424994d8f20c5ae0c4226db34bd73e97ad28a
SHA256 f5162f60dbc256ed0d8126345406578b143bb0c6d5bf4214b974cc82f9186b6c
SHA512 908896587c07b796f10ef911888306cfcb2f188bed3aa4bdc1f641e34b76d1a92501d24c5e2b3c3a9442a5fecfbea66d67d6b8fa5afe60f6005e7fcef58dd397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfc044d6b84b815968b6ddd6fe0cf442
SHA1 071b44064a0037587b8b01b48c4dff3336f642b0
SHA256 c7aab1bbfc4bcffadb7d3d50499d15cc94bc9f719d91b4fd7700374bc251f614
SHA512 8e42ee383aa4d359181c4d5149f1a336e6963b9b9bc8f2047e6eda7dc1d83c3a68ed312e3628de6c8bcb782dfacd1a967195d76b59a2e4eb9e057576f012aada

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7552f8359af976e7f5d3849e1922f65
SHA1 a6372c8d769efb4f29d99db76442ddd70d0323e2
SHA256 efdcad106e8b52e6aaae21293435781c4599515674097d1328cd675bba39a7ed
SHA512 f1e18899bc2d35f193fc2ddc67417d3467b6c38d9c453dadeacf69694a38c8a5c757b6ced1ffb98e38619d52a4d3e515cd51cd307cbfbc79e5ae2826dc2c763c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc67d0531fc701f0482f48457c1236c6
SHA1 f1053ec47cdf7a735661f5356952ac8f3b6aa9d8
SHA256 5a77a7c2ec047e32ed40346c20712c2616a92ed27172910516d1a196fc72855a
SHA512 be12e897e2c52b1285b8e5d580ab394ad576f3265cc0a4c15f4bbc8dec7d2fb105dee5ca7e4f6b4bc2e5c60070107e76af3f982aa0791ed99c08315069d97eb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85b40e0851d5f0ff8300a2e29d79b934
SHA1 ebab98aeb61e97b9c50dcddfd05a6e764df3a9c6
SHA256 55aacf1a43105e680e3f6eba566a9ad0d0bd1af9d0873ada465b40eca013a620
SHA512 9958af303e1ea40bc8df4b42eedead42ca5ad117a867858c89955e424c01eaf55ce18d9f9174d381e63c2a11336e644b5ebef2e9a857ef58e60ed621be4a4ee3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6cb9546f94f442bd5df49700bc44cab
SHA1 2ee3c535b1fed5a4c296f762103ae6a653e2ed9e
SHA256 f90c45832374bf5b2e7fbb16ffea234754ba7345eea48d7df5756ea4802c647d
SHA512 14d1e4ddf4e6c0925c072c3d599876d69c81bd6877d9963924465365f5d2700441b996ef942d610bd4c67cd4a77ebe1acc7844d2b3f29a44429485288c676833

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e1162556b3c4631d810e8148a3dee62
SHA1 0d4ceae0920d55540fef714aa2f10dfb019a92b8
SHA256 9b7b825469cff407784c5e10e0736998d261bb8dc37967d5a6d905c34d0af0e5
SHA512 e3f4f90f886e3333cdf5d28ca5f923fe5f86bed3c52db29a5839ccc3d1872b4eb5d2f930829e0b98d8e53337bb5c037b49f1bdcad8a8059dbd43a8be44a3d8af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e33326e8b13d2c78855135e34fa549ce
SHA1 8ddfe7f0226f3e5482ec7cd25c26d8084af0cb52
SHA256 fde75e0810b2d10d2fd2ef7fdb5313d1cc69c53b43709d411e94d6ef874e2634
SHA512 0aebdb93c9e5b284d0b4b4ff76a3b3d322b65fff733422f39a4ee17b6969170b64a37bf4f3e736ecbf20fff4ab76af17dc8a8fe978cf395d692fb22bf58de192

