mercurialgrabber | 5a9aa67d781dab65141d8951ad5920fca28a1d1324ad2759c665078a01201ca6

Analysis

max time kernel
118s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2022 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fucker.exe
Size

42KB
MD5

fc3a09395d2bbf28eea22273fa9f12b4
SHA1

b4155e21f0d6485a9c866afb4584696f77e4dbfa
SHA256

5a9aa67d781dab65141d8951ad5920fca28a1d1324ad2759c665078a01201ca6
SHA512

3c5f12a122a4822c06b990ac1ed7f0e76405f6867581ff1437dacbde921c7bc5a56e9e41f1fc956455f1f4932b72f16a2c9be50fde9b6568a3b4c012fe006829
SSDEEP

768:uiSbqBZ6aZpDtsFuZJLbvTjMLKZKfgm3EhlT:utI1ZPssLbvTYLF7EfT

Score

10^/10

mercurialgrabber evasion spyware stealer

Malware Config

Extracted

Family

mercurialgrabber

https://discord.com/api/webhooks/1025859706373296138/RTELJNdCxYhdj6ZzM2cwNuXYgqUFjRz_CmoH5uJORXdkYOcKOXWAB79omPP_FUG0WzNG

Signatures

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Fucker.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions Fucker.exe
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Fucker.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools Fucker.exe
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Fucker.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Fucker.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

2 ip4.seeip.org
4 ip4.seeip.org
9 ip-api.com

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	Fucker.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools	Fucker.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Fucker.exe

flow	ioc
2	ip4.seeip.org
4	ip4.seeip.org
9	ip-api.com

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Fucker.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	Fucker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	Fucker.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2660 3056 WerFault.exe
Checks SCSI registry key(s) 3 TTPs 1 IoCs
SCSI information is often read in order to detect sandboxing environments.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

Fucker.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S Fucker.exe

pid	pid_target	process	target process
2660	3056	WerFault.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	Fucker.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Fucker.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Fucker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Fucker.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

Fucker.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	Fucker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	Fucker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	Fucker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	Fucker.exe

Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid

4
4
4
4
4
648
4
4
4
4
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

Fucker.exeAUDIODG.EXE

description pid process

Token: SeDebugPrivilege 1580 Fucker.exe
Token: 33 2124 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 2124 AUDIODG.EXE

pid
4
4
4
4
4
648
4
4
4
4

description	pid	process
Token: SeDebugPrivilege	1580	Fucker.exe
Token: 33	2124	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2124	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\Fucker.exe
"C:\Users\Admin\AppData\Local\Temp\Fucker.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:1580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1152

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 3056 -ip 3056
1⤵
PID:2888

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3056 -s 2912
1⤵
- Program crash
PID:2660

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2124

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BackupMount.mp3
Filesize
330KB

MD5
8e0d9150c8e6b6f303a9b57f7f2c5be1

SHA1
0f8808e97245b9d1d3a994417e881fff62b6e34c

SHA256
ccbbf3ed49f73e72606cfbe9b5ee87ca67597569426c0083978ccaa23ff0d0e2

SHA512
bbb1cd17eb93dec90d5285af1bae5af809488fbfb2226b9a1a147789172467a4953f99ed7f693088bbe91174feeebe949e8ba37166f5847c0dfa6975d4eb6e8d

Download Submit
C:\Users\Admin\Desktop\CheckpointSuspend.ocx
Filesize
138KB

MD5
51c6675db50c10fa6f176e030b12a221

SHA1
32c84f2f08a8689d45077cf462c02b8614c0efe2

SHA256
3bc53a98b1653088bde036e6a0df5edf9f09b658b31b908825ff17e5621a2b5e

SHA512
10cab83cf68ead79f500cba67ff46adb9d4c0c7d525dc1a723a6b630e663e3da26757b58746189430d41e6748edcd97eb86f5ed71cac3dc428c195a8baece4dd

Download Submit
C:\Users\Admin\Desktop\CompressJoin.mpa
Filesize
213KB

MD5
cf26fac664f386a1325b1f8ef67b3209

SHA1
c139228bc54fb29bf206a45a002e2c5afcbe667b

SHA256
289052eae3e52733a88fef33b33b29c368afb99fa4d295424c6870b9ec03ceb7

SHA512
d3911dfb5fc38a21a450060122c321b799c04bff7aa39f309a18871e7f02bf6f8364f28f675aef8001542f7bb074dea9c71378d1e2db54c948881bdcd43018e5

Download Submit
C:\Users\Admin\Desktop\CompressStep.cr2
Filesize
309KB

MD5
0f1527f2dde42ab2af33c8e528168860

SHA1
6939df91a297caf25beafab605cbdabc1e4a9545

SHA256
821b473b964e1ac8b15f223c213f9f8cea5413aceb891c2a00968420fd8711de

SHA512
6cdade964d7c6f186efd082e3dedffdcc5397f6ae6df08556142a3a384f15d2720696f283dc1029a7111fcbe6226f33fb7431db3765214697c63e9d495e6c0c9

