b3265765e33f61da59c5824817d14598b1ddc2c3f6259f9bc5ffd1a3e34558df

Analysis

max time kernel
54s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

(40% OFF) planos de saúde empresariais.msg
Size

45KB
MD5

d07f6981ab47141dc2971428adbd6a8c
SHA1

d3245f2f84e38831da65222ced7cf98a8a66339c
SHA256

b3265765e33f61da59c5824817d14598b1ddc2c3f6259f9bc5ffd1a3e34558df
SHA512

01322968759276470ef8a64d71d2362835961b0a6394c455c21fcd05e69cf44b4bbd71889151a2d9ccc1ddb16b34876993e70c7428aba38d0a323cdc15b03f54
SSDEEP

768:zFBfLCB4aLER7AXpJ3TaYxhkz4qOHWBhGGkrPNVA0nsv:zFlOOaXZJ3TaYxhkTOHW2l1

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 60 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C76EDC11-DBDE-11EE-9C59-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Charset	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ThreadingModel = "Apartment"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\""	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1136	OUTLOOK.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
836	chrome.exe
836	chrome.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe
Token: SeShutdownPrivilege	836	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1136	OUTLOOK.EXE
2128	iexplore.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
1136	OUTLOOK.EXE
2128	iexplore.exe
2128	iexplore.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
1136	OUTLOOK.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 2128	1136	OUTLOOK.EXE	33
PID 1136 wrote to memory of 2128	1136	OUTLOOK.EXE	33
PID 1136 wrote to memory of 2128	1136	OUTLOOK.EXE	33
PID 1136 wrote to memory of 2128	1136	OUTLOOK.EXE	33
PID 2128 wrote to memory of 2396	2128	iexplore.exe	34
PID 2128 wrote to memory of 2396	2128	iexplore.exe	34
PID 2128 wrote to memory of 2396	2128	iexplore.exe	34
PID 2128 wrote to memory of 2396	2128	iexplore.exe	34
PID 836 wrote to memory of 1944	836	chrome.exe	37
PID 836 wrote to memory of 1944	836	chrome.exe	37
PID 836 wrote to memory of 1944	836	chrome.exe	37
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 2908	836	chrome.exe	39
PID 836 wrote to memory of 1620	836	chrome.exe	40
PID 836 wrote to memory of 1620	836	chrome.exe	40
PID 836 wrote to memory of 1620	836	chrome.exe	40
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41
PID 836 wrote to memory of 1180	836	chrome.exe	41

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\(40% OFF) planos de saúde empresariais.msg"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://imsva91-ctp.trendmicro.com/wis/clicktime/v1/query?url=http%3a%2f%2fec2%2d54%2d175%2d75%2d248.compute%2d1.amazonaws.com%2fmw%2flatest%2findex.php%2fcampaigns%2fnb556ql9ddb23%2ftrack%2durl%2fdp682grpbdc61%2f438e682885a2bdbcfa9ec42b8eaad071f4240c86&umid=B722AE36-0947-7206-8A91-E0FFEDDBF919&auth=04d8cbfb2262cbe07ceab943606e6e5d0148629e-bc353014279c2ff3a3271fb24db3125f56d8077f
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef62d9758,0x7fef62d9768,0x7fef62d9778
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2356 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1516 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3288 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2992
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fd97688,0x13fd97698,0x13fd976a8
    3⤵
    PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3880 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1416 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2540 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1932 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2308 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3952 --field-trial-handle=1220,i,18145325708386009009,13279094098234125576,131072 /prefetch:1
  2⤵
  PID:1748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92bd14964898d9d446ac8e8ea6301b0a

SHA1
12080f6e376e36b0463d4d580850cb34feecf745

SHA256
204becf7efbd75e0b6258a924af87c109b8ee36f7b4532f6dddc794e5f9fa826

SHA512
9e237a50383e73aa19561ade2631691f4925d70383ecdfe46503f8e979877132defb09d2179dc89db3b30b479d844cd77bab712601972a8870d63fe95a6c3724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1e86706675fce01413065e9ccf83ebb

