quasar | f0160a1f7a39862e14063ac468957559656405f51d97ad56dc7cff9ad34da9f1

Analysis

max time kernel
143s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synapse X Launcher.exe
Size

3.1MB
MD5

1a1fda92143e414b4d4153ab05dd1ce8
SHA1

33ac2b2d228a1ec93b0ea70ffadb436933b9a1e5
SHA256

f0160a1f7a39862e14063ac468957559656405f51d97ad56dc7cff9ad34da9f1
SHA512

70a9a6948f98f3bdc2c7b461634098347bdf683dec36fa92bd1ac652f72daf7fa01f842cbb8331f26c9c5f76907604f75f7c45b746bcfe8f395b3864f998f391
SSDEEP

49152:VvnI22SsaNYfdPBldt698dBcjHOaRJ6HbR3LoGddPkTHHB72eh2NT:VvI22SsaNYfdPBldt6+dBcjHOaRJ6Zd

Score

10^/10

quasar windows update spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Update

skbidiooiilet-31205.portmap.host:31205

Mutex

7357b58d-e5d4-42be-8b74-db6eee6cde6d

Attributes

encryption_key
6F721445F7E0B1CF58980D84A9D49F4458D4EFD9
install_name
Update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
Windows Update

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/724-1-0x0000000000B70000-0x0000000000E94000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe	family_quasar

Executes dropped EXE 1 IoCs

Processes:

Update.exe

pid process

3916 Update.exe
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

3740 schtasks.exe
3004 schtasks.exe
Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Synapse X Launcher.exeUpdate.exe

description pid process

Token: SeDebugPrivilege 724 Synapse X Launcher.exe
Token: SeDebugPrivilege 3916 Update.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

1196 MiniSearchHost.exe

pid	process
3916	Update.exe

pid	process
3740	schtasks.exe
3004	schtasks.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

description	pid	process
Token: SeDebugPrivilege	724	Synapse X Launcher.exe
Token: SeDebugPrivilege	3916	Update.exe

pid	process
1196	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

Synapse X Launcher.exeUpdate.exe

description	pid	process	target process
PID 724 wrote to memory of 3740	724	Synapse X Launcher.exe	schtasks.exe
PID 724 wrote to memory of 3740	724	Synapse X Launcher.exe	schtasks.exe
PID 724 wrote to memory of 3916	724	Synapse X Launcher.exe	Update.exe
PID 724 wrote to memory of 3916	724	Synapse X Launcher.exe	Update.exe
PID 3916 wrote to memory of 3004	3916	Update.exe	schtasks.exe
PID 3916 wrote to memory of 3004	3916	Update.exe	schtasks.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:724

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe" /rl HIGHEST /f
2⤵
- Creates scheduled task(s)
PID:3740

C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe
"C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3916

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe" /rl HIGHEST /f
3⤵
- Creates scheduled task(s)
PID:3004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2976

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
2cb9e3f89741961748d38d15dfecc8fb

SHA1
11f89dfac73dfacb194fa01bf6e7fddb38c1f6d7

SHA256
e76dcf1390543fde2ae6fd8263e90df10923df9dfe78a5fb588a50654577fd13

SHA512
20557311d13320d2f7c8bfb99e49c8af30dbcbace0faaa5101f9ea893a017a55100bf2b3c466c9d9cfe4fa8a8affcef9223a870abbcf571492fa90abd0e748f2

Download Submit
C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe

Filesize
3.1MB

MD5
1a1fda92143e414b4d4153ab05dd1ce8

SHA1
33ac2b2d228a1ec93b0ea70ffadb436933b9a1e5

SHA256
f0160a1f7a39862e14063ac468957559656405f51d97ad56dc7cff9ad34da9f1

SHA512
70a9a6948f98f3bdc2c7b461634098347bdf683dec36fa92bd1ac652f72daf7fa01f842cbb8331f26c9c5f76907604f75f7c45b746bcfe8f395b3864f998f391

Download Submit
C:\Users\Admin\Downloads\ApproveMeasure.pcx

Filesize
442KB

MD5
315442845405bb892c1bea70766e3563

SHA1
f2188f65b9b39ffcd133e6aa78f9579c000eb671

SHA256
ded0c634044976193693efbe98943bb026383c0a58c6535fd1d50e1ac7adfa47

SHA512
215e6ac76ae003d0f89bffd93552ebb2eaab5df41658986495a1ce2e7710b202399ea8de485adfe20292218635c074bdd6758f58101db242638cf09c36c3faf0