Download Submit
C:\Users\Admin\Desktop\DenyDismount.rar
Filesize
256KB

MD5
7e03539257d12795c9cf8a5cbeb20e66

SHA1
35d0a950e5cd6dee165e7a2114293db91878cbb9

SHA256
962e5834c7bc75aa95280d0f9a2daa60e58730f86968667233266728b16cbc80

SHA512
af95ea927921ebd130f28c3fed167fefe0033efe88a92c0c059f28441acd3179f8c23061132164e6fecdb653c647bb6922599ef5c4ed90d56519accbf2ca19f7

Download Submit
C:\Users\Admin\Desktop\DisableExpand.cfg
Filesize
170KB

MD5
6dce268524a424f44a2a495c27dfb2fa

SHA1
97b7fa54f80634961d20e384face3b5009a152f7

SHA256
8f4a76dac3bfd736f8f93ea322e3b5c3e1d5d59761f71a93a2b96c858762a185

SHA512
335326bedec31bcaee1c2a198ba1882a49feb6af3f4503d36cd2579b63e194652fd585a96f74e7fc3bb2a540c63a4f7720d0c95c0ddead1e77b8b3033a10a439

Download Submit
C:\Users\Admin\Desktop\EnterSubmit.ram
Filesize
128KB

MD5
c79476f4aaa2cff24849e0b3cda54260

SHA1
15a64944d843dd333a7551977217ac51c1fc493d

SHA256
c74991feb19d9943172c69bbf1f9acf6b238e981dc7912d76ff68fc013ae1a50

SHA512
4083560f2024d00e3b5d1c83e2cfb915cfe704379efa1a4849910e8ecc1d4aa2e3173af573ed60ddb8a6519980475b2ace86d5cce6d87074bb1dbe2d167a84ab

Download Submit
C:\Users\Admin\Desktop\FormatRead.ps1
Filesize
202KB

MD5
f175b80bc2a45f1a52c9949e81aa1cd8

SHA1
f5ea59820baca1c7381a7e31b095a988477f2395

SHA256
235ae7d497312c29668e1d7d6cf9c3f31f35d2ed13487b7dae7501929bc03990

SHA512
fc06c92c780ddb734cc78829ebca2a4b56a23d2943ad71983bfc598041b9289e0bc39ba87db60ef86469e159a9292f1e0ee5dd27d3cfb1e4bec23beff52dd68f

Download Submit
C:\Users\Admin\Desktop\ImportNew.asp
Filesize
160KB

MD5
1489b0ed9607efba9944225f5c510fe3

SHA1
b75fc814147934b7b8253e28d6d64817f20bce46

SHA256
253ed7031f32d3c9ebbfd43167fcf2c0d3a880f374b1d0406e6d5685a8523fea

SHA512
cbed42c4d5afe0314d7c690ee77e1a91bfe32710db8d259366e4bd31c47892f73d9c0f9a1b7a09b947d687b12d51dd99f3f266d22d97d5d4ad7dc5b80a9f0c07

Download Submit
C:\Users\Admin\Desktop\InitializeImport.xltx
Filesize
234KB

MD5
63833798777b4a9b5bd24bfd83cbf5a4

SHA1
150b6895c21f34eaff6395635c1e5ff69a85ffa9

SHA256
cee4ec0b788dc1ee34e1ca34c2e60f0cbd2cc6f9486503f19fcb9aa946cfb12d

SHA512
ac3e9ccdb12681d43a80b192291589effdb353414949683631d816becbc28c523a304c2c1fd8ac41a64de7d0a42e158f0c0a0cbb1518fafbbce60445dd026edb

Download Submit
C:\Users\Admin\Desktop\InstallGroup.wpl
Filesize
288KB

MD5
34098870da044472671d34a57f18b302

SHA1
b9509d06c94f4dd1e15f74411f7a2a81106e9941

SHA256
a8c57dc95b4a323d5f53e6fcf33775fdf39058a193edd718a7d56474e229d98c

SHA512
8e63852d9c2aefc50b77f9659f6db05bbb312dd09bbc6c87ad2868dc8b4b5299da2ee44406f1050bbc833150259ed68797313055cb34f1499411cfc06182e618

Download Submit
C:\Users\Admin\Desktop\MergeBlock.avi
Filesize
341KB

MD5
a03b5e80b51f616c31b09477746f014e

SHA1
392d8552360727ddc31de77df5b5c40f123008f4

SHA256
f776c90a0a6f73b1c47b3332de3666fa675d3f0ab668bd5a267fb4065d37d9bf

SHA512
01084172cf799298ae6004a9343f329e61833fd64acd95e1afaf48b5bab141dfffb550f821fa23700b5b1811f09767d7a4d3b971cd3713ea1af5e2a14d8ce36c

