bd5ffa82831abac90451c60585110daa6ff7eee249fdaebf0db4dc37bcd77d19

Analysis

max time kernel
300s
max time network
279s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21-08-2024 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rift X Installer.exe
Size

4.8MB
MD5

e05e03bc8a0b9f435ca90fc0d78a828e
SHA1

19278a5f99f989bf504f7d6869c49afe207afe6d
SHA256

bd5ffa82831abac90451c60585110daa6ff7eee249fdaebf0db4dc37bcd77d19
SHA512

709a2b117f64b5e9e9fb16522075cc09521c69fc09230b08b06296f75e538af18af95cc7f1cd06be660cc6b6fee867332c0de1212076dc8491460fae19b3c737
SSDEEP

98304:groSJ17ADReD4g+i/HBYxWhczcW4ihY5VZQhWVwLx:groSJ174eD4g+yHBYxWhcgW4gUQhCSx

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1736	RiftX.exe

Loads dropped DLL 47 IoCs

pid	Process
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Rift X Executor\Uninstall.$$A	Rift X Installer.exe
File created	C:\Program Files (x86)\Rift X Executor\RiftX.$$A	Rift X Installer.exe
File created	C:\Program Files (x86)\Rift X Executor\Scripts\iy.$$A	Rift X Installer.exe
File created	C:\Program Files (x86)\Rift X Executor\Fonts\Montserrat-Regular.$$A	Rift X Installer.exe
File opened for modification	C:\Program Files (x86)\Rift X Executor\Uninstall.exe	Rift X Installer.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4080	4464	WerFault.exe	80

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rift X Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RiftX.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RiftX.exe = "11001"	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RiftX.vhost.exe = "11001"	RiftX.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686925953016298"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "2"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	RiftX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	RiftX.exe
Key created	\Registry\User\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\NotificationData	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	RiftX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	RiftX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 980031000000000015596f2d110050524f4752417e320000800009000400efbec552596115596f2d2e00000018040000000001000000000000000000560000000000d045f600500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000	RiftX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	RiftX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 680031000000000015596f2d10005249465458457e310000500009000400efbe15596f2d15596f2d2e00000028a702000000050000000000000000000000000000004ddb070052006900660074002000580020004500780065006300750074006f007200000018000000	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 560031000000000015596f2d10005363726970747300400009000400efbe15596f2d15596f2d2e00000009ab02000000010000000000000000000000000000004ddb07005300630072006900700074007300000016000000	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	RiftX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	RiftX.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	RiftX.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1736	RiftX.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
224	MiniSearchHost.exe
1736	RiftX.exe
1736	RiftX.exe
1736	RiftX.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 1144	5040	chrome.exe	86
PID 5040 wrote to memory of 1144	5040	chrome.exe	86
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1076	5040	chrome.exe	87
PID 5040 wrote to memory of 1388	5040	chrome.exe	88
PID 5040 wrote to memory of 1388	5040	chrome.exe	88
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89
PID 5040 wrote to memory of 4300	5040	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\Rift X Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Rift X Installer.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 1088
  2⤵
  - Program crash
  PID:4080

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffb8ee5cc40,0x7ffb8ee5cc4c,0x7ffb8ee5cc58
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1344,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4760,i,6492732370177949565,16201496209535637888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:4784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4464 -ip 4464
1⤵
PID:4212

C:\Program Files (x86)\Rift X Executor\RiftX.exe
"C:\Program Files (x86)\Rift X Executor\RiftX.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Rift X Executor\RiftX.exe

Filesize
16.1MB

MD5
1d19310c70b8e0a52e0018d965cc16ac

SHA1
423522744a5e646314631bedee077a6ecf3d8ce9

SHA256
ce5fe457663da71c4c3a031afeeb12776e0c068af06210de85639df1dd4d249d

SHA512
86df951d754d3380a99d24732e7211eb0cdc0fc444a4a798110de4b9a412edda9413a1f82964e4fcc9c34462cc95b46a884352051afed3da60ca2446b2e509fe

