01bfe4c5b557c60274cc43624b637c52f20584d8e4aa24d780e547c4b2ba1059

Analysis

max time kernel
148s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MoonSpoofer.exe
Size

366KB
MD5

05a818e32cabf2959b6a163b3f24cdf4
SHA1

4ce4103680a0a654bc24be1a561292656fe59005
SHA256

01bfe4c5b557c60274cc43624b637c52f20584d8e4aa24d780e547c4b2ba1059
SHA512

8ff7351e2b0f67662e687466a4bff6661a89858b66b8975b535d942175ce48ce7c9bf7ee007d02d3d4c6fb6011661c1a5d95ceb7afa89e277f1675674333be1d
SSDEEP

6144:hXnxbPLaA9v7xpKpLo/3Ew/uo27pUogiDsZAEw/uo2uEw/uo2uEw/uo23ja:RWs0K527lsZK52hK52hK52Ta

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2696	2904	WerFault.exe	27

Enumerates system info in registry 2 TTPs 35 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Identifier	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data	csrss.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles"	winlogon.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2552	chrome.exe
2552	chrome.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	2552	chrome.exe
Token: SeShutdownPrivilege	3064	LogonUI.exe
Token: SeShutdownPrivilege	3064	LogonUI.exe
Token: SeSecurityPrivilege	2972	winlogon.exe
Token: SeBackupPrivilege	2972	winlogon.exe
Token: SeSecurityPrivilege	2972	winlogon.exe
Token: SeTcbPrivilege	2972	winlogon.exe
Token: SeShutdownPrivilege	3064	LogonUI.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe
2552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2696	2904	MoonSpoofer.exe	28
PID 2904 wrote to memory of 2696	2904	MoonSpoofer.exe	28
PID 2904 wrote to memory of 2696	2904	MoonSpoofer.exe	28
PID 2904 wrote to memory of 2696	2904	MoonSpoofer.exe	28
PID 2552 wrote to memory of 2616	2552	chrome.exe	30
PID 2552 wrote to memory of 2616	2552	chrome.exe	30
PID 2552 wrote to memory of 2616	2552	chrome.exe	30
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2404	2552	chrome.exe	32
PID 2552 wrote to memory of 2420	2552	chrome.exe	33
PID 2552 wrote to memory of 2420	2552	chrome.exe	33
PID 2552 wrote to memory of 2420	2552	chrome.exe	33
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34
PID 2552 wrote to memory of 2472	2552	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\MoonSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\MoonSpoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 632
  2⤵
  - Program crash
  PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71a9758,0x7fef71a9768,0x7fef71a9778
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2200 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3280 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:2
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1120 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 --field-trial-handle=1188,i,2039984256213101003,11874002642811138670,131072 /prefetch:8
  2⤵
  PID:1548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1672

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2772

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
- Enumerates system info in registry
PID:1304

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2972
- C:\Windows\system32\LogonUI.exe
  "LogonUI.exe" /flags:0x0
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1ed0d3a6-7caf-4501-bfa6-15836b582056.tmp

Filesize
258KB

MD5
d36c5a5aca045fa9a69e2aa86ffad7b0

SHA1
34cefee340b3ac00b34e436ecfa0e62e280deef4

SHA256
3783afe83c542e6fc560bbbf8812f20e8ec5b0e4f9b689ee0bb5f63853721e51

SHA512
0e1d958d66ab14a4345c6fafada81b76fbd2e3abd69828d297e5d32515e6912abccaae50b27b52935f0984add21281d6c250701a70b75ac1e03271cf3839298a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b02d290747a8c0965708bbfa6427ee75

SHA1
03b55c1d31d839c2ee080d1357e64661a067ae4d

SHA256
768bc21c765b9219c7ac205f8e2adf5f9a9a41f9e0ffb2b7845014f6f10b8238

SHA512
057ac264485bfbed630fa8656ac1def9cf13dd81aa8af0d0f5829dd432e79911a4b7bd3b1f14c8949360cdfd1e6dc5fb841c701a7a9c95d6b5a957a6d8c769f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
5d7c551582047a2cee44155fbd7849a0

SHA1
0b0b707196b4cabbc6a0ef36b601e0f9cf61f15d

SHA256
2d1325bbed06963a9db414530fcd1375396d048ecd8c0fa73cf757140e57a41b

SHA512
4df1f6375b629f558767990028fe45ac91530aad20502a764ad6a4db6638d06352ba2595c92c3037e24c9596300e8cef8b07609661099ea297cbcb0463abfc18