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f161387b4bc9464aa0870fd4a622631
SHA1 46797936becf459d33e26b9ca78ee4db0f54ac70
SHA256 450bb9e1f69585ab0870b307e0cf62c87f97c61a99a61c8791765cc4419a7b97
SHA512 ce708a1f46d50ce2a669525f009d7bd21e340101b12de7d71b5fb3d66d6fd67b21a9357822651a7387e37217b2127fa27a19637942548ff05323a3fb97b41b17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebc227fa474d7a6442d62d3dde23a612
SHA1 e595b23f864efac066b53a859f72dce92d955b83
SHA256 4a19bd9cf2c85402c61a9d01e85fb2be463e27502e163f39c39e40f48d5b5829
SHA512 5d59944f9134a710fef6a4fe7c0f3f7b0bbc0211e12d79523cd465186a859f7d3353f459d96e579587cf9d1af34d2d1b9e5492d7b45f5f4b22b6c74fd99dde4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d5729d2f6df572e5993a7d0debe9607
SHA1 18c9ab37a042a9181a61b2ff2aebef9fb4d96aa1
SHA256 fc85ddccf1865d17ed023fe116c069666d7ede332cf83f1543c48a9625c7305b
SHA512 6dbc61af30575a32f021bb86ab3de4185824d72b1a7e32a121c88f23fd82311c6fe9b6f21fbfa500c4a18c32065cd23042c60e7f2c59fe0449cd3d9d94d371d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8759344863aa22f3aed63ba3678f5f41
SHA1 7c01204b58dea4cc13e963c405e82b36dbb68279
SHA256 65b623c0190d86f82808f93488fa4f85252095cb34f1d647f0917381baf51e3f
SHA512 d29f19da71070ed942003f3d3d34ec4086e1b5f1317c7160dbfb71c090812f0b30e114a9024bb278f3f9db6e8f28e1aa8f34f10a37cd2f6ff7ad8daa529dbf44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f99ce4b49cf1714180095700eeb5530d
SHA1 f742fddfb86185c0acd2ec7d33f635461cf25095
SHA256 0ac4e37370169b305e28d622ad7188e5ced55eb26212725ea6a883024350c138
SHA512 f46092c1e048d938994ef3acddd218e0140f4055055f8db0033edcb07af6925e1963af9c762410329719fcdc61bbf5df5210536268a53ead52205e0322c48ecc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 2d2a8633440f0aa31aaf01e93ac21184
SHA1 67253f6a784d43203bf2a196c8f9be3bfd14b46a
SHA256 810e7720b42aaa86d6186adbf92ec95d470858ba7739b619782c056a7004da25
SHA512 02aaf68f61379790faa3adab7dd88f023bf9a124ff187aeac3cb063fc3d7aac8b48b091ab15224eb35ebbe1f016adb93abaf993f28008d46edda7547e778c08c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe634c29b1209dbc6dfa51783924c9b7
SHA1 04cb820bbe2b57ca46bd9b2275c0a0799738e696
SHA256 3d6a7c83ff45119fe35e7a79795ae8b632e9e44f037dd5345b402701e3575beb
SHA512 b9454c8067a2d3cd1b498b1b6234afb29fc346a1145aeaa31929b22b5c83b4fa2b9a9a79f7c4f5eccc33a951b6ce23a8c55baeb8bedb68eeac7722a9f1cec248

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3221f48b2c29afda83df7affcaa1e7a0
SHA1 7da4e38b87d7f4c616ae5ca84163313974f88f82
SHA256 8e96fed1249c69ef74ea2871dc21a46340445c2759446574cf6b34be0049625a
SHA512 de60cd1092e925678eee1df7c1b2dfb6fbf512447acf4dd93bb0b411e9fc6ff8dcf3287ad2e7430f4faf2a0905eda6613f86270fc57427b76c0ede6c811a49bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 458d7ed1f74b6442f1bd36efe70b97a9
SHA1 6ddc3a52b678270823e3483d91b977561dd781ce
SHA256 854cc239db01c9d78cef6549f6d2adfa31648428c2b89b847eeb58fafc49a561
SHA512 32ff2014cfd8dfb1cdc0cc72f4d7bd3dd8a70b81be03048e8b26ddf4dd2d01440f870989364f5b687bd830211365f82912b4f2ad2e9361519279df952c3b6bcf

