hxxps://obj-sys[.]com/xbv27xDL/xbv270x64evl[.]exe

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://obj-sys.com/xbv27xDL/xbv270x64evl.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2192	xbv270x64evl.exe
2268	xbv270x64evl.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	xbv270x64evl.tmp
File opened (read-only)	\??\E:	xbv270x64evl.tmp
File opened (read-only)	\??\J:	xbv270x64evl.tmp
File opened (read-only)	\??\P:	xbv270x64evl.tmp
File opened (read-only)	\??\H:	xbv270x64evl.tmp
File opened (read-only)	\??\K:	xbv270x64evl.tmp
File opened (read-only)	\??\O:	xbv270x64evl.tmp
File opened (read-only)	\??\W:	xbv270x64evl.tmp
File opened (read-only)	\??\G:	xbv270x64evl.tmp
File opened (read-only)	\??\I:	xbv270x64evl.tmp
File opened (read-only)	\??\L:	xbv270x64evl.tmp
File opened (read-only)	\??\N:	xbv270x64evl.tmp
File opened (read-only)	\??\R:	xbv270x64evl.tmp
File opened (read-only)	\??\X:	xbv270x64evl.tmp
File opened (read-only)	\??\Z:	xbv270x64evl.tmp
File opened (read-only)	\??\Y:	xbv270x64evl.tmp
File opened (read-only)	\??\A:	xbv270x64evl.tmp
File opened (read-only)	\??\M:	xbv270x64evl.tmp
File opened (read-only)	\??\Q:	xbv270x64evl.tmp
File opened (read-only)	\??\S:	xbv270x64evl.tmp
File opened (read-only)	\??\T:	xbv270x64evl.tmp
File opened (read-only)	\??\U:	xbv270x64evl.tmp
File opened (read-only)	\??\V:	xbv270x64evl.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397793557151944"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	xbv270x64evl.tmp

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
1800	msedge.exe
1800	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2268	xbv270x64evl.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp
2268	xbv270x64evl.tmp

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 3716	868	chrome.exe	46
PID 868 wrote to memory of 3716	868	chrome.exe	46
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 3828	868	chrome.exe	87
PID 868 wrote to memory of 1812	868	chrome.exe	88
PID 868 wrote to memory of 1812	868	chrome.exe	88
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89
PID 868 wrote to memory of 1040	868	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://obj-sys.com/xbv27xDL/xbv270x64evl.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf51e9758,0x7ffbf51e9768,0x7ffbf51e9778
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5688 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:8
  2⤵
  PID:804
- C:\Users\Admin\Downloads\xbv270x64evl.exe
  "C:\Users\Admin\Downloads\xbv270x64evl.exe"
  2⤵
  - Executes dropped EXE
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\is-2U73H.tmp\xbv270x64evl.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-2U73H.tmp\xbv270x64evl.tmp" /SL5="$240022,30148813,57856,C:\Users\Admin\Downloads\xbv270x64evl.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    PID:2268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\xbv270\README.html
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:4360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe59146f8,0x7ffbe5914708,0x7ffbe5914718
        5⤵
        
        PID:4468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17794774565606339592,17767178034395042631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17794774565606339592,17767178034395042631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        5⤵
        
        PID:4936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17794774565606339592,17767178034395042631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
        5⤵
        
        PID:2276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17794774565606339592,17767178034395042631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:5084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17794774565606339592,17767178034395042631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
        5⤵
        
        PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,14358702153111581970,8778462622702081511,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
480c8aa31d99dba9a77560dbdbe49d34

SHA1
09fd179b35b41c855c20f36ff8db89c9745469e8

SHA256
f59e5a18515d66955a65df4052ac1f27bae271daf8f185ee7cad2c0467622ff7

SHA512
41c186c6bd54d3c2328111f217ccdf64f27be4836858d686f429af128abc441fdb6d66b6a22b673854006826ec9d59893e68bcf430033b7ba3e8db0fbfcb73f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7926e9bd6f2e82ddf88614b3af2d435e

