ef99a1844cbf354868a70cdcc2584ec94ffceafc4ffcd3a6b5563fa1d632844e

Analysis

max time kernel
165s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Size

78KB
MD5

0163a114f3cd11d4a2d3c1374bf4878d
SHA1

96b9b8510641a18f7920f48078087001a16db568
SHA256

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919
SHA512

0104fedf9a6cc994a267f743c8fa3324af388e2191dec5aff1eedf7345a1d0bbb4829db2b846dd6f7e63e2e4c04aaa0d315ed8b7361c8fbbd8b9f0096e90cba0
SSDEEP

1536:freiQwer+Gu3gzQ6qOAI2PneemZcsABvYPpXUJqnwBWH9R1X3Jq5:yiPGu34Q6pAgeJsOOYByXHJ

Score

9^/10

persistence ransomware

Malware Config

Signatures

Renames multiple (2554) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 2 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oJeHsBqf.lnk	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oJeHsBqf.lnk	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oJeHsBqf = "C:\\Users\\Admin\\AppData\\Local\\Mozilla\\CfUdSDMF.exe"	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Drops file in Program Files directory 64 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Common Files\System\ado\adojavas.inc	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.25 (x64).swidtag	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jce.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

pid	process
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	pid	process
Token: SeRestorePrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Token: SeBackupPrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Token: SeSecurityPrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Token: SeDebugPrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

C:\Users\Admin\AppData\Local\Temp\568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
"C:\Users\Admin\AppData\Local\Temp\568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

Filesize
3.0MB

MD5
1f68aff146b67bc2eb807af445fc8085

SHA1
e9bdbbe6963a26bc726be0a4cbefbc6274a51814

SHA256
fa7e7df5130e8272476d84df37e08e8ae7b27a61db614af67d7fac88b9e6a322

SHA512
4751b9290459418d5742be17ed2b0ed76b1e68d2a17240a741dbf00169d379eac679cf60a3258bf49ab8b24dfd0cbdd9770307e93093d16168adc4adae3944ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
265KB

MD5
d0be9549db628ce919e5acbadb18b503

SHA1
d77242248c16ff29b4c1b6fd69486023a8b881b4

SHA256
7bc480d1f7ba6a54bc3938e48c7b22c31d0fe40219cfff4915dd98e7e140745f

SHA512
109d3164aaf1f83e8ff675038edade3c3244dc7494f931794485d3e69e632e366d521df235daba768d043c5289b8377601ca5a07aeeb67de1078c9a06641ebf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index

Filesize
2KB

MD5
918616a3b67e8bab5d7a574d31380eb6

SHA1
d13310da279fd98cb58d8fe208a659a36474db3a

SHA256
e273bcf89ef9a82e1c98ea01f36c22df30e0b8d5cd43df70e7d25e0417ccbea7

SHA512
0191b11344e6ce8fa731ec0e92ecd52567090df1c6a83c6d31291f7de55f4901f0cf3cf42d7980cb035d3839fc107763fec9b3644cbd0c03b40c9789b51ce700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
2KB

MD5
5a069d1b4cdbb8a765da4930df517d67

SHA1
4b0e90293670ad695ff08af23531ebab45694dec

SHA256
5779906b51de8f1e121d41e2559670dd85df366892ad86f9cbea672984bce2f3

SHA512
92ebd3f761d6b11a24231a8fdf0849fd0f982bc32b47512d57bccae5874c56aca1c95c5735700edf492b962cfcb0ee84a0d4c71dfb572849706c1713b9b73453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
2KB

MD5
ad0f3e929a612b6feb2732adda946e7b

SHA1
53301053671e1f0d2aeb0875465ea46c69532d81

SHA256
0d48e0d8e3b75ece22a8ad78ba6c7c80b4e46d2105a9413a5e4f18bc38ca905c

SHA512
21621302b057cdc5d9616beb75cdd4edeabbe5a05a14a3a1d166c4a55870a7e594aa58be16e0f43cdabb349a0c0c72913689247e86c405c0bf190039dac7d479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
21KB

