Resubmissions

20-05-2024 08:38

240520-kjtqdscf2s 10

20-05-2024 08:34

240520-kgpnnabh33 10

Analysis

  • max time kernel
    167s
  • max time network
    169s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-05-2024 08:34

Errors

Reason
Machine shutdown

General

  • Target

    Boendet.docx

  • Size

    21.7MB

  • MD5

    14b980a65c7501e12ccfecd9bf55cb16

  • SHA1

    7bf794b9b674f5946eadb8e07a01d6aaeb337d7f

  • SHA256

    a91345c766f145d47d6deb90c3ae9d920f28101e12e39d93e88e3612eaf07329

  • SHA512

    a6758a6617f420ac3a49bbfbb055f43a2d5fbfa3611030e359d6ff788b7276f4c005a0e04c9cbc776dcf02e0ddc30b6bb55d1c8758b1822ad6e3cc612a54a504

  • SSDEEP

    393216:9/K/AmXAr22JMg1Ml30SRiGHVdrc5nw0DxTceN+ujRIT++9kkG:4/Ar2XRiSdrc5w0DxTb3RITBeN

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • UAC bypass 3 TTPs 1 IoCs
  • Disables RegEdit via registry modification 1 IoCs
  • Disables Task Manager via registry modification
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies Control Panel 4 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Boendet.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3408
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd888cab58,0x7ffd888cab68,0x7ffd888cab78
      2⤵
        PID:1704
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:2
        2⤵
          PID:3712
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
          2⤵
            PID:2256
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
            2⤵
              PID:4068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
              2⤵
                PID:3780
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                2⤵
                  PID:4640
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                  2⤵
                    PID:3920
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                    2⤵
                      PID:3344
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                      2⤵
                        PID:2860
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                        2⤵
                          PID:2632
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                          2⤵
                            PID:800
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                            2⤵
                              PID:4244
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4944 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                              2⤵
                                PID:128
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4240 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                                2⤵
                                  PID:4708
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2572 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                                  2⤵
                                    PID:3568
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                    2⤵
                                      PID:1792
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5052 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                      2⤵
                                        PID:4544
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                        2⤵
                                          PID:3532
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                          2⤵
                                          • NTFS ADS
                                          PID:3844
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                          2⤵
                                            PID:4448
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4856 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                            2⤵
                                              PID:4268
                                            • C:\Users\Admin\Downloads\Floxif.exe
                                              "C:\Users\Admin\Downloads\Floxif.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Drops file in Program Files directory
                                              PID:2088
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 456
                                                3⤵
                                                • Program crash
                                                PID:708
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5316 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                                              2⤵
                                                PID:2140
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                2⤵
                                                • NTFS ADS
                                                PID:1972
                                              • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                                "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""
                                                2⤵
                                                • Checks processor information in registry
                                                • Enumerates system info in registry
                                                • Suspicious behavior: AddClipboardFormatListener
                                                • Suspicious use of SetWindowsHookEx
                                                PID:972
                                                • C:\Windows\splwow64.exe
                                                  C:\Windows\splwow64.exe 12288
                                                  3⤵
                                                    PID:432
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1904 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                                                  2⤵
                                                    PID:4956
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4928 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                    2⤵
                                                      PID:3448
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3236 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                      2⤵
                                                        PID:1364
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                        2⤵
                                                        • NTFS ADS
                                                        PID:4936
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3212 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                        2⤵
                                                          PID:4908
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2528 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                          2⤵
                                                            PID:3080
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5672 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                                                            2⤵
                                                              PID:4868
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3236 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                              2⤵
                                                                PID:4940
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3324 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                2⤵
                                                                  PID:4768
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                  2⤵
                                                                  • NTFS ADS
                                                                  PID:1460
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5520 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:2100
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:2364
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:2964
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:2
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:2300
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2940 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:4472
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:3404
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1444 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:1900
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                              2⤵
                                                                              • NTFS ADS
                                                                              PID:1324
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:1844
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1924,i,13064352455115883588,15771585683235415075,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:460
                                                                                • C:\Users\Admin\Downloads\BossDaMajor.exe
                                                                                  "C:\Users\Admin\Downloads\BossDaMajor.exe"
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:2956
                                                                                  • C:\Windows\system32\wscript.exe
                                                                                    "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6FD7.tmp\6FD8.vbs
                                                                                    3⤵
                                                                                    • Drops file in Program Files directory
                                                                                    PID:1272
                                                                                    • C:\Windows\System32\notepad.exe
                                                                                      "C:\Windows\System32\notepad.exe"
                                                                                      4⤵
                                                                                        PID:4204
                                                                                      • C:\Windows\System32\wscript.exe
                                                                                        "C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
                                                                                        4⤵
                                                                                        • Modifies WinLogon for persistence
                                                                                        • UAC bypass
                                                                                        • Disables RegEdit via registry modification
                                                                                        • Modifies system executable filetype association
                                                                                        • Drops file in Program Files directory
                                                                                        • Modifies Control Panel
                                                                                        • Modifies registry class
                                                                                        • System policy modification
                                                                                        PID:5036
                                                                                        • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                                                                                          "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
                                                                                          5⤵
                                                                                            PID:744
                                                                                            • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
                                                                                              "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
                                                                                              6⤵
                                                                                                PID:2748
                                                                                                • C:\Windows\SysWOW64\unregmp2.exe
                                                                                                  C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
                                                                                                  7⤵
                                                                                                    PID:3468
                                                                                                    • C:\Windows\system32\unregmp2.exe
                                                                                                      "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
                                                                                                      8⤵
                                                                                                      • Modifies Installed Components in the registry
                                                                                                      • Drops desktop.ini file(s)
                                                                                                      • Drops file in Program Files directory
                                                                                                      • Modifies registry class
                                                                                                      PID:3044
                                                                                                  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                                                                                                    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch "C:\Program Files\mrsmajor\def_resource\f11.mp4"
                                                                                                    7⤵
                                                                                                    • Enumerates connected drives
                                                                                                    • Modifies registry class
                                                                                                    PID:1132
                                                                                                • C:\Windows\SysWOW64\unregmp2.exe
                                                                                                  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
                                                                                                  6⤵
                                                                                                    PID:1692
                                                                                                    • C:\Windows\system32\unregmp2.exe
                                                                                                      "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                                                                                                      7⤵
                                                                                                      • Enumerates connected drives
                                                                                                      PID:4332
                                                                                                • C:\Windows\System32\shutdown.exe
                                                                                                  "C:\Windows\System32\shutdown.exe" -r -t 03
                                                                                                  5⤵
                                                                                                    PID:2836
                                                                                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                            1⤵
                                                                                              PID:4644
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2088 -ip 2088
                                                                                              1⤵
                                                                                                PID:2160
                                                                                              • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                                                                                "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                1⤵
                                                                                                • Checks processor information in registry
                                                                                                • Enumerates system info in registry
                                                                                                • NTFS ADS
                                                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:2732
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
                                                                                                1⤵
                                                                                                • Drops file in Windows directory
                                                                                                PID:4912
                                                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                                                C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C4
                                                                                                1⤵
                                                                                                  PID:4992
                                                                                                • C:\Windows\System32\PickerHost.exe
                                                                                                  C:\Windows\System32\PickerHost.exe -Embedding
                                                                                                  1⤵
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:236
                                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                                  "LogonUI.exe" /flags:0x4 /state0:0xa3a38855 /state1:0x41c64e6d
                                                                                                  1⤵
                                                                                                  • Modifies data under HKEY_USERS
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:4464