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
3f8242cb1c1230398ed394882f79a907

SHA1
1da25574271ad10b454066bafb20504f243af19b

SHA256
f4d294f7472e2b970fcf7e794e9e67c984707c197552deb4c2e09a1cdd7008f4

SHA512
115430800061f28d6e997a50061b40448d10ab9dbaef76edd3f517edb6c4414cf1f129a1630a731ed1f51abed19fd08e012aa09b44c3122ca0341f25f64d922a

Download Submit
C:\Users\Admin\Desktop\PingDebug.exe
Filesize
245KB

MD5
3d822f962754f3dbdecd7cb07ee71a8c

SHA1
dd05034745f275a7e60113e2048b3a6a689a3d76

SHA256
8e61d971f2bc646e1561999e6a5360e6adcdd47867fb38671bd2b4f13bb0d3b1

SHA512
c0a64f98e0e5fc618fa43b349d9b083a7af5bcdc0bc67e459dc490afeaddf324b15a2e146f82a5c6288a5c4edf726293c2a7acc62149746132aad48e78e1e1ca

Download Submit
C:\Users\Admin\Desktop\ProtectMove.mid
Filesize
277KB

MD5
5a34c87d1e478b9bf2774ab685394a4f

SHA1
ab4af542392b7f148f26a29fd0906cd79d25c92b

SHA256
801703c5c2f3a4a04eaf96256393568fe4c7d7d24033705414df5641bf436204

SHA512
85a19fea58eb00868360c2e9ba6567cddf9cfd9fdee59d5ab51853e5c07f6dcbc33564c5e791aadc8de5f0112166c4ad38f2a90ba3ef2b8705a2308cc43eb79c

Download Submit
C:\Users\Admin\Desktop\ProtectSelect.vb
Filesize
224KB

MD5
c20994c8d41e76bac2836feb0c778f95

SHA1
0df64d8bf123b2194b8ec259b75e2e3547b1f143

SHA256
9612ee1660ded7401fdf0202a116109355e0c8271d2be5513dae99199a7391c2

SHA512
e0a906ebb82ad91d13d3d2cd9cbfdf4bf117f89536188115cd745b11b99b8791e7c73f9381c2af455d1b32ca81a4487db5de3dc0a47885a6a04fd50fd9b34607

Download Submit
C:\Users\Admin\Desktop\PublishEdit.lock
Filesize
501KB

MD5
658cdd68ffef16d032cddd1f04004715

SHA1
1fbd49ddeabd26de2377c58e7bc837cf5c41f5df

SHA256
796be3bbd6f8f188acec4919e153babf71f27977dd391ce0cc4d90035a99ffd6

SHA512
c8e03eeb3c8906c085361222f05542c4532e90a5e140f646d76f35594bdd20735a50b619e03eea9076cdbe866a10c22f6e658bf9e341424b4a4e2ae4577aa01f

Download Submit
C:\Users\Admin\Desktop\RegisterUndo.xht
Filesize
362KB

MD5
f49d125b20e29bc395ceb5c4cb77ff7b

SHA1
745765ec28679b3c989c86edb504c008d9254f52

SHA256
f08a9061907d258b265ab3d6fa8971a3016fccedef8c2b75d7a344f40bcc28cf

SHA512
086ab153a520603f4bc48ccff49cc3630cfb0f325b7dfbbe5ac21cc27bab8dbc33cddfafd8d3a291b6cb14d2a613c9ca9e5d769cbbf0d9c3670583b909f6675f

Download Submit
C:\Users\Admin\Desktop\ResizeTrace.TS
Filesize
192KB

MD5
b99414d68ff4f9d4d0dae0462b4a2467

SHA1
9f48387ee881d07ffe2ccf2d6886f5d6324e72b3

SHA256
17cb3e70fe44bc7a26298c3eb9d018932fe9f4e31670004ddb5994ef808c685e

SHA512
f5ce37c3d805fb1c064f6307f423d2eae5b676811b604262a487306baa4528e6e43177642177873a238f011c664b0e27e51291dbaf712443f86c9ca575179561

Download Submit
C:\Users\Admin\Desktop\SaveClear.001
Filesize
266KB

MD5
39419a4cb41fa496384cf30cdc5f2df1

SHA1
bb89f5434ba6da4c52f5939d2d39683dcbc2a665

SHA256
d0a5ef869fd2923f9fc15b6c9dc750d79e3fa9614f541c72778b48d039011a83

SHA512
ade5738245d216fccd8448e42f1c705d13f4a31332ffa23aafb6988cd44a7eb3409f048aa9823b6782521406941094fa41175c85cd350eef74003dabbdcc2745

