gofing | b1176f3e2aae5b1755cc63bf9faa424d6b32258637c6635d9feee26b583e1091

Analysis

max time kernel
87s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2025, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
Size

5.1MB
MD5

a9cb3ffafd0621b1d7c45883c646ae81
SHA1

94b72cc4955e71e818e924706141665b2ecdf8d6
SHA256

b1176f3e2aae5b1755cc63bf9faa424d6b32258637c6635d9feee26b583e1091
SHA512

b5d22f8e629c20f0fb6ee936db3f861226f5da2dd69fcbc85055e6232a86f7fed702fb89f5ef07796b4f46aac382d15cf69a2b27e7ebeb64b2679f21cbe4e008
SSDEEP

98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/VurbTGiYch1Ymn:pWvSDzaxztQVQqch19

Score

10^/10

gofing ransomware

Malware Config

Signatures

Gofing
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
ransomware gofing
Gofing family
gofing

Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 46 IoCs

resource	yara_rule
behavioral1/files/0x0003000000022a7c-4.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5440.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5439.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5441.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5438.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5437.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5436.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5459.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5458.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5465.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5464.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5463.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5462.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5461.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5460.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5457.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5456.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5455.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5454.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5453.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5452.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5451.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5450.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5449.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5448.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5447.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5446.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5445.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5444.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5443.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5442.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5793.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5790.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5788.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5832.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5831.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5830.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5837.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5836.dat	family_gofing
behavioral1/files/0x0002000000021a9a-5834.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5829.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5828.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5823.dat	family_gofing
behavioral1/files/0x0002000000021aa3-5819.dat	family_gofing
behavioral1/files/0x00020000000227a0-5858.dat	family_gofing
behavioral1/files/0x000900000001e673-5856.dat	family_gofing

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File created	C:\$Recycle.Bin\S-1-5-21-805952410-2104024357-1716932545-1000\desktop.ini	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\desktop.ini	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\LargeTile.scale-125.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\12.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\react.uwp.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Toolkit\Images\dash.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\ui-strings.js	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-100.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-20_altform-unplated.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-200_contrast-white.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FileOneNote32x32.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-200.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ind_prog.gif	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Movie-TVStoreLogo.scale-125_contrast-black.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\SliderHandle.xbf	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreBadgeLogo.scale-100.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-100.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\kok.pak.DATA	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\Windows.winmd	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-fullcolor.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Threading.Tasks.Dataflow.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-100.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-400_contrast-black.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-32_altform-unplated.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onresim.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\ui-strings.js	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-24.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-125.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-high.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-72_altform-unplated_contrast-white.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Microsoft.Xaml.Interactivity.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64_altform-unplated.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Dark.scale-400.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msader15.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Internal.msix.DATA	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-150.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_altform-unplated_contrast-white.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100.png	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\webviewBoot.min.js	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\WordNet_license.txt	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml	2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-03_a9cb3ffafd0621b1d7c45883c646ae81_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:32

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3384

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
5.9MB

MD5
bc7c410c0d8b8f793d139d183a61a5ba

SHA1
ee79fe21b9db86ce0b4394aa600982b96d46da04

SHA256
ea9ecf37018b9996f3897104b16b5ecc8607d0cdbd0e8e070eaceea5ba2ddc35

SHA512
8d8122ace45fa327ce7c13101156a966bf2c471628ea318c1ca23d8b867c0c9dc0e2c57254ba9145c6a2b482c675e925b9ffc9c1575cc2c1b3b97121a68ed97c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
2.6MB

MD5
d031ca299f4c07d5052275f793b2fbd9

SHA1
7c9885045c869e3c350f4e5c5bb84ccd046e2614

SHA256
64a3c9df364a36cac7b6cba735da9e40f46c896f13673b920aebf5dfb782f41d

SHA512
bf0a71a82bb353b00e81881263c0b2cbaa4e58ed678cc7eb993f9acb961067798db48cd77296b764eaa0f63df95629e2aae6c877e2faf081b2920424c6961938