Download Submit
C:\Users\Admin\Downloads\BlockUnblock.raw

Filesize
398KB

MD5
6b5ffd4436c5bc29f6ce5998795dafc5

SHA1
a04def744ff4b3c3d46f1052dcebdc593a0dddf5

SHA256
006c41aa70ef16e1da62c334b36acad596b1602824a1ba3fdc760f73c75f44c1

SHA512
a7fe2d5049be4f6818c3cbdb627c83cbb60669e47e384f555851298c2aa53e25059d574e79bda4c40dee66bd462f7efafd6955098621e6f625cecc0477bd8d30

Download Submit
C:\Users\Admin\Downloads\ConnectGet.7z

Filesize
951KB

MD5
e2f8b707fd6581617283e485af1fc5e8

SHA1
df8bf24a61f4df5e75fa24459346fef0908217f7

SHA256
b804eec10ab24ea3d8e991c2f150ee55f347bd6c66a9aa6cf42a16cd0a6bbe50

SHA512
4cd0dc40dca4610301817e7da147461fe86bf467db90711ac597dc21ca9e1085c31561c2d29bcb1f9f1722ab83549a8ddecbd43550026c962121dc0e3751c633

Download Submit
C:\Users\Admin\Downloads\ConnectSelect.avi

Filesize
553KB

MD5
8e2809b24d119cf0cf798a419219981e

SHA1
ba50750ec405c9c8e6260c6753dd8594176b1bd7

SHA256
5267f19f056ef5f991a2c189f5eb19025cb23c68e445f5e5ec6325a909918266

SHA512
1722b66ba072ef8e6dff61f8089c35a2368b28e43671e3f323ba3d3adbb8bf7f4c326f0882847ab7aa25efd394b3c58c520ca513f7f549d0e535d51c7f0b8f1f

Download Submit
C:\Users\Admin\Downloads\DisconnectSearch.svg

Filesize
486KB

MD5
9b596e5ea461075399b3b3bcbdf1adc0

SHA1
418fa0e98604c988f10263176b0deb07ec91767a

SHA256
a1e581a4203a3c74ba36b5d2493af540f17c63574b226b91da62ff246f8b9657

SHA512
7708b10a290fcfe28f9b796d8f103b72bd8f5f9d86071bf0769d5d0ec9fd34f262390a1b393d2a85ce0d95477680f891cba921c7321c6907c5603c5b5eb908a5

Download Submit
C:\Users\Admin\Downloads\EnablePublish.emz

Filesize
707KB

MD5
dc44a2724d3cebced468530771132606

SHA1
b0959cb6bdd5f412a55728a1cb459474db0e3892

SHA256
9f66ef7e1a119e1c4be604ae05d1f911ab7aab9e2c2830a2e1fee8b7305366d4

SHA512
ee45b4084b99cc245a90f938006e98ab4991963031d925e76c546f4d2d9d4309967c412ec950439b7cb18f4e6d4ab0e65a11a6a712afbc07f67436bdcf33d9e3

Download Submit
C:\Users\Admin\Downloads\ExpandStop.rar

Filesize
796KB

MD5
27b9e8eda2bc707753d73ed9e73ca05f

SHA1
42a138aad28141e2ee92dfe0839f0230b83e2f0b

SHA256
e6a7bb2ff9da73412f7e60082a64b8a368a6eed2d86b4dde00fb6a5bf190ebcd

SHA512
d181709506d732ab54e53faff2685a18e7b421b3110ecc0b652f345d5cc347a8848da35a7f320b86b8806eab23387dc93ea2d0cd6e21bec69227eda8211e1b59

Download Submit
C:\Users\Admin\Downloads\GrantRepair.vb

Filesize
685KB

MD5
5f8d375531461bf7d47e1fca505a3d0c

SHA1
13f1bcdf410d09d77538264972ea840231b031bc

SHA256
6afccb631e28b8f12915918075ac8249ca7d5708b330ede7df0a3d8893e8a5a5

SHA512
54301a59b654a65930cca485fce6a5f785315b8ea3ea0c34fd9397ccce057f70d7c9ca5d965aa670e611b9bb87d4f086c4b25fc03a09cf1585c87dea081b5a81

Download Submit
C:\Users\Admin\Downloads\MountSplit.contact

Filesize
1.0MB

MD5
b93318826508b2b5af1b60ddb94e085e

SHA1
abb016f82db10dbc0c8a46f60afdbd45023758e7

SHA256
9520a885768de24d897116da15310c82d0aefe1c84a7031c35e2837befb79dc0

SHA512
de315d1b5168d28cf3471034fef19fc62f9593669af0764202688d05c4048ebfe7dc7040ee84f6d580e5ccc177b42a1a6a27b2e801d444898d108e6067e3b570