Download Submit
C:\Users\Admin\Desktop\BlockFind.au

Filesize
423KB

MD5
e455041c7296380e5b88ca6561c60f26

SHA1
ac3668dd631159243ff842c3bb9e4bedec620332

SHA256
a702741891a5344c32a016069a4bb4db3283006f562d41ebe0bca77a5f77c939

SHA512
34ea2e37fc1497b8b81ada0a7deceb769222e8617d7f4fb24033ff9dde197967e255e910a565a7d90d1abb4d188931ae4ac715088827f5231e6c38be51bd2a69

Download Submit
C:\Users\Admin\Desktop\CompareUnregister.mpa

Filesize
384KB

MD5
52cfcaa52598f61dcf1beeb4f2be9d79

SHA1
4a8eb8eb7bcc24ea9b1a80f2d5966e2b06fa101b

SHA256
7c49950222a1152f98a759855250fa9c5eff04fc27f12bc1d6b3358293bc7ed3

SHA512
a3f5a3104f51311565877a0a10aea43e2efb4b089c266600f5adfd93b6378fbe2d85f4b0d7f2ded200255e3b4d5204d5e01edb0e4c32b81b3eefd659718071ad

Download Submit
C:\Users\Admin\Desktop\ConvertSwitch.edrwx

Filesize
320KB

MD5
75475e8e4d89b37ddd2fb9bd26c5c797

SHA1
ed39d9dd658464a1a669a6dbc38ccacfc81d21d1

SHA256
33a30c7fa71208236d4c234f45fa48dad48a2e054eb01661b0dc14741ea3f00c

SHA512
746760ddc0a4b7a22230dd42066212afb427c9754bfd68bc104bc6d84a5eda2ae222410e6de0f227e130318d7816f2a828d471ae4efdc03f7f7a937264cdc2a8

Download Submit
C:\Users\Admin\Desktop\CopyWatch.asf

Filesize
192KB

MD5
cdb92d47d389d0c0e912a8340c386309

SHA1
31e47d3cc4cbab3c43edeec6d76f2d6c858da243

SHA256
4e533da9590d7c1fd45649d3f9c77422f9120737b5bb8c5a932b4288d9f6ecb5

SHA512
58c77af43fff0e98c942a5d4803480bc3e9f1aab0b9758256f14931d074f714457c66fbace8e09c448bba2df840735ff74ed06eb1e52c296aaab9c13e273b633

Download Submit
C:\Users\Admin\Desktop\DebugSkip.ppsm

Filesize
128KB

MD5
6b9d6d72d080761ec1f2bc5a8523b01c

SHA1
b08e961681fefa22642e11c39bf670af1fdd391a

SHA256
f4322dd80d9e9832b775f82b9dff0e7ad7d84fcdcc6b59f4406d5a0423cc9e08

SHA512
8c356a5b38412cdf3fe2d755b693116951a025075c2c5a9866b29ea737d80532367504ba320543de13152762167dc29be3f057ba5e2b0483abb48fa82e899489

Download Submit
C:\Users\Admin\Desktop\DebugStart.jpe

Filesize
64KB

MD5
a062519e7145c3003b81c6386faf33fc

SHA1
b4f18984354d8d7ad22b476a7a7930d904689fe1

SHA256
a96ea6dc44ea95c07dfebb36c15e5b6127ceb8852b4c9b2a56704338d351ee66

SHA512
b5c9aacd8bf3a3230b6a97875cd9f2d6f3c6909264b0fe9530c3edd2b2464a96b11227913ef26cb91d10cd7bf31b7033cafdb2326ae95efda8f1c3a31f5a527a

Download Submit
C:\Users\Admin\Desktop\DisableSync.xlsm

Filesize
42KB

MD5
c8a79adf6406508abf73e9ddc0758b0f

SHA1
62a7ec5c18eb83b8a0341adc351588a8051ab808

SHA256
a7ddcf4936df18db0023c27b7a35916e9e556fb7465bfa5119a634fa6df78ffc

SHA512
af4ec0e783b6f2d5cb4ee54c5c44dd771e865805211548617325c4fcab9df3acf3d10cb03864fdb4fa8d49bd2f6229435e39d5970b94c43753a0304cbb6b84ca

Download Submit
C:\Users\Admin\Desktop\GroupUninstall.pcx

Filesize
42KB

MD5
a178f2be1bf866bb99814f670039dd37

SHA1
62de1720225dbd5915823f305c610d0851340b79

SHA256
407c868ac64a5363a1bfc7bb8e3061e8bf27fb7e63c5bc23d6c17027939c89c5

SHA512
ef0a91e9e4a9c020d80e7e36812b88c45287dc4368c9c8640592f2874c0ac74c22168a21264f790176f1d5cd3f073e74a3e1581bc809d6a6dbb8edcf058d35ad