Download Submit
C:\Users\Admin\Desktop\SetJoin.cmd
Filesize
149KB

MD5
82b36e7b7b9bfa01380d7688ca25dd90

SHA1
15870f91559c67ca3ad1049be7d31af9e0519e00

SHA256
cd92602032dd8fd3a9598f08453b8484dda35e0c6869004133465c3d50dc7794

SHA512
04e56632ca64b4cd4b71a8caa9ee36648a018ee5c440b590b02bd5a4628ef3349fd2c9fffd669006922b2c70b3ad06b262b5acec038908852eb4b591a01378c9

Download Submit
C:\Users\Admin\Desktop\SkipExpand.htm
Filesize
320KB

MD5
b15c65724d5da6c79c7bde725c2a512b

SHA1
0da3da6f99bca5eaf3a343ce5ac8b4470d3b051b

SHA256
3cc2b6df907b3fa1bdd7f17ec83a789aad1b3c9c3646255e8e17ea7aa6f1d9a9

SHA512
9fe0be9ddc7997ec4899afa1516f35c216c106d715bde130d5944519fd6a06b0d5904062c747e02dc65e70f880dce7e441b550370d23b1929d26d074fe4e5dbe

Download Submit
C:\Users\Admin\Desktop\StepRepair.bat
Filesize
352KB

MD5
9e85751b1d818ac27f6c98bda3db1f54

SHA1
c76f1aa2a1106fe5f7a4e3cd124c39157476f366

SHA256
f2b7109f8e5c0d4bdc20b2837e2d35addeb05b07164bf0cff02a5d4efc28e267

SHA512
3fd79c6e3e0c69182afe6dfdbf773000ece56b200d6ef0b884db11a0fc96dcd07d67f1ec534f3d08735ae9e6f98e6e02ee421f49adf1d8f2bb784a15c4851e1f

Download Submit
C:\Users\Admin\Desktop\TraceRedo.odp
Filesize
298KB

MD5
20f6451bbc42f6d1896c3612338d4d88

SHA1
60fcabd6d4d935132c71b12922b6086f6a643d4c

SHA256
3fba3fc38a9970903ae2c7c9cf2644ca660a3c1497dcf9c528c443a61d5691c9

SHA512
5dbd03dd137a7ccb6faedbfc59ef192abcf31f2c3b404df3025855ae1b22432909a9756aea594715e51bba29823f5be315f878b6aafe5fd7d0d2fdb6e569d563

Download Submit
C:\Users\Admin\Desktop\UnregisterSearch.hta
Filesize
181KB

MD5
c801425dbc418d770cf6ac0c8fb879b7

SHA1
473c23ec8aad8397f6d6f663c1fd52f570c2b0ac

SHA256
3dc616ca592eacaff8f057d91e0188c785c821300e387af313e25d9519c8f7d2

SHA512
dab40bb5b921c08da322073b70d728c7e2d4506006af0ce97404896df9d27534a2f356f085216bb5a8076a2195720dce53c091505223d2cd3c14214b6c611374

Download Submit
C:\Users\Admin\Downloads\ApproveRequest.eprtx
Filesize
996KB

MD5
f570e65da830c2a39a42b83f50c2fe78

SHA1
4f183e1a0071d8f0b45c44b0f678b88e8b1d2932

SHA256
6db6362d8a3e3def0ffaf8563fe18393aedeea5637e1ace229c2ee36a8384f66

SHA512
f816a2bcee4de73b0b56449be4b2125198e3a7c0e91f2eadc4d2d8cb9052ecec39d11f610b4ec1c852fe26779fb28af147fc04f9c1da265120a5128bd7297d7f

Download Submit
C:\Users\Admin\Downloads\AssertDebug.ocx
Filesize
1.4MB

MD5
f4eb4925b124673363cf6722b7f22c39

SHA1
13dcc032093ec392e7f6aa8837cbe5b5a5e2f2e6

SHA256
259740883f358b26f402bec978c2e0ef2c72c8f002d3665c4f043f31d1e01321

SHA512
eda828825ce9d43801bd5a2d002785709d76ef0f7998294dcb8251f017e722b641ded55e6f606f3702d58634d421b1dfebd4593e4b79197b53430a9496a15a75

Download Submit
C:\Users\Admin\Downloads\AssertUnlock.ini
Filesize
480KB

MD5
91792db8716e23c3e3231c2596738965

SHA1
b30e45ec2f65ac1997c97022b405803c14d0fb44

SHA256
9a913a513d6a7461dd56ada38a4b9b0fc787a09f7c2540493ed167e573ea08a6

SHA512
f153cdacc074ef9cd3e723ac2a4f844aaa0268b50ea9c617aae3e0720bf6bdbf579b96f23b2353eac5736e32f121da804813b9506fb5a1e9678e20c1405734a4