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Program Files\Common Files\System\symsrv.dll

                                                                                                  Filesize

                                                                                                  72KB

                                                                                                  MD5

                                                                                                  ccf7e487353602c57e2e743d047aca36

                                                                                                  SHA1

                                                                                                  99f66919152d67a882685a41b7130af5f7703888

                                                                                                  SHA256

                                                                                                  eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914

                                                                                                  SHA512

                                                                                                  dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c

                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                  Filesize

                                                                                                  471B

                                                                                                  MD5

                                                                                                  06dcbd58744f04194e9539c3b5d9d27f

                                                                                                  SHA1

                                                                                                  fcfe1c6e17de2200b346bf252dca02f9a4202ee4

                                                                                                  SHA256

                                                                                                  c39e7de26badc307d396e81725442901aba72d948ad68d3b7e280c232b4976f5

                                                                                                  SHA512

                                                                                                  51ff3ef89cbf78ab2080eb5fc970ad10874a2e664ab4e020d5e80418df9d57d10eaa61f0be09a709855e2f0f05ba1ec1ed65dd441299da1e1bbafbb6adb4169c

                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                  Filesize

                                                                                                  412B

                                                                                                  MD5

                                                                                                  66a2c4ec9f50324dee0833b8dbeef348

                                                                                                  SHA1

                                                                                                  07cf3a0d93a93d8af500a705199077f60f60b920

                                                                                                  SHA256

                                                                                                  f909763cee3686fb996f3f355990a3ce85d0242db0b5942764365d43e1adc4eb

                                                                                                  SHA512

                                                                                                  5c39a038153163dbba9a9c5e5c7a0f375e470d0d04094846aea0756c98c8ad5eabfba0348d107f8834605a9fc4d0b9c930402673c20ae3ff653591bb23a170a2

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70bc0835-f5c9-4259-a8bf-6e2c1043eb0f.tmp

                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  0d65aa22f0eefcae5da7124548088aae

                                                                                                  SHA1

                                                                                                  e04937327cfb80c0f117b7423fa843838ad06549

                                                                                                  SHA256

                                                                                                  6a5121a7d5250f288cbcd2aedc6564aeaf1929b971db97c3ebdfbd2b456cea15

                                                                                                  SHA512

                                                                                                  cc75950280adc25179ab5e32a51fe78c426388f54cdc3c65dd61031d3de893ea812db356a7dbc500a33792a83254089c8f04238d001d92aa1eaab297c09dc4ba

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  4e75c2a287b853a9a24dc6ac15bca15b

                                                                                                  SHA1

                                                                                                  a24fdc41b6b3127d66aa1bdea0e3b1505d9bf8ef

                                                                                                  SHA256

                                                                                                  799051fd4e60742ebd75da2a1d10c0ad72bbfa2cf76205c5749f980aa41583d0

                                                                                                  SHA512

                                                                                                  b44a340323e8926d8a9dd2563ad985ef5d89293848ce9791541a6bf0063f4316d50f39a29d3b7e27b92683eb499d8dccb0d1aeb02e08d8a5c5c96f41af097851

