Overview

overview

10

Static

static

3

AdvegaHack.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    94s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-01-2025 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AdvegaHack.exe

  • Size

    7.7MB

  • MD5

    5f8d5770292267bca8c17dd1bf4ecdf2

  • SHA1

    debdca02009b642fc15e990fcf286838d8d16cf4

  • SHA256

    817cd1a400d6133e5959971d975a5cba0f03f403a2eedeeb4004fd48bc6d367b

  • SHA512

    fc28ebd0d216efca4dd0d31b60d29ce0c6e253381825e478dcf1bcb7792ee2b9d26ff2317a09247710504cb3f9d9cd15e88e483c59bfd36884788df43f37e10d

  • SSDEEP

    98304:hgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0T:X/wld79ht+j1M0mWZsE6+YASy10T

Score
10/10
blackguarddiscoveryspywarestealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot6540906397:AAG08fPgT-V7I17vtz49STaZEuwqXqKshuM/sendMessage?chat_id=5445185021

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard
  • Blackguard family
    blackguard
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 37 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 41 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AdvegaHack.exe
    "C:\Users\Admin\AppData\Local\Temp\AdvegaHack.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe
      "C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Users\Admin\AppData\Local\Temp\v2.exe
        "C:\Users\Admin\AppData\Local\Temp\v2.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4232
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\OptimizeSplit.xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2416
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
    1⤵
    • Modifies Internet Explorer settings
    PID:992
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
    1⤵
    • Modifies Internet Explorer settings
    PID:4028
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\BlockWait.odt"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4728
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\TraceRestore.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xdc,0x114,0x7ffa61e03cb8,0x7ffa61e03cc8,0x7ffa61e03cd8
      2⤵
        PID:3340
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,18297170905545563228,6559219576825366709,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
        2⤵
          PID:3924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,18297170905545563228,6559219576825366709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,18297170905545563228,6559219576825366709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
          2⤵
            PID:848
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18297170905545563228,6559219576825366709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:940
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18297170905545563228,6559219576825366709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
              2⤵
                PID:4656
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,18297170905545563228,6559219576825366709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:936
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:1060
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4304
                • C:\Windows\system32\OpenWith.exe
                  C:\Windows\system32\OpenWith.exe -Embedding
                  1⤵
                  • Modifies registry class
                  • Suspicious behavior: GetForegroundWindowSpam
                  • Suspicious use of SetWindowsHookEx
                  PID:4868

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
                  Filesize

                  471B

                  MD5

                  71b81538d61e90d47c8a555c6d8004f4

                  SHA1

                  b2158227cf904863ca3179413f605b6ce149effb

                  SHA256

                  15626e4754ba2a77d4bdf5f25bd768488db98d20e59261226f99e16b5c3556f3

                  SHA512

                  dc1e2a1b6d211e001fdba08a84be1aa6682a504304af79c9e2310b85e32ab6fc5f1c61864c2619b09a4025bde1635a67f003dfe77479c22d4882cef1ca83227f

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
                  Filesize

                  412B

                  MD5

                  be15fefa6769b86462fc8621d7ab8cf5

                  SHA1

                  e952aa5b6f4016ba3f87f330e95bfd9d6f840b31

                  SHA256

                  900e3a814d7b530adfa1892d49df582e539505b1765dce0d42fb17700f33bb73

                  SHA512

                  efba02656a35fd741f55f06011ae0b17b0593bc4d7ff7da5d9d1f7659ed3d8d70b9775ed04e1a095c984adbc70b572d8688efc356990ade47c9f85a66fefb6a6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  9314124f4f0ad9f845a0d7906fd8dfd8

                  SHA1

                  0d4f67fb1a11453551514f230941bdd7ef95693c

                  SHA256

                  cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

                  SHA512

                  87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  e1544690d41d950f9c1358068301cfb5

                  SHA1

                  ae3ff81363fcbe33c419e49cabef61fb6837bffa

                  SHA256

                  53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

                  SHA512

                  1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  89518e31ba1847e8ecf3f375b4963102

                  SHA1

                  0af1427e2e5e0ca3a7772a4326605cc39b7635b3

                  SHA256

                  508c2d0e105a0baa2a75b67d643013c566c163d9b4d210e4d26cda7bb4706606

                  SHA512

                  781c7dbfe4d66424c2030087abd2dc451d5355e10f1aed5bcf862406b8d036ee44b75aa3d1914e8bfb61859eec2f0917e32fee06df96811edea75fc4cf8e5a4b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  d18b7da5531536853f07bd34bf623b0c

                  SHA1

                  82741a7b61254afe8e05b171bed71ba29eaa11b2

                  SHA256

                  a0132b953aef8c33e8d11786f3eb6e675a49dbf37079f6e186c8e5be17ceafd2

                  SHA512

                  ed5e4b7fcc731f36b946c76852b59363b6c9cccfdfb56d980464d9d3220e48f79087c266ae757229474f34cbc5b7358ba357d06dfe536023a2f37a67d3cda017

