Analysis Overview
SHA256
5a9aa67d781dab65141d8951ad5920fca28a1d1324ad2759c665078a01201ca6
Threat Level: Known bad
The file Fucker.exe was found to be: Known bad.
Malicious Activity Summary
Mercurial Grabber Stealer
Mercurialgrabber family
Looks for VirtualBox Guest Additions in registry
Looks for VMWare Tools registry key
Reads user/profile data of web browsers
Checks BIOS information in registry
Maps connected drives based on registry
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Program crash
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-10-08 01:35
Signatures
Mercurialgrabber family
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-08 01:35
Reported
2022-10-08 01:37
Platform
win7-20220812-en
Max time kernel
38s
Max time network
134s
Command Line
Signatures
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Fucker.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1376 wrote to memory of 1768 | N/A | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | C:\Windows\system32\WerFault.exe |
| PID 1376 wrote to memory of 1768 | N/A | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | C:\Windows\system32\WerFault.exe |
| PID 1376 wrote to memory of 1768 | N/A | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Fucker.exe
"C:\Users\Admin\AppData\Local\Temp\Fucker.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1376 -s 1960
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 96.16.53.134:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
Files
memory/1376-54-0x00000000001A0000-0x00000000001B0000-memory.dmp
memory/1768-55-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-08 01:35
Reported
2022-10-08 01:37
Platform
win10v2004-20220812-en
Max time kernel
118s
Max time network
126s
Command Line
Signatures
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Fucker.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Fucker.exe
"C:\Users\Admin\AppData\Local\Temp\Fucker.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 3056 -ip 3056
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3056 -s 2912
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x304
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| IE | 13.69.239.72:443 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| NL | 23.0.87.20:443 | cxcs.microsoft.net | tcp |
| NL | 104.80.225.205:443 | tcp |
Files
memory/1580-132-0x0000000000010000-0x0000000000020000-memory.dmp
memory/1580-133-0x00007FFE35940000-0x00007FFE36401000-memory.dmp
memory/1580-134-0x00007FFE35940000-0x00007FFE36401000-memory.dmp
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 3f8242cb1c1230398ed394882f79a907 |
| SHA1 | 1da25574271ad10b454066bafb20504f243af19b |
| SHA256 | f4d294f7472e2b970fcf7e794e9e67c984707c197552deb4c2e09a1cdd7008f4 |
| SHA512 | 115430800061f28d6e997a50061b40448d10ab9dbaef76edd3f517edb6c4414cf1f129a1630a731ed1f51abed19fd08e012aa09b44c3122ca0341f25f64d922a |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 19c70490b8af31da0935d91981bfd840 |