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  96502ed98dc370fdb444beda1c84f654

                                                                                                  SHA1

                                                                                                  99c25459e7666c23bfe3deeeef50c1b138ea717e

                                                                                                  SHA256

                                                                                                  b4de3420c7459d72c110042173c20af3642e3c73f727afa69671f38b2f209946

                                                                                                  SHA512

                                                                                                  eefbb41daa000596a9ee0ac3dace9b63fdf1f1e39255a39b6f11d2bee7b75c09cbbc5a3c2b1a19755b25d78c036b3a13590a61465a5e18e7d22bb73de2e21726

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  af4c9c458f0542e1bab7208215399ec7

                                                                                                  SHA1

                                                                                                  8f2ce09d07389099f04c6617081dfb5a7e4438bd

                                                                                                  SHA256

                                                                                                  538932ad3d80c27e6d332ec086d7e13bcc59707e524be198ff45288cc43a29cc

                                                                                                  SHA512

                                                                                                  63b6fdfa25b67fe61c7ff345de68688f4edc36dc6a822f9a66cc0279d8ef4ee50dd287765c45f565a45682a44fc89f30cca4dc7e949ca707348d57cd6f0911d4

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  d751713988987e9331980363e24189ce

                                                                                                  SHA1

                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                  SHA256

                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                  SHA512

                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  eaa28c7e9e387233782fcac39d51e02a

                                                                                                  SHA1

                                                                                                  956eecba629418f280e1a0f945bd23cb18dba7a8

                                                                                                  SHA256

                                                                                                  a3329f3057e524dac5ee794f24891516f456840b441f04b811cb6ba0842e8554

                                                                                                  SHA512

                                                                                                  f707263a9eb89525ee346e71be1333515aff7eb9718eff727aee31196553620188d29f7e7c4637abf857df3e5370566882387fad1f975258f094189dd4cd754b

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  4d03131c4f6b320346a108509ce494b6

                                                                                                  SHA1

                                                                                                  fd271c17e167b36d6ee0714a6be08a898c1e2a1d

                                                                                                  SHA256

                                                                                                  a1cf575bc04bb9a3c2d667c3911069282232a118e9a8c3c765944f0df02bd898

                                                                                                  SHA512

                                                                                                  90dd8422713668d3cd9bfe8b86360cca4046fecaab4bb401068045549a8177cc207f358688765b7f3541919cef267cbc79a18b003c42a054a87652cec8dad571

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  476921c319d9f60edea0aad9e7777da8

                                                                                                  SHA1

                                                                                                  a9afcccc68b2cf20c6bbc0267ad9df2600028319

                                                                                                  SHA256

                                                                                                  98a8f9944aba07ab856daa10015083d131f5166c1c118f32057c2ad4da7b7375

                                                                                                  SHA512

                                                                                                  02791e754a24efc2b8d4f1d3d2ea7cdb3529d01d4a6221620c9d03a3275620e4d398092b50294b0d3ce01a1215fd4482cc3e6484f40e91103053ee75a20e6a16

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  a10d3437a4ea9612d89dc5f69dc2b32d

                                                                                                  SHA1

                                                                                                  d05f4465e6a4daae848a7b75a10ac10c3ab4245a

                                                                                                  SHA256

                                                                                                  071b71c7846937febd0a114de9dd63177064815b1d28279fe181299d5473331d

                                                                                                  SHA512

                                                                                                  5fc82b5b501e068e17cd90b6ab3c68ccd35ceb2896072ceaecbaed1d5e221c7b21e45de59942425d2dbc2f725580ba3a29f9a300afe77a63946c621c01a67309

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  014cba5860dc865830ce95ac84c48ab8

                                                                                                  SHA1

                                                                                                  f55eb08b6022094f5acc2b3463693c011e29773b

                                                                                                  SHA256

                                                                                                  ac6c4d41ec0dd4bf22950cf4078cf355ca71698f64e2afefd719ccb5beb8b29b

                                                                                                  SHA512

                                                                                                  598e06e6000b495a3d46806d0fbb9037ef4cc3d4a2e9af85e9c1a83951c504e1e58e22b02c5bd7d28800117f8697aa9ae09db69c124ae1cde4eca96be1f0ce31

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  a76415d659a361cfb9c38132178c9434

                                                                                                  SHA1

                                                                                                  b8e50fe0b775741bef5e65fc4d9c0e7de674d3d3

                                                                                                  SHA256

                                                                                                  c29c1592d53ebcde23d581870923c2d2558af666525327d09250775b90a5da94

                                                                                                  SHA512

                                                                                                  ff4347cf55b942e326832682c67a6acbc7511d862b9378ffcec2ba65e93595eb3a42528fae692998d295ac469006987ba3846c4f578a484d2d6cc22c327a6233

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  dbd1078532d65ea92a6f6aff7270ea40