Download Submit
C:\Program Files (x86)\Rift X Executor\Scripts\iy.lua

Filesize
58KB

MD5
5a2cf4946eb9d7328482ebd2b11ca31d

SHA1
805931e0d17317b438c4e4e9cb40c8515c96ee4d

SHA256
45e8afa693e787aec8b606f62160575f43617d37328a2805dc00ad78d4868eab

SHA512
d53806220790da2743ffa9be6d35a1a9e243bd5e471122397a84d7af78e0443a7a7e74c70110bb9a01c846091f7d957ad3a5bd580cec74258a394b472aba0c30

Download Submit
C:\Program Files (x86)\Rift X Executor\Uninstall.exe

Filesize
93KB

MD5
af83d34e3ed414791a4120d446bf8a87

SHA1
121ed94939a7d839e5c2a4a1271377cf36868585

SHA256
7ba97f62032b71e61f568fd20065a546fe3751c4bc98dd238543ba018a244c85

SHA512
a0ae350833e590366953d64c6ab769115a294b89e5a28fbef2c547073c71387238f280156b6afa4dc6bac57b0697b7c93a84996e2e73798a9541646339f17d73

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
83d1d18f7d53e248159694f964e2aa77

SHA1
6fa7483b50ed17ef86b3f72f85da3a127a7a99e7

SHA256
e7e208772fd29ceabb060abca7bb3df39bdbc374873e36d0241672949dcae452

SHA512
a0465cad9da298e9834d86f0047e12d0f79dc992d858da66c3903bfd6db5fa7a8ffcef299f92ffbde3a94c04fe65edd1aeb0fe537b630cbba54d6c0990601c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cd866018a0a4bad181c3b5b871a06175

SHA1
3b3a6d9d148223f5d602938a898b9026b655f800

SHA256
de11c2d6a42a32611223d924b688871ef1c391e5436736b7aafc6289fba9036e

SHA512
e0cb27b9b6b3bc9ef403ba0503489e6227efda229c4dda3c75b0fa5fbe96cf22ee0c4fae252fdb26964d7d16677c392093ef19b930082cb7d3d9380df3d59bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
925990424764daa8f68a97f9c799e470

SHA1
8b455f895e8a3a604de11a0e70744cfd1a8728d2

SHA256
88b11f9b04df79972ce567219b8e132cecff32b56ad4e3d4efe91136aeb03f35

SHA512
9b3fff6b673a7cb99a7a6de2ef33cbf4922ecc8a228cae19cfb4a1b408595db99a0d4c25e2cd6e145982ca6f0d76e75f0fda735f407ee11e8a1cec18a36fe53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
18d29ec89e30ac457ce09289b6c3ca35

SHA1
16e7a4998038e0ffc0c78c266d60b4fa586b8e36

SHA256
7b9598da5efa6f79b79e4e0e8c31ecbf61d55280ba94249dbb571dcc4787b6d7

SHA512
2100089411c2aab37bbc19019ad344d8aa212826a658642610fa67017cfaebd3178b2bf001e3dd4e5e04c2eb61eb9fcb50a74efd8d8f0005e620d9db70f3b595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c2e361a2983a6b8a8eba40a2302aaa6

SHA1
a9d0707e7667e654e3b2e1b70d3cbfd1b240993c

SHA256
9dfeff694672ea4753ee9ab7a6d8802ef7dfddd5c3af7a5ecd5ce94e722d90f4

SHA512
4d33078f1f17accc9cd8aaf36bdc31ab74d7b407363c85fdb3e035d715db0198a450ef7b3a518eeb2fee727e46e6da66e5c20a709bcaebf072c847b4e786623c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bf40df7c89dd864d68027ab0027b815

SHA1
4272e03e93e9277b7d7e5436e053afaf2efaef26

SHA256
80c74b2e4f4e5172604f44e3fc36546bfd34f3e4af942e3ce8e3815794324240

SHA512
a9604c6461d168299c2f150e3512a86aaa5c9484d16ca9567380699c1008bbd67c21454934060c1edf0c2f05db5bff1f27ef93c7343ab389628dce819e86734e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf9c69e16f1f53464132e0ee28b135eb

SHA1
2e658d511d699db72053e87ca14d9a8cf27244a6

SHA256
19436fe722bcc5a7cc8d8bce3eb9f310b11f5f24e13d81b1704a9cc209e9edff

SHA512
1da9ee5fbb207d14d7249a406eb3aa3140324ef6e24d2526e59c4346026baa542d7002d467109c3a4975ed5a1269e5bc499ae098112dc70bd20c3196b3bdde3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04e8c65d752a026dfc4a6cf09205b53b