C:\Users\Admin\AppData\Local\Temp\~DF04D7521D1520B2E9.TMP

MD5 906bca70654d6df55c26cfb8c87e5213
SHA1 2174698040addaf944abdcd751a0a5df300c3e3f
SHA256 356137033138c56bc66ac3c2882b14c373b4c9b5f17aad2dc86a681ff0b8411f
SHA512 8da7fc8d4c7547e6e911574fe84e339c14391dc7f28319076be363ba262eff4a60be1307510dce858f0cf67006075d7659c093c8e4c48ce00f4def57b5a4b11a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 901bbe275e3818afea025f0edad0e16a
SHA1 163e828f5577e066470070f358953e7f4146573f
SHA256 5cf89bb5549476f663afe2506bb9d87c60a2764a2f80dfd2151b3d46a2f14ab6
SHA512 ff268902181e9ba9292b4ad8878a9dad9ae8b8512bb09e1b05479cc18ec756bb74f422964eb7c7739c8cbf52e32e22ded4a00681a48352104f2fc185bccd1a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dcfd11b84aecc65445d9fe69053e1673
SHA1 639e27cd711390f25e8080f41746e96c79062b20
SHA256 41ed24a4b0c3c2deaaffae60ddbcd4de21196260c126b4f7d7c42190d5992bd8
SHA512 d49cb1c78d1f1f49a309bee8c10fa3b319a5036de7f2de5d0c945b472749a773f1057f80c406a7388e7d63aa352c2b1d0b20ea02b35fb161a5c472af0738515a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ef85a7a263c07149954d8c5ef146fc7a
SHA1 9d4c2efbb3d05c8df599c7ec17bbde50cdb5262b
SHA256 9106023ec0c88b5d568048ea0c999f0e2155bbad9338ade0d5a4004b25a83343
SHA512 d2dc32c7623f873306f1037a9417eed6013deffe80d11b9c03b3ca333e2cc2c0bbc406b01b60fcaae37f509c442047224c6640e94cbc7c08b2d7db94177657b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9f6488cb7165d1a00763d2a06765fe14
SHA1 47e97ab17ada8f6433f667904e88fb8aec1d4c48
SHA256 d5b84fd4f9f33e58c03a4d2c828191e0821a26519abd9cd915a977fe31b017fb
SHA512 371502689dd5b52eba1d79d6389ed828a68f4a0b2cbeac0020e510ebad3997b38ed78cd3415fcea1626a1ec15889eb0e9c129a8356ab60738b9819d240becd20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e85aba93c4e741a_0

MD5 b734233ea32e2c21d37b1764e4fced2f
SHA1 fd6f12e9b39a078d358af08d4d11df80aac676d7
SHA256 44748cad0b8a27c4aac04e8f8df21dc9920e8a8c348e129ec9c1d6e44f054358
SHA512 783feb0df80a4bcab69a437305b52ae7a9d62eedc039422793ab6c7d224b62ffee3d5fd8c2468bcfdcf07f1c78a82a520a02dc93c9581f9ccae14790fc1fe918

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f36df3b6b5990180_0

MD5 8394fe995b2630104d1c13a9ae5aab90
SHA1 b8f095ec2fabad9a47d87fd7f09e3c1a3fcb51f2
SHA256 576a9873926404ce069082f15277840f3c2422adb57ba3a53d872eef36bfb151
SHA512 2492c982d0c84bcdbb15214dc3eba663e6e6ad2b14f254e9a2f9f4a1c35445c281f1a41cc3d358a7073bea93c72f5b6c0d6d11b072282f10c9511f4e51691ebd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cf104a77f613fdd9c28620338b29efee
SHA1 eb0b5df4856ccaa273e812ddbd931f7c26a435fd
SHA256 0d5b9dbfa8b6a0005a9373ebeae2b313b1bbc570dd87b3d7f02e5bce481b4fb0
SHA512 1c968e9be46a91220537c1e5c30d8e1ed56b56fbb99c66642cf4e6d6770153d95aa6404ce235a0573a069df73cdba978c2a51966acfb3abfc025adfcde98eecf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b25b0a559e4f1af7_0