                                                                                                  SHA1

                                                                                                  927a533a8ef533b7c6cebcebceb8d874cadd0cb9

                                                                                                  SHA256

                                                                                                  1f15d0557810660f454597540959fa8e420a143f3a336bc1aec77c63be22980d

                                                                                                  SHA512

                                                                                                  3df60fb11c139ae05b6f5cf1cda5984de402b19fbcb2aa5a9ae65ea2614a99d4d032b96c3011495556eee70658901713a5a86a556a65783e8a7e390a030a8b91

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  a9f0d0ca8a8536b2db2567f1ac0c5c64

                                                                                                  SHA1

                                                                                                  42d2b7c353b4b09b8c81289b3707901aac8799d4

                                                                                                  SHA256

                                                                                                  3c405cc4b5fe955a255d1beaab3c8d7cb8ee41a8d3c98c80952731cc1c5c8dcc

                                                                                                  SHA512

                                                                                                  12c5b722233755a097e1228617820c8f8ad7fa95d6d4557ef7c328adb5e405e93eb305f8b071e3273d71b403109440f4fd335caa06c4de1490f365d7d64e023f

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  356B

                                                                                                  MD5

                                                                                                  bea3a08d6af27922e6ee1ced5f664596

                                                                                                  SHA1

                                                                                                  89cfb6d214250a7b1a128a903570120a58552591

                                                                                                  SHA256

                                                                                                  6ee00e310159e3727fb9bcbd80cd0c0591c574cf883b1e0d606b07700c7e4967

                                                                                                  SHA512

                                                                                                  49bc06ddf4b60d9c4a67b480bbb77032aeec34c33e5137088b5e09251aeebef9a544b4bff69e1b86f951a74d850941983ca137167c2fd1f032a314c636365db0

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  29963864352a4bb867e418a3a5cb1814

                                                                                                  SHA1

                                                                                                  fb633b9a8288c18f06773c28e58e5628513107d9

                                                                                                  SHA256

                                                                                                  053bbc43743f53df6c94fd6806df2ce1b45dd987391ad7d13009ed403c30dfa8

                                                                                                  SHA512

                                                                                                  032a72a85adfa1928cb048762a1d1a4ad338996cb1d35c8d50e783d95502a516babb9bb5bb4a2ab3977967fe0317e7f82318ac1e65ef59dd86ec1e50d469169c

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  99c9ef8a85dc90b2db3cfd5643eb56f6

                                                                                                  SHA1

                                                                                                  1465b3093025b8b775091db84013dc6958e93723

                                                                                                  SHA256

                                                                                                  cce02ba4959d400ea2bf48c0701128f7acc5e36371e54050d8bca78e82a271c4

                                                                                                  SHA512

                                                                                                  4573431fd49d1b83302ce917df3aab86d55c5c7f3022b73d1439ea91ee2fb3440579753c69362582d77294446e83c50646e15774fe3ac196880c9b61d62e1682

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  53f87be3a7d7ccebcff19084062f1dbb

                                                                                                  SHA1

                                                                                                  269a4bc753e4f6d9e114e0520c724b7c30c920e0

                                                                                                  SHA256

                                                                                                  aa9ff072cb9dcc32f5e35411ec010f945a89a44781c68762ea4e5f29b614d285

                                                                                                  SHA512

                                                                                                  526df95881fdf661b3e3368173ce9ee0da15c67c31d73acd9dc7e249520e169140fef5dd8158a44dd4277720cd99a2655c1760b1d2878e9d25ba1eb0be3344f9

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  b0acda02def8edb78fe3f13109b65126

                                                                                                  SHA1

                                                                                                  44d82827a5dda5340e422c1f4d09cd9944d17d02

                                                                                                  SHA256

                                                                                                  4bded0a443331d50703b1bf0a92fa2e859591787aee976f843b1b850e75adf31

                                                                                                  SHA512

                                                                                                  417dc683c0375c99c0ce24d5d15db4885060fc7248d063010d1dab5145848d376342eb4b47d36a2b970de30808d54a83298c03a8fcf8b0b691c315533a44d4ab

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  085c9de2b7a4fbd7ff8e082720e3f443

                                                                                                  SHA1

                                                                                                  9030861c6376dc275f7a4f2837e76408b7573eda

                                                                                                  SHA256

                                                                                                  0ab6a8b3959ca6b3375fa5911b54956dcb159c39715b4aee6584d7af560528c5

                                                                                                  SHA512

                                                                                                  2e005a3ee0f84024b82088e4165061be16b820bb12e5884f4ed63c7bcc2e24b9ad7aac40c3651efadeb87f9eac358680370ac8cd24d4760c3ba367c2202f67d1

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                  Filesize

                                                                                                  16KB

                                                                                                  MD5

                                                                                                  1e684bdc7c61aa15cad6ff982b6b5d95

                                                                                                  SHA1

                                                                                                  3ee5fcd2fe10a4a4ed1f66c499d6e1bc5fc27ca1

                                                                                                  SHA256

                                                                                                  717504a85a1c4619f4e231c1528e058db251e66610a4597bad32e5cd4672f066

                                                                                                  SHA512

                                                                                                  b7b4a2a698f14b4adbe910d6aa4bc196b603d998a37e0b0853d2182a509eda5c071303678e706a4cf7727245f619d77cb1cec1f0031d1402b9d06caaac881212