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
2.6MB

MD5
6b1fdf32391658f3634d0cebd3c0cc52

SHA1
00ad52659cb9703ea7f3d02d1bc805049fe5f365

SHA256
34ddbd09aaacb03f5bd4048bb8ae328f02eb1b27b5f4301526de64f85c852fcb

SHA512
88f30f3a1353ea6bfb6c29e648cf5874c02def4cae481416e3c3833842b0000fb72a57815d17935d114a56f82c2bb08d3b46a1a97c02e27d8279a8383030e0f2

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
3.3MB

MD5
4387f667fde92c1618f13dabee6738ee

SHA1
6266f89d1d8695e89f057e471c0f07de4539e4da

SHA256
e56758efc2fdaf9cd531c149de8e3f336f825ed21b4997e38f40f17fc8a4c194

SHA512
94e6f0acb860e3e94badee910ceae060129e97e94ab34ff4e2062200a05fddb23521ef3afc13383b3dd4db2b60f9c97e8be0061d7efacb86399c321b23dea846

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
3.4MB

MD5
9c32431f0a630b7ecffc8eca68fa08a5

SHA1
c1706d590bd9dcf29b3c0dc771b0fc46d424b350

SHA256
3640a427fd557c1f276fd7f54238018af4447b958e27bf0feed02b287d0099e8

SHA512
072bb0a975a63b5e4112ad31b8f702629aaa1411ebb2aa53d323fa0e7f51745f1745b2f8b968435b4387c6d957986a55246280e4e23a19bc62eaeef8c48c6905

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
2.9MB

MD5
11a86cc433db9c0f914d6cdb8da6b941

SHA1
b42e0a8e7441101eb4269c6a557fdc4357ec4df4

SHA256
cf9e40dae95881393f2e228f30c1785ed64732cac30d7a8aa408b21fdb7f5fd8

SHA512
4fcebca71adb56f4a1d47ff4ffe06203337ef4d12a96f9b10207faeb19b60ef2ad6e9e780af5b9baf53ae72589a64fb0d040a5cefea0de877443c8b3b0d5662d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
3.6MB

MD5
bd5d77b60a22d2d984668d7aa97176d3

SHA1
d0bd5f4ee0fe1e5b2ecb3e973ee5ec15001dc223

SHA256
3824e01058e48df1cc54e48f3f7a621fbd0f3ca107d9195239e93913eefa547d

SHA512
1d23ef0dfcdf39d834e6d6a2152c1390cc57ba248788d34ac6c6795a18b1abc80c91e2bfd7337e7c44b5a052f8ef85fa1a0976a0aa53cd82c427d6b8f3ace39f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
2.4MB

MD5
aeb7e664287789a5dc63219d642bde75

SHA1
13fa75ae795280c3b4a0ff624b49fbfa7b1472a1

SHA256
5be5ec0c10c1fc39cccb05ca81dfbee01f6ae0310fd2392d09412d9f19c22e12

SHA512
d6912a20d57e3379a1e82dda315d95dc187ccc143968b8f3fd2771efcf58a513e21e2418a53ae9ccd4a3ccba007c702c0c4f2b247ad6bf6466e47e0797c29368

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
2.4MB

MD5
5690d84a406aa8f287f87aec2b014123

SHA1
7d06467d49a69aa22d9ff827e74fb851f4c47b02

SHA256
fef8cf4cab10e47f879cc0f29babce8aec22cd5490f38b3927410caa13aa8018

SHA512
ddc13d8637eff4d54da7607a7493e8fead2697977c16226896574e4ccf9d712b8b15a61432cf997f5dc9fdadb6eaa89706ba548dc55064b50b0aedba26add878

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
2.9MB

MD5
96e062ad5facdcbc4ded45f186a2ff90

SHA1
2846809dee3879370511d85ef7d637d9ef37fed4

SHA256
3d5f77ad6476aabb93b565c3b8754737d710466fcfd3299b9785e78059893791

SHA512
9e0f1bdd3d611c6902dd4276f5f76aa5ad5507420fc76663d035894a53c07119746ac1206e3cc9878fad8fcff0dd839922035025660ae713972b5a0a9dab4173

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.6MB

MD5
a2746ad04d392ddfc5a29f92205ad840

SHA1
03d7cd0027746d097dfc4cb4561b6903052f18cc

SHA256
88ae979a167729e0c9ba52c52d3eb1bfc992e4698ab0e2a59676704e09d8d725

SHA512
ce604af83b984fcfd0e9fc9e0ea507d384b0e27142670ad18f01498ce57ee7787d4d73a6f2c6de305381ce5f61ba1941741647e4c7a8e4c964e4d9f6f96fcc9e