SHA1
e4fc7b70aa0126bfb582150b30369913c413e76e

SHA256
f845427475519aa745d1263c291879ad978e20832c8b2e2e5be04c9acad4355c

SHA512
f17aac0118bb079cab4e987206b57bdc0e8ab36ee45e7a219a80187126faf5e028bbfe43ae0dc6afa89d3089fb1d21600e0e1c96775e2c9af44e517e65e2053d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d2b7ed87cd74bc3a1c144da8582e1190

SHA1
47a8c4eb60743a7998fcdc449195577d3ffba31b

SHA256
8bdce79bfa88e24e020cf3c3f9394eabbb2632d2ae22ef83afd87408191f96ea

SHA512
f472e5a51fade27744e706d2c33ded5f7891562985ec2844bfc86bdd76b4cd74a12fa9ac415d5beee58a697f3483b664c31dfdf6bc78364a63d73f7cb34890e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
e25383dae9824ad85dc52e48958ec3ad

SHA1
7344194f91b92a9df12029a17ce7516a40466ccd

SHA256
f148ecef16259773b2c70ca6381e32bdeb75d4a8589cf3de82610d234d3e6f90

SHA512
5db43549453d59b9a375bbe7efb0aeb2cafcd705cc80ac8de3418c2c8cf01ddc0381226f28b702db1d935246a67ee3b490a958b0a0e63652a36493b396f6cd92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33568a86b603b39a062039a65b9f74f9

SHA1
38584c2d8665fd6a8111ad4f72ed67f88f91684c

SHA256
0611ec4104c5631d8e8b71a41581420fe32b0d53543b6618b1c80c04bd34678a

SHA512
65ae50c5e69eb48e4c3c2973f9ad8e3d60c3053f60995fa9806b102fcfc1143027ae5c34c7d299d7be87f7c785e3763a61da457005525f22e88d6876cd1e39c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e77ee1afc810a7dfe0f4308d32d94d0a

SHA1
97808a68d9960a4b842d342f47a973758e98cae5

SHA256
79ad810614561eca41b1bd655ebe38d585d9ca6693bc4bbdae37195d6aacfb83

SHA512
c2d907a10e7d64d244a8e9fecbc5747229543ebae439c52e0d6d876d310a9a19de1e7ec843d71712d65c38d9dbe2de7e67097024beb4a3186e045ce81b213c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6b6bd47f12e650fb7d0d5619552ea2cb

SHA1
2c1f8806733043de8eeaa69989fc12e24c061711

SHA256
0bbfa15df23b47f0263d8cfdf6f156813907f8c0a1d81f1e8929fee1e8b13096

SHA512
4f69869d47ea5b798d013a15e92c3b0d1741acaaa9f240caddf9a9f8fc456a029e6b26d5c6cd7a80839d4c9511d9bd1e68402c814836d79bb4e4b08ef8fa1130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5ce76a291c317a76c169f26cbc7092e

SHA1
0ef0f023ac6f0f078deb382efbc89155fd3dee15

SHA256
f1935cdc28ad523431b83e14671fab3c0deef93bfc035f4cc8973de20ce1151e

SHA512
308dbfb358e8bd6298625bb630881e4d1edea9fd99a5e328d8184d857e9dd4b54dcaeb447aaba3e7ad19bccb611264a3e8729cdb3d8b373e91000e77eb02f35b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2U73H.tmp\xbv270x64evl.tmp

Filesize
705KB

MD5
4d8b3565adf4c8e21f4e3b4643b75038

SHA1
a31359a19451ed5af836983c74570f6d8a555b27

SHA256
9c99cf486ba093b4bfc7d09d53c9082fba39ec74edb258f82196a8e0ff1e8ee7

SHA512
2786962c7d6d3e50c18a9ef262faef6fc0bf94eb2018fc0b35ac69c52d5ec6009ad63c8df023ea4c65850bc78fe14fe87b61170eda6f0ed86b27084c850b475b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2U73H.tmp\xbv270x64evl.tmp