SHA1
29cfbd29882add0724d7e18c2fc55bdd9153c243

SHA256
d28ccd40751627c0910014952ba3f8006f0943428f3b6bd3220bf44d3e36ecc5

SHA512
8118254d5534fb1efe27bfa575a40f87edd742f022b083fb59b456d96ce157eaa86ce4b7aebec7dd76de59ac7b388e0a9a00d4b7182200b5e4cd66fd3a20782d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66fb134d881ea5265306c78f62627b8c

SHA1
1310cef46710960f94340f4576011be742136523

SHA256
fb9cd39c2e7baf9725570fb328ccb1fb83e5ba72432608a25078a01f890d9abc

SHA512
bf4af5eaa06976beda1d7803bee2be91fb566ef1720605a39ceb80951824303cdab3afb28120fb6a9a4331b14f9de735a856c414b0a870f45d98c8bdd564f273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4df5fcde6c4c4fc919fb74c1559316f8

SHA1
7576b5abadbe5b492a33d3e1041b49d02202f6bd

SHA256
7feb5d879354507d046dde9ab059bcdc5d570d0634fd9e101b7441d967280f2f

SHA512
d9267b8cdc5415e51a6eca061e935bb20e9bbdd5c5ea465ff7d7d6efb5fc08cdc0fb35441706aa6f6a2fed05d9709b03c7378d51b1c530930b1fb776209aebb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e9814329797f776d1a140ca89ac1072

SHA1
79ed2aa7c306641b2049321b06887621884be610

SHA256
8dcd5d6c7fda3987c3233ff52b5b5b359136c8ce3f747b000a9e2761e20d4de4

SHA512
af3c596b48e9ec654b53051f6886a1bd8b38efd2075d305d8c6e373d51100a12a2d952506d4687761052398d4d97814615bbe634a718a1eb5ea753db269bfb4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00cbb71728834715126a271303b76a2b

SHA1
d961be1c555a58063b3e941cee3ff4dcee97f55e

SHA256
997f618cf18b74f57bd617a2c0d88049bb5cf657e7c1c729a5d3729cca268392

SHA512
b0fc9dc23d9ef1ce5688f1eb1787560842ba2b5a993fe0e02643cb685b6b18e16c29e3fd6e4d5d89d13f0b036fb4a3d28b53d840829ed9674ced80da5e73ceca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72d752f1d5237e29fa9efcb370bee3b6

SHA1
11d80f61eca28e44dc81da9d10454286a3aa60bc

SHA256
7eebd90ac5595f0fd9b9201d0839855594de66bba098b47f47195b4e6f9a91d6

SHA512
498cdf42c47d0123daa0fdc520d156d24acd6796020571605ff6bed0f5ca9d5fea05495deb0cda2b2a1fb2be2880a73d1965ad1fd3b8a463726a05654067eeda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be42cee6635de8a6160a8076bba51364

SHA1
14a40cae05e8d4643547d7968da4077a1a80cc47

SHA256
05682628697995f7256f60f9e4aa11807d68e5667bfd233fe920298a47d221cf

SHA512
5ab2ac55969a31e411ebdb24177d83cd6321209e1e4689e766c986d7ab58aefb8cfccadc6c0bbde4c542ef1f3de01e0e2f434a3e51fd0ff8f857d7521cf68b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff38590cfd0652ed34d9a648ebbd299b

SHA1
2acc1bd977aed8fedc3d305a80ce7085a0494df6

SHA256
87522821319b0f3465e11c8b72a93511bdf510b63ba402c8e6dda88b5ed6aac4

SHA512
e3033a9f89b33926c6e6de4d75f545132654ecaf96d08edbe4a5c4187e96483808ba58ea5806667c3f37913dc5073b1e3d436c416998003436072353c6cadf6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79921bfbf8ae603912d433ed721d042f

SHA1
1b4b9e01e34eb92a9fe47b679eb4ff63d7eecb1a

SHA256
33a86bbd71e878d68f627cfa610749a7464144930a9969bc6fada60f3eeca4cb

SHA512
7830f15a263d8d7c7324d630ecdd6010900ad8b04cf7e3d8a14017085df84aceb4a5a43c8fe9f053c86f48e8fff18a5ffd6d1e8bd4fdfde8df4501f1202fe573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7998dfe8c0d9eb5937505bc4afc36187