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
5971d02b4540fd9cc0a457a13b702e51

SHA1
59440bd712a571623a37521d367250af23f73555

SHA256
ae915bd636ac221875e0d4c9e2e69910c56bcd4fc576451183e72a54aba83000

SHA512
2de5974f58ee5771cf8b3c19f40e001973780434a4f62eac277250b5ad1e5090b803c467bb3c24462672f2658319cdbd67dcc83ec0f31824afc6b5aabc10f8b2

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.8MB

MD5
6531708984e974dbdfe5e35ce1465693

SHA1
632ceacdcc91ba572b6a8792b6a092dbe4f0b3ef

SHA256
51506ed78653f476755e57e24078132fd5ae11caab3d926443ee8857be1a58fd

SHA512
1c39f2c5d848609107abfe3187caaf07e230c798279a2f7c3cc12a9d1aaedb4e6e8e2d4bcfc953f92033fdd7596dae1741ffef711c2837720064b30d5abcfab5

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.0MB

MD5
36822549567931578c76add540515237

SHA1
6adc63bf7a7c611fc5bfe8797212495049a150ca

SHA256
d8d3c474f643b2fc76b28e48bd89f29715a622ed6f27fccc68a0dc95548864b3

SHA512
83a5eccd5daf7e761f2f890fa44032823bd887758de3714700273aeda98804bc5bb916136c93b415edc923ab90b3b9b964ffb7abb4ca52ef8a36cbd017f6f865

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.2MB

MD5
acb3f91e761775e7efaebb651c1ba9b5

SHA1
277cabcbe94a18bc61161361a159a485a1e2fcce

SHA256
529d014779a55914d7f5be09ffbf92d6f5efb972625323c48c5fa866bc80b1a9

SHA512
cee7ce23e507ac26bd7f24de18226196eca546c72e8020acdf2297ebf272447b8dabc102ebed2af337d9debb93911b517a760cafb987b79cdd346ba092223565

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.0MB

MD5
bbfb144ffc83cbd2704067acb1ca24f3

SHA1
eedb683361dc7bdf42dbaadbde99b9b8aa0f685f

SHA256
bcfa6a0d15edc0c3a7e77034716a859805678f41c31555e97fff7fad6588386d

SHA512
200e396f29d9c264063075e434513e4a17c451047a350cf0f013a66d5266da68dadaf5a4b583e848f6b0f52863656237472b44c7b1a0cf13cbb7f3b0846f099d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.3MB

MD5
05b2174dc3f8391a6cd322dbd72a44f0

SHA1
21c02c7be8af2b97a5eca5af4a1d52eaeb427228

SHA256
d60bdb7dc1b43c164beab54c91d760334b9cdb3fc1c421c89418fba9c31dfabb

SHA512
472cc9fa5d8cefeed4cf326c68551a6fd139fe2007f399cdadf674fa1d5645bf4611150b9b57a3f01f20f479bfe521b2a690ca423cdb2f94ab78f4489e0f92e9

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.6MB

MD5
61bbae38497be4a37c6cdecfcd5ecf36

SHA1
0170e509dabb8b02a1445b915d28a4dba1011ca0

SHA256
2c6ccb96b6d95423e2d131b07f0eb0170b17f9892bb15fd203d47c24d7b0267c

SHA512
e6b792558b2c4d01e25a6b4c223bff7d67ea2b1939d960eb960d6a04c1fb4ffeca125b1a0f36757b169fd5eb118686fbceab2f30db63e130793d211d4e2b643d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
806eece22bd7e76dd03b00d770175418

SHA1
5d76bede0d82d2548831b5dee6895cbd69b26727

SHA256
a1abf341052645e8a5d48de7f20dd3fa2985abf00133378cb192b75e11c3fb82

SHA512
25218dcd1bd25c0c29f76e2665c53e835dffb10cd35c70f88bd349ea398f22b71c44c776dbc6e44a4a17363e170093d4866d07c7f6546e730c47141a03020008