Filesize
705KB

MD5
4d8b3565adf4c8e21f4e3b4643b75038

SHA1
a31359a19451ed5af836983c74570f6d8a555b27

SHA256
9c99cf486ba093b4bfc7d09d53c9082fba39ec74edb258f82196a8e0ff1e8ee7

SHA512
2786962c7d6d3e50c18a9ef262faef6fc0bf94eb2018fc0b35ac69c52d5ec6009ad63c8df023ea4c65850bc78fe14fe87b61170eda6f0ed86b27084c850b475b

Download Submit
C:\Users\Admin\Desktop\xbv270\README.html

Filesize
18KB

MD5
4fb15c179d279353aef3551286d90811

SHA1
c40edf3c444c446b3a43a3c325fffe370bebac8c

SHA256
ddd80f90fe6c180689b535096e0ccc7d8e6d38ccc9f04b26f6456f8f07872a29

SHA512
0ec271f19b8eaa802e2656b84aaa488a035dda2670806ac39c681f6fa7e7f1d15945d18dd4148335e2440f0df8f0fa90c7908ecbd4ba037688065ef53991491a

Download Submit
C:\Users\Admin\Desktop\xbv270\bin\xbeditor.exe

Filesize
737KB

MD5
dd512e5c96c6562c69fd13a26468f785

SHA1
6899f89eae424d7b72cc690fde200f26ad7e68bf

SHA256
397136eb717e04be13eef33732ab272ec61f9a142d942076d98bf1d38ec89768

SHA512
4742d90b8c5e1fcb2a0e12e3a13bb617ebbb94d99762920a985329ccb8cd17b9cb8676dfdfe67567afb0943115c6cf66490275c8fa15984cf62a448e9e7b97b9

Download Submit
C:\Users\Admin\Desktop\xbv270\c_64\sample\CSTA\is-R71MP.tmp

Filesize
7KB

MD5
fd19b224d83484fe0011951fb67420a4

SHA1
f6f2d0792b9744fb589639cb3f343a43490f4cc3

SHA256
94fdfb6a6ccad295d424b163a3286fb05031088e7b1a0d4e41cab768d3f029cc

SHA512
c21613477daabbff0ab3fadfff9201e5b8809c819ac757e47fee2d1f690d86c17110b6c17cc056fa70b9e3b146fbbd8b884d373f828ce4aafa0e68d3419af2ab

Download Submit
C:\Users\Admin\Desktop\xbv270\c_64\sample\CSTA\is-VKHEH.tmp

Filesize
563B

MD5
50bcf92aac03d3e09d0ea26f5db65030

SHA1
32e0858e003902a29ec70b9da451033c36ca9734

SHA256
9622ef0bb057a21e23feeff22e5b1018be8b913269bd712408c04274ca1076e5

SHA512
224f6cb6993676e21c82da6e70e3fd15bbe52e6a185a637420fece3bab7650aeb5813d76877f95315ae367ffa901920ea22c434c69332cb2a080d562ad00ef47

Download Submit
C:\Users\Admin\Desktop\xbv270\c_64\sample\EmployeeMicro\is-AJGMI.tmp

Filesize
1KB

MD5
10126573204debc81634d403ce8b616e

SHA1
58072712afc3142476d3e57e5d44cf69f5aa1e72

SHA256
efd41e061d4ffd0fa75905a794f76fb6192bd9c1bae1314ad72c889861b36208

SHA512
4da479a14ae042ca461c9dae8e341b0e06f27dae1e69ac8ad6c216feef919bad07aed69244fd753d32e452945d41fedcc63b577cd063a54e26d1e49be751ecdd

Download Submit
C:\Users\Admin\Desktop\xbv270\c_64\sample_json\AttrsWithWildcard\is-8EQ8E.tmp