Download Submit
C:\Users\Admin\Desktop\MeasureUse.mp4

Filesize
19KB

MD5
8cca0bc76ce350bcda539f4b2011a8e3

SHA1
fa13bfb679045109309fdf7fefba5751aa22312c

SHA256
6184f16da5825d38e459c1291dcd737775fb38ad93bcd257f73e389125daf789

SHA512
993b1c45f43103cfa021a415edbf32859e8d1d4f32c116adec7626e1a2f86efe68f8163791bfcb97196ab363cfd6cae350b88477ac1a7242d2ad29bcec58b24f

Download Submit
C:\Users\Admin\Desktop\MergeDismount.easmx

Filesize
19KB

MD5
f0234014bbad6c4e6967c2e12c8ad430

SHA1
7c839d55b6ee9d3ab3448c285ae8ae8fb13edb51

SHA256
4d8cbf1422ebbb90cb95c05801dc6604cd29fc1c92ac0bc08a4a0555678692ed

SHA512
e91a103d808e4fd37703756861557e3e2cc35796a02856f3cc6b6e71ff3fe46ae8637dd367fbfd03e2a6192048dfa0003f70171f915413b5103e264d799c34f5

Download Submit
C:\Users\Admin\Desktop\NewCopy.ttc

Filesize
936KB

MD5
4ad8ef4ef5f7dacbb7b7ad708453d635

SHA1
aafe92c7402ea5d907363c78be2fd392a5e37fbb

SHA256
dad0b7e101ed675b3002075fd874639b12897a10101a755ce6752bb5aa6c11d9

SHA512
bdeae40e949d3286e5d77ca937a5a3d26b4144146e74fea227ee2e79b13b48d4a7da01b28d77d499f7536822aa6fb006a520565758e33bdc2aa268a1884124dc

Download Submit
C:\Users\Admin\Desktop\SearchRename.asx

Filesize
664KB

MD5
b0156a69016891fe06cdf65b3f6c43ce

SHA1
b03d6f9d7b7796d35e407d88f317da15383e37ba

SHA256
3a6ae5623a31e1124c9aff3eb87631d27b11529078c107cbf4b673068428563d

SHA512
9eab3319544ab8a5e7b161382e4207d75c48ca3206f92b86cb03a7f1c34c7cbf0de74ef672d94c64b1edc1f7b2be304d86a6207b9173e52d25c340286b599483

Download Submit
C:\Users\Admin\Desktop\SkipEnable.htm

Filesize
513KB

MD5
116d57843d4ec1bb560659e68ffb28ad

SHA1
7649578a296b98f30cefed8a1d74a7b797845830

SHA256
7d750d7fa5f0d8fc085d6204382f586ab6b2477997b0781a2365314d46bd7b80

SHA512
1f74b9377b1cf48c37f94970dd9c224e31ff06d3b4b1a335408412c9970ab7bb6d25254ba5a169d4bef4b218fc2d502b8e37a090634f2b745b78298aaa8adf49

Download Submit
C:\Users\Admin\Desktop\SkipMerge.ttf

Filesize
362KB

MD5
8df2bbc86931ccfe95d87bc9bc2eaade

SHA1
5a9af98688bd0139ea84f1667272226dbade5e48

SHA256
9f6f01ec9678da89fff69c9240fd6e8fa657e045559a0e265bb717824a8dc9c2

SHA512
82977e46cedd119853312f6f0522ec1d8e7dd764b727289745a5ea7d1012fdca6fe1947edb686fecc7d68ae86cd49ef8f4916d6bede89b19d6eef5d3686be79e

Download Submit
C:\Users\Admin\Desktop\StartRemove.wmv

Filesize
906KB

MD5
3c44c30dccb1228edfa3bfdce160c62f

SHA1
6d94a37de4a6cec6752b3b8ac83db202efe95d8b

SHA256
95fc8135c723a35022d1d230b092a3dcebbf5cc7432162aba8ef1309b3c23214

SHA512
88cb64b2dd484dcfc1bd8106afc1025fb777dd668cb17a1134e8bcb3c1e6bb251b8a116470eb461db0071f0d7d917a2a5d3b416d1624e5ee0a5851f4d6bd399f

Download Submit
C:\Users\Admin\Desktop\StartSwitch.ex_

Filesize
967KB

MD5
c93fb16dd8b68218609e7af6a6b49ad9

SHA1
f238a2298b4a30f3d0e6dbc35cb550d88f09f25d

SHA256
e6044c9c5030dd906e3e403991df64027b212a19c01e53b11fd0b69c272ed641

SHA512
2870d7689e7c30804625c3aba1752d9d69f7259dfba7175b161695811bef1f0145d272019fdba6912de0722b0903547cdf205fb03c48f46b8524a6b521bd6f27