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.1MB

MD5
8c1ad50277b4ff3e29f343f96de5db59

SHA1
e7388435a3cd7252897d3e4c4340005caf58cc49

SHA256
d2438d1d4ee9751cb25639c9c0c1440409621a6032e1d583f1b2270f45eb59d9

SHA512
9548cf794ee2aceb0293af4d993a7e3b8bbe553eabfee94f5e2c10cc60125dd6b6c9fee403939ef162318f772a035af0844293547b2f2211a9b499346bc111d6

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.0MB

MD5
6272fc97d7a61f0fdae9c2ba688c4a47

SHA1
745e4cfa9056430587ecf69339a21f3cd4042eba

SHA256
31678f500e8e8213218960139ba21758f4592b9544c9b5a0dd443a7f66bab7d6

SHA512
22723e2caca3fc5fc9c7004a7e36335e032c4f478820293b8e59ad1fea9bb87c7f34e626c312d8c2cccf447f549e64bbd058acaec151c58d655b80f06bb96135

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
78944358b09569a326e2d46466961670

SHA1
ef7e8620f34ac8305264831811efd060e1f8d93b

SHA256
ad1f3240ec154f46def076312439cf128e5163ba26113c35b63b19d576416f60

SHA512
6f07989abc69e1b28c5c0e46f766d7f525405adea35ee6e491a71e59586b07b926a4bd090391e191a5d485cc9ef1ff13d0b2adb9cc0e385e24b954730156e356

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
1d5b494dc5b76d68ec2b09e197805480

SHA1
4e1026e7d834ea7a2d1971a86489c7f9813e27b6

SHA256
d69f409c308eec03b18a0d89622583236f216c7bd45c9138e69149fab5d75e0f

SHA512
0649c901f40f3f6232f6cd3b8b9b1d8c3032e3b35d81732ec5ee9d48367c01e67565e73edd5c66b505cfc968fbc0969924e947a00b354318be8e3bb46d0e7722

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.1MB

MD5
4c4aeea5a710c906ba071fdd359eee5b

SHA1
7d9f9f2d98ac7a04cc91c0d7d7d3898c7ed523b8

SHA256
c8ad8f951a01b02e99c4975413739bbbe27cfca56dfd96234eab6278bc4bad41

SHA512
7ea6e92926ea1698f3726ca01f80cf3a7419b52258df3b776610337ce6f17cf61f3aa2a4fe9a41676040da843447b03c32a93011ac3dc33afc89ad19e348d038

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
503fdb9dae5935605414058dbb640339

SHA1
ddf6359299cdef6b1496145b796aa303fdafefa4

SHA256
8313f2f01ca5b89eb53ebee551e8458e0b59faf93de55532997b55b9c8ebb0d2

SHA512
a049f1e3054a04d92310ba83282734212a55f4935ac62cb622d8df9616cce66df9a0e734466afef16bd81ecfd5320dddf8dcfd00f9a03088e9037d185a19ffa1

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.4MB

MD5
11df21bd9b009729f1afd5069e212177

SHA1
685e97bb2bf1534656ff368abbfe338405b5d92f

SHA256
276099e8c93d91642d1c287ecadaa63b35f37c8d8a76900d8952621ef1e45792

SHA512
2c8932290123a5f3e0dee5e2f5ee4a7cc521ca526a893d7fcc7881a2039d1e86cbe174fd5fe5d77e87ea184b14c069077159e04f82256817467ff4b73ea716b8

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.5MB

MD5
06db2f0662c8ae85a2a977ed8220c863

SHA1
7059950ae9cf006e6d334dc5939b6e175deaf400

SHA256
3c3ad80e0cb889a11625c1a51e77d783b1f2b1b90feb5f48bad34cc37c477b31

SHA512
a662e02564b4161fc4310fc352b73b16601821735ebb35d8557c9dbab8a0f4b404a8cb853fb9b3f8dfd53f6a94a63f6e7306b0167517a60fcdd90c10e5d9fd2f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
8366458fbd571ab56d0193139ec6e0e5

SHA1
7b0a7ba64f2d8dec749ff09ef47c154493a463f5

SHA256
f25969b809425085dd327ad8700374b36d244f1ce15b521989a40fe39c448cc2

SHA512
94eadb85487fe3a0505af76a6bcc3622f589809be3adc0f3e5177a3c058b438a5a756b11caf5565af90fb071c9f1fbcfd5d47c2dd91e7fded87b3af317092f3a

