qakbot | 06d60d2e4f630514526ac63ab10360a1405899f4dac32888d231f5fcf9abb2d1

Resubmissions

01-05-2024 10:14

240501-l945gsef62 10

01-05-2024 10:10

240501-l7lv5acd8z 10

01-05-2024 10:06

240501-l5drqscd4z 10

Analysis

max time kernel
139s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
Size

4.2MB
MD5

0b84369c3ae7ea35924c82465ae768c8
SHA1

9a263fe01ce2d94a7054905323f596ef8cd6047b
SHA256

06d60d2e4f630514526ac63ab10360a1405899f4dac32888d231f5fcf9abb2d1
SHA512

fbc19f8fbddffd0806e41d0b33b93cfaded708687d9d514543ce8302eb351222df4c6ff90df9a52e4371aa4ba3fb272672c850b92ecb0179f5618d7e01f5c6bc
SSDEEP

6144:UfqGzAH5bdSZRg4WR223vZezQDP9RB49qRqe90hfduo+Ppt:U9kHXsRO2auufi6qNi

Score

10^/10

qakbot tr01 1596554163 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Version

325.14

Botnet

tr01

Campaign

1596554163

94.59.241.189:2222

86.98.66.175:2222

94.96.84.73:993

71.83.16.211:443

24.110.96.149:443

78.96.199.79:443

216.201.162.158:443

68.60.221.169:465

95.76.109.181:443

189.231.175.46:443

70.164.37.205:995

108.27.217.44:443

71.220.191.200:443

92.59.35.196:2222

71.192.44.92:443

108.30.125.94:443

93.151.180.170:61202

189.130.26.216:443

47.146.32.175:443

24.71.28.247:443

Signatures

Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
trojan banker stealer qakbot

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0e1b320b09bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "52569441"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31103920"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31103920"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421323266"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f026af20b09bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "54600815"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31103920"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006dd375db7411044b87316e7a135016a600000000020000000000106600000001000020000000b9613e472b931f60dc88bba1ad0729430f0d332dc7c6c3de225b245a466cc764000000000e8000000002000020000000c21e2e6b0d01768c1cca15f1222750564470bafce52b104f41100c491589c85f200000002e7c91a1e95b6eff34a9a50cc573024d91c6577e18415c0d614b89453666d44940000000766fa46a33285a0e940c4335a2fdef58d862592e3d1e045e68dd403dbfa45764672125c35f2ce5a2b645d44c6d4902cd51a62d3c6491b289ec985a01a627d9bc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006dd375db7411044b87316e7a135016a600000000020000000000106600000001000020000000f62ebfa4774e24d9529b9368909b6cd88ec070f60efe22384c71effc0bd4915e000000000e8000000002000020000000a2c28148ab0623919e4a60389796d8e842311e2f55b8102c6521188bacc38a6e200000003812f70fdf0b1387012ba4640f9ac1bee5c7bf2aeb800fe53c1135f179c5215840000000d6ca176c62c8f0b9948859723804395bd0a3f16d85514eea8da07198811d5f2e240e30e9ecde7f1b0356ccd4f0e6d761dd03f1871504bc32aba540c71caedd8e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2EC485F5-07A3-11EF-8FD7-423B00633FB2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "52569441"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

3816 PING.EXE

pid	process
3816	PING.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe

pid	process
1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
432	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
432	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
432	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
432	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4832 iexplore.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

