76ceba4b9fb9f0c1b6a4b5a179a699a61c31c17f9eb1984374e4c07480a31e70

Analysis

max time kernel
38s
max time network
51s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bne.jpg
Size

41KB
MD5

7c34ad64f4964fcb9e0c7eecf5891035
SHA1

7700899511b0ed7246eb7fe9ed61dce8f775b618
SHA256

76ceba4b9fb9f0c1b6a4b5a179a699a61c31c17f9eb1984374e4c07480a31e70
SHA512

1aeaa25d2224eb26c59991f77dd11c6a8fae6d3975729413f041343e176171441afcc57d7db9ffd7ade82a64ad92606c187f325466e5b2f604203a0aea600d8f
SSDEEP

768:19wBwFUdI9H8QqeFVbXFJEWjB4B+l2LPJBOI8ZzdB007rKfojmK:19vFUdI9H8oFV/RB4ByIObPrKfol

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2432	chrome.exe
2432	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe
Token: SeShutdownPrivilege	2432	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2756	rundll32.exe
2756	rundll32.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe
2432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2444	2432	chrome.exe	29
PID 2432 wrote to memory of 2444	2432	chrome.exe	29
PID 2432 wrote to memory of 2444	2432	chrome.exe	29
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 2792	2432	chrome.exe	31
PID 2432 wrote to memory of 1936	2432	chrome.exe	32
PID 2432 wrote to memory of 1936	2432	chrome.exe	32
PID 2432 wrote to memory of 1936	2432	chrome.exe	32
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33
PID 2432 wrote to memory of 1812	2432	chrome.exe	33

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\bne.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7159758,0x7fef7159768,0x7fef7159778
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1600 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:2
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2212 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1344,i,9309553921006429593,1120466546999807580,131072 /prefetch:8
  2⤵
  PID:1964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b769d95b65562ab703c88e2d2d27164b

SHA1
2d99a235f0c2516990563f51a8b0b019af0c18dd

SHA256
68bfad0eff1f2c33b2ca4f1a5898d392efbf2efb6f2d25782e1c41edb9800258

SHA512
644505d577dc4f11e4539eb0342a23d56ee49cc39a597e7f27e48fa25f3721552d639506fd401e954aa377c4c58c683c0f6b1f74d02b3af4d1464942f0457123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
5613bb231be9540ec8f683179268cfa8

SHA1
7a3f0f24a8ad53709bba109e8616896573cbc193

SHA256
8ff5b337bb10f77b052025cc86c653e3890dd81bb8d9fb64714761bd0e5e4960

SHA512
73806cb95eb53d74177c65ea2e73abe44adbe1129644617fac5387420ad042be0736ba08e7c7f3ddb99fb2db3fe05f914872001272a6bfc75195e777961be7a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f735c9ea-9418-4f72-9be2-daf5d8284031.tmp

Filesize
259KB

MD5
f29f050ecb8e18a16f617c86c32e2cbc

SHA1
b6f4dad883d7cb2e7600511c6f1f3be832b25dcf

SHA256
cf09e65f7524f7ad233975e2de7346de0cf6ff3cf262f9f9c45b47929af36a40

SHA512
de358709a77049fc540f4266510627a4342663d70336b78dea8255dade159c9487c7c6473498c4ba6e2cf97a8c60bc7584e2004cfde57fcee16e673faa0a074f

Download Submit
C:\Users\Admin\Desktop\BackupRedo.ppsm

Filesize
151KB

MD5
61dbd53efa0da9857f4f86ff212f5604

SHA1
244ae0b4f9ecc200dcfd2a4fe0e26dc98ccb9b66

SHA256
3995419fd7db52421338203979416c6b0c417b075d0f1a559fc18baf4bff9ec8

SHA512
c3e32a7ca6cca42ea9506c7a3e7519ac177054677e884f2e2b16f8b97e62ae7e12e5d0399709cea910f94206e282401d125a926f6edddde67bc82b19ad445592