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.1MB

MD5
8ba81752999eae03e3b04b488a14b3ee

SHA1
87138631fa07cd4cae008b940c36396e5e9a5a91

SHA256
641bd5c70adb8a0b87f24eed60a6b4824d583164ba8025ddb4d869d939520602

SHA512
c9144cdb01e509a0a02d2953e2d6bfdd0f9660a4f7a5d76e19f7eeb8847a8f94beec040efaece1b7ccd62547c9402c352c6dbe44959f2f87e66b779eb0ec67ce

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.8MB

MD5
fd63e7c5dc3a691697f781982e6e3e94

SHA1
2eb93a3adab0cb7de913c6eafe4cf56c53892d17

SHA256
071da346f100051ac2d418dbae9242c754a22d1c4cd62b8d71d1f33855628963

SHA512
69ffb5a2580a35c8cce9bd44cc4e7a02933feef3d739af1e75480e13b073a61aa47bd0a287b1256da3c1acc803e9ef2129f2e2ff2ebac0bf31971a989c2fce6c

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
43df4cbc221c631878c4d516389cd346

SHA1
2b66f8a8884a5ac51b30cff83e40359b4665a419

SHA256
5179c450ebdcd5c469523c9d0c60837b178d90397c880bf7706251d109565701

SHA512
4a1cd5cedc0e4c67851a166db3d5afea01a312209ee4b3c2ab928668f313e741cae86611a53d763e67b0c2cd26408f3b9121aae3ef06a6c3a6e692b33e5b47c9

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.3MB

MD5
5873a1c6782b7ae58cb6b5d5f6c28b67

SHA1
9c360a026ffd151da00b115ae9449d2211adbc62

SHA256
5873f763a88136228e2550257065c6d9a09386122fb5cdaee3398b095ac7906c

SHA512
65c26c84379e20406ae427b761e8e98182ebed3a424b2f1b4723463012eea3ee84f0e5a465b3871fec70d9ed85b697dff39df8542521d818051b455b69448d14

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.1MB

MD5
39b08c78c97f1c77117f7ae8443eac10

SHA1
f4825f667e262523a09d0900175d08328b5eb70f

SHA256
a83efd912fd20e9574ff97334dce33fc64579c42170b46fae52fe2119c26a097

SHA512
ad9eb75ce37bca70061ae9b422d65c2dce57d225a6d1a66a2c868a970379f32737d77fb0a000bd85e4d9e5b76020d7ef02c55f1bdf79ff4dda381d6e3acdd47c

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
3.0MB

MD5
a16cb6e01180f958e82f433137db980d

SHA1
acc0ae7544d468d4bc444a012c018a98de0e8b41

SHA256
6fa7d9f87a0be398fc8cd465a32a3ad2b18119f2612ee02fbed58d617c300300

SHA512
e99a8aa70619381eab32eac58e13ccdb21c3d521d72eb4a6f050c45e0ef6e8c2eecdb291b150725bcc8e89a47e3e571c076be729252df9faa25a8d0249afd9c9

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
c910e8d96763231b280db52d42d53523

SHA1
cda76095c17075e51b84371ed3108dce237bc499

SHA256
84747ee320df12f8502afc4110c657ff790658c9954b04448d415fc50be8c7b8

SHA512
1f6b17f9687dc6f359ad95c056bf2fbb82d2fee0eff1c1326cd251e7b2df0983c8df4bc67974ecd860a09de6c5b441b493fc7c9e8e8dfb658a5674ee2841e87c

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.4MB

MD5
37c8145e7062fb800089adfedc9138d5

SHA1
56b8b47236c4b5382c9e808ed243b790e01f9aa6

SHA256
c265af5674615a748d23b29e037d9761f5ea50e0023014a00e4802d827dc9f6c

SHA512
a03fe6a76161cd347f212ca6ab7405f5d64eceee4bd378d8951500d8a265a74ed59f04c35d2aa1d77fdb0f379a90fb9fe4f05626afea91d06e8b7a4f7f479208