MD5 8853cd8aeed1c0799360d2ce20f4f4f7
SHA1 5e0e4a26110f053daadb240cf060c9a2599e02ee
SHA256 d2bd35cceea61ffe9d65d0d4da4d20b8021bb25ffe0720f16d9c18a96e57bf67
SHA512 cb2eea2d3cbf4a09db266a4cfaaad404e514fb9e2d1e002b02f90869fb372bcaa904419b5aa40f4c3b2764337138c261d7f9f4dd5279f04b73d0aeb50d2a98ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8869765962a93d50_0

MD5 61c44e920a930ebfe657d5ba0a5511ea
SHA1 c3096c9cc85eaa6117818e230f3d8dc56c15503d
SHA256 80e1cade3a95abc2869c8abc9db1c64b9687ba30c941f0da69a05a10ea704bab
SHA512 fea96f96fdbd03063ced8575f9bfc93acb2dc07d08c287795c71eb41d957009b69d4002f498f19917e514cec2503ee62a5c4d23ccf4a08d198ef2be309b8640d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\738184b4bb16e32c_0

MD5 32f233fd8a4324ab4054fe04a2697633
SHA1 2a0ec4a173f0da6e429ab29c200937dfc693f520
SHA256 f84d8152357be75e9c306f97a799300e78aea4e7b68f9efe66dec0a7cf12c1bd
SHA512 6e905b96e75023fd88ed6331eb3095814ddb284aec299299237f0ac7c688b627574b55f96d1926db00eda3f710d6f5149e7938ecc7f1504ea13830cd5577da64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 306db45f26e18dd6d48a215f8c7b02bc
SHA1 f89aef11d854d1964535534eb2639da34b17dfab
SHA256 2cf0a64427db082fee2e4e1d5956d47fa112d8e7832dee5b300b2bcd163c463e
SHA512 e0a8daf4d01ec1d4443ba06ea368ace4cfec5b0420d94110eb47f85e627c1fff1ad15637aaf083c2ac47463b9d0c7d1311228d39e5a36cc9fd5bbbe341f99b2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d3e4e889f9a90f645f8d09cbdd5eb8dd
SHA1 df4f6e8a0750a657166eb16483375df3ac4794e1
SHA256 bdd59bebec1670c9401b7de0edd4ba7c81c615f31743c059f2decf58fa657e51
SHA512 ae063189886d9a5cdcdc05b8263c0ebd2fda9d8975c6e51a2e9d789ca0f4b6c1b667aedd57661118f7c81e7dcace08e20534631dfd5ad1356862ea220605ba04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b7c0aaee69b00c421aa25fe22c25eb82
SHA1 c90ba7350bdffb258860472f6e0f176587ab95ed
SHA256 1cd2ee3a491735c22ccdc64b5a48abf7850bbf7f0c0eacb60f86a5d6c9c1402a
SHA512 a788999cef17b3857f140b8cfc7c8d1c15e1c3e1a3f2d253910c6458f406fa038747704e92624d4a142aa92f43f937ff5e118374305c6381aeef843c0839b1b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d6c5d0b5-c836-475b-b78d-8d3c22aead4c.tmp

MD5 9a35dc06ac6007c513ebfa26ef918c44
SHA1 8f5a29f306d126c39e72b74080f1ecb027524e00
SHA256 f8da90b8c4d17326fc061436a3e00383dc52819df7c52c3377c62f74b8700a2a
SHA512 ab73f541bd9aef9b2e9b476cd84b2436151822fe1c831479804909973cff6ba6658752d5edb9a9d4f62a80c279f2cdf21eacb5326693d66b0a7c86d76ecae84d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fa1bdaeebda02c789ad5ff00d14ec51f
SHA1 9750f22f288741a6c74e117185a81fb12edfa4de
SHA256 ad7e125ab00cbdcd336bc4973eb61ccfdb4aac736d7e0e912816178fc1d3a9b6
SHA512 03733585b2ac8ef2d1be61cc5553b9b6c5a3be5066ce53a5b82441121e0982ffd7c375ed4c51d406d4d7a1db5a1b38315a1e02a1fee4f2407f69e0324a391db8