| SHA1 | 57d90edb800d0bafc71a2c546b25d1746cd99f0e |
| SHA256 | 5ed3d74921f27a1d0d145f49ad2ba739d8c860e190f222a34f49c4051a260f35 |
| SHA512 | e80d6f06a5a8b5dfc0bd735da7e4e29ee79ab54371f75b355d84ef857be273dd0ad094cc070551ad69343e093b3ef6fba67c950b25c07c88b3f3940344a5a108 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 850d6275b0eb83f54e01c4f85844b4ca |
| SHA1 | 33bae780bea39d4d16820e939c0c4f9d7d26db8f |
| SHA256 | 1e5685939bb27619b7e34dce844ba8478a3e3dd5c50c3947ad1cf7c10f6ce7ed |
| SHA512 | c607b3532f522adbb5ca6505aa58089597c784b4556446fe90a0440cf1b1578038752404eec43ba13b209b7888edde08b5cffffea1e46ebc38d34d8d04d95c45 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 8950c114e215874819c6d2d5028bf929 |
| SHA1 | cefa741b4d777af9d5277c696bd1a34151d24946 |
| SHA256 | 42cfa67118481944881f1e5d0a02dfb53a58777d68ab4afe419d601cdb5d973a |
| SHA512 | 232d0856fb894c3dc057208756903be7965cad37d30c92360599bf4c2de509fb84ec31eb74db21c04822dd5811a70917d6da350cf67db38f3a271d80e61dff59 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 100a0c96fcf2ea020533a36eabb02fe0 |
| SHA1 | 577538ddd9aa7a5ca56f1bed55ef18a9e9fd1f68 |
| SHA256 | 7263e56f052074e9226dabbeb8e36b28c37662bdd05bc205c929cb435b84732a |
| SHA512 | 8b83df9917b02fe9eb5861bbae9efc60abe569a1908918cd318f1cd5c913efc80b21966f481aa412aac5566f16a5ce6ae8782b579c3935906736e1b87c020f23 |
C:\Users\Admin\Desktop\CompressJoin.mpa
| MD5 | cf26fac664f386a1325b1f8ef67b3209 |
| SHA1 | c139228bc54fb29bf206a45a002e2c5afcbe667b |
| SHA256 | 289052eae3e52733a88fef33b33b29c368afb99fa4d295424c6870b9ec03ceb7 |
| SHA512 | d3911dfb5fc38a21a450060122c321b799c04bff7aa39f309a18871e7f02bf6f8364f28f675aef8001542f7bb074dea9c71378d1e2db54c948881bdcd43018e5 |
C:\Users\Admin\Desktop\CompressStep.cr2
| MD5 | 0f1527f2dde42ab2af33c8e528168860 |
| SHA1 | 6939df91a297caf25beafab605cbdabc1e4a9545 |
| SHA256 | 821b473b964e1ac8b15f223c213f9f8cea5413aceb891c2a00968420fd8711de |
| SHA512 | 6cdade964d7c6f186efd082e3dedffdcc5397f6ae6df08556142a3a384f15d2720696f283dc1029a7111fcbe6226f33fb7431db3765214697c63e9d495e6c0c9 |
C:\Users\Admin\Desktop\DisableExpand.cfg
| MD5 | 6dce268524a424f44a2a495c27dfb2fa |
| SHA1 | 97b7fa54f80634961d20e384face3b5009a152f7 |
| SHA256 | 8f4a76dac3bfd736f8f93ea322e3b5c3e1d5d59761f71a93a2b96c858762a185 |
| SHA512 | 335326bedec31bcaee1c2a198ba1882a49feb6af3f4503d36cd2579b63e194652fd585a96f74e7fc3bb2a540c63a4f7720d0c95c0ddead1e77b8b3033a10a439 |
C:\Users\Admin\Desktop\DenyDismount.rar
| MD5 | 7e03539257d12795c9cf8a5cbeb20e66 |
| SHA1 | 35d0a950e5cd6dee165e7a2114293db91878cbb9 |
| SHA256 | 962e5834c7bc75aa95280d0f9a2daa60e58730f86968667233266728b16cbc80 |
| SHA512 | af95ea927921ebd130f28c3fed167fefe0033efe88a92c0c059f28441acd3179f8c23061132164e6fecdb653c647bb6922599ef5c4ed90d56519accbf2ca19f7 |
C:\Users\Admin\Desktop\InitializeImport.xltx
| MD5 | 63833798777b4a9b5bd24bfd83cbf5a4 |
| SHA1 | 150b6895c21f34eaff6395635c1e5ff69a85ffa9 |
| SHA256 | cee4ec0b788dc1ee34e1ca34c2e60f0cbd2cc6f9486503f19fcb9aa946cfb12d |