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.6MB

MD5
18419682dd36b5a3d16bc37a616fb952

SHA1
6d8d33cf462d9d045d99883c637d7402d21a0b9a

SHA256
0cb3b9f6d90b2fc0929906839d74ec53e16814f0d893cb7af0bbd8b830bacf32

SHA512
77703e0c9655f19fed9923fc73307d8bf4a3489249d2aac7b8b43ef34599a0515bd56356dd61836f2f66721e643d0239c811fbfe3fc8f0f802461dfd8c4d26ec

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.8MB

MD5
da58f1df5673a8d1c5070d0f72acf580

SHA1
9478769710af9f6218bdf111d5f64a05e7a77e64

SHA256
55637e3c3bad089257ddaef08b71c1b9098de40199d19a1c66efbd62abe5e9d2

SHA512
ca66235a36ee40f52cffbc0eb5d9f7dfd11bf5d1c7c01b0be11753b48d845b8e9907711571eea140c33577cab9f53a0177b15f41812737fa012e9b902f197554

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.4MB

MD5
334d5879775fb56a304688e3b74d9fa9

SHA1
6feefbcb832d0145a875759166d0a92806b11282

SHA256
7f752171e6d37d0585e264d9912f43c84dddb3349611001b73c4e0abd12937b4

SHA512
16ebd3a93450314eef8c78e3d6a7d7c2c94d6c669d2d13eacfead3e02f7f2d68e28829079b399a0126a494d6719eee95a6f716daeaaef0916b85b17f57e1d6a5

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.2MB

MD5
64da4925b4382115736e7494c1ec0ca3

SHA1
68b4dd71f7ad2dca96e74a2680034584a583800f

SHA256
4dcf272025f360fd0fb28c1eae0fb3414eefcc49e81a9babe4f672eed2124156

SHA512
0cc72debec11dff42e3a93b5d70d28033968ff7ac3c0a50843563fbdd162a4b5b38ea63ab523d8ccc363ee339466ffa483abdab8b35c4657520fa1b0cb8a4128

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.9MB

MD5
b8e097e4c130a6e37b53124f1f7d025a

SHA1
31b3ec4773c2348323348ce10e1f21c762fe6f2f

SHA256
c6cd3c10cba93d794743538318710183919b836a562280cffb072c4453f8440a

SHA512
afdebe7452345d8e53a90a1eb035210642bc61018f2daddfe05bd1e6288f1617d3f4b97b823d9430e4e1e9821f738ee95df22b29a2e7217db51e40458d841118

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.3MB

MD5
8994471354f6e334c56b2576f4c62640

SHA1
0327aa352d045d2fed36f6cc9bf42a6f9a849adb

SHA256
dd4ce5247d2d84cb604f190f33c08fefc6816baa13c786d0d51a1d8dff9c7d3d

SHA512
bc0410c10f6d59d45f773d688faa70947834765065b3424d90b41209990fbcee0a9d7b89d3c31164c6433e5f64a311a58355ee83bf51d6e20a226202a4a8e893

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.4MB

MD5
a9dfe03b641ce868705f15da56b5490e

SHA1
4fd4484c82de09557320ec2a99cbf1be729fcbf2

SHA256
c2bbe876a89d5cc10d79e11fac6b781ee1a198cd7ecc3d366ddb1c08ed84e2e8

SHA512
5f2f658bcc6fc55e82b1871459ff05aaab4e330b535c4c650c24473d4edfe62a5215016c969ce7e13926dfea99e8a4f9c5752c2916d342f9e12fdd2d8a019f5b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.7MB

MD5
163844ab7e9298b9c8e962ddc87ac0d8

SHA1
13a55572b1a17b4fd21298da8ad9bd616b975313

SHA256
13f0158b60dd3a4e745335ad7e3d1c7fc0b8af4fbd75519908590648621a2f5c

SHA512
6d54098dbde8cf442c9feb5e5eba892482855067c5d93aaa46edf1311b3f80cc7a6a4234101e77611c5a80c4321031e12c8983adf432c42d9583b68f0ef3d77c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\VQX1G21I\microsoft.windows[1].xml