4832 iexplore.exe
4832 iexplore.exe
2140 IEXPLORE.EXE
2140 IEXPLORE.EXE
2140 IEXPLORE.EXE
2140 IEXPLORE.EXE
2140 IEXPLORE.EXE

pid	process
4832	iexplore.exe

pid	process
4832	iexplore.exe
4832	iexplore.exe
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exeiexplore.execmd.exe

description	pid	process	target process
PID 1160 wrote to memory of 432	1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
PID 1160 wrote to memory of 432	1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
PID 1160 wrote to memory of 432	1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
PID 4832 wrote to memory of 2140	4832	iexplore.exe	IEXPLORE.EXE
PID 4832 wrote to memory of 2140	4832	iexplore.exe	IEXPLORE.EXE
PID 4832 wrote to memory of 2140	4832	iexplore.exe	IEXPLORE.EXE
PID 1160 wrote to memory of 3988	1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe	cmd.exe
PID 1160 wrote to memory of 3988	1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe	cmd.exe
PID 1160 wrote to memory of 3988	1160	0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe	cmd.exe
PID 3988 wrote to memory of 3816	3988	cmd.exe	PING.EXE
PID 3988 wrote to memory of 3816	3988	cmd.exe	PING.EXE
PID 3988 wrote to memory of 3816	3988	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1160

C:\Users\Admin\AppData\Local\Temp\0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe /C
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:432

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\0b84369c3ae7ea35924c82465ae768c8_JaffaCakes118.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:3988

C:\Windows\SysWOW64\PING.EXE
ping.exe -n 6 127.0.0.1
3⤵
- Runs ping.exe
PID:3816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1116

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4832

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4832 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2140

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF6493C6283341AE4D.TMP
Filesize
16KB

MD5
deef7b3b6626ba83e6da301fe03b12d8

SHA1
cf531d081337bb606a13fea1cb7df8d2e67ff4a4

SHA256
090f74579d7807868e33ee7b0efc7e1a75320b2a21f94492054401d2645fb48f

SHA512
b967aff74191fd811116464d0271d4aa14d955504e99f87a3ff8a9b0a2b71ca27a6760491861cc945e7de431d8189ffbbf399981308e6495d633d3cd36edf437

Download Submit
C:\Users\Admin\Desktop\AssertStart.otf
Filesize
928KB

MD5
c96a9276fde5c127fa033a152162bb83

SHA1
3cdf097ccc520b948e8a3e087a8dcfebd9bfd79d

SHA256
5634dd23b40bf213868df142b3d6e3959155600b1ad5e4b2e94fa7eaf1b10ab1

SHA512
00172ec227aa29ec26dfa428be9c880e2ea73efdaf531ffd2d0e34f1b4acd11b9bfc3c1df3eabeb3475e015a4df333cf3e5b78d2a42177cfa562f286f964903f

Download Submit
C:\Users\Admin\Desktop\BackupCompress.wmx
Filesize
457KB

MD5
3f43e5889d690428b590bba5bdbc3c20

SHA1
97459763ce3387123cac321e74f5c9104bcfeb22

SHA256
639686af59fcc1137b9611bbe1619582aa567b313edf75422c31cfb4b0bc1eec

SHA512
ef8643c44cf14b7b8889799f10acbcf7c991375872ced24450d8e19c22deca3707e23789c6eaca541b8311850bd100e83d609589b669d2a528f0a11cf9dc9863

Download Submit
C:\Users\Admin\Desktop\CompareSave.inf
Filesize
575KB

MD5
3bdf4f5fa27d6013b60dca69a7e18be7

SHA1
5cbc245cce47e771ecb758ca8216d7a341cdf726

SHA256
fe88de63a5cf10bc309e5cfb7d5ac04d9bd5592309628bec920530ab25a5eebb

SHA512
e1ff6a8bb2f87ca578149fa988dafff570ee17362edb972802ea8c819873ccc2ea6d45eb618dbb1e73ebed80c7188b3173b5c5183b551ba209a02fc35b7f3fe5

Download Submit
C:\Users\Admin\Desktop\CompareUnblock.xps
Filesize
899KB

MD5
c0e1dd6b78335035bc04f2008b349734

SHA1
167365d1bffed24894c456223d32841ad1d5ad7f

SHA256
2f8167ad154bba0d1aa5b1b0087e3896ce20827ce4cc178b135acc8a3ea86a10

SHA512
960a133de29b5ccbfb44704d65f81f2aa8120f8ab6927797cf6c835c93d552e55dbae0ba90b51d021dd9eba869548f9eadeb3e2b30ccecca2a4abe63e578d5ac