Download Submit
C:\Users\Admin\Desktop\CompareRestore.xlsb

Filesize
386KB

MD5
6d20e66a9039be4c18d7c97351dd6dfb

SHA1
c924d1807caf1980a5273e7af3e600cb007446c5

SHA256
bc662f050f748186f85c87e3002597e987e8271eb521257f83be07804d74a2c8

SHA512
bced746bf12701e87774a237f3ea9d6f6fa0eca696b7888020f918c2d3c1671b405bc1d45c2f3b004f4cbc23547e07dbdebf9593e5ce7f1d8b2277b51f00a52f

Download Submit
C:\Users\Admin\Desktop\CompareWrite.7z

Filesize
98KB

MD5
dc158dd271bf92558b8678f61607fc3a

SHA1
8229917388f71487fce873177c468098a7387fd9

SHA256
1b3b4c63fc2d6f29fdeb5fb450a5f580b670ed39380268d8a0148238a6edf78a

SHA512
22147d0ee0dbda3cdb01f04c338e70e5046194f14b53f64421ed4062ccbc00aaa85c029803f92e269cf4fe746c5042d3c61448e07feba9f2b23ca072a420c0ee

Download Submit
C:\Users\Admin\Desktop\CompleteEnter.rtf

Filesize
174KB

MD5
2c1f20c1c5e10079feb34fde8492d4e6

SHA1
511b2d5f12ab22da3988698d53ed04faefeabcdc

SHA256
05ffb84449de5cb7e688db83bb5982c62d2aa97b5c8a3850ddef6e08217cd0ba

SHA512
e082921eb04ae0a286b505cb702032f6050c7add8cf4fae6868abba6ce84492a6a17958f081f231f9ced6d066a25fba323868bb51270ccf71bbae742cca178b8

Download Submit
C:\Users\Admin\Desktop\CompleteGroup.cfg

Filesize
234KB

MD5
646f3dcfc5bb9eecb6985e3f36f196fe

SHA1
478926f42f0846ae3e261f779d0e0e77adda504e

SHA256
f388a9f2c590037304019574d860ad6ce5732bfa8955f5210ff48c7dd43216f1

SHA512
0ab2a201845ec41a1c8419447abc3be3404b451d0b9c847b7a13d04fdd06987c49d971b720e8e13a20138f7f2084ac6bafbb989f3d27a34e7cd71518700aff3d

Download Submit
C:\Users\Admin\Desktop\DenyUnregister.vb

Filesize
265KB

MD5
27c767862b57d2fbf71b8e8149b75904

SHA1
27b1d7086a13a59bb77b70271e78e3c8c546626d

SHA256
059193e289ace89a87146c17cd54aeeba9a7cb3f5e7bd47b117e9617d2874fbb

SHA512
07f5eabd445a84eb82ad738645fdedbf48adb380d8e4f183a552b1420f9c1d46cf4eb3edc9a50086afedfbb05fa7ce5d089f3d9f2ac3153ff3b98ab0c3910a13

Download Submit
C:\Users\Admin\Desktop\DismountWatch.jpeg

Filesize
106KB

MD5
bc1bc6d172cc22d9254b452aa9698586

SHA1
a88c561df93ddffc478d5d405ae274e17806b2dc

SHA256
05feaa0ba75d821cddee426b869d7216c2fa5acaf9955564b75179a27f4a4614

SHA512
d5e055dd4c3a9a66b0222277c6b1e0eefef8f0ca157c06d1b6999d227e63f004023fcd98305103c9882d42902cb8a085f017b1dce856c3e0212343cb93474c14

Download Submit
C:\Users\Admin\Desktop\EditCheckpoint.vdx

Filesize
242KB

MD5
c8a67f124dbe0a69f18f5962d06797a8

SHA1
1ee17f0469b25b72708fc9daaa3f3c87771ee367

SHA256
486f483a084ad3fe71c14eb3292f285d8b803c3500d761c578746e3fc8e73a8e

SHA512
6a64581d386e5f1edc32536e28c3db0330b2bcaa0ec0f116f679156a007975288009ff42f1d0bd0794e319f2e681699f726e193c9f40c08d89c3cc133cd83940

Download Submit
C:\Users\Admin\Desktop\FindSuspend.i64

Filesize
204KB

MD5
a024412e11f23c019444fa2d9f425309

SHA1
28e8d0b4110a698ed1733de3dae758bd715a4228

SHA256
2f49bd5afdd632614b0763e354988280d7c75463decf0ee53b325edcb2d58d1b

SHA512
c015cc2fdbea77efc5805334a27579917c90dc8d27acd7bf521e79211476ce959d39271d0d94c807306229ea0d91132c6497c5bdbd99312912fb9e251e884022

