6e726499719a288935470dcc08a8e5d93a04a9e32b3a36b316dc8c4f3601f768

Resubmissions

11/04/2025, 08:56

250411-kv4dzavnt6 8

11/04/2025, 08:52

250411-ks623st1bv 3

11/04/2025, 08:49

250411-kqzvzsvmy6 8

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fancom BV Quotation Request - RFQ#040925AL.msg
Size

164KB
MD5

ed0adbce8cda89e8cead045640a3c348
SHA1

2c469543f37918d3c9484594fa3f42b1dd14fe15
SHA256

6e726499719a288935470dcc08a8e5d93a04a9e32b3a36b316dc8c4f3601f768
SHA512

cc859f42de939d1a1c531f816a7b676554ff011b167405732798af6890bf2d43d55e28fcc132a873f2df40f8062b7e2a9d040d4c4f627478b934d9741c4a48b0
SSDEEP

3072:fFZB9PfQCTCC/4Qiqk6ggFZ4+U6g2FZ4nw71:fFtdT4QiqDggZ4cgCZ4

Score

8^/10

microsoft discovery phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
233	400	chrome.exe

Executes dropped EXE 3 IoCs

pid	Process
4040	msg-viewer.exe
5424	msg-viewer.tmp
5784	MSGViewer.exe

Loads dropped DLL 2 IoCs

pid	Process
5424	msg-viewer.tmp
2324	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
65	400	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\SysTools MSG Viewer\XML\is-GSBJF.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-HFC7C.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\log4net.dll	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\SysTools.SearchUI.dll	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-SBHS6.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-JHK3G.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-MQTAB.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\en-US\is-F3BHD.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-4THOV.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-F2QEH.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-DKLTV.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-IM7T8.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Icons\is-TQ2N1.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-PS1HL.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-QNN36.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-68RDQ.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-VSOBB.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Microsoft.mshtml.dll	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-Q63VI.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-MOFJQ.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-DBMUV.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-FGGDT.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-4764N.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-I9KFL.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-KGG8E.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-9B4VT.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\MSGReader.dll	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Icons\is-4H971.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Icons\Archiving.pptx	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-JR67C.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Images\ThunderBird_24.png	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Itenso.Sys.dll	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\MailBee.NET.dll	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\SysFramework.dll	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-MVJTJ.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Icons\is-IJMS7.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Icons\Archiving.jpg	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-JC3C9.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Images\EDBToMBOX.ico	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Images\email-examiner-archive.ico	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-R4TLM.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-ROV0F.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-LG31V.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Icons\Archiving.ics	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Images\bat.ico	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-2B23K.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-VSABR.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Images\olm.ico	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-9UF28.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Icons\is-NUIQH.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Icons\Archiving.nsf	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Images\is-ABUN1.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Be.Windows.Forms.HexBox.dll	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\DevComponents.DotNetBar2.dll	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-922TM.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Setup Log 2025-04-11 #001.txt	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-E8EED.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-6O016.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\Icons\Archiving.html	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Icons\is-U1PQR.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\XML\is-CTJVS.tmp	msg-viewer.tmp
File opened for modification	C:\Program Files\SysTools MSG Viewer\AxInterop.AcroPDFLib.dll	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\is-F4TIE.tmp	msg-viewer.tmp
File created	C:\Program Files\SysTools MSG Viewer\Icons\is-U8T8U.tmp	msg-viewer.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msg-viewer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msg-viewer.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ = "_DFramerCtlEvents"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{36F9448D-A1D9-4E30-95F7-D586527043E3}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl\ = "DSO ActiveX Document Framer Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\0\win32\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools MSG Viewer\\dsoframer.ocx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\DataFormats\GetSet	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ = "_DFramerCtlEvents"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\Control	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	msg-viewer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ProgID\ = "DSOFramer.FramerControl"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\DataFormats\GetSet\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ = "_FramerControl"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11d5-B7C8-B8269041DD57}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\Content Type = "message/rfc822"	msg-viewer.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ = "DSO Framer Control Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ = "_FramerControl"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\ToolboxBitmap32\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools MSG Viewer\\dsoframer.ocx,102"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\MiscStatus	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\DataFormats	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\HELPDIR\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools MSG Viewer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\ = "{00460180-9E5E-11D5-B7C8-B8269041DD57}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\MiscStatus\ = "131473"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSOFramer.FramerControl\CLSID\ = "{00460182-9E5E-11d5-B7C8-B8269041DD57}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\ = "DSO ActiveX Document Framer Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\FLAGS\ = "2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	MSGViewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	MSGViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00460180-9E5E-11D5-B7C8-B8269041DD57}\1.3\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460181-9E5E-11D5-B7C8-B8269041DD57}\TypeLib\Version = "1.3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00460185-9E5E-11D5-B7C8-B8269041DD57}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\InprocServer32\ = "C:\\Program Files\\Common Files\\CDTPL\\SysTools MSG Viewer\\dsoframer.ocx"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
5784	MSGViewer.exe
5784	MSGViewer.exe
5784	MSGViewer.exe
3140	chrome.exe
3140	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2416	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
5424	msg-viewer.tmp
2112	msedge.exe
2112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
5784	MSGViewer.exe
5784	MSGViewer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 5168	4512	chrome.exe	86
PID 4512 wrote to memory of 5168	4512	chrome.exe	86
PID 4512 wrote to memory of 400	4512	chrome.exe	87
PID 4512 wrote to memory of 400	4512	chrome.exe	87
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 5132	4512	chrome.exe	88
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89
PID 4512 wrote to memory of 3788	4512	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Fancom BV Quotation Request - RFQ#040925AL.msg"
1⤵
PID:3704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x84,0x7c,0x80,0x78,0xe4,0x7ffbc546dcf8,0x7ffbc546dd04,0x7ffbc546dd10
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1560,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Detected potential entity reuse from brand MICROSOFT.
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1988,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4312,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4324 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4744,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5328,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3400,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=224 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3488,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3892,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4408,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5744,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3376,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4368,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3348,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5908,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4652,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4596,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5828,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5844,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6088,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6056,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6804,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6792 /prefetch:8
  2⤵
  PID:4544
- C:\Users\Admin\Downloads\msg-viewer.exe
  "C:\Users\Admin\Downloads\msg-viewer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4040
- - C:\Users\Admin\AppData\Local\Temp\is-6I8AU.tmp\msg-viewer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-6I8AU.tmp\msg-viewer.tmp" /SL5="$501D8,19902898,53248,C:\Users\Admin\Downloads\msg-viewer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    PID:5424
  - - C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CDTPL\SysTools MSG Viewer\dsoframer.ocx"
      4⤵
      PID:5864
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\Common Files\CDTPL\SysTools MSG Viewer\dsoframer.ocx"
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://license.systoolssoftware.org/Thankyou.aspx?ID=316
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:2112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffba3a3f208,0x7ffba3a3f214,0x7ffba3a3f220
        5⤵
        