MD5
ca00eaac994cc81c2cedcefb41af77b2

SHA1
114638d503f4bf78c4253ddb1449025a2915dbf5

SHA256
2aa88a943c5ab35f08f49cc392ceddcd33008f5097bf7038ac7c2cc939d8de48

SHA512
e9d04304465b65397f238cb5685327732042bc0b68e30724305152655e7d93a0e37300e77b4082ad6ebee3bfbd9167dfda7f023c79f3e4b8fa58bc264456726e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\CfUdSDMF.exe

Filesize
78KB

MD5
0163a114f3cd11d4a2d3c1374bf4878d

SHA1
96b9b8510641a18f7920f48078087001a16db568

SHA256
568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919

SHA512
0104fedf9a6cc994a267f743c8fa3324af388e2191dec5aff1eedf7345a1d0bbb4829db2b846dd6f7e63e2e4c04aaa0d315ed8b7361c8fbbd8b9f0096e90cba0

Download Submit
C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat

Filesize
9KB

MD5
5e5a9e8818fa80d7fb91b9416c511956

SHA1
7fc77766bb86fdce9b2c6376b301dea58d589221

SHA256
b1e35b3ed80dd159fe9be72ce9e45cfa0c9d93b7c4d94df83d59773648dcf769

SHA512
9e21b65bb9f9499c126358a703e7f479ac292c9626a6ef320087149dd01385e05a03f6a9deadac7298abc30fc0c6410aa6c7840d4835fab7ea6147ad311bb90a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat

Filesize
9KB

MD5
e24aa1c0b2bd23e5f34460d19ed79f68

SHA1
ef3e91e355da08e7d0bd0a1af1c5164a7974290e

SHA256
1d03ff51ae65ca028176e1838b4e5d1cbd82ecda85d25af351f00c4e59a751ba

SHA512
adb3a5abaf97ad2a7240b1b4e32a0546ea6d03423b0c8ba5f8b48f14da1d3acca7dc6cdec7af6e1faeb7f149a8cba9303f8c3d35f8aeda6716237dfafbc41a7e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat

Filesize
9KB

MD5
863dfc9604d690a7e34ce249896b25d5

SHA1
2a2305fcb5e53e9f162c6af6bd58e7537473b934

SHA256
fa8881d9b9eabe9860e945f9284c284f5173527d3692c08332fdbfa1ebc5ba60

SHA512
563e198a817048a2f1932e3cde8b775fe0d16a2ceaf405b416ff0ab17714c195045d130adda3831677675570ce272fc990aa60fab0dac2e46a423b78d89ed98f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat

Filesize
9KB

MD5
d458ce80d5263ff214bea97bb3d7110f

SHA1
01e44d2a56c2e3a43c3ecd0bc1ed15e95010afa0

SHA256
e770e31a151d766071d1f838a90b97bc62009e4c870a0c75e5581171d7b44234

SHA512
c7d2acafe860289aca1cb5ba76eb04a7cf90fcb913613c13138e2d3121362b1d0167aff6b6ee8cea3e2aca1f95b914c0a8cc6a966269a98d890ee2e4e9bad97e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msotd_exe_15

Filesize
38KB

MD5
0d528644e42e1413833ef74920760b27

SHA1
ed9bb8606d3f91beebfa473a7e4c0fd44d5ae4e9

SHA256
789feb8dcf4981e109afcd0cd1ae55b7c821982950633bf715100841e19e9b75

SHA512
11125eb6f7c16256f3f42f687fc352e0af4bfe762bcbc1051d9b8a0574d8874157029f3af6a64bef48b66daea684ceafad365be89236b89ca9735886f2e8859b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe

Filesize
38KB

MD5
94afb7e593b3f4317e38192ccf50fb09

SHA1
5984e6eb0687bbdfdf874c3ec1fc2f54affd6e34

SHA256
a3315de302a7c0935bc4b8b1b458b5124af63357a3e397e44d3d2b567c6c355d

SHA512
c26c3231665f77889e4ea94058773517b7992f7349249bdac7bd83b17c7154f81335e89c1679e1d5066ebfaa009b8b391fbfaab35fa84f3c3cfe000662ccfe0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{F38BF404-1D43-42F2-9305-67DE0B28FC23}_regedit_exe