Download Submit
C:\Users\Admin\Desktop\FormatUndo.bmp

Filesize
200KB

MD5
eb7bb1cbea37a252fe90580bf062ff8e

SHA1
97d04ee8e6f0a930eea529d0b5e110546c71db39

SHA256
f82a001a8e7a77a884ecd313f5fcc0e9efde7cd894fb8504b2a8a4e80b24d474

SHA512
90bdabeb52a13ccfb16647ff3a3b9743cd7e28efac70fe55e030e52ae35894e07815c63a494cf598a97e27266b1c5ef689e031a9882d70f550181e24bddb34d9

Download Submit
C:\Users\Admin\Desktop\GetClose.fon

Filesize
219KB

MD5
14bbdb593417dc2a7a34c24017b280a4

SHA1
02de1cf8934329c0a7021054421c5b4d9cab80c3

SHA256
ac5707b5f660f1086604986a002c25a117df49edb7a2435fa8209c3f6f652348

SHA512
06e8aa6cc96a07e8583c5aa97cfbc3dde7ab1534219611e097176f41e120c69dc909346f7bd19bbc8083a07a408f776b47b56d74f3fdcf12967192dfb71e51e2

Download Submit
C:\Users\Admin\Desktop\GetSubmit.reg

Filesize
136KB

MD5
fad0ce01a33e41aaf4c4c943bf195ce9

SHA1
be5d6fe403112a84630c0d420f2a0dd046b7ac3f

SHA256
5ae284c50d55bfc435954f6a75bf31e005f5bf701d29c33fb7e79824e1411ebb

SHA512
1f114f72a38939f1c860aa6a6f23fed4b64a28f00ae2c34d75e3a956f6a3c3272e541b1dd2700af2b12821532db49921e318d5aa7f07cc4de541b4d596d84147

Download Submit
C:\Users\Admin\Desktop\NewConnect.vsx

Filesize
59KB

MD5
17fa808f8140f8f0f01658fa21841426

SHA1
a48452ebcc9732065f3d3576fc6eb9a049b4c467

SHA256
907b9324684e25a3338b27107b0aa7ff13da1a4f477fc2218b75e3a38519a361

SHA512
2fdaa18572b2ae76f6fc08d35e97ab8d1643135126e33273f4447c191f8a22e0442339cfcf2ef27e7e52c4b3ecf6d66df6e70509d0c0eeaed461d6cd5d23f700

Download Submit
C:\Users\Admin\Desktop\OpenMerge.ppsm

Filesize
119KB

MD5
691a86f8c2672c7841e10edb3e260df5

SHA1
1ca19d41a18f7d75c76e366e47739bf85fa139bd

SHA256
a0a0ef09f5ce8178f3a7bdf67b4f1baa0aea3dee41d127b9f12509230a0bf3a5

SHA512
ddabfa3ffb17282b6567e413effb1516c9dcda4a1eff66649fde04f2e463f5d8bbae364fc4c8f65a26633ce0b8c6d020a825e09f3f5b5ca03bce072ec54b417f

Download Submit
C:\Users\Admin\Desktop\OutUpdate.3g2

Filesize
155KB

MD5
6ba02293775ae44b59ed0264597b8d98

SHA1
1f8237ed79a40057e79df282a5267dfed5230c38

SHA256
c2b0f273d072e385f9cda33cd8b2bff3673a3b5125a1c90079c24ba6995aac04

SHA512
48c66254db649a1d44ea9e147724fab3ca1cf28c4e4ee73157f9a76299a977521fea5ce01a5a3dcd3b814583c5af4d17e75578b4fff8a9dcda56da7c097a1b87

Download Submit
C:\Users\Admin\Desktop\PopDisable.aifc

Filesize
122KB

MD5
94de0a8db2dba75db6ea7889d2e5e321

SHA1
bbc99bad867872e2047c3a5ee37e427288c94155

SHA256
8c075895c4aaf804b0433ee8ced1ee7fbf960965f9c5f5c526a27d4e722cc766

SHA512
99bb9688f090c5a5f8bf68c934d64e085ba715575f6d8431bef179b3e98cc5312cb2a3de6c938b134d0521c9dcdd0c178745417520410118036f3a9307ce5633