        PID:2584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1756,i,4760895193108780711,11173277465283083275,262144 --variations-seed-version --mojo-platform-channel-handle=2448 /prefetch:3
        5⤵
        
        PID:3720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2380,i,4760895193108780711,11173277465283083275,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:2
        5⤵
        
        PID:3156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2208,i,4760895193108780711,11173277465283083275,262144 --variations-seed-version --mojo-platform-channel-handle=2452 /prefetch:8
        5⤵
        
        PID:4140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,4760895193108780711,11173277465283083275,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1
        5⤵
        
        PID:1492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,4760895193108780711,11173277465283083275,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
        5⤵
        
        PID:8
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        
        PID:780
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffba3a3f208,0x7ffba3a3f214,0x7ffba3a3f220
        6⤵
        
        PID:2052
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
        6⤵
        
        PID:4880
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
        6⤵
        
        PID:4508
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2536,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:8
        6⤵
        
        PID:4584
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4276,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
        6⤵
        
        PID:4752
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4276,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
        6⤵
        
        PID:4948
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4564,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=4596 /prefetch:8
        6⤵
        
        PID:5508
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:8
        6⤵
        
        PID:6040
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4376,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:8
        6⤵
        
        PID:2160
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,12138443192290247310,7627753545768896105,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:8
        6⤵
        
        PID:4900
  - - C:\Program Files\SysTools MSG Viewer\MSGViewer.exe
      "C:\Program Files\SysTools MSG Viewer\MSGViewer.exe"
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6588,i,4645880797516256106,4386547825877351676,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3176

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x504
1⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2460

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\CDTPL\SysTools MSG Viewer\dsoframer.ocx

Filesize
99KB

MD5
efa590365ec1fb105d595e06ff29046c

SHA1
7fad7c762ea3639d6d8ec415274a4ce193b257f4

SHA256
4a089b681be0dd93ff1c193df9086d511a38bf8602ba658b39b5689f6fa3890f

SHA512
458ca9a8fe1d03ac87720b57447e23217626791a05c95dc4d2cb0f636a615e5da131c10a878326e8ab0f8933d91ddf5b61729d8eb07f4729a40795d93c5694a2

Download Submit
C:\Program Files\SysTools MSG Viewer\Error Warning.log

Filesize
863B

MD5
e19ff32f9d9ba491a67baa3ef5abd7ea

SHA1
32709b0b682e8b31a6302525bf94edea4e4e91fc

SHA256
31735e1647895f4126f68e63a6a14d87df25c0e8a477fbcd9baa432f39230c21

SHA512
d24fb1ed498d48935837c72c73cf79b596f2a8afc8d482a368329a4db713cd8f5df47ec4b640b480bc936d4ffc848added3ba86e6560caf51e60886ce9f7b090

Download Submit
C:\Program Files\SysTools MSG Viewer\Images\Copy of Attachment.png

Filesize
314B

MD5
8c9d30d3fd93e8d163d79069723a32f2

SHA1
0e1fa1540b1007d162e647a0d2158879915251d2

SHA256
13e2f3c60d25bac7a8055b039fc0c2c8fa8535137be79c2ae427adf6276cf4a3

SHA512
99d5169285aca99426ef9d6e120e0da497b5410dff7b8d3b914c3e6b20f78e7ad5a0a7eeca893337358e85b53f7b12ba4ee22e04e4b00c0105fe26bab58e74b5

Download Submit
C:\Program Files\SysTools MSG Viewer\Images\Copy of access.ico

Filesize
2KB

MD5
420232302e8a5dced91d5030abcf52a0

SHA1
13368de793924f91a6b2346b6bcd68007240c54a

SHA256
b511c68e248e35849203731711edbdbdb3e8e2cae04f5e54cfa2954ada08e5bc

SHA512
843175efcefe2b031beac619b461bc9fadc76d08f2640fee56c3a19b2e4476ff3a874d455e1f962fa3287e4b89e385960e2ec5e2b241edf3f5af4e725d4108fd

Download Submit
C:\Program Files\SysTools MSG Viewer\Images\Copy of aol.ico

Filesize
1KB

MD5
25ab073d3ee04ac5b71176389835a5bb

SHA1
3ee773ac9e6a9fdc57db713728eb73358edf1c87

SHA256
32908e285dc5a77f1438d496646c7dc2d732f1cd0161ccc230f43753ae343828

SHA512
f0a328370f8d350c97876cc20a411f83dbed4a909c89c1e145263175b94ee25182dcca7fc575889a2bdbba85831d6f46979e4ae9ff602ba597be5e3bdb38a2c0

Download Submit
C:\Program Files\SysTools MSG Viewer\Images\Copy of auto-detect-mail.ico

Filesize
2KB

MD5
2e01c0fd167a200c04ef9ae9520d3c3c

SHA1
79566dc754627ae07863654c5c21716765e47ef1

SHA256
810ccde0b55027c657dfdb47220135400f55224211aca3f2974f1a04a8dc610d

SHA512
bf0f9b47e3395daa0352f60be3506108d3868321e25fee057ed82fc451c37072d768be47966b4af0d9faa553ab838aa4a98247a619e5200d6d3153a6bf4f9af3

Download Submit
C:\Program Files\SysTools MSG Viewer\MSGViewer.exe

Filesize
89KB

MD5
ad3844bb61f17b1a8aabe7e7e3ff6973

SHA1
13deb46b69e7d16a76b77c3ab0287d64e48a1701

SHA256
98261cdfe75716b5825105a26ee437b86bc9cb2da55ac5a20246bdbe7346dc25

SHA512
c38c80f57fa644d737139ae17800688c9dbd060f510cf45e5d3c90b7041f06ae75732130176b07ac94a5285e4797f1bfa1dc1a1b82b32ba8235d96f33e738604