| SHA512 | ac3e9ccdb12681d43a80b192291589effdb353414949683631d816becbc28c523a304c2c1fd8ac41a64de7d0a42e158f0c0a0cbb1518fafbbce60445dd026edb |
C:\Users\Admin\Desktop\InstallGroup.wpl
| MD5 | 34098870da044472671d34a57f18b302 |
| SHA1 | b9509d06c94f4dd1e15f74411f7a2a81106e9941 |
| SHA256 | a8c57dc95b4a323d5f53e6fcf33775fdf39058a193edd718a7d56474e229d98c |
| SHA512 | 8e63852d9c2aefc50b77f9659f6db05bbb312dd09bbc6c87ad2868dc8b4b5299da2ee44406f1050bbc833150259ed68797313055cb34f1499411cfc06182e618 |
C:\Users\Admin\Desktop\UnregisterSearch.hta
| MD5 | c801425dbc418d770cf6ac0c8fb879b7 |
| SHA1 | 473c23ec8aad8397f6d6f663c1fd52f570c2b0ac |
| SHA256 | 3dc616ca592eacaff8f057d91e0188c785c821300e387af313e25d9519c8f7d2 |
| SHA512 | dab40bb5b921c08da322073b70d728c7e2d4506006af0ce97404896df9d27534a2f356f085216bb5a8076a2195720dce53c091505223d2cd3c14214b6c611374 |
C:\Users\Admin\Desktop\PublishEdit.lock
| MD5 | 658cdd68ffef16d032cddd1f04004715 |
| SHA1 | 1fbd49ddeabd26de2377c58e7bc837cf5c41f5df |
| SHA256 | 796be3bbd6f8f188acec4919e153babf71f27977dd391ce0cc4d90035a99ffd6 |
| SHA512 | c8e03eeb3c8906c085361222f05542c4532e90a5e140f646d76f35594bdd20735a50b619e03eea9076cdbe866a10c22f6e658bf9e341424b4a4e2ae4577aa01f |
C:\Users\Admin\Desktop\RegisterUndo.xht
| MD5 | f49d125b20e29bc395ceb5c4cb77ff7b |
| SHA1 | 745765ec28679b3c989c86edb504c008d9254f52 |
| SHA256 | f08a9061907d258b265ab3d6fa8971a3016fccedef8c2b75d7a344f40bcc28cf |
| SHA512 | 086ab153a520603f4bc48ccff49cc3630cfb0f325b7dfbbe5ac21cc27bab8dbc33cddfafd8d3a291b6cb14d2a613c9ca9e5d769cbbf0d9c3670583b909f6675f |
C:\Users\Admin\Desktop\TraceRedo.odp
| MD5 | 20f6451bbc42f6d1896c3612338d4d88 |
| SHA1 | 60fcabd6d4d935132c71b12922b6086f6a643d4c |
| SHA256 | 3fba3fc38a9970903ae2c7c9cf2644ca660a3c1497dcf9c528c443a61d5691c9 |
| SHA512 | 5dbd03dd137a7ccb6faedbfc59ef192abcf31f2c3b404df3025855ae1b22432909a9756aea594715e51bba29823f5be315f878b6aafe5fd7d0d2fdb6e569d563 |
C:\Users\Admin\Desktop\SetJoin.cmd
| MD5 | 82b36e7b7b9bfa01380d7688ca25dd90 |
| SHA1 | 15870f91559c67ca3ad1049be7d31af9e0519e00 |
| SHA256 | cd92602032dd8fd3a9598f08453b8484dda35e0c6869004133465c3d50dc7794 |
| SHA512 | 04e56632ca64b4cd4b71a8caa9ee36648a018ee5c440b590b02bd5a4628ef3349fd2c9fffd669006922b2c70b3ad06b262b5acec038908852eb4b591a01378c9 |
C:\Users\Admin\Desktop\SaveClear.001
| MD5 | 39419a4cb41fa496384cf30cdc5f2df1 |
| SHA1 | bb89f5434ba6da4c52f5939d2d39683dcbc2a665 |
| SHA256 | d0a5ef869fd2923f9fc15b6c9dc750d79e3fa9614f541c72778b48d039011a83 |
| SHA512 | ade5738245d216fccd8448e42f1c705d13f4a31332ffa23aafb6988cd44a7eb3409f048aa9823b6782521406941094fa41175c85cd350eef74003dabbdcc2745 |
C:\Users\Admin\Desktop\ResizeTrace.TS
| MD5 | b99414d68ff4f9d4d0dae0462b4a2467 |
| SHA1 | 9f48387ee881d07ffe2ccf2d6886f5d6324e72b3 |
| SHA256 | 17cb3e70fe44bc7a26298c3eb9d018932fe9f4e31670004ddb5994ef808c685e |
| SHA512 | f5ce37c3d805fb1c064f6307f423d2eae5b676811b604262a487306baa4528e6e43177642177873a238f011c664b0e27e51291dbaf712443f86c9ca575179561 |