Download Submit
C:\Users\Admin\Downloads\CompareTrace.potx
Filesize
972KB

MD5
5963724417878747c53ead7cf8c3e65c

SHA1
d71b1aacf92d8a2f8958ed0469e9d3ccc404d649

SHA256
57ecb20e56775ae31829ae9dff0b7a630fcf6a265cf0f5ddeef0c2a52f4ae69a

SHA512
9d7b7f89e7595d43fac84ba489de0623fe759660f54a1e85d2577b6252849efd14ee4013e76ee5f37f9a00d778b874de483b17f56be427bb958f313576180b4a

Download Submit
C:\Users\Admin\Downloads\ConvertPing.vst
Filesize
457KB

MD5
26571e0ad2b96e631e5b0ce7b7ba1053

SHA1
dbaaa1ce40ef23671cbc1c9e5f5ea3ea9fa4237d

SHA256
e066900539b18916777e5197cfd0c1c24f3f5924d8ae8c981453ea426cf6c9c1

SHA512
bd33d95e6e909ade013c46594e65e292450af076119152cb471c94823f5ee936ed46027b4afcabf928596b2cb7f7ad3f30b1622cfdb0be9cc3e36c6d2e5cc918

Download Submit
C:\Users\Admin\Downloads\ConvertToFind.ttf
Filesize
363KB

MD5
448c274a5775452639779b05368391cb

SHA1
9e6af845851f217f57d5f1bf286d33da91960031

SHA256
a50ad0e59ff4fee65c82a36bc087ba0aec7aa61c9dc8e0d9932cdb917e2d3d3a

SHA512
10e2ff30d94fd90dae43a5434fb75327d4dd1146008f6e38099bc3168466443e68367e2d3d457c89773021af2c4bde65f4ec506cde5f5fab3ab5427d7c45496a

Download Submit
C:\Users\Admin\Downloads\ConvertToMeasure.WTV
Filesize
691KB

MD5
779d75c178721cdc80b196c0e8ee3880

SHA1
4333e99e268d02126af0b2ca1ea3571442ff4c10

SHA256
a841fd8058825e2038ce6d1d4cea08adb200a990f67604c4ee3e5df6d7aeecd1

SHA512
0b182fa536c9592ac95cad122d7035a6cf71ac1ea4c38dd20e62455017e65227b5bb944472157c82537b863a7c12f9727a91f9ba315d36b7a321953311a0424a

Download Submit
C:\Users\Admin\Downloads\DisableBlock.wpl
Filesize
433KB

MD5
9e78e2f3ade39591d987a1c4b1b7db66

SHA1
58bb4d2ca7d67243e42c5dab7462300cc54b8226

SHA256
97e3297e2a0971ea5014034ebf3c9e8bb5a01c6a7cb0e9f3889972619983bdc7

SHA512
f3813903440cd2f84eb42b7825601dd026d0a57a0f2f7583f0749b4e8df145792100082e5cd35d6ad0c8e6dfb32c13de1b74930b1605356b3587e771dbe8760e

Download Submit
C:\Users\Admin\Downloads\EnableReset.DVR-MS
Filesize
644KB

MD5
f5a7c26d6591ddefcd3a3ac43aace5f8

SHA1
6820c5ffba2e099e121db74ed50cacf066e1de12

SHA256
311602384fb3551a7e6953945a55a170c57cde5b9f408294a52f0d8fdc57dfd4

SHA512
a319fd80c5730f2d7d6d80a36618511b72bf61beb217f40033b0f6f0bdfc7dc38437da65a0dc25aa8103041bad38ea60c898b031d599c5b16f11b53ff7df5624

Download Submit
C:\Users\Admin\Downloads\ExportJoin.mp4
Filesize
949KB

MD5
88ad06b8fc7feabf3c0e11ec65499bda

SHA1
5dbc47fdfca7d79710160dc8a5c5e22ec7f7eb5d

SHA256
9c8c072debc7cf511636dd1fab998bc4877a90e53ad50f82009679d926c1635c

SHA512
4d0fdb0bcb82eafb4be894910e8e671965fe771e99e2370a4648da126cb2ff28aca8e3a330a00f3f006bbc6746d6ed2845c667f332159a3f5fad3fbd4d5d48e4

Download Submit
C:\Users\Admin\Downloads\FindConvert.xltm
Filesize
808KB

MD5
26c94dd72a68332da94e6a60c7b945b6

SHA1
f606dd52c0afe910c59ba3ce094dbf80c9fdb0f7

SHA256
864267ffb093390e68cb0ba57ac3d6ad6b92d44d14e24544ca21ef47f554b335

SHA512
90cac194cd1d887ac280c4c6b5e936941f70bd1634cce04409b5208c58c3276ebfc7e086e5b0332b59c48d970dffaab20c2f54ed8c70c9d57bf6bdeb4615b2e0