SHA1
ee0a2c56e7fe5f9f096efa5ac3de36e4ba2bf0a3

SHA256
c6b770ff4df6430e38ec7813ecb3647d38ba81499c50bb74d0bf5167e4d21850

SHA512
090e20a39f401ab8a69e16edccf50f09d9567fb1bdb8629c15c470188c975d20268ffd5e152ca48b6226bfc8248f79b9e09a38bbbfeff4182a808b1ca87ad63e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5668c2660927821e1342123207e97bc7

SHA1
081e2a99ed504915efe31ff0cc2b17b1cea4606b

SHA256
ca221baab03d8547b5bb775d77ef8af8c9cee472426eab0a08e083de445eaf77

SHA512
89997e0d0ecd13bf75a61f99881889f9f23039dc43818a717e260187414e09953fdfe34d47ea791eb304cefd9d81174c42493f037eb0f76bdf78db40763b3e38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6023141f53ea6bc1f253636c6848d072

SHA1
ebf0ae503574940a5be6c071aa576cacba70e909

SHA256
695a52df6ba2bbe258134b3471f4bf886264be518ef53f029d33ab7f02fac3a9

SHA512
457b68d21c6c8d1ccacd0f7be43852d57a28614c3c4358a6828465cc72efc3ade492ec235007d9e5cadf58060ed5904faa8ece02e4e5d3c63eca2caba54930e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a5f0ad6c1f6d52cda3f9bcae667c9aa

SHA1
851f0f2d59b3d5773f1cd4f83b7db775b5b9c56b

SHA256
481566bcc9f74be7a7f52f8f606a6810367e459b12f26139b191e4c9101993d2

SHA512
5cfbf62c282250ecf351abf909cd60bea51a8d2ea053103838d8bcc308b8cf9331597d4b4eec339f12d06152519ceade8a62d087d8addc6998cf0741e48e5cd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04d7c7dbc72224b89399f6d63f786812

SHA1
7e3803ee9a358411581d26ef7b746e4df33fcc59

SHA256
29f3acd126c248e6f75b400401d2a8ea5d373e083d91d49c46148773198bb6fd

SHA512
a4eb0118ab43e991696c3f5f4fa423142be80890334d37b768668d4b2a1f2da3a6dd480b3659d3089141a7f25086ab880e367d2235ec98a2b09727bfa202efc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2855fd27b33a0115cd54b02c79ed7f01

SHA1
251c7b2850f200c55f982182404ec8d2e7094693

SHA256
a9e9267b76a7ec712d99eb84e6d70d64b8a7a5b8103757c54fd1562ef8e4e912

SHA512
c348eb40cf60784f0f5fafbc1c98732a24ef286438dbd4236c127975687b92ca060ae5640ba8812a5f332e302e5830e3261d76d2fff74f8375177fc29151e79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0231690e8f27030955bb56acb9359c39

SHA1
f63c4ad6a65bc6d94e93e2bf69ce764d5f39eb1b

SHA256
1c18e175b54cba60f7a8a86879e3b53aec436b58fdd17f6013b719de7fcc1d5c

SHA512
05895d69e6b9e42d448ad3ccec1259566b929797f52ae0ed5b04c64f94a98b8f2d5e356cd84fcd61c4e05a4f7299963e9726ebaca9d2a0cc79f8ef308a846fed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0669896247f9058047ffe42092be971d

SHA1
37b2ce82dcdde32998aa63e5bb4f389f0d955492

SHA256
cb18191dd5e50e928111c255f20f9aedea9de4a3efa85c358926fa82b7fc766b

SHA512
90389e49f184d5ac810e7e2b2bd254c688545371a2bd53b5daa06091df7619304c4deb0e731c840a64cac801de5b246812ca98e292233c50f33fa448017e7605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f1ea6d153b4df0231dd8c562ac8448f