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                  Filesize

                  16B

                  MD5

                  46295cac801e5d4857d09837238a6394

                  SHA1

                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                  SHA256

                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                  SHA512

                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                  Filesize

                  16B

                  MD5

                  206702161f94c5cd39fadd03f4014d98

                  SHA1

                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                  SHA256

                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                  SHA512

                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  4fc3b5f3ae88a3c32db888e5ded7f307

                  SHA1

                  4e13abc5cb58c2c0767d0a8f41bdf611e8c4dcb4

                  SHA256

                  4b136485ba62b86b661ecf876f699c6acfee52e2cde4ebf26a50073e28b246f5

                  SHA512

                  99d15a24f8cfe500da4fa50ac98402ae405d0007c1e41d5b04ffd7a4a8ec6427f7778b59a072a0171cb4c86fca41b2665f6e80da8066960401db908210e3cae0

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\ADD8C11B-424B-49E6-A61B-3E47A1DA26F6
                  Filesize

                  177KB

                  MD5

                  b333929843d134a6b9d756151df6018e

                  SHA1

                  351cac573fb14f1138698524bd3157c4b96026dd

                  SHA256

                  60860d52446a6eb107ac8e070dd459f568032c1aa2ddc5fae355121d83095ee9

                  SHA512

                  f13a0456a1d8a90431fee626e94963146bb44c6d6a27e7aa6de49911a0443b700e8c9e3cc26d7f9507c94ba955e54ebbcb3c10f7e63c299419437a15fa9f98c2

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                  Filesize

                  14KB

                  MD5

                  5f37e17ed8614beec79b789f5b38a9da

                  SHA1

                  2ab7fd61b33a11f12f8e1639629f1efa849122da

                  SHA256

                  e6b7e5bba9a7af9fe933f53a87ad3561ca32e468c46e4b9583c2df13911615b5

                  SHA512

                  c5e3e4fe3e542a00ec17a2a0500071104865cdfc40e0d50f5e52a1dca9e886504f4d3a13e69722a56385cc0a9e92165559844c48a05331d55ec60873f1ce1c34

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll
                  Filesize

                  571KB

                  MD5

                  169b6d383b7c650ab3ae2129397a6cf3

                  SHA1

                  fcaef7defb04301fd55fb1421bb15ef96d7040d6

                  SHA256

                  b896083feb2bdedc1568b62805dbd354c55e57f2d2469a52aec6c98f4ec2dedf

                  SHA512

                  7a7a7bdb508b8bf177249251c83b65a2ef4a5d8b29397cab130cb8444b23888678673a9a2e4b1c74cc095b358f923b9e7e5a91bfa8c240412d95765851f1dd87

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\SQLite.Interop.dll
                  Filesize

                  1.3MB

                  MD5

                  0a1e95b0b1535203a1b8479dff2c03ff

                  SHA1

                  20c4b4406e8a3b1b35ca739ed59aa07ba867043d

                  SHA256

                  788d748b4d35dfd091626529457d91e9ebc8225746211086b14fb4a25785a51e

                  SHA512

                  854abcca8d807a98a9ad0ca5d2e55716c3ce26fae7ee4642796baf415c3cfad522b658963eafe504ecaed6c2ecdcdf332c9b01e43dfa342fcc5ca0fbedfe600e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll
                  Filesize

                  410KB

                  MD5

                  056d3fcaf3b1d32ff25f513621e2a372

                  SHA1

                  851740bca46bab71d0b1d47e47f3eb8358cbee03

                  SHA256

                  66b64362664030bff1596cda2ec5bd5df48cc7c8313c32f771db4aa30a3f86f9

                  SHA512

                  ce47c581538f48a46d70279a62c702195beacbfafb48a5a862b3922625fe56f6887d1679c6d9366f946d3d2124cb31c2a3eacbbd14d601ea56e66575cdf46180

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe
                  Filesize

                  7.7MB

                  MD5

                  9f4f298bcf1d208bd3ce3907cfb28480

                  SHA1

                  05c1cfde951306f8c6e9d484d3d88698c4419c62

                  SHA256

                  bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc

                  SHA512

                  4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\v2.exe
                  Filesize

                  271KB

                  MD5

                  3f62213d184b639a0a62bcb1e65370a8

                  SHA1

                  bbf50b3c683550684cdb345d348e98fbe2fcafe0

                  SHA256

                  c692dfc29e70a17cabc19561e8e2662e1fe32fdba998a09fe1a8dc2b7e045b34

                  SHA512

                  0cd40d714e6a6ebd60cc0c8b0e339905a5f1198a474a531b1794fb562f27053f118718cc68b9652fef3411906f9d8ad22d0253af256fa1922133e9907298e803

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\FHLDPGNQMQQ.Admin\Browsers\Firefox\Bookmarks.txt
                  Filesize

                  105B

                  MD5

                  2e9d094dda5cdc3ce6519f75943a4ff4

                  SHA1

                  5d989b4ac8b699781681fe75ed9ef98191a5096c

                  SHA256

                  c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

                  SHA512

                  d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\FHLDPGNQMQQ.Admin\Process.txt
                  Filesize