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                  Filesize

                                                                                                  260KB

                                                                                                  MD5

                                                                                                  bfaf5ff5b6318ce4a8418b9ddf89f69a

                                                                                                  SHA1

                                                                                                  c4e864c485b8df28400cc5b7113f4dd24776111e

                                                                                                  SHA256

                                                                                                  d78d331bd529b805f5e8bf50be93137682faf05d1b8078a03debb393bea69720

                                                                                                  SHA512

                                                                                                  eed9c54e654b0e13471235842fe2da184a8761ae2b92f801766786d0dc1aab5e50de3040afeb1295dbd47da0eb87e9bd09ef153ba11f4cab4c5eec74da9e2fdf

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                  Filesize

                                                                                                  260KB

                                                                                                  MD5

                                                                                                  94f4dd7ee71b8eff76d1685cf2520727

                                                                                                  SHA1

                                                                                                  e57df8fa7499025e32a24cf89bb81a72e741ed0e

                                                                                                  SHA256

                                                                                                  7495edf00eea20e897124987696cfc80f02e5638a36b8dcd715b429ea470d9f3

                                                                                                  SHA512

                                                                                                  9aad1d65a1700329c9d09abc86088d457b7a397ef39dde4e3d3fbd39ea5dfc8b57677eeec00fcee238e13e3b32ed3c37c935a8473405336ba43a2e9f22181bd7

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                  Filesize

                                                                                                  98KB

                                                                                                  MD5

                                                                                                  08d73cca48e80961652bd56b12faea41

                                                                                                  SHA1

                                                                                                  42c4f038f5264317e1847ca4fae7c044d06c1749

                                                                                                  SHA256

                                                                                                  d8dff6fba087d36f3697559dc17cea53dcee2f679f5ec202911c2be1800f04cc

                                                                                                  SHA512

                                                                                                  a380bc6ce3e201d7a5bfcaa8cb608a822c39fd9353602eb840b8b7a92c661262f6ae84ac183a79164ef61bb3ee33a1416da0df970cee312518f263f3e6342c42

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                  Filesize

                                                                                                  100KB

                                                                                                  MD5

                                                                                                  7f7114342fb4a3ee770dad76e606c5d6

                                                                                                  SHA1

                                                                                                  88ba1c09b27bbb8995580c2ffb3b69395d944e9b

                                                                                                  SHA256

                                                                                                  1ab9fbf8e54a0a356029ca917d1998f4341ca08f4df46712d338902cc063005a

                                                                                                  SHA512

                                                                                                  0e50dea6feaff193c101eec53ddb0818f281798a579b0b5b29e5d8b537970194fe975df3c00c509572e97746f877485af9bc06b3aff35b7f81248b4c6458a6db

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583803.TMP

                                                                                                  Filesize

                                                                                                  83KB

                                                                                                  MD5

                                                                                                  9d54562d239b98ed9d47d52925520d65

                                                                                                  SHA1

                                                                                                  3dd9f8c0fa9ac1bd2215160fffbd75e60abf579e

                                                                                                  SHA256

                                                                                                  c4e2a6bf659087ab2c04c0ccc060d64c7edc99182d48840acc821aa08f1de348

                                                                                                  SHA512

                                                                                                  7ecd358a4f25f4efb665d8ff3c15f90d5d4f5ade0882dd03c2a34281b5da19729eeadc12fef0839b9f2d5b9c639f28556ae00cd1e250169e2fa06c703abf000e

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                                                  Filesize

                                                                                                  256KB

                                                                                                  MD5

                                                                                                  1553f4412f0373d5333a9f12e49e863c

                                                                                                  SHA1

                                                                                                  c117ef6e8cd55a9bdf974a228bde97aadb440cad

                                                                                                  SHA256

                                                                                                  ffdb9c3d8773e354d5a048e7b48ab4bf684deef7d72482a1762c437ed23d0c8a

                                                                                                  SHA512

                                                                                                  ca76ad53c021753f43c166d147f03b873166c63e494f55e20da0077e96fc8dcb48a4012e94b14ae12cce86dfde5901e53ee233ff72b4d68ae7005d0744103ebe

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

                                                                                                  Filesize

                                                                                                  21B

                                                                                                  MD5

                                                                                                  f1b59332b953b3c99b3c95a44249c0d2

                                                                                                  SHA1

                                                                                                  1b16a2ca32bf8481e18ff8b7365229b598908991

                                                                                                  SHA256

                                                                                                  138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

                                                                                                  SHA512

                                                                                                  3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

                                                                                                  Filesize

                                                                                                  417B

                                                                                                  MD5

                                                                                                  c56ff60fbd601e84edd5a0ff1010d584

                                                                                                  SHA1

                                                                                                  342abb130dabeacde1d8ced806d67a3aef00a749

                                                                                                  SHA256

                                                                                                  200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

                                                                                                  SHA512

                                                                                                  acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

                                                                                                  Filesize

                                                                                                  87B

                                                                                                  MD5

                                                                                                  e4e83f8123e9740b8aa3c3dfa77c1c04

                                                                                                  SHA1

                                                                                                  5281eae96efde7b0e16a1d977f005f0d3bd7aad0

                                                                                                  SHA256

                                                                                                  6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

                                                                                                  SHA512

                                                                                                  bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

                                                                                                  Filesize

                                                                                                  14B

                                                                                                  MD5

                                                                                                  6ca4960355e4951c72aa5f6364e459d5

                                                                                                  SHA1

                                                                                                  2fd90b4ec32804dff7a41b6e63c8b0a40b592113

                                                                                                  SHA256

                                                                                                  88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

                                                                                                  SHA512

                                                                                                  8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AD46F96A-6D65-4B6C-8D35-9E66198241B5