SHA1
8877f02119c3abad35aec0f0bbad0fae4d0ec800

SHA256
5d3eead1612b61f32ab5f6afb3045fbfe194e923d369aebbde2a542f25a40173

SHA512
f1e33e80299d5826301af6c8004c0c85e0e6f88961f974f5a40bc5689ef549de8425fa304a5c643a31fafb9c3a40ceedbaa27ee24709a34dd9a41142f21a47eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79803a8f4ae7365c4370ff07213b62b7

SHA1
ca65ad036f026514fbce9cebb87417bd173d20b0

SHA256
8198f82ab9d35f2122f820e1f4cb999b282d3eac3999a821a4a69b411199312d

SHA512
faa78c69dce05cccb91608d3bf2c25f9297ce64b36da3205e4820796ab5d8eaed5511aeb521f2054c5cdc6cf17851f421cb43b0708d04dbc7f6b0f35eac22805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1bce9d0d88d4bc1dc6cf67e671e9fd9

SHA1
27ddf1406bcbc2eb45a703558e88748df53a70d5

SHA256
20cf97ded1bb231a49b8a45b0658894a7e6ca6741f44073e1310e58f217653e7

SHA512
c9c2e3d2a3509c0d85e7d7c30e00a1a338326778a356ca9b0ddeff2392dfea9f27c8b28ca4497a547e43118d5fc48bad48ac70623c38155a0b3cecd0bced1e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48a350cf09119399afab59fabb876e65

SHA1
8d723a5543533d5e5cba0fdc489aa6f4c5127bfa

SHA256
a4d226e09e3c71f9c836a2d1d733aad4666d37f72c6690a7ab61a36c9890b6d7

SHA512
ad77be45ffbbe5810d00cdffd45f0f2d3f96297c3543582ea8f635754bf22c5d018cf9121cae1ec8a303e1dab2c123470732410a15a39e7491535c6ec3d8872f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6af1f69135ed4ff9691e0f9a71397b71

SHA1
d2d359c1147812aab70b5609f70e9034853f0072

SHA256
dee455701e3f73d5e58acd1fab89777b40b7c8f3c1281ad3ac93b79085d2da74

SHA512
c5ab35d00fc864d4606f0f738a93202252fcd0f4b6708115142c19462b8a975dbb0a231c9146bd8e45602b2328f74fb309d888542f702f6f0c3bb314b1f3a629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3108cd22f886fe34ea048ceb5d48a98d

SHA1
7514eaf49049a11416c15a2540ff170da8bb0bf2

SHA256
11f79fab721671ab91843e7f87f5fd9e9b2c6d84ad104aeb34d2732af2f54bb1

SHA512
aa0a55d896c4735ee8bba3c96ffeaed2564f41407c655946b7a0a19909b4c5f6f54182faab165b2163d84c83b0443142482c08322b57cc7bafe88380a740eb59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6ae8cfc7d273abb5aaa912c70d440c5

SHA1
ed3b2996bf9576e700d59fc5d035d461c037d744

SHA256
48a2dbf8e2ad487fee1f85b4b6453042530454de8d48edbba3580f6483d0f308

SHA512
87b7ffe3c166f87ec5f33404d09a8d85d0108cf2f350a27ace941892af4f623af4793ee6c3a5f1d994940933269ebac17753cb201e284cdc2974471d4d7c9c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4b404a3e07bbe0cb06a29cdb29efa794

SHA1
c1dfa004e5f6b01c57efa2d804c2ff09fa043b16

SHA256
da874e7ae548cd2d602e000d546460ff160f4ecbfa8cd3125a8224b938d31eef

SHA512
f4739ac945cb9edd6839f5b153ec6b04026fe379141434a2c7545af928672f89239e7853e0d69fbd4636bbfc6f7421373eba49ada97ce139d10388f0f84aedac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
4392fa7f2f1669672c3528da859288e2