Download Submit
C:\Users\Admin\Desktop\SubmitDebug.aifc

Filesize
876KB

MD5
9da00239ded7b867c816ebedeec04e9d

SHA1
d9d4f865b8fe59e7e454c0663391457f67cad5a0

SHA256
62c128c621f0185294fab9ea4e0f0ebb9c330077c1433162c3ec6f5e66b3d263

SHA512
0ac51b85e2d329322b74b46a53b6c3191feb2dd77786a9a5d420d8dd5bc8395afba13ed790d5aa8212037e7f791daea829fc378c0784b6e8a06b9d2cceb263db

Download Submit
C:\Users\Admin\Desktop\SubmitEnable.ogg

Filesize
695KB

MD5
f029ecfc0d6e3b07d79926a187626056

SHA1
0e21b1c89852a8946696ce905cbba42b8082295a

SHA256
d14c648358edf27e3beea2e4cc44a0fad0ae313e0d6be2fc8c4f64d4e838ca53

SHA512
7226744d0c2ef09d640808b5be15e6b80fb56bb3bef9d4c79fd428921b43d10d41f0bc53ba8fee8b2a78128ab139370cb33ed58ed1c07d3aeaa6e38c0be2b07f

Download Submit
C:\Users\Admin\Desktop\SuspendLimit.png

Filesize
483KB

MD5
564973850613a99e01db2bdc93db4b83

SHA1
b7febbc32b79bbbc0b41735759aa2369a4350f3b

SHA256
b88d6d9a5079369349a8147949d358caf27989aeb1f515a061857b2d6898d684

SHA512
3326887d7b507ae3e8af9bc3727638f74b763881351e8a2af6195f86c9810cd58b2d24d8b62e7cc602a9326ea1c8685bf450d634b73c4bc5b121660da3c30f09

Download Submit
C:\Users\Admin\Desktop\SyncMerge.mpv2

Filesize
1.0MB

MD5
331989aca076ee5afcb7dc0b54450049

SHA1
08f9c726d81bfdfa9e0dbc67779a2b3b90a51b65

SHA256
ab7e20a7d84a5cf1f193b5e52cce1cdbf20190eeecb5f9ca87e88b4c26a65642

SHA512
7c90af08cb6c616a322ded49547bda115085498c7201ed69024df3470c14c22d7cc0d78b20ffcbdfbd0aee12fac449777467d09f92e2b5c1447d89ecf527e16c

Download Submit
C:\Users\Admin\Desktop\TraceCopy.ram

Filesize
785KB

MD5
aec0c9e85c4e135ccc93416c7092a26f

SHA1
92c6afe351839040c8e54b40eb7ba8603ae2bcca

SHA256
243e0143b89b728299517ddc81c9d55ca6a6280f5deba8fecf33f0a1c6b66551

SHA512
54728b1471cba8ff667ee080fbf0cc73eb7ff6a35bffe4d948d408a1b297a0f397e200a6b58d8df457c24bcbeb3fbc18b1d9383d1608a90649ed959b4100ebd3

Download Submit
C:\Users\Admin\Desktop\UnblockSend.ps1

Filesize
453KB

MD5
8f158ff22fcaaaa0fe13e5ae6863b1f9

SHA1
c02231437b972c5c2017b712869768c9b7e531ca

SHA256
b47c9fd13514652a021769e7c161c56c8f9a8584b4c63c7b985e3018eb45d65d

SHA512
1a4b5ad1195ae3383abb32d442f3de8b0488849c760176a3c48780d7b870712c4940ad32e7c799a41c96fd2aa08b741263d1d9313bf67949940ca7284c753637

Download Submit
C:\Users\Admin\Desktop\UnregisterConnect.wmx

Filesize
634KB

MD5
ee6a04fcf3af18cbab7c51b8652306f3

SHA1
67cdc823d5298c982d4287c1ac80b9fb0dd8c54a

SHA256
a4fbefdd44c9e3f171a3f2b9eb71c631c4cd660aa3a59f793ba7fdc5ef665cf6

SHA512
bdbbc18172642d085cdd5b7b5752619b3b5f51eccf81686152f96fbff17edb8a44384b41371c3329225d426f37c9898c436008131767de8367d8627a6c05c08b

Download Submit
C:\Users\Admin\Desktop\UseSend.pptx

Filesize
1.4MB

MD5
d55924673815a060456bdb20b3b49b14

SHA1
18cc8a4e81d82bc5199a7cf2e1d31027689c9acb

SHA256
5612a0a852a865d323c32cc875a7906efa5ef00fbad48c39fca5643a25ae216e

SHA512
becda3dfdd1b21289b3075f999aa6177e934f79d8f8cb9d558819b3206c07933db110be09861f89eaae6aa783e9c101b659f97134a36538036dc134b0507e183

Download Submit
C:\Users\Admin\Downloads\CompressReceive.emf

Filesize
762KB

MD5
65fb05d0c285546eb1128abd0fb03d7c

SHA1
85933052bf6c64193a153c7ccfd9272248ffeac4

SHA256
5b8050a7f5eba65d2d061f40aba8dc40e138d94adc3170942077de422c47f93e

SHA512
dc783218e1a48d44f4f9a36c51a564cb3fb369b2f5451f066bd81a1a9cf49dea4d4065f1a851c5d8e18042e51e3f75d98c17fc67d7f73d8c56683490ef89a5e2

Download Submit
C:\Users\Admin\Downloads\ConfirmBackup.dxf

Filesize
822KB

MD5
323fde05b608c51cb0948e377bf31e5a

SHA1
54a42f0318e52dede4e8a6586dbc86717d09f26f

SHA256
6b10fe235028bef5853145ebab7fa32dc29d4e872d48e6fc66b18604bb73a1fe

SHA512
bf7a319c9ddd713c79277cd701b39180e64219d9ddb0d64f286cb869a97cb7a7b041c73ec9920d7faa9a2679d4eb22d82eda9103558c7c329fcfb6cb275b7bb7

Download Submit
C:\Users\Admin\Downloads\ConnectSubmit.tif

Filesize
466KB

MD5
db515dcb740a20a1676e7a989387e52a

SHA1
e072f9408af0bd0c070f30f453147ce8a6bb742c

SHA256
684566f09615f8af469cded048963ba21d47e663e00e220a10376f108a6bb09b

SHA512
6e90a8c6044c5828097eaa14e2c2279ea6e4f53b526d70fa117d4e6b67c18e5a4e0a88c9747321539d9d46f8dc3e036c46370100c3bdbc002c1a7097e6f6061d

Download Submit
C:\Users\Admin\Downloads\ConnectSuspend.tiff

Filesize
673KB

MD5
57fe5ac1755b0d3a0e8f461be9625ea3

SHA1
5010c3c65beecfe4331f7a1d8f7404ab1d14c805

SHA256
f6606b958917a61fd7bac060706bbd1cb46251aa18f9fc0b365e61b4f13144c0

SHA512
9b10f54b84fd51239ba77393fa40e48ae218a78693247bb693a1c5eb118b063c9029cb1f086cbf79c617c76078ab2499d2eb3c851bb52028a0b73ccf74993e28

Download Submit
C:\Users\Admin\Downloads\DebugSync.vsdm

Filesize
659KB

MD5
6a0f7ba665282d743542db14e70b8eda

SHA1
61da50503654d5fe149137a7ba49b515299b6dc0

SHA256
8c8357ebed145cf575a6a0dde31ed94a61ee86d973eadcc21a354bfbdf74237a

SHA512
61a750a39229f209492bc10cd272836f12257e2e00f7e4ee983c6e6cb14b152e91f44ca44cae857d60d7d81ae028a7928d9c8ced112ac468bcbbeb642b96a968

Download Submit
C:\Users\Admin\Downloads\EnterTest.xps

Filesize
629KB

MD5
107f5566491a7a2936b23ffb8d48bf81

SHA1
455c5e972847ab750e9eb8ec76271e73b75b1f07

SHA256
9b50404f63dc72241d3a64304266bf2a3d404cad46b9326b4e47c9c31b818d40

SHA512
e9f8d18ff09bc0ca41a85cce8a5fbf1091473d25f611cb9e0c3bbbc7a6b7ae5ec6498aa76025ef9f9bf13a6ed4193ca8ef8e2347338d1336b0baa0d573c044c3

Download Submit
C:\Users\Admin\Downloads\EnterUnblock.3gpp

Filesize
807KB

MD5
6681d0f0fdbd8e83652f3a8b88dc6370

SHA1
15ff419ecc32335087d16abeecd9a17f6af2e240

SHA256
8866a4f3824b7395fa163f5606130ee9c552aa104c79b4af69396939664eabd5

SHA512
22a72dd68bdca7b309fde553afdfb51053bd19271c9a69f1fcb7ee20a5001e8b63869ec6e6f2314ae21db1038820b461eccabc15796f48a3614028ecc859af5b

Download Submit
C:\Users\Admin\Downloads\FindCompress.dll

Filesize
555KB

MD5
9f841ebb3be71fd6e36e24757b821349

SHA1
ee16e80a0a4b903b90c657059d059112341610f7

SHA256
ff0dd000209e907cdb292102126c0fbf3eefe992e580b65193f1175c3628638b

SHA512
f72dc5c8e280512f66751c0d611d1a09cbf8205dd3c3de5b80bc16c5caffeb571e46267661a2e30470be73381f7644a9df3ab17ff25ba90dbe9e99a06b302804

Download Submit
C:\Users\Admin\Downloads\GetUnlock.mpg

Filesize
688KB

MD5
821b0711e11d0544d60c2c41a1b06111

SHA1
df1133a25803d4643fa1f3159b3c3c59e9a355f4

SHA256
6c9002e3a8d4d5abb984b1dfa7027c2724da6dd5ddfd738a20fedecc17d25807

SHA512
ab4c40ef48e1a999da4250147e5958b33f2fc597165d02388000d114d8633e2e0f676dea7193330484416637ce872b2ade77bc78e994c1553ab277cbd78b1086

Download Submit
C:\Users\Admin\Downloads\GrantLimit.ram

Filesize
422KB

MD5
656e5b726de247882b239e5d2488427d

SHA1
160187df4f726af028a1e27b2aea9725ff44e88a

SHA256
d0e333385ee103cdece83191c0e4a70b626884749fefc6ec187995a22ca517e1

SHA512
334a86b191d555448902220f45fbb3af00a7f5ffe041fb6c0893c59f9a79266b2fdcbb4bafc9e374afbd88259eefe78db704a5196ab637a4ec024fc61047ab07

Download Submit
C:\Users\Admin\Downloads\InvokeCompare.xlt

Filesize
836KB

MD5
9bdeabec2786eccf95990d350b9c192e

SHA1
6f5f55a4caca7a863b852951c97661ab63899396

SHA256
270c702a0426f19a4d7e29dcbc3f35fa6886b7f95000d0cbecb30bba5a16396d

SHA512
db38ea112a1a506af8e93a9c7232d1852e7c563c48edf46666e2396fa56345e9384c34a0e4718beded3da4e6778e1054153eda1cc656d9c1432b6777c4f55431

Download Submit
C:\Users\Admin\Downloads\InvokePush.jpeg

Filesize
614KB

MD5
657706a6af6ca7bbb244081481da4a26

SHA1
88e36b7399fa7371daf8035e26fdb16a42d8abd6

SHA256
ec03c76f60b73c1b876f534584bc0a51dec56eb9d1d5da95f3d6aa63e4aedd0f

SHA512
bc020ba60cbc45a3c3955cb59f62598b3e196441e5a65401cfc2dc0cade723cffc48bee976a830be6da34371b54bff209f4ef6f6ceb435ea0a185c2644c4e590

Download Submit
C:\Users\Admin\Downloads\LimitCheckpoint.lnk

Filesize
703KB

MD5
cf7ec73596d1c28fb9f4bcb74ec5fa95

SHA1
119ae7ceecb77f347fa02eca7c87de0b7ec00a98

SHA256
2df5f51db0a1104310ce55a0fd3ecbcc745a4107ff5aaa278d706ca453159b8d

SHA512
5afa37b57e13190c86d3cc69e74748ee67ec27093b5135dd33803df12bb79c0b773737fb387c4fa0970d990236f7e50340c4a8386fedeca7232bc57af4ae9064

Download Submit
C:\Users\Admin\Downloads\LimitCompress.3g2

Filesize
525KB

MD5
298e649886d9e823088ac2000876166f

SHA1
b19ba0209a16e60c1bce4428b86a236d34426e36

SHA256
bb859a58e5976376379cefc569de72330affe872bc5b3051f3bc96385640da6c

SHA512
1c4f90e64e8f87fad192f90ca412d4eca37dd7a463d87860cf10f238cbcb3ae456d295f99bbc5c82e50f2d91b66dd62553c6b40dfaff94ec60aea39d4d462dbc

Download Submit
C:\Users\Admin\Downloads\LimitRestart.aiff

Filesize
540KB

MD5
ded64ea9750d9880ba31aeaa2add4774

SHA1
d82f81c4836e67e2bf3595f477b2f7011c5477de

SHA256
219c789390a83224734bea422d6ccefa0cf154ee4c836e914ef64a469a366e79

SHA512
1ae7ddd5342e50ca1fefcc9bb00e94568dfa57b46c30917459be01feb8b0d9c6bc1be58493b6e45d4cbb7c8b74b6dafe8686b9edd0185adbad0771ce0fd8432e

Download Submit
C:\Users\Admin\Downloads\MeasureUndo.mhtml

Filesize
333KB

MD5
a5fe6127d3e2a44816393c5b2891bd84

SHA1
a42368219871c9821369c08a1c6069968950134c

SHA256
3e0c273292c65222c7980dbe2e8459762a1506686281aa988f4c430730f36a75

SHA512
8a0097afec939a93aad99f3cafedc083d502d5d3439f5c40610013079eba3a98e77906f892d74e9626016f0465c1ba18e294bdff79bd0d87bce0040191d114b7

Download Submit
C:\Users\Admin\Downloads\MoveTrace.contact

Filesize
585KB

MD5
2d3f9f77e903c0fdd740727bf5c0e844

SHA1
b224b01f28f3d4be155d95a28be967ce53a5a8ad

SHA256
369186b3f005a05ffec9b0033e6e46ef97a81372d7b149bfa2bcdb784f80a51e

SHA512
26de825debab734ceace4ac7f792979fda8a454ab3186be987aef04f2a14e7f8b89874df65ff379fdc0a1996c84504b55dc135ebfe954d133a4531eef3aec000

Download Submit
C:\Users\Admin\Downloads\PingBlock.css

Filesize
377KB

MD5
be43eba4c3170fae383ecf1162845e20

SHA1
4567fcca49b3b3fa969919b61070272783cd1309

SHA256
1a811423e7bd6414a66d6788c9da0274fb3faa33ed7a204cae836b1f672ed024

SHA512
9d0136330a525ea5bd983f910136bf1e8ae4cded58470db999e03f34883194e2270c3ca6e4064680fd93260e83da954fe5c1adf3df92a2ac72648d2359e89891

Download Submit
C:\Users\Admin\Downloads\RegisterMerge.xml

Filesize
288KB

MD5
fe23d893ea6c5ba81b24b4f5c70e7020

SHA1
f0ad7fd52ac5a03560cd2c9b75d2199c341a8588

SHA256
be343de25ae31c856211d9ba72d0a09e95380b39778a3726d3f8e3504366cecd

SHA512
3351a455646e1457da40916ae7157a48e85bbcd71b9d12945368ceb291eabaab0572936155896737efa2536e3ddbdd2629c2eaa34bc094b5998e5c56988313e3

Download Submit
C:\Users\Admin\Downloads\RestoreTest.cmd

Filesize
362KB

MD5
191c0adc178077c337e534e13ab8dc1a

SHA1
836fe8adcc0aa1e62a0684d909f35f9589c41059

SHA256
a5714499dc8567df285454be5fa9ac5cea30d7b89d4446ca1cedf1b4f29503ea

SHA512
4937dfa11bb00044e66164f661a68444acc31406790345bfcba51cc6d854e2af21d877653ae331d81c6f2a5b98d14532b1a2ed11555d2aa7865a75b7b0eb9451

Download Submit
C:\Users\Admin\Downloads\SendTest.tif

Filesize
792KB

MD5
7383f6043c570becb9763b127613c68b

SHA1
a58db2f8cee939cc6e52a2a3f81b1c9be3a15f68

SHA256
ff51ca2b98d8aacd5b5d3b81136372e98254ec26f2ba1bd69ec04dbc7a3ab6e1

SHA512
c7e77c8fc6f9a4ec9fef039eaeab0a7d26fcb77336fc8a124c2251caf7b122f8ab7db11136346d4af7a544e6bab589553b99e7e5daa75911f7040d922600512c

Download Submit
C:\Users\Admin\Downloads\SetConfirm.potx

Filesize
510KB

MD5
ccab85ec92e82ab129da5cf07dbed6ea

SHA1
e3c3320e24932a06a5297371d32b6e063ac4d65c

SHA256
c26a5f60ba2b594d9f61318439a0bd03db4e09ae0450fdfd36624dd67dcac535

SHA512
95eeeb9da7a6638256217eb64bdba5459ea2c27cf46f85413eedc810d5c193388c220bac9199d4b554ea443ed233c38301713b06f11215abd2fd30ecedb8ea61

Download Submit
C:\Users\Admin\Downloads\StartSave.iso

Filesize
496KB

MD5
f8a395849a07f4e5c682944dcefea762

SHA1
6077ffd84b096df4529f09d2b2ac45b776b88979

SHA256
eae754d32e0bf9e7aa1d44d8c3d406fdf2e045ddad782deda1c9d66dbdee3623

SHA512
889d3ba22363c1bff7b79a2699241311b27fb46b522c7a7067f25dd7f1812bf621802cbe604289a8b5a133f095567016b841e0cc470734508c5ccf34c2974161

Download Submit
C:\Users\Admin\Downloads\SuspendClear.xht

Filesize
303KB

MD5
f0d8b970e760bbdc4043cf3f76f22b25

SHA1
7a7981410f647c55d84265a88b8129a981c13e2b

SHA256
480f228c705083d5313522721a3c07ea3b2a44bb9215ae7ecbd31fa65c4ddf67

SHA512
3eccdaf4e8245eec2143972b9e81d5b6a75bc24fb1537bf6ba51dc2b0caa126e758697b85e4ce11f75e7d97a379267a4c62f0b0827e62116fc356c2b62855eed

Download Submit
C:\Users\Admin\Downloads\SuspendRegister.pdf

Filesize
318KB

MD5
943d9e285658b10821535b1279e09e5d

SHA1
464d0317ce158010016211a50e3a566f8c80c07e

SHA256
e5c516a4cfec27a668378e5296cc4efb9ad6020742ec8971f80485b37534a5bb

SHA512
9fc408013a289dc159dded5c7e7479e04842bb49fc2346f655d7a12d1e03e80b51ce11a3756f00c59c7f298dafcf032c1fc8aca35654fc23c26f39e3694f2972

Download Submit
C:\Users\Admin\Downloads\UninstallSplit.html

Filesize
436KB

MD5
aac869bc8af4c4a68518777ae510a500

SHA1
ddd740a53bc62ee02a20629452db0268470a6be9

SHA256
503acbd45cbced24d8c4d3ae080794d08ca8ffa209c6418c498bd91de4878621

SHA512
dfaae7afdab20ad5b6e130d596fde05c0d28d98d78f0446346ea8cf2eeb14d98c980bc96fee42607c599b6577157fc3e0fd9d584447b0e4ceeb9d2dfc937e864

Download Submit
C:\Users\Admin\Downloads\UnlockApprove.png

Filesize
348KB

MD5
2d1de88ec40206e4e7bce063717e58ba

SHA1
c8701d8f5115f684d4068fdb4818e1aa0abc34ff

SHA256
d43c48e8d678942fe8bd18ffd846d55e469d3f56ad35eceed341e767a5b261d1

SHA512
ca6b9854930462d30558064cf99ffea0db07935026c94fabd4588bcab975a7a81055ce707a2faa0871e5a19a611914510e2d48610079da58d4d2f16d69b5e23f

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
cd0938d08170c489cfa01afc9f7cca66

SHA1
4abf4553c348873720475d17773d256b98e5a6e1

SHA256
d0c25e514b03316bca560aceca549e4d30af16506c3b4abe0e3e64e0df28ff2f

SHA512
ff263e36694ef32d679766a6abbe717fe5fa85655f89b64b698f6cdaa174a90dbb25f2272c1251bb58c6bf70bfef60e6a8e83f524a1a7a4aaa44e2bfc35944c4

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
99ee9617a7072ad10c9f05204de884d6

SHA1
7b02e1aa1e8557161910849f7c2f9265de3445ab

SHA256
4c80946033ffa6a92d19f30e6db55ab47345f578b256d58b2ecd179f16084271

SHA512
0ba8db19628b959bbb354af6254d2fd92d2ccf9c14cf0cb04a9dabe3595c239d397b77f8b5862401ec8b22130ddcf5e6e4b43ff7a5f6fd820c4977d1a55a02ac

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
390ede5d672f6c64f8c4b710aeff15ed

SHA1
37d1230623bc8ecfe10008ff3a73da5c71b32536

SHA256
874c542c773c53b35e278c0c17d58d4d04e1a9a73a49b328b07ec5131174cbb4

SHA512
d0a705b02f29947819ba3efaf669eb8b9efc2caacea11f09de2f6540f355bbf0fa005edbd9a3b8ec99ab50f3d4adf602278ecb2ea7bb43129b0919168933b14d

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
9cbc1c9647cd78c14c389b5e9ab9ac48

SHA1
8577fe04bdf7136757458deb8e82814818704caf

SHA256
996616841baa389f61cd11c6ca01a12db1bfe60d04b7df32dd9870193893a7ed

SHA512
8059d230252e88aa74abec987616ac5500e5f0ff8bad9b196fafb9d3690651c8f68230a877bb4d30ef7b03d857af170207c6ee99ca7d5978f6a9b42730a7c739

Download Submit
memory/2904-1-0x0000000074B10000-0x00000000751FE000-memory.dmp

Filesize
6.9MB

Download
memory/2904-3-0x0000000074B10000-0x00000000751FE000-memory.dmp

Filesize
6.9MB

Download
memory/2904-2-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2904-0-0x0000000001010000-0x0000000001070000-memory.dmp

Filesize
384KB

Download
memory/3064-221-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download