Filesize
26B

MD5
f8f851e23a241f45a4184c746f75fe54

SHA1
61eb81eb36206e52b73ed03e613183c78679c410

SHA256
2d73b41e55753971ad8fe0b7a1c1e89739965ddc9400e2f9d3b5c3a2cba2a1fa

SHA512
867ec2da9f26cdd206bbfe873e08c613af57813cbcdc4d504b5b8327e570762cd24f42f2e0573c58068e79be60a02a1ac0bad7ec40f604f6f2853678238c86ee

Download Submit
C:\Users\Admin\Desktop\xbv270\c_64\sample_json\AttrsWithWildcard\is-BND32.tmp

Filesize
1KB

MD5
b6b48d972a6a6d7ee44586c2d994396a

SHA1
d4493249cda8973a5216d32406a2fb2157f709aa

SHA256
6c5880f0ecbd1461cc6e32eae75f944c1793e1e2e7ede48a5d2adbbee5f0ba19

SHA512
eb69b50ca9de4649e608d820622b3c7f2f675b83c56433c6e2269abc763cb2767e5edc5628ba20b51a31a02104a8f72c0c59a63a5ec6b1d441bb7e35a15c7c5b

Download Submit
C:\Users\Admin\Desktop\xbv270\c_64\sample_json\product\is-OI0EV.tmp

Filesize
583B

MD5
7414e0b45047a394e55d67c1f43c37be

SHA1
371b8afcdad0ab272c2f91ff2c43cca080a7d2b4

SHA256
5a3cdc692f7de2aef29fc0215685cb3425ea6916031263f0117ed9d2b679b217

SHA512
4e6667bf8b90d1560b7ffff01466f6694419aa1ecface52bc91c346e5e9ea957bc460e96a1b91a14711b26da1c630e6781054d695a66c4223cd0e7e4d323826f

Download Submit
C:\Users\Admin\Desktop\xbv270\c_64\xmlparser-libxml2.mk

Filesize
612B

MD5
05942ef71b315eabaecc6e7c27300328

SHA1
a6360c911ad421ff3c5d19343e04fa774813a112

SHA256
acfb3972d9ee0764a023f3ea51ce791b0999c43fc7644b97c77224d0e543d00f

SHA512
9f09b6fd0a06f886605c839ada46973dac4a7033ce2c6a15514d9f813c689cb1cca0755ab20567f153d1ce806547ffb8632db939a25318c5b17e745b2fe242d7

Download Submit
C:\Users\Admin\Desktop\xbv270\c_vs2015_64\is-KO1VA.tmp

Filesize
2KB

MD5
306e1e27eddb1c33ca32c912115db692

SHA1
f3788578e36de3ead9722de827467e65115834dc

SHA256
65f1c627e98e8b2b35237cdf6be28fbb53099b7cc96b706df723da2c2fa322df

SHA512
c18b372f0ee5d745ce78efb762feca73e75a6f18b7f15007721ef6ef3e467bf2c89a92afcba1aeb77068e3cce845beee2ba7e4959fa9dda15528a257381d1e75

Download Submit
C:\Users\Admin\Desktop\xbv270\c_vs2015_64\xmlparser-micro.mk

Filesize
230B

MD5
76d77f9a75ba77d786f302869930e32f

SHA1
44133a03ef1f9a242ef5cc0ff8f3cda2557d2b86

SHA256
e9330cc1b26af89fb9eaa38f440715da28a83326a69979fb79464f6755831eae

SHA512
613e77e6cc0539431f0964d229b5b40d69022ce50d552d0ab48de5457cf52166cd586220c2014846371d98cdd5f3f15654e17fb931666aa6c03d5fc240f986b0

Download Submit
C:\Users\Admin\Desktop\xbv270\c_vs2015_64\xmlparser.mk

Filesize
626B

MD5
223ff0d76eb69354f869730275bb24be

SHA1
8745c0babaa9cc28a4ed7df6edb119ffa395a028

SHA256
ae13d8f9bbfc1d137c89b71118dad8231aceeea1f742d53937a66cc70ed7f296

SHA512
5f5ae25471864a7530170336b24b25cc6f815fa18c30df9241926f7cb4a8f505349cbeb6165ebb339a9ceb4d048742f65853a89b01a7005e74a04ebd3f74ec8a