C:\Users\Admin\Desktop\ProtectSelect.vb
| MD5 | c20994c8d41e76bac2836feb0c778f95 |
| SHA1 | 0df64d8bf123b2194b8ec259b75e2e3547b1f143 |
| SHA256 | 9612ee1660ded7401fdf0202a116109355e0c8271d2be5513dae99199a7391c2 |
| SHA512 | e0a906ebb82ad91d13d3d2cd9cbfdf4bf117f89536188115cd745b11b99b8791e7c73f9381c2af455d1b32ca81a4487db5de3dc0a47885a6a04fd50fd9b34607 |
C:\Users\Admin\Desktop\MergeBlock.avi
| MD5 | a03b5e80b51f616c31b09477746f014e |
| SHA1 | 392d8552360727ddc31de77df5b5c40f123008f4 |
| SHA256 | f776c90a0a6f73b1c47b3332de3666fa675d3f0ab668bd5a267fb4065d37d9bf |
| SHA512 | 01084172cf799298ae6004a9343f329e61833fd64acd95e1afaf48b5bab141dfffb550f821fa23700b5b1811f09767d7a4d3b971cd3713ea1af5e2a14d8ce36c |
C:\Users\Admin\Desktop\ImportNew.asp
| MD5 | 1489b0ed9607efba9944225f5c510fe3 |
| SHA1 | b75fc814147934b7b8253e28d6d64817f20bce46 |
| SHA256 | 253ed7031f32d3c9ebbfd43167fcf2c0d3a880f374b1d0406e6d5685a8523fea |
| SHA512 | cbed42c4d5afe0314d7c690ee77e1a91bfe32710db8d259366e4bd31c47892f73d9c0f9a1b7a09b947d687b12d51dd99f3f266d22d97d5d4ad7dc5b80a9f0c07 |
C:\Users\Admin\Desktop\BackupMount.mp3
| MD5 | 8e0d9150c8e6b6f303a9b57f7f2c5be1 |
| SHA1 | 0f8808e97245b9d1d3a994417e881fff62b6e34c |
| SHA256 | ccbbf3ed49f73e72606cfbe9b5ee87ca67597569426c0083978ccaa23ff0d0e2 |
| SHA512 | bbb1cd17eb93dec90d5285af1bae5af809488fbfb2226b9a1a147789172467a4953f99ed7f693088bbe91174feeebe949e8ba37166f5847c0dfa6975d4eb6e8d |
C:\Users\Admin\Desktop\CheckpointSuspend.ocx
| MD5 | 51c6675db50c10fa6f176e030b12a221 |
| SHA1 | 32c84f2f08a8689d45077cf462c02b8614c0efe2 |
| SHA256 | 3bc53a98b1653088bde036e6a0df5edf9f09b658b31b908825ff17e5621a2b5e |
| SHA512 | 10cab83cf68ead79f500cba67ff46adb9d4c0c7d525dc1a723a6b630e663e3da26757b58746189430d41e6748edcd97eb86f5ed71cac3dc428c195a8baece4dd |
C:\Users\Admin\Desktop\EnterSubmit.ram
| MD5 | c79476f4aaa2cff24849e0b3cda54260 |
| SHA1 | 15a64944d843dd333a7551977217ac51c1fc493d |
| SHA256 | c74991feb19d9943172c69bbf1f9acf6b238e981dc7912d76ff68fc013ae1a50 |
| SHA512 | 4083560f2024d00e3b5d1c83e2cfb915cfe704379efa1a4849910e8ecc1d4aa2e3173af573ed60ddb8a6519980475b2ace86d5cce6d87074bb1dbe2d167a84ab |
C:\Users\Admin\Desktop\FormatRead.ps1
| MD5 | f175b80bc2a45f1a52c9949e81aa1cd8 |
| SHA1 | f5ea59820baca1c7381a7e31b095a988477f2395 |
| SHA256 | 235ae7d497312c29668e1d7d6cf9c3f31f35d2ed13487b7dae7501929bc03990 |
| SHA512 | fc06c92c780ddb734cc78829ebca2a4b56a23d2943ad71983bfc598041b9289e0bc39ba87db60ef86469e159a9292f1e0ee5dd27d3cfb1e4bec23beff52dd68f |
C:\Users\Admin\Desktop\PingDebug.exe
| MD5 | 3d822f962754f3dbdecd7cb07ee71a8c |
| SHA1 | dd05034745f275a7e60113e2048b3a6a689a3d76 |
| SHA256 | 8e61d971f2bc646e1561999e6a5360e6adcdd47867fb38671bd2b4f13bb0d3b1 |
| SHA512 | c0a64f98e0e5fc618fa43b349d9b083a7af5bcdc0bc67e459dc490afeaddf324b15a2e146f82a5c6288a5c4edf726293c2a7acc62149746132aad48e78e1e1ca |
C:\Users\Admin\Desktop\SkipExpand.htm
| MD5 | b15c65724d5da6c79c7bde725c2a512b |
| SHA1 | 0da3da6f99bca5eaf3a343ce5ac8b4470d3b051b |
| SHA256 | 3cc2b6df907b3fa1bdd7f17ec83a789aad1b3c9c3646255e8e17ea7aa6f1d9a9 |