Download Submit
C:\Users\Admin\Downloads\GetCopy.cfg
Filesize
902KB

MD5
9de21edad53509a1e0636a24c10ef75c

SHA1
250f585bf5a039d11fecf4b7f72a4e0e82752bf2

SHA256
f7aa76cbb32a1b6f14ec8968cf52aeb662ad6e0f9ea2c11cd53b81c340aac7b4

SHA512
a832fe8eb534f26ee1bb06acc253d47c0b4983ab94d3eca75924bd4cae6f92961b2d3f904bd61c0ac7c74b4b13901585d20d9b0ec3523da00886a9a2f88f3b05

Download Submit
C:\Users\Admin\Downloads\InstallNew.bmp
Filesize
1019KB

MD5
d9e43e7cb89db5221d75f7d20773b4c9

SHA1
969442c998ad6048960db596555e999c31107b20

SHA256
682f4e21b1181c8240ccf99305e20b14a5bafc4a1084268c1c2c8923c164bdd0

SHA512
a38dbcc57c47f1458dacbfed83993374df59b09bfb703ee413110b47139662216124251e39705b56c52b8f0d87cbd8aae42be12be86fba79181973da1f821709

Download Submit
C:\Users\Admin\Downloads\MergeCompare.vdw
Filesize
597KB

MD5
8cb2cd0c665d3d0f108f5e7547e634e5

SHA1
e57b037ed9349e10ea09cf57cb1aa66b9c7acf0c

SHA256
498c8919cb12db15240d3ce206d954746797d4496531e519f91ad3e9da7ae2d9

SHA512
75feec0b6fe110a8beadf82836603577773a04f7dcda6ad48e7eb402cff5abb2181c219642dfbc46cf0dc907869b30f535181857c040fa7932107fe70509f798

Download Submit
C:\Users\Admin\Downloads\OpenLock.midi
Filesize
386KB

MD5
68b5a3eff25d16a2c811bee1d028f830

SHA1
4e4e7d28ac397bfc832e0bf5cc92e70adda7915f

SHA256
7db6c6e90d51c9b3ceba2fea6fb4b459671775a3e7a6289129c94c2e91264689

SHA512
b944b8163dd63bb62a02cf50ad64432419852789fa80d5c7489308a1c6aabcafe3d1af917204ddcec0bedc77e9c6bb9d8b0a0c0c25da011c71eba4e809ca295d

Download Submit
C:\Users\Admin\Downloads\ProtectDebug.ppsx
Filesize
761KB

MD5
971c0aecbd356fdcf11303ef26d5c49f

SHA1
58cea95f20c4fa2065e8befe416dcde1073205c6

SHA256
08e342088bf0f922ac7e8a401eeefc7b9370ef652717c6469a44c911a37e4b18

SHA512
30c03a7676fd424b580068d88847009f0e5e742f86b358f64fad72dc96927345ac611dc00f018b7bf35e2aae9942d54dc49233df4bc40a1d55b638768485c8d1

Download Submit
C:\Users\Admin\Downloads\ReceiveRestart.easmx
Filesize
621KB

MD5
7834e92e52abcf691a59090e4addfec7

SHA1
7d4c3d9e2c787fbcb3b36cfb45e42275392ee6ac

SHA256
f3833d7307fcfd36222ee2eae0fe76341c4033a8c5346388db198c18daa45e1d

SHA512
d56b6107401ebd3fd9d11f480f1d6940bdb1f43d2dfb5431ea42a708bff2ddc0973d6d9d6b381b56039fcbb807cb4fede743dd15e45ec9fb3b1dc904edefa075

Download Submit
C:\Users\Admin\Downloads\ReceiveSwitch.i64
Filesize
879KB

MD5
dde84a38b900f4159ebcd2313bab679f

SHA1
7973ca5c34301387f312c53cfbf5b51dab0fdc4b

SHA256
5216a9c2a8be279574a62dbb117c2584162bec6494514349706114e144d598a8

SHA512
9da4c18f7cd3dd59bd5a50dddc6caf3d2651eed7c6ec86ebe5addd54680c9b8d13199607519d8ac6b1a0927759c2b8758599c2a13547d45e80d67dc7df334691

Download Submit
C:\Users\Admin\Downloads\RegisterUse.html
Filesize
574KB

MD5
1ede017cd38c74d4a3b5944f38f89374

SHA1
d8fcb24d29ac165cf631a91d348a9d7d42576d62

SHA256
44b858f0192ebe73fefa0423dd5471330e1a1dd92e521ff8fbd9eab3a992fcfe

SHA512
4cd1a6f420e4b0ec35af85b6bd6eb37b16a3ca145367b89271fe1c2e9fa534c91c29e6b1cc01c4a0d27a7f51196dacf3f2e80d359e42ecda9743af7af44fbcd6