SHA1
a37769bbe5c3711d5076553185be9af829fb7278

SHA256
064b62e8387a0e26cb7912cc4a226e725a1ce0bef06436a21d5aa273775f816d

SHA512
c5b1c01dfbe5018fe2377a61d45e790c7a31df69c20c59237cebff934a26a28759f015b8d370a2e950ea8453034211ff554d9a861fbe7112ddfb5ce0e39d29b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
ee7091963d8457c0e9daa55561f11992

SHA1
da8c294cc4abdffc63c6b2d45c9191f86ce77ce7

SHA256
ad56c47f42dd424ccc63eadf463ca34e3d833ebd7fb56cf14a837525294b2a9c

SHA512
cc90b34cef2b8834e47fe4f13d2a4807df8238ea30ff67a796620974ddc4f45f00da05d587926f8a070f95ef0f24c80983d87c3d66c7f36b9c1f67d749ca4c0c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a7f391566ceb7d310b04c1376aa66a07

SHA1
eda88e9134d3de209152481c9e8aa02054d4c2eb

SHA256
8ecb81fa22792fa6bb09abc86b9b5afb50773e2c5537def45dd8ba297f6c714e

SHA512
163bad20eaa9108286367367e6a54a9ac612026954ee2466b8f88f732a992695fe160d3fb5f092976ef15c1c1b71400e577a9a4833dfa616d7c9ee6a8237033c

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\GetKillProcess.mfx

Filesize
360KB

MD5
099360222ca4f2631a039e99f2d620e5

SHA1
64437db0fea66b57e4fb5b746463db86c46a746f

SHA256
4ef8833efd0447806acf51f6609b30bbf4f946b47c300992408fa9a06ec24b10

SHA512
dfb59385b6c9b1f0d04ef8d079854c9f8bdf36dba43678053e5dc37de8b138ccd174eefb86a8954cc103b4c52dc54402699944b0e3b361b5f8256c734aa0c5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\InternetConnectionOperations.mfx

Filesize
115KB

MD5
715f47554c73bb77ff0e463592462cef

SHA1
75671893da8c786d4fc34ae122fb3754c92f85ff

SHA256
32a6843b7a32e69aa2cc0decae3b7ea322bb20a7d9834573141030f87d8c54e2

SHA512
ee216a470e3968db41ab1b4d1e6e92237d2229cb3ce746da646d0ba7852e3cf81da24c80d911261a3f9d7b54e5d7a9c3a36b9ca8fcb008ff2f247230e00d1c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\KcBoxA.mfx

Filesize
44KB

MD5
08ac00f4d05e68d8b5ab6870bf1f076e

SHA1
b8eb503bf860df5938df5cd59cea47392d129217

SHA256
1cae93696ec030be6317a338c3c8bc4274a53632c03ca60aab0bee59d361a380

SHA512
1da050749fb1e8f2917e550a86933b9f69cf4e972f1a166d0c24a2c9e1307fbad88aad36e7f1082d481c116f36e8e2b3327d630c136f02f6f465835fbd76db2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\KcButton.mfx

Filesize
40KB

MD5
b848bbf535366b6053f7bc8ab87fc5e0

SHA1
19d8a51062201531ff58c898925e53490c22213e

SHA256
94cea0df9febe19fc2e1a905bd7df0bdab63797a42a7006f14bc8838003e5a45

SHA512
cc6df5fb9ef537a255faefb890ffd07556bffec5abd6a914afeb004b77dede2db21dce1179a36b8641e7150e8c466345a58288835722639c1fbb7e5665122543

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\ProgressBar.mfx

Filesize
25KB

MD5
f41343b0b41066d01c2bf5c3cd925682

SHA1
0fcc264778eb89648f1259b772c4a4ed6771a6f9

SHA256
a33dad51bdbc04a76f69944eeeb3415f3d2c5a9dda229ac0caeb0e165c651088

SHA512
2223ec0e5e3e378d3cf31e641ddae7fbc797b13c4e1bb5f0febf7cd7fe9623c8382cb2b6ddf23d4209efc5610af652783e1a6d18430c4e360f7aa1e27cfdd06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\RunInConsole.mfx