Download Submit
C:\Users\Admin\Desktop\xbv270\cpp_64\lib\is-2J7HU.tmp

Filesize
16KB

MD5
2a14894e4f6e10ca6bd793772b2204bc

SHA1
5a870fefd24c815417de191669d97589869cf260

SHA256
9b3c5c577d2ad36bae6a353e32ab106f8dfef341ac5be660a546117edb3b7668

SHA512
82d0136a04686cbbff9f8670b3b1f895eb8d2dbd2b882eccb77dc9e2c10e790a7d78368983ae422827f40e4164eee5643c2b5a08dec6ab090d9030d54919bb38

Download Submit
C:\Users\Admin\Desktop\xbv270\cpp_64\lib\is-TRAR3.tmp

Filesize
328KB

MD5
904777961842af6363758f4c5c423c91

SHA1
6985274596a84ae94fc9f27e2a3a89449a108a72

SHA256
c879fbdc6d5a4f79913e8ee3fef1072bdc95def6ee60de5bbe77e33f1265d42e

SHA512
2ef2d15397b2885b7f6147fd7872b84c3665b687a54f9425626740b8f114f44c00333d4b4f2adbeae061a422e12dd7c409c82c204b64e89f3064dd1c84511b58

Download Submit
C:\Users\Admin\Desktop\xbv270\cpp_64\sample\ComplexContent\is-IVJVO.tmp

Filesize
6KB

MD5
883161b40fb7531cfb4debdbd9566a06

SHA1
c67d8591c0e6b9ab6dbbe634d41f5098091c78d0

SHA256
d43100fafdd023448505b328b3c20de3b3eef93441d9bfb5587bbb4b87af2f65

SHA512
31c1d47d3897e29ebed0a15fa9ed1c4296adee9b532676e68d6b812987034d631cdd8aec567f7edc9f957894cd7b38b142c044297443949455060b13bddf2bc6

Download Submit
C:\Users\Admin\Desktop\xbv270\cpp_64\sample\PurchaseOrder\is-I6RU7.tmp

Filesize
2KB

MD5
e067fc41fe661ae004ecd7acd54c9972

SHA1
9cc26d83066f5ba949a6d244dcc3edc3d67f8230

SHA256
274397478ef0d2b06cb6f2da5144b46b1bd50bf262a817f305f7010cf804c8f4

SHA512
b0c10a6e0502d68d1480c073198c729c464a6fcb877bc04a4ab730edbfc7b644f5974bffeaf86d86c9154ba5e8ccb82813cd207d4f5ab5c3e1c477f722f18b11

Download Submit
C:\Users\Admin\Desktop\xbv270\cpp_vs2015_64\xmlparser-xerces.mk

Filesize
601B

MD5
5e5e914e7b8fe7c45f240fe8819e873b

SHA1
595c5e3b68de33397134d8807031a1fef9f2490a

SHA256
a4f5254bc17b955eacfd83ef596b59d793bad9d55c25749ec4b90a0a8dfa12f8

SHA512
13171beda3687b5c6e489d4d89470d9117079ef4d36573ef14bd08025b388ff62bbb70c0b0ad41ae9783d158a087a1caa1c3c1fb1b3612d6a3e4ca697c689925

Download Submit
C:\Users\Admin\Desktop\xbv270\cpp_vs2015_64\xmlparser-xml4c.mk

Filesize
578B

MD5
6ecfb55332db45eb41efe36285dd75c5

SHA1
2e2e40ee525070a68ed8d1e640a05c7132ac1512

SHA256
ea1103deef35aeb70e33fb20d9668e5b72cd4b367e4f8505fd5f31fc075b43fa

SHA512
e6332130dd6d5a88919dcd2a8ddea03a391cb6a76a7feb5ce2781515b0fdc8d4c425cce3a173823cb63cf38e51f9ea38fc6b1b134125de78b5cddccc872b3d2b