Download Submit
C:\Users\Admin\Downloads\ResizeBlock.pps
Filesize
785KB

MD5
ed809d24837e169fed7890ad7fb58da6

SHA1
9af530865fc222abee596ca92188bfacdeca88ae

SHA256
e1d88c16d53b128be5b13b6cf86a9c8724a63751cfa564bd4b1840f38f37e2fe

SHA512
cf650d68eb8328a84c59afd460cf7aae4f1d8761f3b60d14a488568be4a860c2ddc483ccb154450806d33ba01211f3dfdc5c52a8cde8a5c083575579f881cb9a

Download Submit
C:\Users\Admin\Downloads\ResolveComplete.xps
Filesize
738KB

MD5
e47b1be55c76cfe85231a614326f3353

SHA1
cd6ab58accb1ce6c0edacad930a507626411eafe

SHA256
8e9ecb425ff2c485bc444cc0b1c24352dd7c8f02cfd289657ea93e3b371a6b83

SHA512
c9463e11c85e1ec574f363c6caeb3336a892f0541961932f5a26579cc9db4138f7c5cd12dad9f76393291ccff1b40694a5055e25005727394aa9fe233176dfbf

Download Submit
C:\Users\Admin\Downloads\SelectUse.edrwx
Filesize
527KB

MD5
6eebc6985cc16381f77fd2374e49bf92

SHA1
552021caaa328073412937ea0c8a4f8baccd9cf1

SHA256
d6e3c29aa3397be7b27a4d70f94fcc7c3a34bd03d2c8a32f2e87233994edce6c

SHA512
6907fe43fcd21a1798af3f709028bed365b05898f389d9f262782b9e0774497d9916cf28f637c734bb26c2ecc991c6a76c868d839b96bb53c9a27107b48007ac

Download Submit
C:\Users\Admin\Downloads\StopComplete.mhtml
Filesize
668KB

MD5
82815930d5178f534970ce6a87c012bc

SHA1
a00da503a7caec2a2d08b58dae3678676f218b49

SHA256
e756bf730c5df75f8ae1b94af142766d5a87183447ed6d517bf31a1922390316

SHA512
20cd20360f384b6a91688a6c4bbbdb573fc19f8911d52bdd7d3ab26027e7f6b245e26eb8f9d77ef306f082693b76986a6117ec660715bc763c2c012c2cd0a983

Download Submit
C:\Users\Admin\Downloads\SubmitReceive.rm
Filesize
714KB

MD5
688b091bb2a75ae26518954ea300ab9a

SHA1
18db50fd8eac1256058897c564ce8f4070923544

SHA256
adb3377775405ae8354461e886b4eed9fcc487b585552bd1374e13315d0bd8c5

SHA512
c3eda09760c7ce6d9458e31692aea669f001a39a40dc979e1d2c28203d5d661f41f93cdbc371d4238c1212cb128d73a95fa80656e1ba93e58bd1d2c0b681b23c

Download Submit
C:\Users\Admin\Downloads\UnblockConvert.wvx
Filesize
410KB

MD5
f0879bb4a074dbdaec9b70f1f2b049e8

SHA1
a265252dfe9a26035e3aabb998c6e591b6627aab

SHA256
73891a4fa09825cf74df1470f2903b1ef810e0a33994d1664e73c8f49050cc0a

SHA512
208f588585a114dbb2187c4e1662afaa12840404ac66be33c6d07b39dbc919093ef4f00a8043dbd537fb8d341c1007a869274bd56c4bd446549260baf7a62f7d

Download Submit
C:\Users\Admin\Downloads\UnlockDeny.csv
Filesize
504KB

MD5
62a242a2e8c59d8648053151cf0fed97

SHA1
675fc68a826fc595d304f2c918ee34a933d97c41

SHA256
b851c2577439b6fb87f828e089b97d40e5b058973c44319c8f3eca8261a6b0ef

SHA512
0580aa5a778683f49c382e89063c8a5e09fbd4bd6ea0f83eb54f4799b6bdf72a9c5f5a58993ce6d9c36530d4aed5d7a21c53d23ac8456d0716254bc0aa765a9e

Download Submit
C:\Users\Admin\Downloads\UnlockSwitch.3g2
Filesize
1.0MB

MD5
6d64ae52352ffdca9813c912733e689f

SHA1
f776a07c518a6537eed69e230bdac6ed944d6387

SHA256
d0bdf140306d8e82466b7420684f1219c26973908ca6589d88f79613f38cec17

SHA512
561b6fd74d4cd07561b2f43204e9144301ce0da5734a40242ef9535c1b38c1930b39e3180b71cd292a2837bf66912fc7832b93c07de925575834467432c05c87