Download Submit
C:\Program Files\SysTools MSG Viewer\MSGViewer.exe.config

Filesize
3KB

MD5
ec84f389dff678f21aa2ddd5ecf4bf84

SHA1
97f3299f0977bf76004e17f9f9b177ffabc4e80b

SHA256
299c8988f8cf91622d75ad21c4f94aee65096ce2a86b8caaaa36df9bbadd6ddd

SHA512
798794a0d56b5b4a3494b3e095e8eb8392ba1a8aefe12c3b274e74e21f2404e9d906bb6e02c6e04487b5b9aec10d9f5be5b3a8bb5239502f6b53830a63fbf287

Download Submit
C:\Program Files\SysTools MSG Viewer\MSGViewer.exe.config

Filesize
5KB

MD5
66151894bb199e4f00c2690fbba96e1d

SHA1
c2755b73515404e8f3cb22107d9b117defe6c887

SHA256
0c4aadad81bac02d82b226c8316a186d3b154934e454fc3b6c928b57ce1be5f1

SHA512
3bff0184994cba5b57ce91c87fee89a27780dc69f02b0e95289e874d09a9ea99f0d4e7028416ad6be283d942bcb3ba266580176809fa3045862d502c8ffd965d

Download Submit
C:\Program Files\SysTools MSG Viewer\MailExaminerCommon.dll

Filesize
46KB

MD5
25573a01c469e1a70e908fb04529f980

SHA1
f828bee374c1cead0e4c6a9c34ba28f980969ae7

SHA256
ec51935d03d70d373b42ae95b177957b58d1b4d997fffd709c1f9dfa9cb5cbfe

SHA512
c61788e60860ca18ae2fa95b82f2bb6ddaec3d767b75d508eb17434649ed53e12bd06eb00fa252da7dd0ea6f879364e6b4d7258e4d982592531881a4272c06ee

Download Submit
C:\Program Files\SysTools MSG Viewer\OutlookComponent.dll

Filesize
3.1MB

MD5
32bb6d66fcf5d1210f80bf1a99caa1b6

SHA1
67f2341ada6ec526e9c52d0ec63b95e62e845bde

SHA256
dfd62a8cd16b4b58e9b1d408d7c98d3a00551133c45db4c7763e6e1a51576d84

SHA512
c4c7f1b086afe9911f68d336b02e3777dbc4526a187992870999659b2f02dd38bdd9510ac8ec84523968c11e71caa2def76d356d66aa5526b4c86a9eed8bc7d4

Download Submit
C:\Program Files\SysTools MSG Viewer\Reader.dll

Filesize
21KB

MD5
b37a0f12470705bf04c3f2ed74954f04

SHA1
308b8f3fba81b0fe9f454bfd288f4dfe60afe72b

SHA256
80be342de4a1940421ddc0ba5858060434b6a6cab13c16ffc9d5015523e2d5e1

SHA512
b80a483b6463e9f01081bec9664087135380518c7054b42379d69743de38a75e9fa61bc1884b428dcf15fa487b605adbd3469b0821fc582f9334c0df6cdbb771

Download Submit
C:\Program Files\SysTools MSG Viewer\Reader2.dll

Filesize
22KB

MD5
e10dfa1ef5457cd33b1b7e6b57b478d5

SHA1
9fb1c2900c7b317eef04bf452db47c7d0b9c511d

SHA256
0e1dae7a0622a53196f52014218f3af76e587a222c6883248da81a329cec3d8c

SHA512
bd3811e3d193075aa9fa678baffda3cbd24fe780b8b4aa62d2e679c95666bff9c1000d003d033100e771bef254980396db1bb89660fe7f485ddb420b67cff593

Download Submit
C:\Program Files\SysTools MSG Viewer\SYSLocalLibrary.dll

Filesize
22KB

MD5
b74341d5df8d8319c46c231aeda1b389

SHA1
148d926f65e79c102bd7b6021a1c4524f08a6d7c

SHA256
c3d59c263c997d5dc29e706dd54c843e6de5218e5cdd0292f8b366ba6ebc42ab

SHA512
adf9f1aaaa1e6a2d7daf600f46a7443f7d8a2de6c108551c9dfa8d31f33338a6e0e41be1e7adb3368a9999a5418ea64f793b1807fa87d9d3c0a7d27198de7e67

Download Submit
C:\Program Files\SysTools MSG Viewer\SysExceptionHolder.dll

Filesize
23KB

MD5
2df57c5f09e24f75df3269162b2fe8c1

SHA1
3b85d2c87d940d928a6ee504d62a03de52b132ed

SHA256
436a5df77f16a7c903bdf738fae1dc97e714eb0398ed5b6bfd7a21566eb442fe

SHA512
2c99644e153399de6f7702f2e6ddc8f892b515121ae1a23517794d334184a89727665778af99f0f654d4038a43fd44c5878ecf905dc1cea21abd3dad36ab0ba2

Download Submit
C:\Program Files\SysTools MSG Viewer\SysFramework.dll

Filesize
1.1MB

MD5
c5327acfefebb043d9814cc9589dd4ad

SHA1
9130773f04486a5414d417bcd8e051fae8f6e6b3

SHA256
cf9abf602b6b1370c7fad618769c9d8092599d4266c3c0cceb92b9366272dbb8

SHA512
4c3143f9eb0f76bfe0a698ea60c458bd754f7e3e8e00ee1a45016c2ae9d47867c4e7a53f94d78906cafe601a87424688bf21ccc22efd5065bd1c508d3f1e6e22

Download Submit
C:\Program Files\SysTools MSG Viewer\SysMVPCommon.dll

Filesize
85KB

MD5
7d9d0e29a7703f92fb6d4a3c5e0a7bb4

SHA1
389850fb6f99721c847d4d5f9ffeca9e3f4b13ed

SHA256
b8b913f4b0ef9d1397ce415a2f228c9b934a469e58bd59c85b5d5c97ec01bc38

SHA512
b77d73640682fee127508eb2adbded1af032f8688a939a0f3c6921f543208db077e7af0166fee3cffe8cfb75a1acdd1318d196ce6ff4d044eff78a33457f1c40