Filesize
38KB

MD5
8d1c5747f67055f8e184b8596f68b751

SHA1
211c83303133d9acc3c321d0ff9a1671904e29e7

SHA256
5a6abf547d88c6c6ed478a606359885605adcc4782b51ad6c6912ffb7a854bd7

SHA512
c4ae6fe343d27300a1b766c3bf3213ddda98fc40d59d0d334aaa3a709bbf6c61493fa17fbe1fa4d053894b753c1470e3dc0fff8b067416f741a29df0976ce758

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c955d514-503d-47b0-893f-10ff442fd93a}\Settings.index!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
1.4MB

MD5
86037c80563112a8b9ddcce89bd098d0

SHA1
066432052cbf336201dab5a5d18d77697bd8b13e

SHA256
9f2e0e99d306f34207c4fcc00c1471cb1789dd6ba4670efc832d323e5d4551b2

SHA512
c4d4253c69bc57d01bb9d7493daf70038b0e6b850efeb580f20c536cf2803c353ac47ecd3423184bed029b8516589802f514c986a24cb023194511f4bc837714

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471143919198982.txt

Filesize
79KB

MD5
d233bc72bbf7c3737e1b8524683e89e7

SHA1
4a808d4dce3b8ebe0cfd2805cbc0b719b11077c2

SHA256
41be0848ae4a3ea004e19fbad8ef92252522c953118372baa9ed7b6561d5552e

SHA512
db2eadab6d69857befaa9c3ae510ffdda16ba1545cac7695de6a20fe11003c137be6723d51f32e36aaa55f64a7dd61883fe2c9368d525f92d4e199aa57e1e5e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471155475836821.txt!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
76KB

MD5
6f7ca4add8677634538a153e28710ff1

SHA1
ad5ac79b3a1010aaa8b819d71e859cc0aff111dd

SHA256
25a5db3b77e2098baf764d9f9def8fbd7bb05b638cd218c996e388816d2b0be3

SHA512
806d1350469954faae7f7e429e4c15725bee055490dc5d2bf85fc0522164b19925bba7e09c413585094cc43930b7cf897511e296479801a3bc32791e1576a0b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471185328760704.txt

Filesize
76KB

MD5
d6cf1e03b0a03df911b0a5ea98fb0068

SHA1
97551fb6d1c44b7929627637713966fa26fce656

SHA256
6106d3efbf8cb7bb1184fcff38d2842dcbc23c19460878186732588dd53c9400

SHA512
3f07008159fb6399f9b209fc810ed47cede8b3f0698a40ff47843b110626de10b9ccfa9d9c6ea2f0be59345eaffb8a1c47db8742e1d6cd8686a87213cbafcc3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat

Filesize
9KB

MD5
e8c25b2272f1dafda7133feed9eff437

SHA1
09ea8ff5a82824d192e2f028b79524ff4bb6ca5e

SHA256
3add399a25fd12b8159c5634e26db17d9b90fc1c38f5a7a06991d87fad93858a

SHA512
d6158102158c299d9682873dd2a21e2ba7010a33753c2a1aba06eb07192ed43f2b47ff2ba77f3d837e699779ea6396d1f7756a0f244917fa9db0cffbc7ce46c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctD9FB.tmp

Filesize
65KB

MD5
f4ae4751603c37a5b0c7aed1d50e6cdc

SHA1
394beb984f2969f158ccf5340727d8029b65994f

SHA256
a27ef416e95876dcd610ef91a7eef19c59fc5d72f966ec589f376cdb048d9ac2

SHA512
37df1ef7d6f43f453e8ed1ab702d46c9f06ddfb105823f2c7efcf2d50c812e3017a323a5d3c46a9441d951e99c9528abf2f302168917361265e6f37c32959af5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oJeHsBqf.lnk