SHA1
d4c6fb6ea75343097300f467bf0cc1d4f72c88a7

SHA256
684b8d1d770fccfcc5212d2a3ae99d4cea4d5156606f36b54405cdcbfdd77d36

SHA512
a4418d663f98b5f32f5fe41d42778fb07bfac49833fcb1a7401d00536b71a2ab71dd017c98e57a64d3f28fd3fb2a49358146e8fbbed09b62d66d9cf69bff3dd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d92078c4f334125c7dc7aaca73712b11

SHA1
f4b251e251e15c985e0fde974f8f64ba2221832e

SHA256
09c0a04bf2a8621d6c42b62941f1c847af6205cb0b4ca68098bfc59ee77a7c2a

SHA512
75e64667f158fd536be772ad55162bce975779dbc6bc18373bd949f2a34c760bcfe812193bc4b3135215395182b71ebac98a84766d513f9c9cb6fe1dc2011441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
547f0192fe66228b9ec522e603301d30

SHA1
24c5ca822671e0e7b1a290cca2f352dae9e55676

SHA256
a638e1e56d0e967c3aeec11da8dd34350dac5a1924ffdf781cc8fab6991e1f5a

SHA512
775ae098b06089aff4a0420bb04ad9466fce8e6db1f661a23da0d1a4d46f79d03cc417452d0139150745c1b30af76dc2291dcc5f1b76c437bccd6d3d1dcc2b3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fabc9e5efcdc0583fdb0145b3b47d92

SHA1
cf859575ee41d02d2a8ef7a9a2f280d34b462215

SHA256
dc2e5ca054b5aad86c555b8487f523e928d299a00de86d4170ffb6fb6c1a303c

SHA512
08899715a44eb4c78b8535266ca58fa5be912d39aeab18fb30138cdf834eec8acecbf78326efc1ac5b8eb97d7d23b086198e1615e097f47da0203437f466f02a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45b9af0d9dd1066a77328716f1722c66

SHA1
0a18fea981f66c842f23b5746ab3f4688b1db30a

SHA256
113d35a5126a665790996382b013d6b0fe3e7785d873147129f424c0de2eac4c

SHA512
5dcaff57e8696312e5b0ce2fedc1c0d7e58ffc26c5b2a2b1b1f84b1438ef5d65da7e95812f21f4e6c533278785d4d64814884c186ce2df3d07c8ef7a4e430f9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c214ac5966dcc3fcf08adcd7dc55e01f

SHA1
a26f7091e737794605e66b6c890f72a1f4605555

SHA256
47e28a9ad0e6c1764677ee10b3ca25fde824fec75c5b36c4d6132938f57cb5e7

SHA512
d74cfbe29d6b65c5364a500c85806635cea33cac3063b73da44ca7945533667416373d517f7794bc9094b2323c9788dfbfdfc626b9b6e07efcd5b5683dd32664

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3050d3b74763d9eb4e5d6e4bd5e93c97

SHA1
d2c6f711b3cacfe2564811f178954b08315cca53

SHA256
e398a2e1f8aa9d97b6d2b01b5aff682bf5427bd810a120c9bf6bab17b6454740

SHA512
e9298a030f932468e530f174c101f9a9681de98c7a719708748898542735df3e1b9e449d4af82c9d5c1b164ff37dc3b141837d4cf3d3731c37f2d596b9b42558

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f83424f7b8deb1f38ac6548c8fc68df7

SHA1
7070d92acf1eb93c17050d5618a61d0fb0099e81

SHA256
d990163479a6242a4824f18b060a274c144a2e19cc3cc4bc407292c79fa087ab

SHA512
d670005370aed9c424150f94d90e03de21738d94a2b444071c04dbda238fbb60d5496da196649ab9e836453f1f536d8dc4e58a001d3dc0e70209395712efc245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32677a1e07fbd5e87b287d6bfcbf6dbb