Download Submit
C:\Users\Admin\Desktop\ReadUnblock.TTS

Filesize
128KB

MD5
b6972a0540a8686e1ec53a6f208a954c

SHA1
8f5a34e38d4587d0e8289bf45e047a361ce7669d

SHA256
4204b59cf72c12ce2290527e474973f575013298425c31420311af4a6fec9380

SHA512
6e27f00a88a18c37dbd91864e8a3e5157f6342a8aac7169624290a04af369c8b292bcf310ef6244fe05a3b3df8d71eb117f8118e7763237a21e7495c6cac1bba

Download Submit
C:\Users\Admin\Desktop\RedoAssert.potx

Filesize
77KB

MD5
30408ce41980480c32cd27817638a159

SHA1
80dddfd23e9c6e7cb8c81da3c25f75fbba856220

SHA256
d1f5ced64a63ad63c20013136f8185cf83643512972444f5e0dd2a33d38b76e3

SHA512
007fe011fdda7e806080c7c01361d4594dcd63bd1210b1b05a19a16492a9673107e421afcd11f29b91b2f18221db78d3242de467524f1a8b62624bc8e3172830

Download Submit
C:\Users\Admin\Desktop\RedoSuspend.ogg

Filesize
83KB

MD5
472d1b08c6c6926effed97f711068fdf

SHA1
08a10f0cbc741e15524310eed718d5636903c45f

SHA256
03dece30d52f6dd1f80ab3b288d692ef1156dea594c7a6105bac584476a088cc

SHA512
c48a598d94ee2c7784dba5876442ba992ae748260bff75896aaaabf1d8dbc2b6ef031ad81fe2449de231df962040991b38a33ed68709fa9454558cfa3b067be2

Download Submit
C:\Users\Admin\Desktop\RemoveRepair.mpv2

Filesize
79KB

MD5
a7d0628fd82eabc846dc28c7dc25fdc7

SHA1
5630a82de7c967ef0ef6bbafb21bf9d0265d463d

SHA256
681900c9a35d0b2cd0bc2461bfa141f2f4a00fecf1c61281432fb1c380b81749

SHA512
6576a7bdaca5e9c50d2eab925eae8d6eef32598d2eee2720f939c6f9be596e70930181ebab80f123e6e7f1d16a76f87c34afbd0c08b24e38d456765226facfd1

Download Submit
C:\Users\Admin\Desktop\RequestTest.wpl

Filesize
62KB

MD5
87cedd7a41d3a9dfd94eb0d0a150e6f2

SHA1
eb407a6a8e8fab925ed314bd225fe67cde00868d

SHA256
0a93cf5145fadb5c54714cc3e99eadf118a5744f9d9521120bc981f4cb589726

SHA512
8e5132deb714994c054050148431be5c165b32c04657a3a37b3b122eb1fcf0b5970b80c8c14af00bc915d0bfe7d54717c9c304c991674cf2414ba8f502e34564

Download Submit
C:\Users\Admin\Desktop\ResolveRename.emf

Filesize
130KB

MD5
61262303688a7d4e5ff8c428900aae3f

SHA1
53b717599352f91dd1606111b5014b41049fb873

SHA256
bc0e8ee79bc601a8ef25db67e8e830528b6a0cc17f4f5af6b96942433227ae92

SHA512
48d7878b75f942bba6862021103b48e13c1df9b64d5ece4b06602db425a67a45f0cbc14c5deda1ddf8e2094ea9fa1d78fb89b79a05a3c9295f15416ebf7e7044

Download Submit
C:\Users\Admin\Desktop\RestoreTrace.htm

Filesize
136KB

MD5
072c3090af66e9e927aae6d26fd12b2a

SHA1
15acf52248d95a65ee20feee61e59b07913bacc0

SHA256
008366ff0400879e136d80d8cc7bf06a215584fb7e0e144faf89974d68c6613c

SHA512
6de241a130ad1a0ca8a0833267a8689097170393b956bf113421157402a9848bc8881dc5d3d910cc489575ad811bb73e1462d158877c4a86c4c4c94ad071cfc4