| SHA512 | 9fe0be9ddc7997ec4899afa1516f35c216c106d715bde130d5944519fd6a06b0d5904062c747e02dc65e70f880dce7e441b550370d23b1929d26d074fe4e5dbe |
C:\Users\Admin\Desktop\ProtectMove.mid
| MD5 | 5a34c87d1e478b9bf2774ab685394a4f |
| SHA1 | ab4af542392b7f148f26a29fd0906cd79d25c92b |
| SHA256 | 801703c5c2f3a4a04eaf96256393568fe4c7d7d24033705414df5641bf436204 |
| SHA512 | 85a19fea58eb00868360c2e9ba6567cddf9cfd9fdee59d5ab51853e5c07f6dcbc33564c5e791aadc8de5f0112166c4ad38f2a90ba3ef2b8705a2308cc43eb79c |
C:\Users\Admin\Desktop\StepRepair.bat
| MD5 | 9e85751b1d818ac27f6c98bda3db1f54 |
| SHA1 | c76f1aa2a1106fe5f7a4e3cd124c39157476f366 |
| SHA256 | f2b7109f8e5c0d4bdc20b2837e2d35addeb05b07164bf0cff02a5d4efc28e267 |
| SHA512 | 3fd79c6e3e0c69182afe6dfdbf773000ece56b200d6ef0b884db11a0fc96dcd07d67f1ec534f3d08735ae9e6f98e6e02ee421f49adf1d8f2bb784a15c4851e1f |
C:\Users\Admin\Downloads\EnableReset.DVR-MS
| MD5 | f5a7c26d6591ddefcd3a3ac43aace5f8 |
| SHA1 | 6820c5ffba2e099e121db74ed50cacf066e1de12 |
| SHA256 | 311602384fb3551a7e6953945a55a170c57cde5b9f408294a52f0d8fdc57dfd4 |
| SHA512 | a319fd80c5730f2d7d6d80a36618511b72bf61beb217f40033b0f6f0bdfc7dc38437da65a0dc25aa8103041bad38ea60c898b031d599c5b16f11b53ff7df5624 |
C:\Users\Admin\Downloads\ResizeBlock.pps
| MD5 | ed809d24837e169fed7890ad7fb58da6 |
| SHA1 | 9af530865fc222abee596ca92188bfacdeca88ae |
| SHA256 | e1d88c16d53b128be5b13b6cf86a9c8724a63751cfa564bd4b1840f38f37e2fe |
| SHA512 | cf650d68eb8328a84c59afd460cf7aae4f1d8761f3b60d14a488568be4a860c2ddc483ccb154450806d33ba01211f3dfdc5c52a8cde8a5c083575579f881cb9a |
C:\Users\Admin\Downloads\ResolveComplete.xps
| MD5 | e47b1be55c76cfe85231a614326f3353 |
| SHA1 | cd6ab58accb1ce6c0edacad930a507626411eafe |
| SHA256 | 8e9ecb425ff2c485bc444cc0b1c24352dd7c8f02cfd289657ea93e3b371a6b83 |
| SHA512 | c9463e11c85e1ec574f363c6caeb3336a892f0541961932f5a26579cc9db4138f7c5cd12dad9f76393291ccff1b40694a5055e25005727394aa9fe233176dfbf |
C:\Users\Admin\Downloads\InstallNew.bmp
| MD5 | d9e43e7cb89db5221d75f7d20773b4c9 |
| SHA1 | 969442c998ad6048960db596555e999c31107b20 |
| SHA256 | 682f4e21b1181c8240ccf99305e20b14a5bafc4a1084268c1c2c8923c164bdd0 |
| SHA512 | a38dbcc57c47f1458dacbfed83993374df59b09bfb703ee413110b47139662216124251e39705b56c52b8f0d87cbd8aae42be12be86fba79181973da1f821709 |
C:\Users\Admin\Downloads\DisableBlock.wpl
| MD5 | 9e78e2f3ade39591d987a1c4b1b7db66 |
| SHA1 | 58bb4d2ca7d67243e42c5dab7462300cc54b8226 |
| SHA256 | 97e3297e2a0971ea5014034ebf3c9e8bb5a01c6a7cb0e9f3889972619983bdc7 |
| SHA512 | f3813903440cd2f84eb42b7825601dd026d0a57a0f2f7583f0749b4e8df145792100082e5cd35d6ad0c8e6dfb32c13de1b74930b1605356b3587e771dbe8760e |
C:\Users\Admin\Downloads\ApproveRequest.eprtx
| MD5 | f570e65da830c2a39a42b83f50c2fe78 |
| SHA1 | 4f183e1a0071d8f0b45c44b0f678b88e8b1d2932 |
| SHA256 | 6db6362d8a3e3def0ffaf8563fe18393aedeea5637e1ace229c2ee36a8384f66 |
| SHA512 | f816a2bcee4de73b0b56449be4b2125198e3a7c0e91f2eadc4d2d8cb9052ecec39d11f610b4ec1c852fe26779fb28af147fc04f9c1da265120a5128bd7297d7f |