Download Submit
C:\Program Files\SysTools MSG Viewer\SysMessagingPreviewList.dll

Filesize
652KB

MD5
388f7decfabda6367598cc88e2731ff5

SHA1
e0a9da1191679745b5ad087f342d8f0ef34f3d4f

SHA256
4af9e8d0cc94b2a973590c30c901598487cb949eb92f5769a5614bc59fff8d25

SHA512
e1a9ae28515071fcac0949ecfa94bd757d892bcdc926fac3fb0e9dfbbd2a9210dbb5f9815d69f0ccae294adf199d4ba4ad42aa11033bb216ac8c89227d0d2202

Download Submit
C:\Program Files\SysTools MSG Viewer\SysWriterCommon.dll

Filesize
26KB

MD5
f8d0c13cb6641ee929692cb5f9268b68

SHA1
2c5e026577c980059bb900d7d6507ce8f16397f2

SHA256
b409938577a1a6c06857560e31582ed16c2f87628095f5c703ef659efcf707f4

SHA512
fd0ced601a04a23f18bfa87f9600afad6c7ad3f5bfeb69acc0804331ab10300de8554448ef243eb360de825171f892c41225da8c24a6c762db96a79130a2dbcc

Download Submit
C:\Program Files\SysTools MSG Viewer\en-US\OutlookComponent.resources.dll

Filesize
131KB

MD5
5901d17adf3e877ac6f492949fc1a5e3

SHA1
3e0946e425f9421171ca8c45985415b0bf215916

SHA256
7642218e032f1d1c56547e48baa69c543ba10f7e6e809d82e91bce41a38a1f95

SHA512
220722ba680f447c6ba1218540028053f8cbda46dd5f2fb46ea6dcaaa478e883738bf6cf24d83c8ae98d49a5801144674cf1fd4fee68fb086809efc9f3924389

Download Submit
C:\Program Files\SysTools MSG Viewer\is-CP7A8.tmp

Filesize
28KB

MD5
c7cd65cfed63dea155bd251c6443e80c

SHA1
eeafa0f3900923a65d8cb242bc1b2ea3ce98eb41

SHA256
8ab9b0f12296242d0e09d377e711ba3a5f10dca81dd6aeea606d2fee2f31372c

SHA512
268136fd79de7ebc49dcb6dfe2cc3e14994af5ebb2c3662f0419ea27db57fe959bc0e66335a7718380580fdeef97d811738401d292995765b79f20910cbf599a

Download Submit
C:\Program Files\SysTools MSG Viewer\is-L698P.tmp

Filesize
26KB

MD5
39312ae5528415e91dd27bd31bd8b8ec

SHA1
7e12addfbf589c873a662089435df64ba8ed5a53

SHA256
506beeb122803571f56dab73ee40ae4ba25ca38a8ad61f9b025be67836adcd9b

SHA512
86a816d19d33036bee0fb8f8a4a4dd043a0a1284e3405b139597e5378b175a396efe88028b542537d618e3aad33feb3ba70b98e44316665f8390fa47d4a4af44

Download Submit
C:\Program Files\SysTools MSG Viewer\log4net.dll

Filesize
252KB

MD5
f0d06bbeb3b0b8d07bb9bb5a20e6a88e

SHA1
395027f213cf8727d8c7d2f2f0215432849f174b

SHA256
e992bd921035e732d86debb148344223ea174d3acb29fa54e8147272b7165d56

SHA512
5d30a601f98ab3252e89ec4d441a399e3664e72489b18f9dac25064fce5b6a81a048e8f370bfde2e92655d6652459af0ed6f2d15c39a5e129210301e5f339e2f

Download Submit
C:\Program Files\SysTools MSG Viewer\zn5fk1vd.newcfg

Filesize
5KB

MD5
130922bc68feeeb89b4c4a5f9587e419

SHA1
7876d74d29c87628182a8c07c6324b5011686258

SHA256
da374d982d9f96b40e489eeef1f5063497b5a670ba57c81b3b45d75bf5d729d3

SHA512
18942d3e8b811082343d859c069d0e1b2aa6f77d4407e1d51a4d70841c0acd31d330bba8403a24ae18290fb59a19e706641ccbeb2740cce5934e27bd0bc90390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
ab41441bfdb58992b7f6c19de1dd7a50

SHA1
c6e169f4c233efa974a05dc1392b8befdfbc8397

SHA256
b541fca1feff2bd02715a9c033467f00b315fb4b5f82dec0bed2b0f7e5bd1272

SHA512
b73d06930bb54cf555466118b2fecf904e36c29f372adc041db2b8582145186b62211415bf48523b1d1428824886c9cf5e45869706a613bea212ac65b6ab41dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
77KB

MD5
b1622ddc41ea4303620fccb98b6e3e73

SHA1
e2bed5b96153884f6b36b17e5ec59d233caed5e5

SHA256
bd2094a23536796efd75b2de6e95f7d5e67cb8956e5d5a76bc2283e7b48687de

SHA512
c5b05d5d8bf10ecdecbfe730e871946d6d4bc02e536ae9b0653f0b47ba118372d5794ed3e938879cfe1de5101709ec597d9e26d8b68fde19e6712b410c929550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
185KB

MD5
6500b18cd1775d19cac40853fad89014

SHA1
9e4163f6513173dfa5bf874956b7f309ed9ef35a

SHA256
2e84c88ac7b8acf33de0e470e1630d06bfec26747eaba57c1ad009655c517d23

SHA512
bb062d6e79c53b9a84b4097aa44767c5274d3d30d43b854f410b27742eea58dce6e8a50a611aa8bb518c193d2e1881a8707055b1c18bd86968e56c8848e24b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b2cf865a087763f66df457a3c0965bce

SHA1
3334e1febc4049ac6625508e9e62feedec373a08

SHA256
bdf265f00f439445c640a3ab2c90eefabfa83afea49cdc00699159ccc73fcf03

SHA512
b962251b1934114650734d0c0ee425f3e9a172fe045e1df24dee55fbc944046fc47fc41303e7996e808e40ec94dc4cc2b85d4b0627fc2fd5fa4f151c96664084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.systoolsgroup.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
3bf9279347f3134df503f154339233ca