Download Submit
C:\Users\Admin\Desktop\CompleteLock.wmv
Filesize
987KB

MD5
0b5dfe50d008ef22f79535fbd6611519

SHA1
e78cbb9ddfca2c07bd6f4ea15eecf05c21ca2cd5

SHA256
0ad697f7877a23a4356c952c4c186cc4ab63a2f5ea057514d4a4285505bc8313

SHA512
b453054df055f940f438e7510dad34129cbb2281df8590ee2114c5065ddcd838584152b2fa24421b85fb5b0c609580d9f070022e8eaf13adb1c16662e8d154ff

Download Submit
C:\Users\Admin\Desktop\DebugRevoke.mpe
Filesize
368KB

MD5
393ef4a06b73f5fb12eab2e46bbdbf38

SHA1
dfbf8d13de70c9d12756bfe9ac466eaccd9f9329

SHA256
5438301f624f776acd3d1aeba9c5977031d960af1a2515a32232cfb5d39cfa51

SHA512
bae0752be97be89a5701a01a4b51e4b5a96432140945efbdc28f7ae641d91af246ad6c1fada605a11c5f3bfebebce68b03a5134605d752eab733f439ed6a9bbb

Download Submit
C:\Users\Admin\Desktop\DenyPing.reg
Filesize
781KB

MD5
e1b185c57392a7c0e64079d5443b6f32

SHA1
e47ca7953e28076a8678bb5f2f552541cf263c55

SHA256
21e975cf372baad488c4d8618400ed714d385ba97e0fec086274eaeae102b2ea

SHA512
442a55e27fde89f05b9f292e76b63dc3ae8497ea878016d7fd510d3f87413e3230750f9eeaa7e7513eb9775a184ce966e3a2a14e5211774b9bb759b784e3538c

Download Submit
C:\Users\Admin\Desktop\ImportGroup.edrwx
Filesize
869KB

MD5
d92c413928efcfb1020c095245830901

SHA1
bf345d6057aeceb249ba6dd0d61610c8b9d564c9

SHA256
967dd655cfa504c2129d7d9504a97021b720d597d99f6aa3c12cab9d86e701e4

SHA512
278eb9edd9dd15a6669a2d42059074931863c3148674d111c12481145e858a4e9ab2f24455ee6c0a82aa45f8dd4ecaad20b040ad50d0ef096232f46f91c49c07

Download Submit
C:\Users\Admin\Desktop\LimitStop.vsdx
Filesize
752KB

MD5
0111329b73b2c75a4447a44093acfca6

SHA1
05b1a520ff2d1df790e3fc37f7b794a9192d7d88

SHA256
e0660a6586b49a39e23288fa948a623ef8fd9ad186c7ebd30f1a7231be80a241

SHA512
ad3b9f5365e4309a65364fc35083d2051373f27d983418727f9a952762c2da415e60da0cc8726530997840d2685bb17b02f3232c1d166a9ee7b75801760c9b20

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
6c8bc66d5b0b682ffe8a08e46750df8e

SHA1
bb73e3324897cc06b8a8abab2da602ecd4529438

SHA256
00d121ab54dbf1e00a3ad7bfdfef86e25f0b374594ced76d0b3c59e15020c3f3

SHA512
b18fa41ae7cf1b063b9963c6b12d29f0fc5f27a0b9afef70d08138901f087bca49b705a1587694cb7a842857b18e599512d207831003bd7e254bee1c9938d0da