Download Submit
C:\Users\Admin\Desktop\xbv270\csharp\sample\RSS\is-THEK0.tmp

Filesize
26KB

MD5
f46c21d6d4132bb18a35619423eb4c0e

SHA1
6cf5cca31cf547f26b9720549f9378ae339f997f

SHA256
4bbf233f01c2dd258e63946687321fd894772ecda1314c51e60e47a477f09166

SHA512
d6b750124a5174e0d51909e0e848f695a34d5e34ce857e29206c03e283f3d314c6bef8c6761e452f7de182f969abe6d76d8674536217207d797060e43421b004

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CAP\is-4OPB3.tmp

Filesize
1KB

MD5
cae5371ad0472b624148a1d385310161

SHA1
13930ad00a98d4f281f9b1ca8ab1771e7404f3e8

SHA256
71dc4293da4b842e021eb156b46a3d6330bc10cc3eec6b9e09d40ee0f4be3730

SHA512
971ecb3e358248340ea242d4589c72f3445afdc7149bac77653fd67241a79dcfb910d388ccd03cf6e5e7c4711f92d44b0c6eb5ede0f74908ab67b01fad3b13a5

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CAP\is-DJV75.tmp

Filesize
7KB

MD5
63c40746e70239bfe8ed21915df2dbfb

SHA1
bc423ab2716a52fe205b99a858c957f1a1c1fbad

SHA256
b44d9672bf0c281d28d99a11665a57f7b5aacef6008fbd1b46b289b3cba58891

SHA512
ac55e1f5ef7556326a03fa3110041c148b3a0dc3da6e3638e80963ea0cb964f5c2b80d4a0dafba97fb5bdc52fd543494a507bc3df6527fb738699f2f1b70873e

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-0QOFH.tmp

Filesize
521B

MD5
8ed87f072a970a1a6d970cf76852978a

SHA1
c9de067e56b7b82333934a4874968eaafc3cfc63

SHA256
d21d3ccba484b794f74b9d3e7cfd09d75921abd8d2a67528680251a29b2c56e6

SHA512
78ac574fd016492c842f6b4cd57e6c370a8f2d441cc5700c4761e9888bd1667d99559c97ca93bab82666a4735f23bf81387f39bae6cefed68c0b4f8a6e1a24a1

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-195SQ.tmp

Filesize
5KB

MD5
bc157c15c83524b15d9c78c59eafc5b4

SHA1
63e683e354da9777b9e19e700fb09f60ec0664e8

SHA256
e7bc2d968c4460521067e5895c925b1113fdec754e8c7fb3f7172e67be4b5919

SHA512
d0df609e13cf7945fd4f6d5c96f584b3aaac63bfc2d3dc4c0a9ea67057fb7e27251fa754ac69a61f529a5c03706b98f1deb00cd80eca67a1256a320538fca814

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-2URGD.tmp

Filesize
4KB

MD5
6531dc6ccd91b5cf823f01f89e7c22f0

SHA1
43b72e352f10e6f07a1166d9dd1e155ffbb3d093

SHA256
87bc9954ceea066305d5df1f1b502be5e70073355f53de59ad3ce6c4252d148a

SHA512
50a9454bc583178f772458195cb59736c9c1e55b263488d19ef1cebcc056e3d78d137c621188bdb1f2af83b9183f9fe16317613690cf9443eb8f91d6ebf4bbab

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-5MGM0.tmp

Filesize
231B

MD5
bc4e9e844bfeb84b2a93e841fa6121a2

SHA1
57e567f852faf5009b1452067e6dea50cdfe99eb

SHA256
b75655020ad936009b5b1285309540426196b0ca7c533a8a46497da6b2772bd6

SHA512
fc190c87411cc71e836123f0c975dbedeff0153a8d8d8930efa37c9283e4d7303c696564e4a57b3416a2a60b25c0008ea456f65fac834f2a2be5e42f2202dc6e