Filesize
113KB

MD5
e31137fadc4e75bacab2258a5d295a2d

SHA1
c9b75af685b6fd724b5059b9666888f0985d4d08

SHA256
e4e2e4a9a6dbfa7ac537ae39c8b43040b752d90d409bc1c1d09c03d8e195bcd0

SHA512
8eceb18350e086b08f6c5e2d61df8f3135a37b640c797ece1499e9536621d4656b608470c34bc05c58e3e7e379182431733508e71c5d5259e6921350406e1ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\TaskbarInfo.mfx

Filesize
116KB

MD5
43b51be2d43a8e7ce0077fd727a1d25b

SHA1
5e26bc1dd5656c865281c3b9c8516bd141f5f78b

SHA256
2b3ff300e2b2b6b8f56337c9807b9b07a19ca1a50b6635f377a3f71726d66caf

SHA512
3455c094c6329c4a4628aae70600884995353f2782ee78df499fa3e0b88973068eadbf1405e447c539ef595159bbcbc47996da7aafde52685a99a9517b94e1ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\WebView2.mfx

Filesize
395KB

MD5
8f01337f9824a07bec33108ce442904a

SHA1
7efbc6e2e3ee9b4ebff1fdccc001037d913858eb

SHA256
82d4b45d2efa0119c1f7aadecbe73080252e2e989df2c2e9bf1f82e1ee3a12c2

SHA512
dc9d77b061198749fdbe0104a78227582d79c9592db5cf1150366a59d3ce332c4c6a8551c4edb08edaa29aa70ef73d36232fec458336a41edf1a9578c8dac0fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\WndTransp.mfx

Filesize
65KB

MD5
6f93111ce72225daab2bcdceee48d204

SHA1
1a5156f6e00b47dd4197c933092578aef49a66de

SHA256
e8a1af555a3d39b1cb0c6bf6511158d4fd48a1e4e2dac60a6f54af4b486f60a1

SHA512
44549a2f29c9b4cb217065cc4f670afe84691fcc9d0bb4898cd8caa408256015b1abc1c29b6ce4083207e56f339f0843757ae07d01e2a2bb945b6ddaa4c8d3f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\aviflt.ift

Filesize
24KB

MD5
97b3b613ed1f994389b1a963b6e781c9

SHA1
13b38afdfd6ea283a2012bb8e5c652e13175440c

SHA256
cb5f43c24df39973b983b7fda4abcef60f425061d880c7dd9514b501b84790f8

SHA512
97cb23d76d926fe03573c127862b738217f91b0cb61517df7514597fdc50844ccb3d4f799b9a8b23b8da37a2b802ee2bd1e56b5e9fdb699bc3d511868ffd417c

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\battery.mfx

Filesize
17KB

MD5
347d6293eefd33868b5b00637c3ae440

SHA1
0bd7a0fce2ad9e6f31cb4aba5de95e1473a26c31

SHA256
630c6b0bae5dd59736cdb718a142d1105390510918d8333e96e3cce48f7abc94

SHA512
8a0e9cfeceaf0b44b578dd95a198778de07fa06925f3d010887bd22589dbad3e23a32ef0d43b4a2e7ce897e58c8f579c780206c2f463388e69091210a34cf329

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\bmpflt.ift

Filesize
24KB

MD5
a73a9c8e91ef95cf4eabadf8f7334abf

SHA1
763195d19f5467c593ab638dbdd0a0277a3048f3

SHA256
02d03c4847e34c9029cca452e37ada5ef40167406d4474a9393e11aace024c3d

SHA512
cb5f451d8e637d466fec2dde865d5daac5a15ea44b6e2ce0506070c123ffad506f5f9739a9ea440f01c8f331cc9d42802cc14f82e1252ac667fa7318bcdf3acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fcKernel.mfx

Filesize
28KB

MD5
5bb15ebdb266b6c45cd2b410ad2f718d

SHA1
495299087d79291d96f2658a3e605fbf04649522

SHA256
0121679c56e4183d80dac5f79b4eadd4bb84aecad185ba99719fa268348eb161

SHA512
446b67ed31f99b29b0608d3aefde0b98a748d92cbdb1d58291653c89f1ed121ecd7538c2d1bd199fc529089340deca66b505514f818b9d042c6c30e8fa1c787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fcMsgBox.mfx