                                                                                                  Filesize

                                                                                                  161KB

                                                                                                  MD5

                                                                                                  a99856b5d7b81a4dfe79d24a0bfb4f0d

                                                                                                  SHA1

                                                                                                  603dc55493e0d53c0cd2e583b9560f2581a81ed6

                                                                                                  SHA256

                                                                                                  505155bb70e33495d8c0c86f9d9c1337deabfdcd101b859c9b9b459fa830a242

                                                                                                  SHA512

                                                                                                  693edfe303b5c55b70f91888b5d8ba34bbefb19e7f843a05f00b983f418cf4c7c8b18189ccd39af033e3f3ae47c2fd789bc37634a9ee52070dc527a4420f025c

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

                                                                                                  Filesize

                                                                                                  20KB

                                                                                                  MD5

                                                                                                  df84e828c74c7f2e8976ab709fac0795

                                                                                                  SHA1

                                                                                                  478548e55f726c55e35b7a55ecfa4e7fed2976b4

                                                                                                  SHA256

                                                                                                  e1d93ce8e60c42db3a0edcfab7276f50d02702f8de0b9313479906260693baa0

                                                                                                  SHA512

                                                                                                  4f019b1aec6f7e2435556751d3708a872947555105cdbdc0acea7ae68e55d9bf58d5d1bb6bd3c69e3440d777ecf1ed0fb955267678b617323755bdd25f9e481d

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

                                                                                                  Filesize

                                                                                                  22KB

                                                                                                  MD5

                                                                                                  20734ec3c51bf31c3ac357316482dbaa

                                                                                                  SHA1

                                                                                                  f231623442c977fa26b50080c81ad870ae08652e

                                                                                                  SHA256

                                                                                                  7e99f4bc504b23418945bc85c6f093b8de26f044095df30ed1b321b86d4f0230

                                                                                                  SHA512

                                                                                                  ef2f351f340ed1a608c535e4a2f778cab7b271a4bdf0f876eb443085f599abf7e7c731dd5ec84c7e60c6f40edb07e176a8ea713c8a57ac7be0e75ba1d2704f44

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db

                                                                                                  Filesize

                                                                                                  24KB

                                                                                                  MD5

                                                                                                  b00f3f56c104c94e03cd2ad8452c14e7

                                                                                                  SHA1

                                                                                                  51b78e45015e0d9d62fbdf31b75a22535a107204

                                                                                                  SHA256

                                                                                                  ba2b669020334ff01a85bfc900ea4371ea557bd315f154875d9bdfdc16ae8b50

                                                                                                  SHA512

                                                                                                  93e1609be5bbb414c285f37432ce93294c3d1583ef46c7c6c570c122f0b166c34b0ad87de708005c8af97dee27923ba53395a34c2563cdadf3c0a708848b3525

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  d444f823123b53a68396364473f6678a

                                                                                                  SHA1

                                                                                                  d42efe4ef369aaa2ff92fd4d362934da6237c56b

                                                                                                  SHA256

                                                                                                  b6dd994f1f0f40662738fecb3a31d5465cdcce500e9f2a9777685e168361f533

                                                                                                  SHA512

                                                                                                  397e3fac3acaa7f6827f5723ffdcdcb3ac432cac4255ba5cda044c3518cfac46bf311d8d9b2dbfba07cbd1a752ffbe83c13886d48f5ec2cbd751a9eef1044bfc

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

                                                                                                  Filesize

                                                                                                  9KB

                                                                                                  MD5

                                                                                                  7050d5ae8acfbe560fa11073fef8185d

                                                                                                  SHA1

                                                                                                  5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                  SHA256

                                                                                                  cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                  SHA512

                                                                                                  a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2843FB45.emf

                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  0ed5bc16545d23c325d756013579a697

                                                                                                  SHA1

                                                                                                  dcdde3196414a743177131d7d906cb67315d88e7

                                                                                                  SHA256

                                                                                                  3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3

                                                                                                  SHA512

                                                                                                  c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af

                                                                                                • C:\Users\Admin\AppData\Local\Temp\vbhja.rtf

                                                                                                  Filesize

                                                                                                  816KB

                                                                                                  MD5

                                                                                                  0a8d790f6961a7515c3a16858e301058

                                                                                                  SHA1

                                                                                                  8c1174b3f093cf0b7ab8b37b91aa5e7e4ef04453

                                                                                                  SHA256

                                                                                                  9c2770bd5594ea372fd49f501bd91fc95511d4bea88bf1a722290269489daafb

                                                                                                  SHA512

                                                                                                  80d607f959da8f15749b0647de5270e5a56334b842630b7b56c18f19711702d5ddafad890b08e345275a8e65f578196c50a3554505dd73ba21642a782720f334