SHA1
d3439bd2288dbc6a28ab4477eb0602d2a71ddd7a

SHA256
ba500fb1778c2747f5e4411e1ec30afd9fb07012d02de13a1cc78fbbd944676a

SHA512
c9991c466f48ab37c0d686721721f71c1a83a96e935ae83ddc6330d10ee79ae91c2a807fe897e807569c09d8dc15894a5a96e5255b2bb45baf03521478252a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
72b28489f37315c484da46bbebaefb66

SHA1
a99db6280628fbc3850b3f77e976a026a458c3a2

SHA256
7355eb9b86176109d12f12b69801a0592a14d6f279e1cec01e2dd8b88018b2a4

SHA512
40258e864a6ca887ef1782b280efe3785074afc8dc2c395b48fb65506d4017f0a815905a0fb7384a391a895ed69a728746e4bfe32e80ee80736acdaaeb267d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bc7082396c0e1d3625bec46ed3199dc4

SHA1
08d18bf13564dd0e37328f885c7c812b9374373a

SHA256
6479660b1f25fd07842b187507280fb4a94b172f1a0264096bbb41a8d15cde8e

SHA512
504c66b7e1b1091589146ef15ea51e144a1e1aec921112d419f0bb6d3180ec50f1a1e7a7d24937532979123d298921ff9922ac0b577724d475edf9168855c3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99aa8886d99ff6b25efcde45a2b13b81

SHA1
30898ce0b81f856ae183d06dc970b7b77e47668f

SHA256
4949a637156d6bbf60b80d641959aa44c4020dc124a4bdd9a73894c0a5efa165

SHA512
17720e3440d87c82c9aa66ecc470f180c31afce1c25b5a5dc35115e23b89260a22db8af448b5cee12ed7a64f54af3466fb3caa4e44af03582c4f158c24d08db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7eff0a810081809ff161a70e6940281a

SHA1
b33e553e67eea657f36815691ae50c093072fbea

SHA256
802c42ee255b5ed00cc0999be5c56b88b12350d946bf296d94b0848e75cc1e14

SHA512
441590d528ca13cd9d6de2de886731d7cc50bf8002f22708873a27492642e2c3b2237f04fb288b9f8928671bd0b8260d57770fa031b9c15d4e7d48376df91dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f62d8a830e90c661844182a9597ba1e3

SHA1
f6948dc4ff5eddcc82e4a5b76a782ce7a1fec646

SHA256
f818248fa2da215edc3ee7fef3bb033641b04665c816b945fa2311f31dc0bafa

SHA512
b8abcc41a6aaef5200086db48e4af1cc763d59ab42fc9dc8484adc259506005a8bd2a3ecd8f2f7f91361b65a776be7537ef81cdd27dc392ef909f01bfa0806af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf3947fc99d324e59e2f88d91dcbbaac

SHA1
1b56eeb2ce75194633773c113a24534fbd95f49d

SHA256
02ce10331193bbe759cf9ab1674fedc9729f2f0ea66359aa4efdcc1a482534d5

SHA512
20e96504bf19bd60933d23a1c62cc9f8dbb62745d699506f47a9f144ea6cb1e844255ba39c4fd474bb9adf9a18f1f90b08fe49eea7bc384dbb64ba7f8b0c4027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec60efd470fa1b2f3ba67fddcb542b78

SHA1
85757c103758f3b29c6bc05d41a47bd188d960e7

SHA256
9fe098feb62f68801a26a619e2d553c36e5cc750651736c28f46a562b2f6d153

SHA512
74020b2b4d06115ce146d09c6508bc8d35bccad6d97a958c77e8b421a68b7f64cc8c55b8175eb2c5f7742abd2a205ea45d07d581375c4c46a55c6e706f8ccf7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c4baf31c940871738ec27ae1bc498d15

SHA1
08f0f861a9449e93cbc449f4806f658d3906cdd2

SHA256
0d537296c617453354a9c56955a187b4e642784aed87899cb70c461376bc683a

SHA512
aae31fad9d9c16978c6ccace6d78a1ade0af46dce24dd275ba793ef302949d661de2038d0255c087ea9793768c675733f2402b280e00c2f32af12edf03f6209b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\172d734ffac190c5354349731e637fc68f17b437\653e44ed-e024-47e1-953c-40b4dbbc88c1\index-dir\the-real-index

Filesize
96B

MD5
0eb0128ed0c0f70f32e059db8805811a

SHA1
0f117cd96e9ba58ed80743b504aec1477c5a4ebe

SHA256
7575a85082a8066d1269da4b21b898308fb9f7bf9fb17a72fe310454e019de7d

SHA512
88c8faf386f509b51d6d99b4845c04ece77767ef319dd73feda1d3a9b3e96a8813de8259b50e7c28051e72aec06b3ca4efd08654147975b4efd5919c26b3bd46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\172d734ffac190c5354349731e637fc68f17b437\653e44ed-e024-47e1-953c-40b4dbbc88c1\index-dir\the-real-index~RFe58d1d2.TMP

Filesize
48B

MD5
7160090d860e430cd15b6bceab549b01

SHA1
5f773542bc8d1f974630e6e1ae3d8438d264cfe8

SHA256
b859340ba75947c69c1abf046239f3deab89e351fa98e1de7b33141be156e6c1

SHA512
61cc4729cb1ff92303f11b2770212ccadbb5ccd7ebc40510ac9d5cc0470512d5f97ec955225d1c2014dc69909ce7fc03a57b20a0eed9836240fc6e9638cdc1aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\172d734ffac190c5354349731e637fc68f17b437\9f14b24d-8753-4362-af61-6106edc0ffcd\index-dir\the-real-index

Filesize
72B

MD5
f5be8de710544cbe884dbbeeebe79e4d

SHA1
be6811cbdc961c3cd735f0244b1f841318ae696f

SHA256
42b7a9b6f6fcdd89756443bd0f4cafd134301a10a8f5283b6820a0f65e19b4e3

SHA512
7e5863dd651d931ba56a9672491d80f2ab5ececfa1da6dcd73b413635d935921cf085d5ef16fb6ee907525dcf31e8135f9771efe79e80a65ff65091f37e70e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\172d734ffac190c5354349731e637fc68f17b437\9f14b24d-8753-4362-af61-6106edc0ffcd\index-dir\the-real-index~RFe58c966.TMP