Download Submit
C:\Users\Admin\Desktop\SendResolve.emf

Filesize
35KB

MD5
c0669cb7894e13f71c72d2fb7bb0253e

SHA1
5025b53ae8bf771eec9c2fa79fdc812b58aba3bd

SHA256
119bc0cce4eef27df9c96bf226d6377c0e442c49fc3c79e952c88107f7019709

SHA512
2afa0640496645b5952c3567267e378375f1ac7dc2c0c051a519aa645f4ed98edfcca66b4a5c57a436c9f7ac9ab7046b0f67d68089c4d770adb4d5ca5f4ce60e

Download Submit
C:\Users\Admin\Desktop\SubmitSelect.asf

Filesize
104KB

MD5
80ef5dd85f1ca903f5d5d97d5352f2b9

SHA1
ae864886ebe27cec968fac6bf5ec42bbb200666a

SHA256
79f7869a2e5ff9a5fb9bae208af1e58dd3a62f6cf8130fadc4eaf5f83fa7ba6c

SHA512
4462199910900f6ca7735da70ffce213b980f8adcb4f6336143d8fbff9d6d2cce2a27e317436ca9bd7185ac6b2be50371752fe74cd10a48218dee864e5dfb825

Download Submit
C:\Users\Admin\Desktop\SubmitUnblock.htm

Filesize
52KB

MD5
bb10d02553e90def7f4504027a3342e0

SHA1
254cef3c6464c208dbc0bdb538fc11c70a0e3fa4

SHA256
5244e31c94ed8f1139b0c704255e8f1b917bc76aca648c0c62ff782ff6c15f07

SHA512
da57b8ed6f11be243374f7e79165a844edae202501aaf33a36f5009d839964512bf3c35dc6c41cc7bbccec3c681031cb753e6629ccd134f479c5a6593d01b923

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
96dec898c55c96edbf23782e2ccf218d

SHA1
e34cb76a073d804641eb73a7a3366ce1b6b31cfa

SHA256
ebc1dfd509982fea0e53332be343f0266ce7c2964a06f743be9049f74f56ebef

SHA512
5a2d6375f04d03d26b385bd839c945b8fa27d50873bf05f2fe11723883f18a09fad8eba7bc21173b8bea33b2df298e366429c5b2716aa6870a699a4c7dbe7baa

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
7c703d451282eb9b7ce36ee19e72dbe8

SHA1
7f25a12d7070305990852085dc1ca854d9c8b97d

SHA256
a7a4a58b5887eee1d0febd38749f7cb3372b50bf1f2097fd9396b08384efe064

SHA512
adbcbd63ec5a1b421eab1ce4801be08dc0b8eefa3eabd410cfe831224128cda2bd00210bed0f645f564c4beae0c2ee76bad9fe583712a501f097590d4fb764b8

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
3d59cd392c290bec1da078d7a2a59a3e

SHA1
1c3f99dedc01cc0020813b00bd22ac0696180358

SHA256
7f1ea43c2966d5a81e2fa7b3e0ae07bb199b706ebfb52fc1c9dda7d72b5a16cc

SHA512
ddba0774e2cc631d247432aa0f806f992c019d0c5b82f236a11245d6a76897577ae71e51014462c0a00e7638ce6dc2c180d922085a2f0db216a556fe955b0cdc

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
6c1fcf1e42c7752177bbec8aca2832fa

SHA1
1678ab0ac899c63b5ff6293c9b1c23b388ee81e4

SHA256
93ca2636530462b949a64e2b89a87f046d38dc5c3a25488ec85045a4e33163ce

SHA512
aab98434272bfe53d3b2a0afab7d468f4f3c2ea1e8f88a48c9dbfe5333a18107022ac6c29d9afbd6e1cd7cb55ce79bcf212cb0fc14a3a076205eedeb8b48e3ce

Download Submit
memory/2756-31-0x0000000001D80000-0x0000000001D81000-memory.dmp

Filesize
4KB

Download
memory/2756-0-0x0000000001D80000-0x0000000001D81000-memory.dmp

Filesize
4KB

Download