                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                  Filesize

                                                                                                  249B

                                                                                                  MD5

                                                                                                  74635f6e5554ebd726fdca0c002dbee2

                                                                                                  SHA1

                                                                                                  278e66625144f9d89050b0bedb482a68855b97d4

                                                                                                  SHA256

                                                                                                  483e814b8f7ff4423f67f93987147b151908e1eef88479b67d4c7c69e5444424

                                                                                                  SHA512

                                                                                                  bb5dfc5a78b97bd7a5bc0bfe1083b1f03b5592543abf9ce00a7a36c84fb540ddfb1c8ec8994f7e6eabc30b6de896414d171d7eb3c0735ee9708093162fd17f34

                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  d2f2dffbec545bac45c5781348dd9335

                                                                                                  SHA1

                                                                                                  be42998b54a0795cc40eb230f4592738f8ab630b

                                                                                                  SHA256

                                                                                                  4a82c071d6c7ad2ea87e34cb7a7e14a046695839c444c448375c8a6fdecb5e4a

                                                                                                  SHA512

                                                                                                  0def379b1878a3fb51657acb5856573aacffae49a9f05a26af7218491e028e0576c1c840466af5fd6ba3c93bd0b8e631a95859959354b84714c7aecd7d5af88c

                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  a8dcaf84d502dbc7238aeeba4a219148

                                                                                                  SHA1

                                                                                                  fef4dd88af189294cfa9f8fc0101f28fa9efd74f

                                                                                                  SHA256

                                                                                                  0ff04bde4e46258c401d99c00e3cf3699a57ff6d4466617095d1ee5b1bc34f67

                                                                                                  SHA512

                                                                                                  6e1b8f103edf8e8f19ae1711220afa464b7b3b958e5b2f2e0f7d0daa0a545a32e9648a2dd5b7fed73d4fdd816c15aeb322fd50231a41f84083f9e55a6bcedafc

                                                                                                • C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt

                                                                                                  Filesize

                                                                                                  27B

                                                                                                  MD5

                                                                                                  e20f623b1d5a781f86b51347260d68a5

                                                                                                  SHA1

                                                                                                  7e06a43ba81d27b017eb1d5dcc62124a9579f96e

                                                                                                  SHA256

                                                                                                  afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179

                                                                                                  SHA512

                                                                                                  2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

                                                                                                • C:\Users\Admin\Downloads\AxInterop.ShockwaveFlashObjects.dll

                                                                                                  Filesize

                                                                                                  17KB

                                                                                                  MD5

                                                                                                  451112d955af4fe3c0d00f303d811d20

                                                                                                  SHA1

                                                                                                  1619c35078ba891091de6444099a69ef364e0c10

                                                                                                  SHA256

                                                                                                  0d57a706d4e10cca3aed49b341a651f29046f5ef1328878d616be93c3b4cbce9

                                                                                                  SHA512

                                                                                                  35357d2c4b8229ef9927fa37d85e22f3ae26606f577c4c4655b2126f0ecea4c69dae03043927207ca426cc3cd54fc3e72124369418932e04733a368c9316cf87

                                                                                                • C:\Users\Admin\Downloads\AxInterop.ShockwaveFlashObjects.dll:Zone.Identifier

                                                                                                  Filesize

                                                                                                  304B

                                                                                                  MD5

                                                                                                  8b4e07bbd7e3fd75c6cad687aba06389

                                                                                                  SHA1

                                                                                                  1fb0c88fc7c24b0acd605e8ea4d25242aacc4498

                                                                                                  SHA256

                                                                                                  51a6ccb79b72b34ea917dfc7bdbbbbbfef90de90ea1785b19e12a7227fa0423f

                                                                                                  SHA512

                                                                                                  09e53f59c4b8ceb30cc013fb09a9c0d13ab77f376d526189f9ab0783dc829a524727ad76d888e274cd5663dc3512829a0e9aa5d73c0be8a6e6e90a845179dbc6

                                                                                                • C:\Users\Admin\Downloads\Floxif.exe

                                                                                                  Filesize

                                                                                                  532KB

                                                                                                  MD5

                                                                                                  00add4a97311b2b8b6264674335caab6

                                                                                                  SHA1

                                                                                                  3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec

                                                                                                  SHA256

                                                                                                  812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f

                                                                                                  SHA512

                                                                                                  aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70

                                                                                                • C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier

                                                                                                  Filesize

                                                                                                  120B

                                                                                                  MD5

                                                                                                  f9c7a8bff0ed8cbe8b3352095ecb07f2

                                                                                                  SHA1

                                                                                                  7c402c33b85f2df75a29ad0821632625994cf577

                                                                                                  SHA256

                                                                                                  aa5d8c67b97b355eae91dfc61ac6860a2dd17693b882b1c0093965d8af39f238

                                                                                                  SHA512

                                                                                                  3d74ac3219508fc39f88744bcfffcf735098a9625827b284893f9e143bbe66eafdd0eefc3807c0e62092eba16fdc8ae322e943ab11476f0be36bed41a5ab0076