Filesize
63KB

MD5
99b871a03fc7a3e55f965c35670398ac

SHA1
d9c058fa6414aeef5c8aba262df8803335c7dffd

SHA256
a7078267ff7d905b45ed5496a03a14ca6b7f50f17f7a23c5e6e12dd2e7920bf2

SHA512
ca374f25b570aa2f53d4247fb411700163b9ecbaf332f06388d4fdfcafb4c65f9612ea39b7c1a5d39d0146d1a6111c3257f88e88ef20711188b5fdbf16b73ce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fliflt.ift

Filesize
28KB

MD5
91b37f29180a7bcca82dd4682d677b3d

SHA1
bca27cb7ddb271e6649f264777e04970f5ad1276

SHA256
4b651eaa60da09038984a9b7027826941f61f6da58d3f57d11349c8c1896a6d4

SHA512
2fb10952f2671e6a42a9748279aa94e9ce9b307d57d562f9ebbaaa88e27ca96eda36a5fa209df0f791adab7e8d896916b30330ba759b9278cac4bff43600d6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fontembed.mfx

Filesize
15KB

MD5
f38352c344bd71eb21a78a1b69dcade8

SHA1
eca1053fa4ce77f96752f400d4ffac8f2f158d15

SHA256
38b5dba1524e47ff474d29bb0fb3d7b0476e554cdb82f2de09c4a761ab5645b1

SHA512
70134d7e2d4c589fc3ca5c52e005852d07e6b3cce91db00d32bf121611480601d007ead98c3e2febfdd1ca03a0c723fa46e9b73c0f497b315a6cdcb9f15afd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\gifflt.ift

Filesize
28KB

MD5
9a1a0b8e7045c06c47abeb52d861c377

SHA1
6a1c36eb8354f62d5eab6d7c62316fd7d0e1aa92

SHA256
8fadc250c2afc00b0430c5df576cfd2d444367ad928027334c5d03829241cf92

SHA512
918a672f82be50a42c237eeb361b971c724a1d7b11cab183dfd5125bdb7663cae588fa92b142dc99a88407a133bbe58bd7bc0c5c60d93287c470375fc094f079

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\jpgflt.ift

Filesize
96KB

MD5
ba4a1f5006fc3fc33f30e82a964cd7b3

SHA1
8099283e645b6ef523757afdf552da3dc9b72924

SHA256
5bcaaff4c698581603d4165308260412b38ac6cf708486b53bda3bc76241098d

SHA512
8eaa1bae465a0ddd498372fcc9bd9c2b3bd9ba861abcc9158a0e3b8cf14f2a6fc8aae8fb129f96ea090c023247dec56524b2f42fa25239c08145dbe7c664a11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcedit.mfx

Filesize
32KB

MD5
62f67209e7995da3f14f4b697235a99b

SHA1
158248b41de5449ef647a2caeda431dc544aa59d

SHA256
1fb56c1a5fb313c8c51fead10472566328c9260aacc72aa8dde8d345acf53203

SHA512
3857939c51b5045030df233393597b9b56a0534a2ea570d748a002b19b0b20de16b0d5181cf9eb6180d24b4de0a159e21275d12bdc7673a3f891ce155db42325

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcfile.mfx

Filesize
116KB

MD5
fe2b4c6a45ce244f1c40f730008465c9

SHA1
9dfd41a915c19a4520a3024e9133e9a24e61779f

SHA256
7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b

SHA512
caf9e1bba2a5560b73c47d116f0f0f016a88f54e5397499fcd5b8a648bf676b93eb255a32fe7f71f0462b481737eba2d01cb9e790b75897c44ea741d73867b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcmouse.mfx

Filesize
7KB

MD5
a3b924e8747962ba4d6f81bf31da0d2a

SHA1
2c4fcabbb62cb08c6931fefdffc9d3549fc65df0

SHA256
8d4440a3b4d2fddd45f90007e08a23c5ada0e1c715d0c59f4532305008e4366c

SHA512
11134d818446607c52edfed5b29c1a922fe90b594b15e36f3df9fda04b4fb8a713c3120e6f643d327a3f29b211a6b15a8d40389b69fb6302db3defcfe5328be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcwctrl.mfx