Filesize
48B

MD5
cb4b8850b7053c83feb4e71e994e7074

SHA1
146e1b8f077ec998f9acbf4fc8e38dccad3855fe

SHA256
5d1406b37f9d1077dd7f213c16f8b1df40f646cf57552bcaa870ea9b99f91f65

SHA512
ff434741dec84ec91668c4fe583b86d1d9c14223c32358c411cfa36eebbee40f08a61ffafb826a90038aedbb63613d06ff433b1bcb25cb7818a70ec7a40023d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\172d734ffac190c5354349731e637fc68f17b437\index.txt

Filesize
212B

MD5
9782590497112c17482a8a23fbf71ccf

SHA1
78530e14a03c2dd586310643bd3cd5dd72f2dde3

SHA256
0655de16943a31fd7d230ee43f0f6cffca96b698b3be23db5567a1bc07c006b6

SHA512
52848baac0624ff44da0502056472de8691e1ea37fd5b9036142851deff3ec510088a6e4b978ad227cf085b58679ddc30940b46768b999f29450f8726937470f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\172d734ffac190c5354349731e637fc68f17b437\index.txt

Filesize
201B

MD5
aa3043d668f47ae62e6f7d9af342f343

SHA1
4e44388a5fc552c55506d8de90cbb24ffaa55396

SHA256
b77133b94b239946cb27c170ee9eb2e817931e8a2ab6b0d07490e33fdb4d892c

SHA512
407fffe66d5e7f602e1d2aee3de09de2f8cc3f38680385fb87c2baa2b6138010d8e7b8481ba1ed651ac2a5123fa15a7b1601cd54d0e7e4ad6566a12db88c73b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\172d734ffac190c5354349731e637fc68f17b437\index.txt~RFe587952.TMP

Filesize
142B

MD5
7c7467a6c22ae6c3d7351e1f27a89764

SHA1
ee1f9980d8fdbff1a96add1ae6f20fb554323e34

SHA256
5c45973a4920a12f81a7df67aaf01c1de81d942dc4a53a49eb1cf5ee0fbfb2d6

SHA512
c3a3a63d8f7bd9094571304110156a19b700aff683f5ad2e07c7ab96244572bdd8acf002439e7af9dbd1e09410c87cb50184dc60fd0882fab40891e4b059a9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d2711509c7e679f4ccd4d87aa090d6a2

SHA1
a99c7960fae63aa113bf888966f11a42ffe72b91

SHA256
60c2e9b4ba6503967a4f473e85d59252d9fa325f27aa3fb71a0b948afe6ea15d

SHA512
f1b88ab5ae594c319242fcf0794b60e5cb804ee178e6ea04b86af205047d8df058fe5ffc9ee4446e24daead8a6dd926cc58bbc6e811dd1de9d77b6d505237f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
bbd4c6431c30215275159a63b8c4d37b

SHA1
9530724fa54a727268f8952a8e24bd1174c9618f

SHA256
12283eaa9993d0554f77cb8b325eec4bb7be4f93f3686f31b97d25d54ced57bb

SHA512
63090beabd8ec7758302db332598552c3f1e7fb43af1822a428d5328caf5c57aefc6aa3f3adfc212389f6b728b25165f70d5e8876ec18b3b9f0eb40312d66d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e3a9.TMP

Filesize
48B

MD5
5ad9aba231ce12591650ed5f992ad7b4

SHA1
bdc3c5b5b0ca5f098ea6f63b04ae9b647d494259

SHA256
059248fddb04a62afe1997c850ed9f73faf06b9f0381e680a7dde7151e248312

SHA512
49f13d4fd394d58e6fb0ef27a1efde346e53c87046718439ee419b4fb7c56be666f1464e5986fed05a263c552e0da91e9ab17bb87176fb58fab0be0776f7aeb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
83B

MD5
06c5ec15dc2de8c76e9885dfe78791d6

SHA1
97015a72395bbba53d1f6d70d70a7feab65255ff

SHA256
834d3fb20f8fd6258050050d6315c16ef517a79a503417e3854add36f792d152

SHA512
59744e565f3eef332218a37fff50c3f4301236b8090c8d97143a7e729cf7002307330d71522beee10f8d4f5ff0e5b2517507844594633a5a18be06b7c065cb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe587b17.TMP

Filesize
147B

MD5
88a73b4adbe2922ed5fdc23f2fcbea5b

SHA1
d0b9c2e806eb1bbd836b89322e75ad687dd3a179

SHA256
346fc0b56c2a8ac4fde26331876a9ba0789073463f4f67be03a5434f8258e47a

SHA512
0c80aae6a40a64292c3780b02692544c0338532296a0f774800ca33695d17cac561c35ddc8984054e2be7b40c6498d50a7dc74799477aae3d9a96a459c404dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
287139b1286bbb349af58ffd35e06432

SHA1
efbff0c84ac13116b4b072d2c94b1cba2338d5ff

SHA256
00e3129566689de2ab1cc82250a4e7b6d650400b260e8c8a239362696fef97b0

SHA512
86d29662a4acf2d3bfec42646284ad1370e74aea8d893ca8b9fb2a2f476f641f557735224a526b9d63e0447aaa582fa07047d6fa3437206e4a3cb9744552a868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
a8d61e11f827bc2c112885b7c39ea02c

SHA1
6b5ed432d8b4f073199f9d5a784aefe81e18dc5f

SHA256
1df509e689b9f73d52bf6a9a442f8c54f41d374919410d15015c601cfd030536

SHA512
9bbfa06a9092a7299c00aa0093f8d01af247a22a636c1da8b2d868968709dc19757e51b8fe3c876db7ab6f342997f05391e0afb7526b8ef0e44606093e6eb02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
bae90dcbb67765e5276dc03e2163b4de

SHA1
c801ed003dfbc4b21e88b528ccdd20b532d9404b

SHA256
549783fbe9d441f75c51fbe75ef3af019aee517ceeb9870562ff66beea10d52b

SHA512
6a5f0b872618b9e6c34cb887212896ec9a6df0b8f7f555d424cdb5a066eb6dc8772f32408517c121b26fc4fda7580c485ebefe1836aaded035434060489ed970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
1a2de4573bc3c2cc6f7777458de1cc9d