                                                                                                • C:\Users\Admin\Downloads\Interop.ShockwaveFlashObjects.dll

                                                                                                  Filesize

                                                                                                  21KB

                                                                                                  MD5

                                                                                                  e869d1d4545c212d9068a090a370ded3

                                                                                                  SHA1

                                                                                                  a6a92f108bba390cd14e7103ba710efec1d270f9

                                                                                                  SHA256

                                                                                                  63af704211a03f6ff6530ebfca095b6c97636ab66e5a6de80d167b19c3c30c66

                                                                                                  SHA512

                                                                                                  ee108b0ebefb476c5beb568129da7ce058229fb42ad3500c6fc37a36d718eb67a17b331d73f6920a5290c3977be2eda96aa057533c3344898d161cb464c6ef76

                                                                                                • C:\Users\Admin\Downloads\Interop.ShockwaveFlashObjects.dll:Zone.Identifier

                                                                                                  Filesize

                                                                                                  160B

                                                                                                  MD5

                                                                                                  8619c1bd767b50bda9c3f31a73c33575

                                                                                                  SHA1

                                                                                                  78a69fe4b83c7f2a0d1d809bc09e984ed0b67986

                                                                                                  SHA256

                                                                                                  083faa0f135f99e94c5f88a2e68c2369a47130bb7c9ba54a6615e7f8eb791c8a

                                                                                                  SHA512

                                                                                                  38180eb2ef23f8a1186815efa3e70d3d4a0db2aeda8f5ad5de34a5a2fbd5cb76ba34e4c52c04899eac02302768fb41280b55eef974efea19eac909e59cf4fdfd

                                                                                                • C:\Users\Admin\Downloads\Unconfirmed 916021.crdownload

                                                                                                  Filesize

                                                                                                  1.9MB

                                                                                                  MD5

                                                                                                  38ff71c1dee2a9add67f1edb1a30ff8c

                                                                                                  SHA1

                                                                                                  10f0defd98d4e5096fbeb321b28d6559e44d66db

                                                                                                  SHA256

                                                                                                  730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a

                                                                                                  SHA512

                                                                                                  8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9

                                                                                                • C:\Users\Admin\Downloads\metrofax.doc

                                                                                                  Filesize

                                                                                                  221KB

                                                                                                  MD5

                                                                                                  28e855032f83adbd2d8499af6d2d0e22

                                                                                                  SHA1

                                                                                                  6b590325e2e465d9762fa5d1877846667268558a

                                                                                                  SHA256

                                                                                                  b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e

                                                                                                  SHA512

                                                                                                  e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

                                                                                                • C:\Users\Admin\Downloads\metrofax.doc:Zone.Identifier

                                                                                                  Filesize

                                                                                                  208B

                                                                                                  MD5

                                                                                                  a10e4fdae1afe986f06734d531d70c9f

                                                                                                  SHA1

                                                                                                  77af05afc723ea8fa055b4ceeeb66561c3730aa5

                                                                                                  SHA256

                                                                                                  96c810b47cd4da12574414e8885c5057c805e6cbf6f13bf3bc25d23fff154355

                                                                                                  SHA512

                                                                                                  fe18b92ad6096ad94cfe866b76f8bf3d5d8ccc8f32322f86bb2be50491eef5bb628a5bab060d98a3743ead58837ea1a3aa996b72efa13bd1583297a64f465f9a

                                                                                                • \??\pipe\crashpad_1456_CVNQBYXZBYPSGRVS

                                                                                                  MD5

                                                                                                  d41d8cd98f00b204e9800998ecf8427e

                                                                                                  SHA1

                                                                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                  SHA256

                                                                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                  SHA512

                                                                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                • memory/972-477-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/972-474-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/972-475-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/972-476-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/972-481-0x00007FFD55690000-0x00007FFD556A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/972-479-0x00007FFD55690000-0x00007FFD556A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/972-478-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/1132-981-0x0000000005680000-0x0000000005690000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/1132-980-0x0000000005680000-0x0000000005690000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/1132-979-0x0000000005680000-0x0000000005690000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/1132-978-0x0000000005680000-0x0000000005690000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/1132-982-0x0000000007E80000-0x0000000007E90000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/1132-984-0x0000000005680000-0x0000000005690000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/1132-983-0x0000000005680000-0x0000000005690000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/2088-404-0x0000000010000000-0x0000000010030000-memory.dmp

                                                                                                  Filesize

                                                                                                  192KB

                                                                                                • memory/2088-405-0x0000000000B50000-0x0000000000BC5000-memory.dmp

                                                                                                  Filesize

                                                                                                  468KB

                                                                                                • memory/2088-407-0x0000000010000000-0x0000000010030000-memory.dmp

                                                                                                  Filesize

                                                                                                  192KB

                                                                                                • memory/2732-647-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/2732-650-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/2732-648-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/2732-649-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-15-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-16-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-63-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-64-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-65-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-62-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-20-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-21-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-18-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-19-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-17-0x00007FFD55690000-0x00007FFD556A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-66-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-14-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-1-0x00007FFD97F43000-0x00007FFD97F44000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                • memory/3408-10-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-13-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-12-0x00007FFD55690000-0x00007FFD556A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-11-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-9-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-8-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-4-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-7-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-6-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-5-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-3-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                • memory/3408-2-0x00007FFD97EA0000-0x00007FFD980A9000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                • memory/3408-0-0x00007FFD57F30000-0x00007FFD57F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB