a1e6c9e5074eeea8e0a430d3b2c49f9330ac9ea52770fe87cc833a7f3eca9114

Resubmissions

03/02/2024, 23:42

240203-3qaj7sceg9 1

03/02/2024, 23:39

240203-3m89csehbq 3

03/02/2024, 23:35

240203-3k4k4acea5 1

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

programs.rar/testxt/Read text.bat
Size

171B
MD5

e2081fc47dbff978044fcc27d818d0c5
SHA1

0b0a902248817d4a330ea0ff198563376fb4dab1
SHA256

242468f8291fcc0e8ccd76810887989bfe760cc676efca8922e420ebe054615d
SHA512

a0d0dcbbe5902549c72455c0fe569e44ad72de5b38bf1c947f389a50f4d8b8d76b5de205b190b39383a715d9f18c89b25e99b64be2eeace10a6b075bcaf78234

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
2856	msedge.exe
2856	msedge.exe
2388	identity_helper.exe
2388	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	796	svchost.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 4496	2856	msedge.exe	116
PID 2856 wrote to memory of 4496	2856	msedge.exe	116
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 3804	2856	msedge.exe	117
PID 2856 wrote to memory of 4120	2856	msedge.exe	118
PID 2856 wrote to memory of 4120	2856	msedge.exe	118
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119
PID 2856 wrote to memory of 2256	2856	msedge.exe	119

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\programs.rar\testxt\Read text.bat"
1⤵
PID:3740

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbca9e46f8,0x7ffbca9e4708,0x7ffbca9e4718
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1007098002733203412,5437202991438908743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
7a32664520ec200b059839c72d2a554d

SHA1
d5a60f781c36931aef343924d1c467f40716e109

SHA256
c85bd9631ad24500b9743539bd2639a945738ba09fd37129b669fa01b0886948

SHA512
3f029f35ac5ef55d3bca9dab96ce9b9237134d079b89b773157e9652de32824def50004411d4fe8c3ce04fdae695442da1a62cf912b5f699b84ab936f2ea7e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0ecf6a7a70719c70b772a8751eb86618

SHA1
5ee449069e9748fcdd21d71b77a06ec6a5ca2a5e

SHA256
95adc1637cb03357bf8c7652d8bec8a49c7dd68ed63ad8f12294460df579919c

SHA512
9da8fda6b4d45d6febd6c91662d6a5be13806f6e346c15c247dda9615a3c6030e4ae3993320d372b1f4b5492a46f8ef2542922a1323d7ffae0a94f52314b8d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c9528f2b37d890f813b094d45fa9e50

SHA1
9473d8cfe553278a9be8078a339ec67436dd8723

SHA256
19b5e9de6070eafe42e75a774fba177801a8436f6ae9edce305af0d23f0e911e

SHA512
42cfd5a7dbe29d415dfd74d94e6f096bae7358b86b1ce0c8785ff9df410370e8140c6b206ae7913636a09aa923dce287f00db49d1ff7bd6c087900c2886f524c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
955d370d2a1451ef97b5217a0a0424c6

SHA1
7ada814d11b576e2b8112d59d704e3b35cb4cc44

SHA256
326af371cbbcfd0a681cf2c1ffa734e8c24d11ea3ed23529b816827d0070a575

SHA512
9851c8f73004e02910b12c53c21d885b06c43a6cf405a96797310ac93df9ddac245cc432ad04436d8993dbecb442182066b2a2a1405c8343440ccc959caa7174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21c603d8dbb3efca7b155da4702608bd

SHA1
c467aac414d674aa1147de55e154147e430b9b78

SHA256
08611e43220396e93b88b4d9c8727bb2c8452c01a23a7fbb7e780689f07ad4ac

SHA512
a1ad9fea4f41efabbf46ada11464d9146ee653f2eef49ff3a3721eddc37c68b45ece34d915bcca3195e75560b93d725d3d2ba9e7a3e64b54afa5215e836079c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d52dc2ca09d662937e3e669200ec0cb9

SHA1
d61e36c11bd13511e35c2221ce2d82f509d38e91

SHA256
288af9448609160db5ae774bb18de8d77e367e51f21919a22f85fc1954140fed

SHA512
dc294f662521adec1ae09bf0e53de9de7ea1f17f8cfa5ed42b1310d0127709e2755d586e6329fcbdd65a10654d5157f895809fdd95bfdaf2c72b704d70843eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10ec7b886fb63dc63fb783b5655ca233

SHA1
de3581d1c2651c9cdeaa8f3928ad487eeced0a2b

SHA256
c7fe8cb719c038d119336964c104b75d51fb29ca8146b8500d52204a36d371e6

SHA512
e9f7d9e7a486f3b6b5f4228578d6f83c5a5de326271e4cc8261fead4666b4ba5eed6dd02fa0f65edb05917b1a7bbf1121cbdf15c2630654dc77d3d02905ffdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6afd36efd2a85a3bff153fc2963c4839

SHA1
e9e9b5cbc5696c991eaad32973c867df4bee4081

SHA256
3a118bc4add29ba642e4844e9f679f0523f0d40605b776bc84ed5428fb4fcc80

SHA512
9463bd2a7cc3430d0bd2bcfe165470ac4036b421f3feffadaf4e7c70f0fc4b289e1ec43448751f85939f8ca57c1eb15d30206db53cd41e8e713d333107042f55

Download Submit
C:\Users\Admin\Desktop\AddUnlock.aiff

Filesize
299KB

MD5
261bf507e3e2187c6255f74066d9a935

SHA1
7e935e2672804b3d7a200c16071954f737f62d05

SHA256
9c3b4328835f1a8a55c38b6e3a37df75dc99323c7222f91f371170eb8da3e373

SHA512
b6c4c3a10cb12b445f7a6df330cb0bc07e73562aeec63517cc513f3912b75f8815692ea8e3badbfac9459f5422a1c65cc584faa1f3cfd597767a24e845847306

Download Submit
C:\Users\Admin\Desktop\CheckpointGroup.crw

Filesize
339KB

MD5
0a09328f66b67a192c58ba6e101e8ca0

SHA1
1f835ef8c8261bfdd23f1d0e97004698ac42f571

SHA256
9034d8dc2080e4424bdfdbc35144c625a4e68837e96bec2749605ea76381af8b

SHA512
7e4d245331401ffd5a27e2366bc2dc1616e96ea28be9f3c4b0b9b61b20279510eb0752e2703a148a183a39217847cca9d8ef3e4bbe2955f286b6ec0093b06e0c

Download Submit
C:\Users\Admin\Desktop\CheckpointSuspend.wpl

Filesize
309KB

MD5
eb82c0a7b63f4d70bbf3b555a98f9575

SHA1
75f319093facba6a90439fc019116f05e75715ba

SHA256
3c819d4e11b252d06ddfbf8dd9d4c91c480db927e551fef86d0276dd1e25cadd

SHA512
2cf52752b8001433263b04ee674df95b67dcd2f1b07b856eb948c4525728134a3333f43066418b87c0ae269e75a6bb9e183419334f24a737fc9c5e3ad0e8acd9

Download Submit
C:\Users\Admin\Desktop\ClearFormat.vst

Filesize
260KB

MD5
3029cf7d0a7388c63b08e75a07737b10

SHA1
641493f2bc3571c8ae92302c05b5eca2dc3a028e

SHA256
1dc373d12a4d34525898ac0dd10a68e5e30d6148e7414b3ac85d09fc14369331

SHA512
4bc6ca495b44fc970f71a177199680752b83460d149e97833e8500af403d5453ed760697c196cd070473a3cf0816c4765f5935c94f1768f90bf8f12c3d434589

Download Submit
C:\Users\Admin\Desktop\CompressTest.xlsx

Filesize
250KB

MD5
333af68e53cbb9c8c299b9d4b6fcb22c

SHA1
7a610a6dd898429e46cfdc6edb7c583d0bfe586d

SHA256
9bd1cab968f7683c52e53ee17ea128fb63974c07cc4452239310ee5b4485e2eb

SHA512
f7bd808b091afdca8cd3b5104c9a38fc9dc50dd495cda69f035498f63f770857731da7fc3c0ed961b20ecb6f00b4e956c53336a27a5f584daba3bad46740dc66

Download Submit
C:\Users\Admin\Desktop\ConfirmEdit.dotx

Filesize
318KB

MD5
deacbc8f504af40089c427e661bc4de1

SHA1
4504b96accedd671617d278004fd8b7056fa42f0

SHA256
7c7112a12731082e5571d22660c25aee586e9f9bc3fb2c770cb74cdac5ce5db2

SHA512
2307958c39d3300bcefedfe741cae91ada281083481d1a20c7e8efb119eece6c4111693679dc13ebb976a303e2c9d56e7ccb163226bac97295fcf5ca308d9a76

Download Submit
C:\Users\Admin\Desktop\ConvertSuspend.sys

Filesize
280KB

MD5
a6f348a90463cb7903875e16d586c590

SHA1
a14507c47ce7ff49b24439a19a578db377b770f1

SHA256
60cb3b10fbd8c8cb4ee422ec6ce56b9c406c6d4d7aa26906856608bb1997b06d

SHA512
5054d3d9575a1f86555106307779a7c8aee4d0821005fc3a5687caf003af0d6e0c81999807b93c2ae814c37e1e15d534fa4839d785ea81e7c44fc0b9ebc0b465

Download Submit
C:\Users\Admin\Desktop\DismountClear.vbs

Filesize
132KB

MD5
a827e1ebc62401cc8dc7b0c98081dc3f

SHA1
dcdaca50347168debf309e73c064f2095a547bf7

SHA256
903d378c61aaca88100a4fe7b97e48ddf1f96561ee4749e8092acf572a0f6a7e

SHA512
85ba62ec4f5c6dad17f066b274574f2c8b6f6e7da766a2bc279adfcf04f46dbd071c0a1e714040ceca100302c1865a4251bdd1f40b56b6a8a5b91245c0cb15a4

Download Submit
C:\Users\Admin\Desktop\EnableOptimize.jpg

Filesize
240KB

MD5
38589edd3d9e569b3b12c724047bf151

SHA1
b7bb5773c2483950a12bd8dcc3b9a755f6f3158e

SHA256
2813b04a51fe54eb15ce393c896872aa684d17139d7e77ae7994984522845b28

SHA512
5cc986e2a9bfa2649e95d071b44ea9fffb72f9e9f7283aed81a464bfc925df7e1a807d1822cc034bc416e8a2eb31e4d056c50bbc7a4f07e5dd33c6831490f910

Download Submit
C:\Users\Admin\Desktop\FindRemove.M2TS

Filesize
211KB

MD5
e13a1e08ef3bde5482291a664a93a5c3

SHA1
fb2b694cc105d5bad2e1ae7c5d0444b7e5882687

SHA256
1af38b71e1896064b64f32ba01fa9ba63e7a676d5dc6e498625d4be77b9d4140

SHA512
5eded17023ae6354971aaf572a1d788a05dce5c2a9ee33b7f5893bca7f97ba9535095001a10bcba20e792ef8fcd74f6a02c51892cb6efd6f2e2bee01402c85b5

Download Submit
C:\Users\Admin\Desktop\GrantEnter.xml

Filesize
319KB

MD5
198073ec68babca1384e3bc327cac778

SHA1
ae161f07640bcc5fef60b11e347a1342df5b7d58

SHA256
6746ef359f6b0508a180500c5339fd08a3eb81e95792345d18e2b2db64cdfbc0

SHA512
4b13b08363c2ea804d6f74b4396979da40e78bfc38a48ce8408f9737cd8b038a08ecd05a76f1ac6495b4993d1020bdba9eeadd6f4b0569ff9a192a6e859b8284

Download Submit
C:\Users\Admin\Desktop\LimitMove.vdx

Filesize
152KB

MD5
ae1aec4fccd96551dd0ead4d4ad324f3

SHA1
4ff28582c1a36f62afe778305897b5985f5ec9ec

SHA256
58ef4545e87be6791260a63d359180cfbebeeb50c113cdbbdf26dffa2d8fd360

SHA512
d089d159fb27e57e2987ba05403605073701da6ef5cfc52922d2fcdb4682507f29ee4714f16d940eb26d274ee397a1e6726880905b9d6dd22cffc0759868b2b8

Download Submit
C:\Users\Admin\Desktop\LockOpen.hta

Filesize
181KB

MD5
4852659b0382437312c4885d027d32e8

SHA1
ab5fc4628df0cd9fdd41af9cda15e4d2616c9679

SHA256
1b90e2e4093c73f2d793b170a41c1ce8ae2c53c91dd195bc32d91fb951776486

SHA512
564e20ee3d019428de15cb52e14e166b563421d5f716d774f21b92a52b4dfe2f85e1fccb5bd49dfd028d1553aed91e7bac3b0d48a138944c9080af7670d8aa85

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
5c25bc4b37a599e9ca5d62c333e8b72c

SHA1
84dfe70600d96734c0ac06f3bfee07c4184b0671

SHA256
44052d18c7b20243fb12960d63d35bb6b620f2e38c8f8f1f88217e5c870a1f66

SHA512
f11cd9f78226709db7f6da46b03f051980dc4ff8c1d23a1daf1ae7fd7436da6737b8758e3d87989921ac48ea239a8a525530a3c37f06ac8b149ce715fdc592d5

Download Submit
C:\Users\Admin\Desktop\PushInitialize.vdw

Filesize
289KB

MD5
a740c0014c7b0c924f9d89d346a10f68

SHA1
8bdb020aee83c32537614e4f2378c0bd74c31a90

SHA256
cd62f597dce8cce1b0d4c9b7ed2e41011d290354ccf45b3fe1736d7b1ff56128

SHA512
bf0c80a460deae66410f35591e511dbb8101bcd6768b1155edba4f94805868dc9808a5143a971a45343fd45ecfe0b7be1ac130edf29a4f81a48c4c8c41d505a7

Download Submit
C:\Users\Admin\Desktop\ReadConvert.odt

Filesize
201KB

MD5
9c77d897c02345580aa7356322e437cb

SHA1
787ec893450c8958758c018835fecacd431e7943

SHA256
820826ca39a7fd64a753d16520186f367d68690f2abdb686b6bbe0c6129ba44e

SHA512
18fff2b3ad47fe81be2b51ff7d979cbe1467581773e09dcfd861771f2c2ae4a956c2ed7f5137605ef2dfcd26ef0be1b0f09205c1b2afc4ed3fe2428414e1e033

Download Submit
C:\Users\Admin\Desktop\ReceiveRemove.ocx

Filesize
191KB

MD5
5f2e4e06f757e304d1125ceb50f82d10

SHA1
3033d7cef5e09b16e479de1ce015301f318b5c29

SHA256
e0c62b56c6b2a8eb5c98caba78dc655c946d5396aa4da06d7b884cbba0d6b594

SHA512
80b6721a9b571db2418afdf6c570c0b135af079edc6eed2185fd677fd443758908f2aae8c671b361f86009d90db9e362ff063c3764732386882971386589e6a2

Download Submit
C:\Users\Admin\Desktop\RestartRead.scf

Filesize
329KB

MD5
5779825522f5584266a4d8d654a77b1b

SHA1
e4239ea116f03a1ff27ff7c7d5cbf71b8c6e28b9

SHA256
3611889a705c32535997602d2ee8ee85a333bb15d9ac58b0b91cfedd15f55635

SHA512
707b691aeca39f07574a3a8a1183a5d24e6d70050764d30b03a97d3c8951ec2abdcc6dfaa8dbf8eb4e0279df9d5224f12bca7fe12afacd3e48438ecd3e9fcbd8

Download Submit
C:\Users\Admin\Desktop\SelectUndo.pptx

Filesize
162KB

MD5
d3a688ac33c09c295fc127f20120db48

SHA1
3332027a02a984c2c5f17b6dbbe770edaaaa19f0

SHA256
00b08967455106b5f751144b4fc9df587751f6c34ddb29aa480425a716297cf4

SHA512
0393de161583699426a156992e2b24ecf208688c3b10772b8f12bf30ee2ba7f87cad84eb3e32b6c2f26e527d7d355461cb8a234cdff5338f1dbe86224abc62f1

Download Submit
C:\Users\Admin\Desktop\ShowGroup.mpeg

Filesize
142KB

MD5
ae67265cf43bed11465e6eadbe3a073e

SHA1
11926d3bc6e4bcb4550440bb0586faa785e2332d

SHA256
e6a08e9132934e82aadd0f5125a9b2159f7c22598edce32610a3c56f6cf4240d

SHA512
16bc37949b51afcd8b98377248f22999c854d1362e41580979e2350a3c58b6a42a3471882a2ca403cca28b9f23debfdc8bcf0d26ecef6306505fc811eb98c384

Download Submit
C:\Users\Admin\Desktop\TraceUnblock.tmp

Filesize
221KB

MD5
c31a26f67a2b3861dc16fbf8b5660dd6

SHA1
45da044af21ffefbb2fcfa9c291352bbfda860e1

SHA256
9fb752f638b2f146cd93777fd6e67a7203530c9c069907950db5a81747c76ab1

SHA512
9ea59608b9300ec8db24d7ad379f955b18cde43aace155f9338ea4f6bc8b6e3e68d88a15f8b5510fcb10a20bd6ace0ef18fff12d27b14282b543444e8c1b2a66

Download Submit
C:\Users\Admin\Desktop\UndoUnblock.wmx

Filesize
270KB

MD5
8336876f65f137017aefd2dfa39b388e

SHA1
27bcd5f2479f014ac5d3ec7862fd22fe68d68bbe

SHA256
a39598f988416e1f7c648e90b75e493681f11bda3e32870e72b4f1d15848d2ff

SHA512
dcbf229a9554da15aef66aa6662be63b9b2ff21b1153602e32974da0fc096c0fd5639bfdd62bb489e54d9468df851554e3a135c05a294d243455cad0b4667ee7

Download Submit
C:\Users\Admin\Desktop\UnlockBlock.wma

Filesize
481KB

MD5
0a39c45bb04c9c3fa2488e14fe18746d

SHA1
13840e31429813c7666088ccfa4501b2e67522b8

SHA256
e6aaab1c5354100177f725a2941b2598b6733593bb85e87adf18af7c7d34d45a

SHA512
3421951a069773929728b29c6dfae4b70d2a99ec67aa6fb75b03c3682c56a1c411bd4169711037efe16239e06b6d18cae2d80336333092981db132d7641f109d

Download Submit
C:\Users\Admin\Desktop\UnprotectDisable.tiff

Filesize
122KB

MD5
5e4aa375ff6e366b3aebc2931051c2af

SHA1
47748c9524218284db80e8cf1ce5010d8946aef5

SHA256
4ccf9d966598f25975d3623be009b0aaf382ead5932765ca4595ace62710e78e

SHA512
9525aaef7a08d3bb1cd445e8b289d538f0f6457fb03fd2c6c9c1584e87d54230002deebb4a75d45ffa3de36bbd9e3d894a3a02ffff30a9d213492878ffffb097

Download Submit
C:\Users\Admin\Desktop\UpdateUnprotect.rtf

Filesize
172KB

MD5
749979c4971c3cdefbd9e897a81bae9f

SHA1
712f62115c48d00a238231df4c6d057ab602fd96

SHA256
a10fab7ca4443f74916bdddb9b0bcde3a4e17713b00da966a8c64b1f84f4a4ee

SHA512
71ad7140519f51fef70e517f4ac9ef818f830b010b71604d798f654d9aa94717dc86e77a2d5c4ab5d136500659d4891bd7ebd9a88e98cd870d5a9257472c99d9

Download Submit
C:\Users\Admin\Desktop\WatchConvertFrom.xhtml

Filesize
231KB

MD5
e5558cd5ea6374668868f72fd27b418f

SHA1
ce9fa88a303b393232b0ee082a621db0f8a65413

SHA256
161266272de71810dddafeb408e1d06c22bc17b22419d77f49d7f9432bc152ee

SHA512
0150506d1935fd89b251fe27f997cff1af4c9ecbf13f8a79e2bbb0b5c1c2571cb6a38d779156abf52f64672d70692734c7a52c0e00d947957ece8f6f0f186301

Download Submit
memory/796-1-0x0000025A7CFA0000-0x0000025A7CFB0000-memory.dmp

Filesize
64KB

Download
memory/796-37-0x0000025A7D550000-0x0000025A7D551000-memory.dmp

Filesize
4KB

Download
memory/796-36-0x0000025A7D440000-0x0000025A7D441000-memory.dmp

Filesize
4KB

Download
memory/796-35-0x0000025A7D440000-0x0000025A7D441000-memory.dmp

Filesize
4KB

Download
memory/796-33-0x0000025A7D410000-0x0000025A7D411000-memory.dmp

Filesize
4KB

Download
memory/796-17-0x0000025A7D0A0000-0x0000025A7D0B0000-memory.dmp

Filesize
64KB

Download