C:\Users\Admin\Downloads\UnlockSwitch.3g2
| MD5 | 6d64ae52352ffdca9813c912733e689f |
| SHA1 | f776a07c518a6537eed69e230bdac6ed944d6387 |
| SHA256 | d0bdf140306d8e82466b7420684f1219c26973908ca6589d88f79613f38cec17 |
| SHA512 | 561b6fd74d4cd07561b2f43204e9144301ce0da5734a40242ef9535c1b38c1930b39e3180b71cd292a2837bf66912fc7832b93c07de925575834467432c05c87 |
C:\Users\Admin\Downloads\RegisterUse.html
| MD5 | 1ede017cd38c74d4a3b5944f38f89374 |
| SHA1 | d8fcb24d29ac165cf631a91d348a9d7d42576d62 |
| SHA256 | 44b858f0192ebe73fefa0423dd5471330e1a1dd92e521ff8fbd9eab3a992fcfe |
| SHA512 | 4cd1a6f420e4b0ec35af85b6bd6eb37b16a3ca145367b89271fe1c2e9fa534c91c29e6b1cc01c4a0d27a7f51196dacf3f2e80d359e42ecda9743af7af44fbcd6 |
C:\Users\Admin\Downloads\UnlockDeny.csv
| MD5 | 62a242a2e8c59d8648053151cf0fed97 |
| SHA1 | 675fc68a826fc595d304f2c918ee34a933d97c41 |
| SHA256 | b851c2577439b6fb87f828e089b97d40e5b058973c44319c8f3eca8261a6b0ef |
| SHA512 | 0580aa5a778683f49c382e89063c8a5e09fbd4bd6ea0f83eb54f4799b6bdf72a9c5f5a58993ce6d9c36530d4aed5d7a21c53d23ac8456d0716254bc0aa765a9e |
C:\Users\Admin\Downloads\ReceiveSwitch.i64
| MD5 | dde84a38b900f4159ebcd2313bab679f |
| SHA1 | 7973ca5c34301387f312c53cfbf5b51dab0fdc4b |
| SHA256 | 5216a9c2a8be279574a62dbb117c2584162bec6494514349706114e144d598a8 |
| SHA512 | 9da4c18f7cd3dd59bd5a50dddc6caf3d2651eed7c6ec86ebe5addd54680c9b8d13199607519d8ac6b1a0927759c2b8758599c2a13547d45e80d67dc7df334691 |
C:\Users\Admin\Downloads\WriteConvert.xlsx
| MD5 | 065c1294145f6a30b56f61c1f20b8bd3 |
| SHA1 | d85b27c8447b9a2d43ccf6534ae4b50e91cd5310 |
| SHA256 | 1480e8a9dc901c9c55a4583306d0815821412d91df02abbd3cd73451ca6c1152 |
| SHA512 | 08a598eef3403092fb995ac2566e8938a2139528b47c418764a29901230097628d0cf9de95ec1da2a16bb26a81dd5a7ffe6b1cc31dbb1e58d593394a663d6862 |
C:\Users\Admin\Downloads\OpenLock.midi
| MD5 | 68b5a3eff25d16a2c811bee1d028f830 |
| SHA1 | 4e4e7d28ac397bfc832e0bf5cc92e70adda7915f |
| SHA256 | 7db6c6e90d51c9b3ceba2fea6fb4b459671775a3e7a6289129c94c2e91264689 |
| SHA512 | b944b8163dd63bb62a02cf50ad64432419852789fa80d5c7489308a1c6aabcafe3d1af917204ddcec0bedc77e9c6bb9d8b0a0c0c25da011c71eba4e809ca295d |
C:\Users\Admin\Downloads\StopComplete.mhtml
| MD5 | 82815930d5178f534970ce6a87c012bc |
| SHA1 | a00da503a7caec2a2d08b58dae3678676f218b49 |
| SHA256 | e756bf730c5df75f8ae1b94af142766d5a87183447ed6d517bf31a1922390316 |
| SHA512 | 20cd20360f384b6a91688a6c4bbbdb573fc19f8911d52bdd7d3ab26027e7f6b245e26eb8f9d77ef306f082693b76986a6117ec660715bc763c2c012c2cd0a983 |
C:\Users\Admin\Downloads\ConvertPing.vst
| MD5 | 26571e0ad2b96e631e5b0ce7b7ba1053 |
| SHA1 | dbaaa1ce40ef23671cbc1c9e5f5ea3ea9fa4237d |
| SHA256 | e066900539b18916777e5197cfd0c1c24f3f5924d8ae8c981453ea426cf6c9c1 |
| SHA512 | bd33d95e6e909ade013c46594e65e292450af076119152cb471c94823f5ee936ed46027b4afcabf928596b2cb7f7ad3f30b1622cfdb0be9cc3e36c6d2e5cc918 |
C:\Users\Admin\Downloads\UnblockConvert.wvx
| MD5 | f0879bb4a074dbdaec9b70f1f2b049e8 |