Filesize
1KB

MD5
2082bae1abdbb23de8e4dedc3a1da760

SHA1
ad33127238755289b09b660c6efda803754cfcb6

SHA256
40ac4b6db0d6434cbc10592838343f4dd69a2d78c72d937c180369922a11f1ab

SHA512
e294e5bcca13045f5c78085df413d0bd8b6b8abd4bc2e033720eff5531936c16230929f3c669f1d85a67fae4470f82f2eadc1089c342dafde39509244d5a0310

Download Submit
C:\Users\Admin\Desktop\ApproveShow.DVR-MS!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
373KB

MD5
7725281fc52d11e72a1c0f676ec45a69

SHA1
cac7f5449e9fb57aab3e55197fdcee35aa1a812d

SHA256
80d7c52fb5f76e07d43e4158a94fe33e89460451a4f8e983fb22ca058b6a44c0

SHA512
e1e50949f1d100b78ce4a0741fb940eac23048112cb00984b668d0911414637d33b0940da402aef665e1ab02e050615eae6881bcae52741d447d6749575b5d40

Download Submit
C:\Users\Admin\Desktop\BackupResize.aifc!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
294KB

MD5
64c5675085dfcab5ded0bb54565b8638

SHA1
4b5b56e5bc5bf1386c8f371c60f4cfb19fb27cb9

SHA256
61d3c8dd467d985b2ae1b900e9667da1cf2330dd5e5bde0f2fd69f50068b4697

SHA512
c01d90d4fb900c1efc1d4babe8795c645487bebe424af198a3ceaab1e80a68df484c8552fe5e5bfecac226a7785ffe0a55fd9bf39287c2071095924c6c8b9fbe

Download Submit
C:\Users\Admin\Desktop\BlockNew.3gp!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
494KB

MD5
e96ba6a3d34f20392314346bfbd8f519

SHA1
a30441fb9c1400057fa79da6dc47dff0f32e88f6

SHA256
2b70c7f2dd1e360f7a007b99f0f47a37944cf359b6f4245db6d1ecbb801c6a6a

SHA512
23e5d2abd3ae705ea55221b91651ade56d85d85356456f60227d60ab3575fd6504c9746596ff5013d47eaf3fca5a734dfdb200d25ae8d1b2a09c98366187e0a6

Download Submit
C:\Users\Admin\Desktop\CheckpointGet.mp3!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
477KB

MD5
ad6d5a8c9e982512676729b2cc449139

SHA1
a41635079111b45cd3629bf1e4fc1818a3671c44

SHA256
c8bc2420c452cc74a77e8ef551272d0eee5a18c276fe1c9b1199532ef41fc93d

SHA512
76b00fe240722018313769a022bf562d6c0b09d39293828942e1f4a9c7da57b16c6a832ab78835fbe5cea4693246116af34e8e85b2cfb9db5d0e3427b77bf9a1

Download Submit
C:\Users\Admin\Desktop\ClearImport.vstm!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
324KB

MD5
ee0a6f60f43de212c20a27e5f10d8683

SHA1
89cc3eafdb70ce922b92ad57729ac74b0d138ef4

SHA256
6dd70bc388305bd14171f4797bccf6ab02f2eed34a4e91c5fc5d7f6a907b3358

SHA512
1782da48f05575e4d8ed80f3c1f38069712fab2cf23a6013aff56668ece0c235c7e58c4c65798d63cc623a7bf3363ab9a04700c99cb359ac23129848f7856a9b

Download Submit
C:\Users\Admin\Desktop\CompareGet.mpv2!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
405KB

MD5
1eded956f1257f182f8e51f048dab21e

SHA1
1787ec4bc6755ff0de226d9325d7fb90815427d0

SHA256
ae9286dd584c4d0b3809555711653c5daa593f117291a27d1357719d3c004fbd

SHA512
295c81a3eae6cb380ee9039452cf91aab9aa466774ca18dd2e9cffabd540d6d13c59cd569eab8b83974246301fbc86d8f9cf11b0f5d4ded67fdd1935d1b5f3f1

Download Submit
C:\Users\Admin\Desktop\CompressCheckpoint.wax!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
255KB