Download Submit
C:\Users\Admin\Desktop\OutInstall.vdx
Filesize
1.4MB

MD5
47139e7fad76454ac9e57062cba35b06

SHA1
a7c5945b80a2cbdce9b8cbaf553cf8075adf10e8

SHA256
76f3c6e9089aa1937bd3dbeb01b05ecc2e82f949c6aa57c4408ce91e1fa3946b

SHA512
8a14bf435093077b33fecd450059c5d7744697d679065a55af82592c780dd06f6891377437abd47a82f3df0a2175ab829d959ec724b701f8113ce3f19d2a4cae

Download Submit
C:\Users\Admin\Desktop\PushRegister.mpeg2
Filesize
604KB

MD5
2c3c89b2e9b820b1cfa5b16178236142

SHA1
d313f9b3ed4cb051b89008bebbb044454388ee13

SHA256
658f922fca4cbbeca8d03823d914aca6f26c4731d2fb979cca9f85fbfb08b5bf

SHA512
5d92155bbdd6360646762454bb7f04e838e26dcfcb5f9646a612e8ee010aae29c94f9879d139c052877efe4b0ec5aa869256d3e8e7cc22211caec69cff57ed11

Download Submit
C:\Users\Admin\Desktop\ReadResolve.emf
Filesize
545KB

MD5
478dd02ddfced09838e6530abb43fed4

SHA1
d17dcfb141aa26e08084e7cbac7243d4952c6f22

SHA256
4616d35cfd7318055e75b2d3c698954d02cb58668f77337499814e9e73ad4f65

SHA512
c3b6ed1f8c5ac141944e66bcaeb428d7e245dcb47f2c81691dc9d73f621f83976bbb5711a4b42efb8f6ec874d86706c5593acaaa07c9dc392cadeead01a91218

Download Submit
C:\Users\Admin\Desktop\ReadUpdate.ADTS
Filesize
634KB

MD5
62b2ce8165c5788ae9a224a99a8be9fa

SHA1
bdab596ff1e57f6c055643b1261edef434b5a6fb

SHA256
6f1d8a45d933b008d24977fcfef24c3cb7b6f03d8abcf0c1a4fa62fda3f8532f

SHA512
dcecfc8915020aa019a5570ac8488307417c001fa31e7a24ec151e393d40aa3f9e39d30e1e93709a9a07aa8940c8f79caedd8c4e95f76ad17168601cae4f4b80

Download Submit
C:\Users\Admin\Desktop\RenameInvoke.xps
Filesize
486KB

MD5
95b2fd6c76e126070e53033b84bf2d04

SHA1
322031b76799d372500d411016e42f9a0821c4f1

SHA256
f0126e4def4a3850205a3bbec52fa9bd52877cd9444250246df8c40eb420c0ee

SHA512
2af4c42e3a475bb05b18f38bd618ead14beaf79bc1674f2830713240622f2b9e000f757096132d73a2b9392a861ecd1277e9361b6922c2fe0425b7d58324360b

Download Submit
C:\Users\Admin\Desktop\RepairInitialize.jpeg
Filesize
516KB

MD5
665f6b0ecfc62a8d0a407522e3c43a86

SHA1
bd2cb8a8722b5a149c256bf8dfff3bc8c485baad

SHA256
cac90062d12ed30d1435915758a395728c414cf1caa0b6a109f97292aaaa4c8d

SHA512
4bad62d4c929fc34ef8c1a85817146620be2d537f952200c86e1069aaf0f0c016acabc79a6054be9e27f1e7d09552b619e5afc2811bd0d7c3b9e9cc011471126

Download Submit
C:\Users\Admin\Desktop\RequestRepair.dll
Filesize
1017KB

MD5
86738b1446284667f3fe4f28cfd63963

SHA1
d3d76d8c7a5c1cc53d9c5686e53f23603b54c148

SHA256
6d0c339dd6cfd144dda18e70b0a978fb635dc028b6c8661b92cfd4ea3a3294f5

SHA512
2593ed5dbbdcb5d25d65beb6b58b920bfdc5ed0b53e79838f1b127887ca1606e088bbe5e4d387fd98694d0aa2e7cc796f51df2fbf4d70c19cd7191022856c4cc