SHA1
6427137af255abf70da6238e93386970b107b594

SHA256
6a1bbfa5a1f73635db0ab52b1966cda101af808ccc704ebccbc9a60c3c4919f4

SHA512
593f572bae7863eb9ecb2db126493113eb1cacb88db170128d519b749461a6e1d6b8185c203c6b1432ab40d49bd099335ad9268544ef22d1e36831b7b8ecae5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
576f64b8f21f4203eed3f6c7b065f527

SHA1
e0c4e8f914319e112a4b3562d2d6f4107750aba8

SHA256
c39a636afaeae67ebd98682bf35ff7afafceac020ed21cb564ab954ab1ef6f87

SHA512
af606a5d7d4d96afd80d8e0117f2d5f02cc82b810149f50e26d46a5b8fd7c6b2aa119aa1b7123c54d2ef19d05ca92ca738994e047e24e567e53765fc1c52f653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e12971f43df9b8369410dbee0795fed3

SHA1
0945c75a2d900f8aa74ba7f0f39aab40333cf016

SHA256
3c9bb4c30e0038726110145b1485ace9ee5d01d009f64babe2ffaa1a0c5db397

SHA512
3638a6ed00ac39c65b1dfd1b0b940a46663b62338d362262abd885a121295b0ac4b2474089dc3abd0ba27ac7ecd394c0678e353cbd78e54b8650d4b76cc15631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7721fb1afae945c24a5b5bff87616c42

SHA1
526e48ea4c9753d2e5d09a32a007af8cf2f417ee

SHA256
f6361a61d9412f4dbadb53df673be154c87459bfc57160b76360e54716cab625

SHA512
a3e1d8a60aac9fe46bde332a6c78dcc5440c91d577c7f4d642ff309422e0593b70a3509f4acba7abeb1ee0019a16c96bfa654ecb304716a5530d068779dd5ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
f040200799030e0850164f99c8e5dd10

SHA1
be07442f5d6af1790fe518f3afd680034442b952

SHA256
c5429088eab9b966c012fbb754590d12e909ea6b931fb8cceeff0639196ff09f

SHA512
e945b5e5a56dc7f8f01253249c26a911118dff2e2e916aa3ab21febbdde9922684494d6eae9811060eedde6d8b87af86619eb39cc533d4b4ad66269ab7000f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
d0a093bfcfecdd0e087b0be85dc27671

SHA1
fa4b4b49ad680b4a8b354efa80c5d39ff35daf33

SHA256
1c30b07afddcb495d846381f33e2dcf6054430e86ac9a8d9c8437d73369ee27f

SHA512
26d2ad746438838c4951af4c2bf7e5821874c02586012802fd83ea270c9b905b25a1d25095318b8197eff78b9e90164122b4ae33e6b08d637e3d4f6e755c31a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\15f3040d-57a5-4d60-b6a3-9bde40148f01.tmp

Filesize
2KB

MD5
0f9fe3f44d289140c8f268788b1a0334

SHA1
d7dc5e19941c79557357425ac68da44ba9b02fc2

SHA256
213ca34f4597f3831943b002f9bdab2456183a317961a30f3b750d9f44e4f413

SHA512
cd520849ce9e1742d23bc7ada606f249b927a2c6e623e1e7eed35a10f80055c4338dfbc3b9e91d050bdc5782d67aea1965285a1ad9f299db49fd023224af8975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4cc89907b93a598503320aa3fd37238d

SHA1
dedb5b8f218d4d40bcdcfbf2bf1646f93f7722bb

SHA256
3929f73d60a7095ce2ec5bcdd0517c2c99e9ed062eeaa859ecded2ee2a50e998

SHA512
f5d0321ff4476ae5d4bfc2fa2b2c914648324e983466df69480589f03b31516a29f925039c385a5e57af6a1bbb73c9f53614d02615cd6849cafd642e10945de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5f0e1eb2b6dd08836596e9035040c883

SHA1
0319b8274d6df5583cb6d29477b8f9068b8c20bd

SHA256
b073d1631f7d92924147b3534db9b0b3d47ee227d0090b5345c55338a0b24558

SHA512
2ac10c7aa223af307ea8712405e7af7fea30346fde22ef8d62e1366aa00a2f3f93bec54d20a9a4656a274b90768a5ed7f771ca792f39ea66b86309546ad05dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
15c886990d9b2ad13342fd8b1c24812e

SHA1
be5bfb6c60596089f10e490d28598e68227a0fba

SHA256
2fd361f22212eb305b177bbc16d5e64221cd368187a0ea9c7c3c226bd81ddfd4

SHA512
5e801cada8553d835d1499624e799f8bfddc6aacf65526e9041c5f9a03f24838b198a73321a010a16864d94bcd6a1cfdcae093ac9f6ae76668cebe2a295281c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
4058f8c4f81edddf04b3e6ce3bccd195

SHA1
6edc3031f231080b8874b9b518bf400afa9b2584

SHA256
64a5cb1371e196dbaf61a75b400c0ae0632a5550c13bd61a2824aa7e251cd8bc

SHA512
51103bb451529a26708c18bf711831243531ff0f223dfae0b07d2612799ea2c5b24603b47361d9e9457104a4f5288b062b3d071ba47be82d09e58c03a2fcb8e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
f584fbf1cfda43bcf305c1143355191d

SHA1
b6da08589f975b22d46ffc34f729fcd949797dda

SHA256
15952e116b92a57a7360e012550619e641814d4ee2413f8cc7f6be00cfaf4b56

SHA512
a151a71228d043ecd3fac51b7a6a760b10f7325b55b4bb6c18ca75373a86ca50078474ba7002aedf2e684d9970a6f5b0b010e7b90486a2313a5ce9a23633024d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup Log 2025-04-11 #001.txt

Filesize
65KB

MD5
b0c562aa146f06c1fc22894d0c85ac2a

SHA1
0d3c5f3a34f9a7e45fe17671558faab2b50f7481

SHA256
db9cbeeea6430d7cc1ef2cfca3643724246c9f086e24a1e3398ab7aa01e01a9d

SHA512
e6bf4ca0c4ed63ec59df0fa172ae2312e804176910b1463bf8c6bda8027504d00b19f90faec64791743456f728804541b53f752c5dec460a1f0eda01c8ce0f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6I8AU.tmp\msg-viewer.tmp