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-7M34E.tmp

Filesize
1KB

MD5
f82fcd57da0f0003527b852a6ddb1f4f

SHA1
48401b5ad8b23aed3a30815df913c334135f301f

SHA256
314f52e8713c4e2678bbe8ec6d04506c1cea4ef3d2d44262551ee73fb1a692c6

SHA512
ca30f3cf78cef7957f6bf4af173b4d9156573bd5d79e58120ea3fd8e55bf28bdb99bb2930f4ac85a22cf111947fd48f3d1f8ce2c625a92dd0217aa95d26b382a

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-AMFAF.tmp

Filesize
7KB

MD5
638644e5b746e21904801357be2eb4b9

SHA1
16ac8c0add12628903036c3564febb05db95d597

SHA256
c63bc1e771aed6b64095900cad38011d3894066fb7582d2abba256c9684fbd71

SHA512
154f19040a10ca79f1efab4b1506044dacdc411c6f9476fe33450c92cb83592bf5f89d843d7367d1ba6c757a370d161a50d633f3efd943d8b3abccf77212692e

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-DA7S8.tmp

Filesize
19KB

MD5
ed0dcc049683b6ca2225fc54f5caa5b3

SHA1
27f2079eca2f72097291f31249921cad2b48106c

SHA256
509c5e50aa199d966e2f3d11a151da8556f6bac499bbd2e1501372c972e7b429

SHA512
8482b5af93f8b2ad09659d17bcf40e232fe054cec3a5f536b3d937391effb3eadd781c0700a4ec7d34eef82b4c69a9a46adf030da2f599ad43a08d2040edbc8d

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-FS04T.tmp

Filesize
2KB

MD5
e57a1f5c7909815761b04107691d6ad4

SHA1
7b2b676a0ba92f37cb80a4fecea36c1ef2f8b2cb

SHA256
e3f8d86ff8cf11c28d3ac28de8b06726c0c8e6eb7830c974cf02424fc1d4bc0b

SHA512
f62be1a5a9ded7d64987144930117187a44f4e1c5e21a6b705380bef382c767668130a627aef079457bd78d9df66dc3bcf0215afbc373a2d7366b2909ff84bf6

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-HOTU5.tmp

Filesize
13KB

MD5
d58b8a26b7576b799fff98237f0f57b9

SHA1
34e3ab464d6385b4a60316b106d963b0ec4bfabe

SHA256
1b464b408ebd86b9112a7fcaf55119425e1fbd1653ec3d9161afba9528eac349

SHA512
855a6967a6ed9a41b0f2b6ea4e73c0c409cae5a3a7ad715accac7f00da4d314b5ac2db85128c83fe6aebde933f1605e7f8ead7f768dbbe2e495650043432cbcc

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-PCMGT.tmp

Filesize
7KB

MD5
7ce92825ddefe97132b58f7b5d8d19e0

SHA1
c01f9a24d45cbad0568ff45b3da5bd3bde394c4a

SHA256
80a895b0b761a08650828a59d1aa1f26f2b62cdbff9c8d7a714a80ad9e595614

SHA512
85972b038b9bd6ece40ac1f2db08917468f6dac6cf2e13cc30a41e76c8903ee05c42d8a95c41e9413c5157fd6e825641cadacd839f48e38b381a36f1533097c6

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-S5UVD.tmp

Filesize
1KB

MD5
304dc8d1c5cfc6cc805005ffe6634616

SHA1
52e0ed025c6114425a843c9a0f95ce782290cc88

SHA256
660302663a1fa32d96fee67c1a460bb93f537a29ffe7057ccd96a96f566a70d0

SHA512
03fa9267b9f7765dd43102e379d61bb647cc29b0c5ed48405a50aff9a298480adcdc60fafa12995cedafac948cd9abbf1ba717ca4be8ddf1c9f237f07ff2385b