Download Submit
C:\Users\Admin\Desktop\RevokeRestart.ADT
Filesize
427KB

MD5
0424834ed84644b16500df80f0f9de6e

SHA1
bd3dc181b47f683393405e352a9299530db95d6e

SHA256
2380654a8af8e86b35a1da9da661c8320a068a9174dfc229fd4baa2d5fe29533

SHA512
6a3ce1f4f943273a4452a124629b359e0ad894e60145e7bebbc40664ea220433cd00f4f055267f2337b020677ba082a244ad62bf07993a98d8d3505cbd924888

Download Submit
C:\Users\Admin\Desktop\SearchConnect.wm
Filesize
722KB

MD5
46a7a4f0490bc07de03a4ed3c3a4ef07

SHA1
f9f377ad82685079d1e868d5ae7bb36cc03c2bc2

SHA256
ca408d416f631dbbefb538da05c3c52b5db6ca0a1ea1030a5ff0d7d6703575bd

SHA512
1d355acdf67b5f1417c19445d6a95d3a4948d46153cd7ed44aceec1388d1c6cea73f4331b315a6a6ed7f33a93151f84d80ffb5e0e5264bd30b1f24975253be37

Download Submit
C:\Users\Admin\Desktop\SendDebug.eprtx
Filesize
663KB

MD5
be195cf86612a6372e33c2daae5c16ed

SHA1
459066d0386a82be712f51c55e5c5f4473ebc764

SHA256
3a9f06642f3c5601162c94a0e4019ebe39190c6ba26852ee8a0227f6ad125953

SHA512
bfde8b48c5712b47aeb9bad0f8aee05ae9ca4bfe620b473ded914440bcfc51e239501824d9f85e449b54fadbc7c8d8a5a5849bdbf7c313d31491ae3797adfb6a

Download Submit
C:\Users\Admin\Desktop\SubmitTest.svgz
Filesize
811KB

MD5
588fb5cafee08ded04b0dd604649c0cc

SHA1
5d57b2c356906e099516456fb43170da7ca26482

SHA256
fc26d0e1ea043e7b2278718425c645e0d476144d2cb6399f23b88ca08d26b3aa

SHA512
53d15c62d476f7288a513ba807dac140d5eceac8ca4c460f9bb09b53ce980e7a7862ab5a300cd29d3a22d492c3ccf0c8d1b8db8cd4bd129cde930ba13f5dfb3a

Download Submit
C:\Users\Admin\Desktop\SyncRedo.docx
Filesize
693KB

MD5
0c65bd0f524132f4a6882c9f2d229528

SHA1
e343886a34e32a62578d8e4564c6c26f154ea6a3

SHA256
f4d774cdde7c0a309d50bd18c18c2de78d3a2eafe6a7bd331d24313b74825cf0

SHA512
386238a392c3da4363a5fb16044dc23030d58c95632833fdb625b31f46fc82dda1562d1f6c6bcf4d4fc0e6381b95259832f3f3f459591c62ae39cab70c57c22d

Download Submit
C:\Users\Admin\Desktop\TestUnregister.exe
Filesize
1.0MB

MD5
3170c45eb59683d087ba4631debdc008

SHA1
29ca73bbae346a356753cf949ce7140707707b76

SHA256
df8347dd9c331ba40cbc893c4e96a1ba5efc0f10be24bf77a4b1e680bbe321ff

SHA512
df66d0d5acd4740bf7b49504bc68c013e13b25c0cf5f01acc911a501932c7518797fb02a13fd1cc2d6568a9b76fa254e624bcc5ebc6f5766a7cd6247c6e6a44c