SHA1
670275d8b2a91d5455cbe8ef50a5a995863eecae

SHA256
3f1da86e6de5c4c863ebeb5f397b7f3c861bd133a8361787ffdc91fa6d327917

SHA512
408991df3d65c7b9b2cc89c3ffb13c86039cc928812d93f7088e01d1775b5e9e808e6815748446bb158db77a3232501e0a31706bdf7ee4b6ceb79d9fd8a322d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6523fc2dbc5d540a4f2e907c1287aa92

SHA1
a35a60900cb2144d5feaa4962315a79f1eb83c21

SHA256
cb40a541d3cf97997a780e4a7e79cbef5cfa9b190514db478dc8c87bb8321bcf

SHA512
4895618dca6e576f00947706a39afec8fbc05936ab1b2466e6b573c17df17dd0130cced04bf16487afae13e9c4e83d9b58442c87c72c6efec30208d56e25067b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04d494e34d222a18d2a0d7e517ec79d2

SHA1
c504970b7c939614e5984689b389ac412f84c3bd

SHA256
745a1bb5115cffaa2a234c66744439ef4497a48426d8f387abf8b6f738447527

SHA512
0feed57373dd92ece63b4eb8118e217d23e02adc183c13f30cb022ef2c2fddc8b97930758a63a4c0644bcfba4fec9a2f4d6ee3ecabd7a2702c531347218713d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
194b0fc52ae80333a4c1a64d66d965bf

SHA1
c98a5b1b3df4ee3c9dc7000ed458f9b17d2eb01e

SHA256
b43db19e63d8fa3bb51d5bc8bfd7cf8ce8a3a1adc996fe7d7dacde59b45c5dd6

SHA512
33c21dfa1e74a5c2cb7a261a2ebedf94cc1dd21f036d6ed4cc506391e8df7fe079655d08c09b31a11f825a5e97f70b95fb5ddbdb622fbfadeea1ff52d8716cf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50f07bf852f4c239352fe906dab06435

SHA1
7e4080312f0bbdd05a4de11c1185ff3c43f70a04

SHA256
92a2d9e51fd4b3105c0110ec5b95504623ad4b2effee214d60e17b589672e0bb

SHA512
a1ccefccf67898210738f69f65006458c1a359a908dd234e8e7d330b148e63cba6fe694ed1641bb4fa21862e68130961ee914f5896484a740abc119a497572af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
334bc8672b7d154fb7360f8f812e6d72

SHA1
a3bc1f77abfc594d8b8632cc73f303fa70f7da55

SHA256
90d5d15e58acd0a07c68399907d3a49e75f6aa1e43cb868d140bd58001550c78

SHA512
a3e364de93d079513699fe2ec59ae8477e9930788c9e38b8b7d009d45db98ee40413a24c73d9a2f1fff5a4c0cad955b1e4aeb9ac9e83a07d4ae8a6266f0fb5cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c80373c1298a2cd999cd687ada6b163

SHA1
dee04627b141392da0f9702677c25764a71f083e

SHA256
cafd9e6cbd3ab6ca802f6ec62a4f3a4e5a6e1b836f6930b4cdc1cff05af2fbfe

SHA512
b0bdc7e1a74136f09122b09a431207f804454f3af3b2b2d690c202ec25a6abeb207b6243d6c396a6741a5cf955c6f453344f9e914b779c4de1ab2823d58d0f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06a5b270e25aaea46f18933b46a230bb

SHA1
b510da1561f3cc3491e9ad75de5b11013669cc84

SHA256
2b992ed63e6b1d017f27547915e1b6ba5b35b5a4ba0a6b32b7b4f9d1568b447a

SHA512
86530da44581400f196115b6f3fa0b8facb16ca7debff39799ed3d88eff121a6059b0a26328c34a8e37f505c3ba4c8cab57db4bb1744a1d47708401dedb80054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0aa4d035bc9d63483c2a07d48d54132f