| SHA1 | a265252dfe9a26035e3aabb998c6e591b6627aab |
| SHA256 | 73891a4fa09825cf74df1470f2903b1ef810e0a33994d1664e73c8f49050cc0a |
| SHA512 | 208f588585a114dbb2187c4e1662afaa12840404ac66be33c6d07b39dbc919093ef4f00a8043dbd537fb8d341c1007a869274bd56c4bd446549260baf7a62f7d |
C:\Users\Admin\Downloads\AssertDebug.ocx
| MD5 | f4eb4925b124673363cf6722b7f22c39 |
| SHA1 | 13dcc032093ec392e7f6aa8837cbe5b5a5e2f2e6 |
| SHA256 | 259740883f358b26f402bec978c2e0ef2c72c8f002d3665c4f043f31d1e01321 |
| SHA512 | eda828825ce9d43801bd5a2d002785709d76ef0f7998294dcb8251f017e722b641ded55e6f606f3702d58634d421b1dfebd4593e4b79197b53430a9496a15a75 |
C:\Users\Admin\Downloads\UnlockUse.mp4v
| MD5 | cab8f03e96bdc28549342a019c13f5db |
| SHA1 | c03163286709f6f1fd72621d1048727627334d12 |
| SHA256 | 477ec25d7a24f3dc552c3756488ac2fe55235b10394e4e42e89c537d7f7b2715 |
| SHA512 | 612df47f3bdfc1bee75f6dff49d8c235af77b0b15081a8ed60d6e8becaed6b24a6a03e10436e6ff2130d6ef196afd37e763ad11aab9aecb4d441bf9aa6929775 |
C:\Users\Admin\Downloads\UnregisterRevoke.m4a
| MD5 | c480e4ca690c595d859bc24c6c0ce195 |
| SHA1 | 9d1ccf3ca713c4b750e88db5e796df17a2b827e5 |
| SHA256 | 7f73eb194d895072e7cae52ffaab24f95b4baabd06098b71dfb5048cec828e3e |
| SHA512 | cc7d6279828ebb27769189748efd88d838dff2871c70d764fbada1beb9f8cc9dac588985cd8556e9749c89836ecdeb89111c6e1b848450fafb556787eb2dadf2 |
C:\Users\Admin\Downloads\FindConvert.xltm
| MD5 | 26c94dd72a68332da94e6a60c7b945b6 |
| SHA1 | f606dd52c0afe910c59ba3ce094dbf80c9fdb0f7 |
| SHA256 | 864267ffb093390e68cb0ba57ac3d6ad6b92d44d14e24544ca21ef47f554b335 |
| SHA512 | 90cac194cd1d887ac280c4c6b5e936941f70bd1634cce04409b5208c58c3276ebfc7e086e5b0332b59c48d970dffaab20c2f54ed8c70c9d57bf6bdeb4615b2e0 |
C:\Users\Admin\Downloads\ConvertToFind.ttf
| MD5 | 448c274a5775452639779b05368391cb |
| SHA1 | 9e6af845851f217f57d5f1bf286d33da91960031 |
| SHA256 | a50ad0e59ff4fee65c82a36bc087ba0aec7aa61c9dc8e0d9932cdb917e2d3d3a |
| SHA512 | 10e2ff30d94fd90dae43a5434fb75327d4dd1146008f6e38099bc3168466443e68367e2d3d457c89773021af2c4bde65f4ec506cde5f5fab3ab5427d7c45496a |
C:\Users\Admin\Downloads\SelectUse.edrwx
| MD5 | 6eebc6985cc16381f77fd2374e49bf92 |
| SHA1 | 552021caaa328073412937ea0c8a4f8baccd9cf1 |
| SHA256 | d6e3c29aa3397be7b27a4d70f94fcc7c3a34bd03d2c8a32f2e87233994edce6c |
| SHA512 | 6907fe43fcd21a1798af3f709028bed365b05898f389d9f262782b9e0774497d9916cf28f637c734bb26c2ecc991c6a76c868d839b96bb53c9a27107b48007ac |
C:\Users\Admin\Downloads\ProtectDebug.ppsx
| MD5 | 971c0aecbd356fdcf11303ef26d5c49f |
| SHA1 | 58cea95f20c4fa2065e8befe416dcde1073205c6 |
| SHA256 | 08e342088bf0f922ac7e8a401eeefc7b9370ef652717c6469a44c911a37e4b18 |
| SHA512 | 30c03a7676fd424b580068d88847009f0e5e742f86b358f64fad72dc96927345ac611dc00f018b7bf35e2aae9942d54dc49233df4bc40a1d55b638768485c8d1 |
C:\Users\Admin\Downloads\GetCopy.cfg
| MD5 | 9de21edad53509a1e0636a24c10ef75c |
| SHA1 | 250f585bf5a039d11fecf4b7f72a4e0e82752bf2 |
| SHA256 | f7aa76cbb32a1b6f14ec8968cf52aeb662ad6e0f9ea2c11cd53b81c340aac7b4 |