C:\Users\Admin\Documents\Outlook Files\Outlook.pst

MD5 bccd1f5d66184b9616aeac1fe398f9a0
SHA1 fc2e76710b65b9a8c9eb352217a691c2138f4d76
SHA256 d64be6395fd4496037cc8660617c8abdf92d28e68e6cd2f13038051eb3098242
SHA512 84363581d7441da7ac3c0a2c4fd90993ecc2683c1ef6605a0514bb8a627ee4cc604772dac56427e5e8207f2b0eda936933a318f990f27b7558eced9c88cb641b

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm

MD5 cb0c6e319eb300ef18da2ced2f511976
SHA1 89a4fe1cc53a1726a80643c2c857ce5d2b28fcbf
SHA256 2be2c54a694ad6585ca5b10c1756858e464029802ee4c141eff32026f6acfd84
SHA512 02198be3e08a9774241f55cbeb6413591bed5bebf5ac317ed602ad6d90016a168505e9b55cebe2a7185fdb0e31e4056ad406c27044a441aae1233d09e344a977

memory/1740-6383-0x000000007375D000-0x0000000073768000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zO4221D27C\NNvx4SRO575DPub.exe

MD5 a9563ae402f2659cafe278214ab57910
SHA1 f60b1353562b34a3d57da2505635fe4fb0ed721e
SHA256 b2127e058febd58b9721ad80bb68c6e7e5a54e98558049f7e3eb9f9f9bf13042
SHA512 35e5ec5171afe1d5a30d91492ca2eacba7a9c665aaa6b11e96427904f1a981f85224fb355e4a4f60b4f9bc4a47ab5079c90bb2969e31dba6a9d225bf8a293812

memory/188-6405-0x00000000010E0000-0x000000000119E000-memory.dmp

memory/188-6406-0x0000000074390000-0x0000000074A7E000-memory.dmp

memory/188-6407-0x0000000004C90000-0x0000000004CD0000-memory.dmp

memory/188-6408-0x00000000007F0000-0x0000000000810000-memory.dmp

memory/188-6409-0x0000000000810000-0x000000000081E000-memory.dmp

memory/188-6410-0x0000000000820000-0x0000000000832000-memory.dmp

memory/188-6411-0x0000000005360000-0x00000000053E4000-memory.dmp

memory/2620-6412-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2620-6414-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2620-6416-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2620-6418-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2620-6420-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2620-6422-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2620-6424-0x0000000000400000-0x0000000000442000-memory.dmp

memory/188-6427-0x0000000074390000-0x0000000074A7E000-memory.dmp

memory/2620-6426-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2620-6428-0x0000000074390000-0x0000000074A7E000-memory.dmp

memory/2620-6429-0x0000000004B20000-0x0000000004B60000-memory.dmp

memory/868-6440-0x0000000001350000-0x000000000140E000-memory.dmp

memory/868-6441-0x0000000074390000-0x0000000074A7E000-memory.dmp

memory/868-6442-0x0000000004C60000-0x0000000004CA0000-memory.dmp

memory/2620-6445-0x0000000074390000-0x0000000074A7E000-memory.dmp

memory/2620-6446-0x0000000004B20000-0x0000000004B60000-memory.dmp

memory/868-6447-0x00000000004C0000-0x00000000004D2000-memory.dmp

memory/1164-6455-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/868-6460-0x0000000074390000-0x0000000074A7E000-memory.dmp

memory/1164-6463-0x0000000074390000-0x0000000074A7E000-memory.dmp

memory/1164-6464-0x00000000048F0000-0x0000000004930000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-22 21:43

Reported

2024-02-22 21:48

Platform

win10v2004-20240221-en

Max time kernel

93s

Max time network

202s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.123.41.162:80 www.microsoft.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 162.41.123.104.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-22 21:43

Reported

2024-02-22 21:48

Platform

win7-20240221-en

Max time kernel

121s

Max time network

124s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Network

N/A

Files

N/A