MD5
a72ecd9ef309be8f33570fd118c3ba71

SHA1
57972d6a980160671c7cc513964d5e0ecb23c684

SHA256
dad3c927cbefdf090975f9a05d0edfbf941e95f05d4f2ad4b062719fbeea0ab2

SHA512
56329df6c2d0de44db676c023e53ae5dea142edb369cdec05c1c7c71dfd142dff5074b1ee91f6755f48c16f764b58736bd957df17a0af5735d6445bd42347e10

Download Submit
C:\Users\Admin\Desktop\CompressReset.mpg!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
28KB

MD5
ece656765321ca732a8224574260e3e5

SHA1
596112c8812d060bf2ac9ff1bd39133be0d84735

SHA256
da2f0dd8a95bcd1237006f87c22098da4ba684badec40974d3823c483996a0ee

SHA512
290c7db293f87a1a8252502922f07efb3d6484817e26dbb19bb9564aa376a00e3ae01cd0806f83b87848815d4fd0c5ba738449cb9bf9eb261f4a19ac01a1af10

Download Submit
C:\Users\Admin\Desktop\ConvertToCompare.vsw!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
468KB

MD5
18e65848425e1e1ac597d3df2d0d5931

SHA1
370e7ab3d233f27826f7297ae17c236abe62eb4c

SHA256
f7c502e34082861208347f6bad72291c5712b7d4b2c7748ba7cea163289f329f

SHA512
6beaef308306573f0d6235f7f242febf8fec1c036ce978c4e7c6568433ae5c3084c457f64ad5c0b47e6205d9147f62e034ccfa8846fd290916fb38d12821d2f6

Download Submit
C:\Users\Admin\Desktop\DisableCopy.mht!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
260KB

MD5
74802193de7956c30c93e7265208f689

SHA1
4b28ff8bcda0f23f2aa62ead5d5eb51fd3458472

SHA256
b50618000281aa7f58af3d49cdf29584680dee0c96e5d8ebaeababbcd08a1436

SHA512
ddab555aabedb0ced0bd68d8891f3e3ee1be9f0e4d1dfeaf55f3b0da6db2e0d87e477d45ef196e8066d58e538bdc15e53ca16a4ff8469cd61b9511562e0b4047

Download Submit
C:\Users\Admin\Desktop\DisconnectRename.xml!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
258KB

MD5
64d35ec2b64c1a12203c0204e5ac1185

SHA1
acf548331685b5e6f301aca5b7923361b4e57545

SHA256
2b90cb00e94163abea6ef116f2348920368e40dca55fce7847f5a31c505abe88

SHA512
ce6da460801450996e9e8b8df5b0c2c6e1fcb3825f8febb9231ac0df9979209da736b5ef18acc9cb202209369f151e3b9993b7b58ec2c387f1025eadad894a5f

Download Submit
C:\Users\Admin\Desktop\DisconnectRepair.au3!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
262KB

MD5
4704ea202fec2aa7ae95e091275a0eb3

SHA1
c03c74e1b4b0ba0c3895eb73dbe6b28a1142f9c7

SHA256
2cf69034d10a8a2c5a603e875db179208af26a787747bcffc7d4e571615a5bd7

SHA512
5e684b9ac11a2ff4699c8b45d671afe03e209994f40b984cb44b77075305caf9ced820552a2438be20115b7170a3a98a39e04f867c29183055800f7c70e659f7

Download Submit
C:\Users\Admin\Desktop\ExportDisable.mp2v!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
255KB

MD5
33e937e209fad3bea406cdf87f1e0099

SHA1
ffb4cf53a44cab6a8c2ef98d5bca83d404a114a6

SHA256
0bfedc40d46c1248bad1022cac9aeaeb50751fc18fb29b9d3cba1a1c5286dd3a

SHA512
899fdea0e712a0020c23cb316e3b6a346f2a453f1bd1997ce518888a6af53e29db92713e9c1119a91725170e57058e705e39ccd9bd8e382cc078c0f8790396dd

Download Submit
C:\Users\Admin\Desktop\ExportSelect.pps!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
310KB