Download Submit
C:\Users\Admin\Desktop\UnblockStep.ram
Filesize
958KB

MD5
1edd60395489628c726cb5348314fa95

SHA1
9f4b3da1336fa868e46d3fccae8ca063bafccccf

SHA256
458a75d7a79878b2e9e92c1a6d47888677fae212f45483a6e74aa5ebd5905b60

SHA512
c9afaa64b3d7543e1bd1a5eb530274f447a5316b014323c94dbb18e51c1ae71c2112b1a4a110c8f50a23f846b2594e1153be5dbb19215e41bbfaff5c988ce0fa

Download Submit
C:\Users\Admin\Desktop\UnregisterGrant.mp4
Filesize
398KB

MD5
8e6ff5e54bd061025e448bb4f7b6ca60

SHA1
dc2297eef6f46ff3262bf1e9c0537152f2aa503e

SHA256
5ca2ab3b7820e55cdb188a4d72c3c4a680e3908a89a95483a357ed3e091104f5

SHA512
f0329d64a8a3010eea811dc3ecc65eb5e5aaa4712e039283a19675ec618bcfc4fc839489bcfd05430093e877b85634c3c3101a66e2c1c3b93f93bb8e9eb1b621

Download Submit
C:\Users\Admin\Desktop\WaitTrace.xhtml
Filesize
840KB

MD5
93fd2138d64aae566f68aab4e5d0f5e4

SHA1
4f6cba5cea6b4aa1a2b82cc1bc8f12293fffcc02

SHA256
2e2a35bc89602bce350bd53e315d3906a62722398a0dc2750736154239965f77

SHA512
e20a93a685f95ef195107b10821d9700a26e4f8a857cce1ef13f15ed1861dc5d40f124f44a453d0667b812f6d08a931732e7b1881e62f58da1a63a4fe582946d

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Filesize
2KB

MD5
a657344ef8e30d4903d9b7b5b9070afb

SHA1
81f2198234b6c1322b5810434efdb31896ecb6be

SHA256
e2720676b79ae3e2877688e2ee213aa94d1b35f8649ba3261d8fc78032c88532

SHA512
6a1ef8d525d2f8f2643644a204fa0952c760e28285b1592e4cbca27e97c0770822f7f894892dd39baa5b644e32e83c32723f22d4bbf6d3d90d32e1faea55efd4

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
b1044dcc41a9e985ab900637ece5ab0f

SHA1
f7360ce050358e69b86386f78be6277a477826fa

SHA256
588e47033988f3e4e33fa7814615fa4941c489367cb39f49416249317a816305

SHA512
627d501fd1b8917b0ef34f06409b597d29fd1e2b6d0bc83bde7740ed43258b6a83103bb4a5caf2c56238dee52a6919c46df8fd58bfe911e03a8f5e474db0f8c5

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk
Filesize
2KB

MD5
a49ad499282c1acc8d1d2f02d7ce1479

SHA1
fee6a14a6bfdab0461ac1693fd3e220f0e9b5c69

SHA256
a9add39e99c2b8bcf19084f0da73f3e618302d24eddca13959785dea76effed7

SHA512
e4a75d5ea710fbf6915358997462f97dc3342390c4770bea8b3af9e722195d2bad140976f4de8c7288cbdf95630b5870b5a7a9d2641b6bdd089e14e0123c2101

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk
Filesize
923B

MD5
b8aa2738f74479ba1d35e8e26f9f719b

SHA1
f1d7e7b7ff938ee068d1740be90fb3d0cebbdc83

SHA256
38170da5d717ec3f57f59f39cc706508bb41165fb76c3811a18fe48f0007c412

SHA512
debb74d941d21c9b5d70aeaab4df08ad201443ea9d641c6471b91f57e5359c04b30979165fde9de6f461c4476f7575e0545adb3b3dbe8b2285c162ae46833d06

Download Submit
memory/432-6-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/432-4-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/1160-0-0x0000000002510000-0x000000000258C000-memory.dmp

Filesize
496KB

Download
memory/1160-8-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/1160-2-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/1160-1-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download