                  949B

                  MD5

                  729e085eee7945b715f2da3793dfdd42

                  SHA1

                  ce9e60330308c26b1d0a1628a3452d576ccb4a58

                  SHA256

                  9c8b42c897990be4db729a262bae97d4d0164ce432a2f8672850666897e68642

                  SHA512

                  9947c2c7cb2b8f69ab144634f18a5e2623e864b4f16eb9bc9388371fba48a6cd622da0ef28a83f7b8a5609ce45eba6f7cb37fd507e1fd4e82c1b6b2c2d4cac70

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\FHLDPGNQMQQ.Admin\Process.txt
                  Filesize

                  990B

                  MD5

                  7308834018559d90a01267d7ef0bf7c9

                  SHA1

                  e657e4a12037d026044ed7f200d2199b858ad621

                  SHA256

                  f6f3b9eb8cbbeab5c1db88f500ccb3b6c536397bd90adb073a72085716778c3c

                  SHA512

                  026d4f7c27d605dbd605debabc1d1d23a672553854a33861cb94b5d1d90a7e23c1361b4efc978d805a623aeb0816a438b58876bb4602c813e314e4f96f7929c8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\FHLDPGNQMQQ.Admin\Process.txt
                  Filesize

                  1KB

                  MD5

                  1496136ef8f415fe4c6df5bffbb63674

                  SHA1

                  3af1f47574db62801f3ffcf4671dd650a098bdfd

                  SHA256

                  24f129b13ac95e8769145148d1b97ef15c31231eec17968fd5ecfab57378163c

                  SHA512

                  878e9d757a019c62b084ef503def7a4066d8610146f97c121cfedd0f1b06502283bd313626ffdefa0da2bed1687272f20893c1717d344a577bf5d98646cc80fa

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                  Filesize

                  297B

                  MD5

                  2ac308aa6d5e684bdf0c518ab5a0485c

                  SHA1

                  905a1dcef4518aa7660489eca84b56cf449e0afa

                  SHA256

                  f69f488e9187cff7680e5f526214336006f40887264c96336c537db10c9fac9d

                  SHA512

                  ab31c51d8206d3470027cf93c6a71c2598946c7307a917436c1e2cb59d5f5b99199ad6266a7027f4184aa3992264b2e2c1a7879c152c2307fd7546c3321535fb

                  Download Submit

                • memory/2416-199-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-235-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-233-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-232-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-195-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-198-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-197-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-196-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-234-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-200-0x00007FFA2EF90000-0x00007FFA2EFA0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2416-201-0x00007FFA2EF90000-0x00007FFA2EFA0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2948-7-0x0000000000400000-0x0000000000BBE000-memory.dmp

                  Filesize

                  7.7MB

                  Download

                • memory/4232-190-0x00000000073D0000-0x0000000007436000-memory.dmp

                  Filesize

                  408KB

                  Download

                • memory/4232-40-0x0000000000E50000-0x0000000000E9A000-memory.dmp

                  Filesize

                  296KB

                  Download

                • memory/4232-192-0x0000000007550000-0x000000000756E000-memory.dmp

                  Filesize

                  120KB

                  Download

                • memory/4232-191-0x00000000081D0000-0x0000000008246000-memory.dmp

                  Filesize

                  472KB

                  Download

                • memory/4232-41-0x0000000006330000-0x00000000063C2000-memory.dmp

                  Filesize

                  584KB

                  Download

                • memory/4232-39-0x000000007481E000-0x000000007481F000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4232-96-0x0000000006D50000-0x00000000070A7000-memory.dmp

                  Filesize

                  3.3MB

                  Download

                • memory/4232-107-0x0000000008320000-0x00000000084E2000-memory.dmp

                  Filesize

                  1.8MB

                  Download

                • memory/4232-111-0x0000000008AA0000-0x0000000009046000-memory.dmp

                  Filesize

                  5.6MB

                  Download

                • memory/4232-89-0x0000000005ED0000-0x0000000005F62000-memory.dmp

                  Filesize

                  584KB

                  Download

                • memory/4232-103-0x0000000007270000-0x0000000007291000-memory.dmp

                  Filesize

                  132KB

                  Download

                • memory/4232-90-0x0000000005BE0000-0x0000000005C30000-memory.dmp

                  Filesize

                  320KB

                  Download

                • memory/4232-102-0x00000000072C0000-0x00000000072FC000-memory.dmp

                  Filesize

                  240KB

                  Download

                • memory/4232-97-0x0000000006C70000-0x0000000006CBC000-memory.dmp

                  Filesize

                  304KB

                  Download

                • memory/4232-91-0x0000000006B40000-0x0000000006B62000-memory.dmp

                  Filesize

                  136KB

                  Download

                • memory/4232-95-0x0000000006CE0000-0x0000000006D48000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/4728-239-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-262-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-265-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-264-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-263-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-243-0x00007FFA2EF90000-0x00007FFA2EFA0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-241-0x00007FFA2EF90000-0x00007FFA2EFA0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-240-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-237-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-238-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4728-236-0x00007FFA314F0000-0x00007FFA31500000-memory.dmp

                  Filesize

                  64KB

                  Download