Download Submit
C:\Users\Admin\Desktop\xbv270\java\sample\CSTA\is-VMPMJ.tmp

Filesize
227B

MD5
1f34a167a42af6b302e64a8a21d611f5

SHA1
3210eba82d8f6a522963bff236975fafdf3c59ff

SHA256
3aeb409bc994e263d7ce669340046994dedcebc69708e148d11df3eedd1cef10

SHA512
c650772184d4b15f231cadccda7b8d33e9230e8a064476fbbd9efda8f98ae3aa901b14617ddc77e7c4042b45dc1d29732359438dd6a52a3b4585e34f0c3d40bc

Download Submit
C:\Users\Admin\Desktop\xbv270\unins000.exe

Filesize
705KB

MD5
4d8b3565adf4c8e21f4e3b4643b75038

SHA1
a31359a19451ed5af836983c74570f6d8a555b27

SHA256
9c99cf486ba093b4bfc7d09d53c9082fba39ec74edb258f82196a8e0ff1e8ee7

SHA512
2786962c7d6d3e50c18a9ef262faef6fc0bf94eb2018fc0b35ac69c52d5ec6009ad63c8df023ea4c65850bc78fe14fe87b61170eda6f0ed86b27084c850b475b

Download Submit
C:\Users\Admin\Desktop\xbv270\xsd\csta3xml\ed5\is-DTETT.tmp

Filesize
2KB

MD5
7a862bb06c8735244e00d80ca8032c44

SHA1
ce853a520967e3e48b07324f75b18ee66d428774

SHA256
430d4c10f6e8f31d2722df605a363caf00f2091ed7238f88640ed189da865928

SHA512
570e5367fe638435d735c22d1be5de0b5e83c94d90f99eb533e493c04c11b67163153974fa7c6a3fa6b8074f2cc26813d45c96ae2ebf4e00ac31abee195f548b

Download Submit
C:\Users\Admin\Downloads\xbv270x64evl.exe

Filesize
29.1MB

MD5
6eef8717a0422304d9a4c5e30dbf58e7

SHA1
02837450d384adb79ac6bd8fa0b1211d5f8f31e7

SHA256
1622ebaddb6c7330523286747c883f626749b416ae90e3a69796358f35a6eb44

SHA512
90211be878b73daf58ae5ecb4ee603a681aabdb2700acd83a534258b13c29f083a9d2e4235b7f38ec578066e9a5b16f86dade9df38ca3e4e9a30758eba24327a

Download Submit
C:\Users\Admin\Downloads\xbv270x64evl.exe

Filesize
29.1MB

MD5
6eef8717a0422304d9a4c5e30dbf58e7

SHA1
02837450d384adb79ac6bd8fa0b1211d5f8f31e7

SHA256
1622ebaddb6c7330523286747c883f626749b416ae90e3a69796358f35a6eb44

SHA512
90211be878b73daf58ae5ecb4ee603a681aabdb2700acd83a534258b13c29f083a9d2e4235b7f38ec578066e9a5b16f86dade9df38ca3e4e9a30758eba24327a

Download Submit
C:\Users\Admin\Downloads\xbv270x64evl.exe

Filesize
29.1MB

MD5
6eef8717a0422304d9a4c5e30dbf58e7

SHA1
02837450d384adb79ac6bd8fa0b1211d5f8f31e7

SHA256
1622ebaddb6c7330523286747c883f626749b416ae90e3a69796358f35a6eb44

SHA512
90211be878b73daf58ae5ecb4ee603a681aabdb2700acd83a534258b13c29f083a9d2e4235b7f38ec578066e9a5b16f86dade9df38ca3e4e9a30758eba24327a

Download Submit
memory/2192-70-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2192-60-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2192-4659-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2268-2481-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-80-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-4658-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-4650-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-83-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2268-85-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-66-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2268-119-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-121-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-123-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2268-1016-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download