MD5
738ae16e68c80bf2feae9953aab2847c

SHA1
663d1f557d3f5c404f2c304ea0bc705e800e2e72

SHA256
c25e9aa4885286240fbe2e0f9a993a65a5f21155c3e16ab8c125e9374985bbab

SHA512
53fd8f65f5aff0f13fb0c83252cbaa1d2fe10a6b74fd4467c99f6badf95cfffb87976a0e2fa4f39b0fdb945d7d6120e8ac1c328ad571dec858fab144264d7bb8

Download Submit
C:\Users\Admin\Desktop\FormatImport.DVR-MS!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
255KB

MD5
a582023c8793ad95ec027453a8580f28

SHA1
34bf068abee70a59ce80b575c5f97e73cc713ae9

SHA256
5ff30352a39c29ca0918931ad236c32698025c66c6f8207b855b2905b3208cde

SHA512
6159ae314a6cfe3d8bb0401af218ab351ddcf2a60c7fb0d948fe8c2802937480dc17917dc4176fcac77b127fe49888ca1673b2d5e800def9f001b9462ff55218

Download Submit
C:\Users\Admin\Desktop\InitializeComplete.docx!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
270KB

MD5
0b525ce5cdda206f52e130216ae525a7

SHA1
0106d1c4a4b95e75a28cb3933a334bf2f6e0c5ac

SHA256
749cb34f2e98dcc7607d43e23815410ac62ab6659ffef69914fbfeba5b86ac2d

SHA512
500c5a70629c62f19463090f37845e67df4a32eeae2546d40b82b4f66a7ae5831276421dd113e907fba43e82b35904f37cdf27050cbcb4958bebce13d3ba3710

Download Submit
C:\Users\Admin\Desktop\MoveRename.ppsm!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
258KB

MD5
d1be96346ade005a2cc739cdfa09544b

SHA1
5f1457fd73d2a49528586fa8dfb41e286eb6b4de

SHA256
da36e358100aa94260439a77662627e774ec13700583fdba3eccbb4022c993ac

SHA512
90e3afc1e9bc27d11f384effff4dbe26d10c8bb71c3a029bddf28d401a847b1be5996e342491628e3a48227fda603ac1a4ffe8341959a05e5b0cf1088dfa89b3

Download Submit
C:\Users\Admin\Desktop\OutLock.mht!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
212KB

MD5
82336ae919a871f5feda387ca94e4f74

SHA1
71f8943a725e2412856a8476ff56631ebd97702e

SHA256
97d2b17ac0185de61e282926bd5ac515ed02a9e3cc8dd452832aa89aab4885a8

SHA512
7b723a6c6e62ddd6f700936efe06ee2089c6fd82357438801ba3883660931abafdd56e76a608380e6f7bd9afa643df3db6925e5a0f38caaf89fdba12fdfb7592

Download Submit
C:\Users\Admin\Desktop\RedoExpand.m4a!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
208KB

MD5
6bf755f44b259295f505af7a715b8e6e

SHA1
03887cedb7b52b432b72a1fa8e28708022f66efe

SHA256
4d0241b949fc0fb03432d050e9d48a2311d36d48eaffc802fe1f5160f657d3b6

SHA512
b7ad46993f75c9baf38f39eefa6754bf830a88dc201155fb319ac0401a026aac621a142b4044eb07768fc6599aeb989d7f42c5684bc004f4f6314f7556d68ccf

Download Submit
C:\Users\Admin\Desktop\RedoMeasure.midi!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
208KB

MD5
549ff2623b87a20190dbd4d4d85f3e9d

SHA1
dbd8e6ccda0784d27e83dbccd04a558fd296a440

SHA256
39fda859a181d18424ac203460c3e2b91c31932a146be3e1b187db86f6873ff6

SHA512
fdbd7ee247412cd7ac94387bf991bb020a0493655c7f6f97e8139161e6f5d788432854187bb406ec2f35f4a81a59a2260f3b5ebf55900cb60868afa2f992f03a

Download Submit
C:\Users\Admin\Desktop\RenameRequest.mp3!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
24KB