Filesize
686KB

MD5
65d13ae1bca738099e2a7b1d2a01482d

SHA1
4d92dbc64ccc29de0bc8fc86b0d48b43f88465d9

SHA256
1879d48c81afc8bc78a31c222f3a99d0254b1bc27edf814e3f2ca269616c9e9f

SHA512
74ef53d8fc70d7f5431247dd869128b165dc4471a4fa4676cddf4e7417e0c6167bf832d127e6232acebd9a707002bea3e5cf34160d80af1933a07be37511b66c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LQE6Q.tmp\isxdl.dll

Filesize
58KB

MD5
792620390aae5305220283f2ce33ca68

SHA1
d9fee4cb3e2fa5e7d88b45662fd58b30aa9979f0

SHA256
21bc620515ebbdeb125d273c2d8db45577d05408ef624464af26afcfecfd201a

SHA512
470914116f40e4f7216c840ccbc706eb7953c10e62195c9b4d15e73f422625096df6c68edb33c25e2eec3305b4a1b159054f812c4a2307aeb3e49d35ae5f575c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 634934.crdownload

Filesize
19.2MB

MD5
c8d1df756b50d478b987150719e9ae2c

SHA1
ca2b939325a281b3b67e643bab78240c71f1092a

SHA256
bc21158ce832a057dd05a9403cf827867783da54e72b0feefa2a51f32ccd67a3

SHA512
5e673c1c069997405c2caec4316ec7c6ab9ae19f7a7890547af71caf27a3bb5af54b45be0bf5b887a894e0e4c1c839b3f9ba2846c8293a3b585cfadb354ab10a

Download Submit
memory/4040-1474-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4040-819-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4040-758-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5424-820-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/5424-1473-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/5784-1508-0x000000001EBC0000-0x000000001EBCE000-memory.dmp

Filesize
56KB

Download
memory/5784-1554-0x000000001F8C0000-0x000000001F8EC000-memory.dmp

Filesize
176KB

Download
memory/5784-1493-0x000000001EB90000-0x000000001EBA4000-memory.dmp

Filesize
80KB

Download
memory/5784-1502-0x000000001E600000-0x000000001E60E000-memory.dmp

Filesize
56KB

Download
memory/5784-1506-0x000000001EBB0000-0x000000001EBBE000-memory.dmp

Filesize
56KB

Download
memory/5784-1457-0x00000000005C0000-0x00000000005DA000-memory.dmp

Filesize
104KB

Download
memory/5784-1491-0x000000001BAF0000-0x000000001BB18000-memory.dmp

Filesize
160KB

Download
memory/5784-1509-0x000000001EDF0000-0x000000001EE12000-memory.dmp

Filesize
136KB

Download
memory/5784-1489-0x000000001E620000-0x000000001E6CC000-memory.dmp

Filesize
688KB

Download
memory/5784-1511-0x000000001EDC0000-0x000000001EDCE000-memory.dmp

Filesize
56KB

Download
memory/5784-1512-0x000000001EDD0000-0x000000001EDDE000-memory.dmp

Filesize
56KB

Download
memory/5784-1513-0x000000001EDE0000-0x000000001EDF0000-memory.dmp

Filesize
64KB

Download
memory/5784-1487-0x000000001E520000-0x000000001E562000-memory.dmp

Filesize
264KB

Download
memory/5784-1547-0x000000001EE70000-0x000000001EEBA000-memory.dmp

Filesize
296KB

Download
memory/5784-1550-0x000000001F840000-0x000000001F882000-memory.dmp

Filesize
264KB

Download
memory/5784-1551-0x000000001F990000-0x000000001FA86000-memory.dmp

Filesize
984KB

Download
memory/5784-1552-0x000000001F810000-0x000000001F82A000-memory.dmp

Filesize
104KB

Download
memory/5784-1504-0x000000001E610000-0x000000001E61E000-memory.dmp

Filesize
56KB

Download
memory/5784-1556-0x000000001F800000-0x000000001F80E000-memory.dmp

Filesize
56KB

Download
memory/5784-1557-0x000000001F910000-0x000000001F91E000-memory.dmp

Filesize
56KB

Download
memory/5784-1559-0x000000001F960000-0x000000001F97A000-memory.dmp

Filesize
104KB

Download
memory/5784-1558-0x000000001F940000-0x000000001F95A000-memory.dmp

Filesize
104KB

Download
memory/5784-1561-0x00000000201F0000-0x0000000020202000-memory.dmp

Filesize
72KB

Download
memory/5784-1563-0x0000000020470000-0x00000000204A2000-memory.dmp

Filesize
200KB

Download
memory/5784-1564-0x0000000020230000-0x0000000020246000-memory.dmp

Filesize
88KB

Download
memory/5784-1565-0x0000000020B50000-0x0000000021092000-memory.dmp

Filesize
5.3MB

Download
memory/5784-1485-0x000000001B710000-0x000000001B71E000-memory.dmp

Filesize
56KB

Download
memory/5784-1569-0x0000000020210000-0x000000002021E000-memory.dmp

Filesize
56KB

Download
memory/5784-1572-0x0000000021100000-0x0000000021156000-memory.dmp

Filesize
344KB

Download
memory/5784-1571-0x0000000020B00000-0x0000000020B1C000-memory.dmp

Filesize
112KB

Download
memory/5784-1575-0x0000000021850000-0x0000000021F3E000-memory.dmp

Filesize
6.9MB

Download
memory/5784-1576-0x0000000021260000-0x00000000212D8000-memory.dmp

Filesize
480KB

Download
memory/5784-1577-0x0000000022FA0000-0x0000000023746000-memory.dmp

Filesize
7.6MB

Download
memory/5784-1463-0x000000001B830000-0x000000001B95C000-memory.dmp

Filesize
1.2MB

Download
memory/5784-1461-0x000000001B040000-0x000000001B05E000-memory.dmp

Filesize
120KB

Download
memory/5784-1459-0x000000001B3D0000-0x000000001B6F6000-memory.dmp

Filesize
3.1MB

Download