Filesize
97B

MD5
52ee1c6559e26fd03cbccc86099ca600

SHA1
bc6db1f8400d7ca286f4ca8a0b143275c8069a9e

SHA256
5f47b322916eda5d167b21b4d238588102e29ec13e4893ec087c70980c2bb350

SHA512
a1530bc0e8a6d8bf4d589c1afa132f824c978cbc3f781d8936ecdd38c5146f5a29c848657c6b89a1095a5376a9fcc07f2b357bbc031961099d8ba3e9664a58bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133881735144102658.txt

Filesize
14KB

MD5
b9a3570135c6cdac61e23a655424bb81

SHA1
b25c823b867b820fa34e0d61892c99af1b3db241

SHA256
e193af6a87eea12acbb0e56ca2c4e0b078e4c775d8b0f46c327eeb0ce00ce2e6

SHA512
73f70af649bf07c3c9c9298c78f8fc1168be976af14b7e381ccf33fef36cfc4809becb8d2c7ecb5ea8d198f7bdf1c2f30ed1c800df4086099215c8ade7d86ca0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

Filesize
12KB

MD5
5f7c7fbb4cbdf6a85a1198a1df3b1b79

SHA1
6e8df51d4bc9f79bac760aa2e93eefb0c3fb1cd4

SHA256
ca7e7d040ee35462f6505248589c5a7836ca99eea3fc2b3e0ea92877cf779b08

SHA512
3c99a5e9ee20b6409eb4366eb120ca1d3f19ac1f397aa2af992388566058d83356eb4b98be88aa563d0e523789f6a2b7f1a02b84b82329c1afb3dc4e2da9836e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

Filesize
10KB

MD5
d49bcc9649344caa4d03129d7a6073f6

SHA1
41b30af112a185d8d39eb670a95b268233f3e628

SHA256
7acd4131590ea8054ea495d0ba5e0dd6716cdd9c9c08e8e5d2de68af78b6f806

SHA512
788cd13558326370796c8601b60118574846203108edfc60e916e0fac3eaece7e47d43c32b6b21539526fb04e150ee14aad818323dc9e68d5c804a99f88c53b1

Download Submit
C:\WINDOWS\FONTS\ANTQUAB.TTF

Filesize
2.1MB

MD5
37dd6211b7eba20a2b3612b9522d66fd

SHA1
8b49fbc45a84a3aa5fbca09aa255a7a6e5f4dfa0

SHA256
2fa707be0966cdf1748be1139aab775707a34ddea4a079e70c37daf957c3a5ed

SHA512
a8a102c4180fd8efafabd2138f01864ea8ae076d93640f458ef8456ec97d780255c8cdbd3dd8abd82a9852c70fb2de10f8f282ce74efac5c41595dee5e97e9db

Download Submit
C:\WINDOWS\FONTS\ANTQUAI.TTF

Filesize
2.9MB

MD5
55016ba7321369213d04f6135e2e5abd

SHA1
4fa4f717928755aae245a8b9b29ff2aad0e4004b

SHA256
398cd31909dd2529605ec955928d0d855a5059f4114bba4c16c70ba37a47d8d5

SHA512
c7218729cbbd4b183639c832fcbdda7259b2dad824645b803392a0d3d7410f046d10f273468f5f9fa8af12376d1cfd925b6f5e83d5c7278f5a65f0d53616df60

Download Submit
memory/3384-5803-0x000002ED832C0000-0x000002ED832E0000-memory.dmp

Filesize
128KB

Download
memory/3384-5839-0x000002ED835C0000-0x000002ED835E0000-memory.dmp

Filesize
128KB

Download
memory/3384-5811-0x000002ED83280000-0x000002ED832A0000-memory.dmp

Filesize
128KB

Download
memory/3384-5812-0x000002ED83620000-0x000002ED83640000-memory.dmp

Filesize
128KB

Download
memory/3984-5871-0x000001BCC0080000-0x000001BCC00A0000-memory.dmp

Filesize
128KB

Download
memory/3984-5893-0x000001BCC0450000-0x000001BCC0470000-memory.dmp

Filesize
128KB

Download
memory/3984-5882-0x000001BCC0040000-0x000001BCC0060000-memory.dmp

Filesize
128KB

Download
memory/3984-5866-0x000001B4BD5A0000-0x000001B4BD6A0000-memory.dmp

Filesize
1024KB

Download
memory/3984-5867-0x000001B4BD5A0000-0x000001B4BD6A0000-memory.dmp

Filesize
1024KB

Download