SHA1
4746ccd4ee08fa7eb2bd6c9dffe8d65cc548a097

SHA256
61b10d7bc79cc6c158d8818b24c34a599711b772c924402391ba01af0031834a

SHA512
c49dee9486a6bb139dd482c41fbc1fe3079534e5ef8444ee26b88e466d80d2cdd9e8fa70b551238ddc48d751b175eb62b0db12407e87489e3560ce365bdfd6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
62c6ec473f56401c41f6b1dbf3dfb2da

SHA1
0dada0e89d593ff7cf79164c9bef90f0ceae1096

SHA256
0913b556ffa6a42d4bc92d7fe20fe5f008241beacad82da917e8eab334d91754

SHA512
5b4076f89f3a7a845ebc62823857d9dce0fb2f5d8b23baef8098e8a81b118bc00e79faba37925a0b6a68213355c1d4e125a7f50cf9e13bea0be888de515fc7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0852cfbf6408cdfc29f1350e8fec23c4

SHA1
a79e160bafb76c12eb837f842994c2b881c935a3

SHA256
288c24464569c2dd198b13563cab29df573b404ae5553c2323e78184fa5b3950

SHA512
9595bca2f1c084766cbfcde25af9dce438170bff6ff4a9aa19b1140778592919d14f4f174c13df3fdb89392f88b76f540ee157500ebaee0d528cfb2646191ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bf960aeac3c98ab29a7a8fb2b621856f

SHA1
95014982b8e4d2cd873d3bd547a7761afa7be570

SHA256
0121a32256869587a713fb33dc74c94601840643959a957fe72050385f72fad1

SHA512
43104307ab3bb24334d50d95de3d020e176b2ae95339730d941536dd759cf7daa0240b9faf5f56484e72f30ed4aee5c83cfe6b0da9f9cf1295f11ce31d1baede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
192KB

MD5
dd7e08aea3bc20eadf663f797dab140c

SHA1
ab5b8f4ea3b6816945da6a390dcfd3c10252abd2

SHA256
9e4e4ac027ad85d52722e9630835e999ec95071fbc35ca8b89b4e97678901c12

SHA512
b2474d83290a9def398a6e44069e062c3b8431abfddb20478e6bad05d88651128420a2d4a525ba910955cb058da390cd0389d114a71d970e7d9b0c53d275a681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
64KB

MD5
69e03ab9f307075839b6a2c359ff41d5

SHA1
cc034088b8b3785351e4350321cbc8cb5cbda4ed

SHA256
10bb7db1abae6026522cea2166ec8bfb9ff5465451f3b756c4ce80f52058144b

SHA512
d8c7d7a8d8d31d3fb7d2c48a7dc78c2f4b29e2be4079853d8ff94beb0358ea41e87a1dc6b6dd62230bf13b9b5918d0e58380da23651c4df4c37c36574e2d882e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
8KB

MD5
9a844cebd257f434c5ea0ee3cc817881

SHA1
6398633b02d4e46ceeab7976e1461655362352bf

SHA256
c0ef250915b17d66953dac865342ccf5cee6ec4a24d32618e5f72fa392524211

SHA512
d9a9b1c6aef7457b81c0d768cebb6f0940e244b2f89b75532ea22d0cbd67452a41aee2429cce1e0927cc9d2bb5b2459d6e7062ca5f30c27e5a60fc6a934843f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEF76.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8E9FA42B-D779-46E4-A5C8-FD2ED1E1CE97}.html

Filesize
6KB

MD5
adf3db405fe75820ba7ddc92dc3c54fb

SHA1
af664360e136fd5af829fd7f297eb493a2928d60

SHA256
4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

SHA512
69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1136-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1136-194-0x00000000739AD000-0x00000000739B8000-memory.dmp

Filesize
44KB

Download
memory/1136-162-0x0000000069771000-0x0000000069772000-memory.dmp

Filesize
4KB

Download
memory/1136-1-0x00000000739AD000-0x00000000739B8000-memory.dmp

Filesize
44KB

Download