| SHA512 | a832fe8eb534f26ee1bb06acc253d47c0b4983ab94d3eca75924bd4cae6f92961b2d3f904bd61c0ac7c74b4b13901585d20d9b0ec3523da00886a9a2f88f3b05 |
C:\Users\Admin\Downloads\ExportJoin.mp4
| MD5 | 88ad06b8fc7feabf3c0e11ec65499bda |
| SHA1 | 5dbc47fdfca7d79710160dc8a5c5e22ec7f7eb5d |
| SHA256 | 9c8c072debc7cf511636dd1fab998bc4877a90e53ad50f82009679d926c1635c |
| SHA512 | 4d0fdb0bcb82eafb4be894910e8e671965fe771e99e2370a4648da126cb2ff28aca8e3a330a00f3f006bbc6746d6ed2845c667f332159a3f5fad3fbd4d5d48e4 |
C:\Users\Admin\Downloads\ReceiveRestart.easmx
| MD5 | 7834e92e52abcf691a59090e4addfec7 |
| SHA1 | 7d4c3d9e2c787fbcb3b36cfb45e42275392ee6ac |
| SHA256 | f3833d7307fcfd36222ee2eae0fe76341c4033a8c5346388db198c18daa45e1d |
| SHA512 | d56b6107401ebd3fd9d11f480f1d6940bdb1f43d2dfb5431ea42a708bff2ddc0973d6d9d6b381b56039fcbb807cb4fede743dd15e45ec9fb3b1dc904edefa075 |
C:\Users\Admin\Downloads\ConvertToMeasure.WTV
| MD5 | 779d75c178721cdc80b196c0e8ee3880 |
| SHA1 | 4333e99e268d02126af0b2ca1ea3571442ff4c10 |
| SHA256 | a841fd8058825e2038ce6d1d4cea08adb200a990f67604c4ee3e5df6d7aeecd1 |
| SHA512 | 0b182fa536c9592ac95cad122d7035a6cf71ac1ea4c38dd20e62455017e65227b5bb944472157c82537b863a7c12f9727a91f9ba315d36b7a321953311a0424a |
C:\Users\Admin\Downloads\AssertUnlock.ini
| MD5 | 91792db8716e23c3e3231c2596738965 |
| SHA1 | b30e45ec2f65ac1997c97022b405803c14d0fb44 |
| SHA256 | 9a913a513d6a7461dd56ada38a4b9b0fc787a09f7c2540493ed167e573ea08a6 |
| SHA512 | f153cdacc074ef9cd3e723ac2a4f844aaa0268b50ea9c617aae3e0720bf6bdbf579b96f23b2353eac5736e32f121da804813b9506fb5a1e9678e20c1405734a4 |
C:\Users\Admin\Downloads\SubmitReceive.rm
| MD5 | 688b091bb2a75ae26518954ea300ab9a |
| SHA1 | 18db50fd8eac1256058897c564ce8f4070923544 |
| SHA256 | adb3377775405ae8354461e886b4eed9fcc487b585552bd1374e13315d0bd8c5 |
| SHA512 | c3eda09760c7ce6d9458e31692aea669f001a39a40dc979e1d2c28203d5d661f41f93cdbc371d4238c1212cb128d73a95fa80656e1ba93e58bd1d2c0b681b23c |
C:\Users\Admin\Downloads\CompareTrace.potx
| MD5 | 5963724417878747c53ead7cf8c3e65c |
| SHA1 | d71b1aacf92d8a2f8958ed0469e9d3ccc404d649 |
| SHA256 | 57ecb20e56775ae31829ae9dff0b7a630fcf6a265cf0f5ddeef0c2a52f4ae69a |
| SHA512 | 9d7b7f89e7595d43fac84ba489de0623fe759660f54a1e85d2577b6252849efd14ee4013e76ee5f37f9a00d778b874de483b17f56be427bb958f313576180b4a |
C:\Users\Admin\Downloads\UpdateRegister.ogg
| MD5 | 0a3f57684d2e5dfcd2db49b0c0df8fb5 |
| SHA1 | ccd0ab8748876e96a78d1a0e554651a57a3eb803 |
| SHA256 | 1d3c37e8ef5f31493659911d26b9b9740efaae566234c77ccabb13f7c1e42b1d |
| SHA512 | 139791de96449d53c7bc7b38c2c968c875633300454b060f6bde327e7cad64c2dfc6c9f9b38afb539deb4a08ecf243c98da65b57e17ea2cacb066a59f8b66068 |
C:\Users\Admin\Downloads\MergeCompare.vdw
| MD5 | 8cb2cd0c665d3d0f108f5e7547e634e5 |
| SHA1 | e57b037ed9349e10ea09cf57cb1aa66b9c7acf0c |
| SHA256 | 498c8919cb12db15240d3ce206d954746797d4496531e519f91ad3e9da7ae2d9 |
| SHA512 | 75feec0b6fe110a8beadf82836603577773a04f7dcda6ad48e7eb402cff5abb2181c219642dfbc46cf0dc907869b30f535181857c040fa7932107fe70509f798 |