Filesize
79KB

MD5
2c34e977f898ab60eddb72075c4be223

SHA1
adf883dd06e5ae340a03e6c22a56a4c0caf909ea

SHA256
a0ada42e3a4760097c1c2f98905f12b19de47159543aa21e1c604dbcac7337f2

SHA512
73402857d09e5a0e8049bb7adf3bbfdfc9ac65966217751cbf6db2bf532aa3f92ffc3a1a5dcda638e83d6ede29ebe6e760cbad74d27aa6fa006c9296607d3c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\mmf2d3d11.dll

Filesize
548KB

MD5
07163378491db6156398fc8e6582564d

SHA1
6c702d8501431d38e8d392093795444a3900b004

SHA256
2aeca2207c6dabb6fc70f164f3d6188ed76f7786344654592ecef1752528ed13

SHA512
296a0d861450a9c1e6724a6c03be38940dcad202a0a10002eae744d2c532a087e7c37c6088a3281fcd83ac197a0af4105a3c3157ee2527106d586be5993248b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\mmf2d3d9.dll

Filesize
1.1MB

MD5
72bb9180f8905c0da95566b778cdac5e

SHA1
e96145e8120514092b35f67f1f120b958997f921

SHA256
3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

SHA512
c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\mmfs2.dll

Filesize
510KB

MD5
1e0e5acec2f2d3567c40491e39aa8f50

SHA1
101ec3bbd32c005b12b38c0f7988faa9329a019f

SHA256
6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

SHA512
80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\pcxflt.ift

Filesize
24KB

MD5
56f80b514fa7cc1dd7fb24ef195c30eb

SHA1
e61d7dcbbb623219c625bc67ed0f382f26308600

SHA256
c9e1db8689c11a87f9ab30ebc705eeccc0fbd909ca493a6f589d6a9a5c2a1b15

SHA512
f391e04bd3e67317b3bb1f9541c94782d14e8b8287f5fd3e2f753688d85cc38bf5164c8faa5dc85b8c44a480f81462a4ddc16aafe64313601d21a608b546e721

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\pngflt.ift

Filesize
288KB

MD5
d57365ca275388910be7b09d95ee65b9

SHA1
477e9afa81c0ba97323be56d15ade8fb17c45d78

SHA256
df948630fdb53ddad68d66994f5d2b18a67df32478b6b8b3720c28f40bde7b1f

SHA512
b6a7266c47245cdd5ccc1e4c1b490a22996cac3db53500405354d1a5892896f66aba255ff725808770489a199626a844a86cb80e081a47ed27671bd82ca1cfbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\strgenobj.mfx

Filesize
84KB

MD5
fe5ed0a1d6d02d64648456ce10e0017f

SHA1
a232636a92d9ea6d96a0838c6e077a0b7dcd1098

SHA256
c5cfdc511e9c924a8ee4d933ae42820c291f7f858fef8b24b0ca1ab1727f4f5e

SHA512
86c9818565366016754e1d2690bd476aa8ca77d5586a29c7e8844e5006941a20053ad45dc84c7a0bbf1ac00acef313961fdc001b49d7328a0a1e8e75e5b2091e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\tgaflt.ift

Filesize
24KB

MD5
00a5f50c4a0f8a2c8704fb0640dfcfb6

SHA1
960ff3909de1395de49bd9f36600b989851591ea

SHA256
756725f247592504d42c67257c3957e972ee490af06f12b00467b389e0ee6bbc

SHA512
2be74193a33f1b70f39be9a5565326d425ce02b6eb98b783f8749a209b95fdcbe8724c38c9dbd33e4a12b40756c5ad9177e557f62748b52be2cd7c4bc344b577

Download Submit
memory/1736-237-0x0000000002B00000-0x0000000002B18000-memory.dmp

Filesize
96KB

Download
memory/1736-202-0x00000000029F0000-0x0000000002A12000-memory.dmp

Filesize
136KB

Download
memory/1736-170-0x00000000028F0000-0x0000000002905000-memory.dmp

Filesize
84KB

Download
memory/1736-189-0x0000000002950000-0x00000000029B0000-memory.dmp

Filesize
384KB

Download
memory/1736-126-0x0000000001000000-0x0000000001021000-memory.dmp

Filesize
132KB

Download
memory/1736-163-0x0000000002890000-0x00000000028B3000-memory.dmp

Filesize
140KB

Download
memory/1736-136-0x0000000001060000-0x0000000001079000-memory.dmp

Filesize
100KB

Download