MD5
1c22dfc97a4b3c805dd796dd9aa22609

SHA1
e3fd07439fd766c4fc8f68165dc4c2d8424c37bd

SHA256
3e3617af3e25668ab961236d87cc2d786fd5297bf7588c7c9c084689ad63fef2

SHA512
214c2f4b4365dbeff1357d975a81fc1ae7fd14b458c7d1badcb34c16fbdc9396d6394bc4728ed566d5bb849aa1cdf67d9fee42c8769bb5c63a70b1267f4b5285

Download Submit
C:\Users\Admin\Desktop\SelectTrace.TS!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
169KB

MD5
711f92a8fb29fbb23e34e35e87501fe6

SHA1
a0fd7b20a5020e102280e8e36d9e22e5cc8aa157

SHA256
34eb20d1abd6404b2d308eca7e82d0bde799ab2600d92346900be3892b487081

SHA512
4bbfd83da7e393348f403249fc529aee9a87ccf067234dee6df1b3bfde40472fe26b146cbe368f4cbfee848c6890adc68915fdb932303578787c7c58ca367a54

Download Submit
C:\Users\Admin\Desktop\SelectWrite.odt!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
163KB

MD5
23ff88b74828de8c8b053939dec17506

SHA1
b8e48f01f84e307277c408f0890f31a5c8ecd08c

SHA256
06ede4481fc4fb7290b47b937f51fff6eb9961bc20a622ae804577063b956b53

SHA512
0582b4dd8d16d20a6f4d2498b5713488d82e53f9906bbfe220444c8e2f20f559968df3fda32e2eef77787db69632552744375ad197c13d5f67c44f97a6f5c15a

Download Submit
C:\Users\Admin\Desktop\SplitDebug.clr!==SOLUTION OF THE [email protected]==.Black_OFFserve

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Desktop\UnpublishMeasure.aifc!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
224KB

MD5
0e8e42b66ff748c7acb2a4069b512ba9

SHA1
4169a21e95af6f3df2a830a316eb37ceffa70bff

SHA256
0855e94f0a41041d8432e5793bcabe369de38e764251467b4d1267b2cd3a4a6e

SHA512
d5ffb99fec5b58dc397f29c09a806997de3c7a0fab01e62e42baa5e75f0fefabd727a38887a324a05fca8dd1f5a14ac1eb8631fe0a69d64e8443ad06905bf43c

Download Submit
C:\Users\Admin\Desktop\UnpublishUpdate.tif!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
45KB

MD5
a37119dcde0be8df9ad4854182de6f8e

SHA1
12b210f2419dca954404655fbb9d9c59018a4803

SHA256
435a8407ea7e37849f32fd01e617241f8c44e6e2b6a4e55f3f7867151b008629

SHA512
e0de3226571565a8760fd055ab7a896f1d815de346be8f076d6cef459fd90f48c1343adbb4bc06864409b7dcecb5899b0d98ebd898642e8927b99d92c1ff8390

Download Submit
C:\Users\Admin\Desktop\WaitRead.jpeg!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
95KB

MD5
4ffa37fe8372a0aea9041a42c49a5c2c

SHA1
9f4b2b8f067c83f1d113fccfecfb2aad298e0cc7

SHA256
9091b34d756f9668e2a0ed2717a1830aa15be6ddeb553f5c7eaf42dcd389daf5

SHA512
ab26078682788a57fa7f676868a8f8671854938b24205a9b7ce81ca12914c636b75f2e8af4885432ad47906f5492dd21fc07ca9bb689f8db75090e279aec3b81

Download Submit
C:\Users\Admin\Desktop\WriteSet.svgz!==SOLUTION OF THE [email protected]==.Black_OFFserve

Filesize
17KB

MD5
f4a36cea0d2281705c7544b7e56f9d79

SHA1
8b6d7851b546f204d489ec7ef1a928dc13c2d0c2

SHA256
d9d6083c47f7d4690084b73047a3f908a75258c249790224c0f85a86105b78dd

SHA512
6fad9c69999a1ee5659bb3f8010e9d43ad96638b514303ab29361c863a4d0695912ad18805578390ba97db411f0a7b8349b1266a1f6ff1de400ebcadf3117917

Download Submit
memory/3140-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3140-1-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download