Download Submit
C:\Users\Admin\Downloads\UnlockUse.mp4v
Filesize
832KB

MD5
cab8f03e96bdc28549342a019c13f5db

SHA1
c03163286709f6f1fd72621d1048727627334d12

SHA256
477ec25d7a24f3dc552c3756488ac2fe55235b10394e4e42e89c537d7f7b2715

SHA512
612df47f3bdfc1bee75f6dff49d8c235af77b0b15081a8ed60d6e8becaed6b24a6a03e10436e6ff2130d6ef196afd37e763ad11aab9aecb4d441bf9aa6929775

Download Submit
C:\Users\Admin\Downloads\UnregisterRevoke.m4a
Filesize
550KB

MD5
c480e4ca690c595d859bc24c6c0ce195

SHA1
9d1ccf3ca713c4b750e88db5e796df17a2b827e5

SHA256
7f73eb194d895072e7cae52ffaab24f95b4baabd06098b71dfb5048cec828e3e

SHA512
cc7d6279828ebb27769189748efd88d838dff2871c70d764fbada1beb9f8cc9dac588985cd8556e9749c89836ecdeb89111c6e1b848450fafb556787eb2dadf2

Download Submit
C:\Users\Admin\Downloads\UpdateRegister.ogg
Filesize
855KB

MD5
0a3f57684d2e5dfcd2db49b0c0df8fb5

SHA1
ccd0ab8748876e96a78d1a0e554651a57a3eb803

SHA256
1d3c37e8ef5f31493659911d26b9b9740efaae566234c77ccabb13f7c1e42b1d

SHA512
139791de96449d53c7bc7b38c2c968c875633300454b060f6bde327e7cad64c2dfc6c9f9b38afb539deb4a08ecf243c98da65b57e17ea2cacb066a59f8b66068

Download Submit
C:\Users\Admin\Downloads\WriteConvert.xlsx
Filesize
925KB

MD5
065c1294145f6a30b56f61c1f20b8bd3

SHA1
d85b27c8447b9a2d43ccf6534ae4b50e91cd5310

SHA256
1480e8a9dc901c9c55a4583306d0815821412d91df02abbd3cd73451ca6c1152

SHA512
08a598eef3403092fb995ac2566e8938a2139528b47c418764a29901230097628d0cf9de95ec1da2a16bb26a81dd5a7ffe6b1cc31dbb1e58d593394a663d6862

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Filesize
2KB

MD5
19c70490b8af31da0935d91981bfd840

SHA1
57d90edb800d0bafc71a2c546b25d1746cd99f0e

SHA256
5ed3d74921f27a1d0d145f49ad2ba739d8c860e190f222a34f49c4051a260f35

SHA512
e80d6f06a5a8b5dfc0bd735da7e4e29ee79ab54371f75b355d84ef857be273dd0ad094cc070551ad69343e093b3ef6fba67c950b25c07c88b3f3940344a5a108

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
8950c114e215874819c6d2d5028bf929

SHA1
cefa741b4d777af9d5277c696bd1a34151d24946

SHA256
42cfa67118481944881f1e5d0a02dfb53a58777d68ab4afe419d601cdb5d973a

SHA512
232d0856fb894c3dc057208756903be7965cad37d30c92360599bf4c2de509fb84ec31eb74db21c04822dd5811a70917d6da350cf67db38f3a271d80e61dff59

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk
Filesize
2KB

MD5
100a0c96fcf2ea020533a36eabb02fe0

SHA1
577538ddd9aa7a5ca56f1bed55ef18a9e9fd1f68

SHA256
7263e56f052074e9226dabbeb8e36b28c37662bdd05bc205c929cb435b84732a

SHA512
8b83df9917b02fe9eb5861bbae9efc60abe569a1908918cd318f1cd5c913efc80b21966f481aa412aac5566f16a5ce6ae8782b579c3935906736e1b87c020f23

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk
Filesize
923B

MD5
850d6275b0eb83f54e01c4f85844b4ca

SHA1
33bae780bea39d4d16820e939c0c4f9d7d26db8f

SHA256
1e5685939bb27619b7e34dce844ba8478a3e3dd5c50c3947ad1cf7c10f6ce7ed

SHA512
c607b3532f522adbb5ca6505aa58089597c784b4556446fe90a0440cf1b1578038752404eec43ba13b209b7888edde08b5cffffea1e46ebc38d34d8d04d95c45

Download Submit
memory/1580-134-0x00007FFE35940000-0x00007FFE36401000-memory.dmp

Filesize
10.8MB

Download
memory/1580-132-0x0000000000010000-0x0000000000020000-memory.dmp

Filesize
64KB

Download
memory/1580-133-0x00007FFE35940000-0x00007FFE36401000-memory.dmp

Filesize
10.8MB

Download