Download Submit
C:\Users\Admin\Downloads\MoveUnblock.potx

Filesize
907KB

MD5
0ab6f11918cfdc5e4d00f3644bf16ec5

SHA1
e47e0722e38136458daf6ff4a2e32385ff288369

SHA256
020a5102c9da06cc47c208703b80fa72b999a9317d252e635344d2186f1720ca

SHA512
06cae552b8928e207e878efd8f0bc675a5b5dd32b12699f730ea1c6e41f56b49416402f6a8de3abcfa4c6359b28ba8140046db7daa995a29c3f085fca0349156

Download Submit
C:\Users\Admin\Downloads\MoveWrite.au

Filesize
1017KB

MD5
6b15cbb7defb95c22c44f41516603999

SHA1
ef0b58b49191309dd4ac85707d5616a2d7b81b51

SHA256
992ecbe099c25291e7dbebda22ce112d8ac92fd1d6be9b67a1da19bc2daefde4

SHA512
b7ebcbe97b2489a41e5f0a8df71c129c2180cf447dc50ab3965e9f52f3cd677e98a07ac4fa4ee1c31bc2037e8d0aec9ae36afc3a21e039dcf8e03a95fedca0e9

Download Submit
C:\Users\Admin\Downloads\OutUndo.rmi

Filesize
597KB

MD5
88dd7a5c3c968c115375dffaad2c45f6

SHA1
4e4d5b75071875b124ffbf879f0993c5fe080804

SHA256
1a6ec4180764a7a7607ed31014caafccf77ef1b4eb9add6de1f65eca093824b3

SHA512
f18bad1343d5e6602d53f9c444e0707753457619d648ea0c4c753c47ba970a4dd667f354bff0407ed677c6644a8d191e51a8ea1fc56dbd9e29332c5c76559186

Download Submit
C:\Users\Admin\Downloads\PopSwitch.wdp

Filesize
530KB

MD5
788540a0451d66848be411723ef3dfc5

SHA1
eadc452d3650714315201c1a5469deecaa585f56

SHA256
d32bf3f71634a25c64cd6f0d7bec5304be44389b0c2e3c40a553902eb1916ba8

SHA512
4a24af628ea0c541c9a5537fc350e18ad7331b8bb7fb403f45f76b9d0a8270d367049f1bfbfaa9f17b8273da11ff66344c2e6f74a756004e3861e9e652cf6bec

Download Submit
C:\Users\Admin\Downloads\PublishStep.wvx

Filesize
619KB

MD5
a3e3060ca6888611b6bdbc829d655b73

SHA1
0e7d4cce3615520ae671993d5039021b5d04d57c

SHA256
726e0ea795becda8d7989b78b5932738fc5a5e2a4bc8af434c72b29906086f91

SHA512
b40f9246532f82c9a9e0fa785820404fcb57c1c008d05d1a5548a443c94093ce6e443ea942d59e6ebaf539f30eac83149db79f6031a98d220f116f41aec391b2

Download Submit
C:\Users\Admin\Downloads\PushSubmit.emf

Filesize
840KB

MD5
12a4ac0c8431e9f14f580fc5ccae710a

SHA1
1ba4266990dc9a0cf276404a2d7a97e65ba57229

SHA256
bd8ee1593c36afab94cb89a1ed1651073a78436341334be4ec8c1b297f2ad463

SHA512
0c8c619351347fce70b2b50a30ad7eb8b227fbfb2ffd3e8511ce23f6a3a3a334b2fe74fff5a5027a26e5339ee735ae81ca659e50466ae573b8f8019852d03ea8

Download Submit
C:\Users\Admin\Downloads\RedoSelect.mpeg3

Filesize
730KB

MD5
3f73d98604c82b55ed5e59d47c5d58b8

SHA1
683a351651d0cfe2b67b9dabdf542f2ced91ae5a

SHA256
42271fc9e9acbac09d8ec49e6aa51ac819817b11cf15c994e6c0d8ff2a443d73

SHA512
9c890bdde52d55a67be12b2e89e7d527ba05f14a6044073a705cd18f2c664912dfd43780e95b43e5ee04a79f3ed3a651a87c0c76968aa3c5d3459d82df87dd24

Download Submit
C:\Users\Admin\Downloads\RepairInitialize.i64

Filesize
575KB

MD5
d48dc463c9a35b385f93c12220de21ae

SHA1
a2cf8a5464a391d3b00cbcc91ef4799557d2fbdd

SHA256
cce358c062623baee228c522bbdb09b14185a157c65ee275a58199b792d04fe6

SHA512
f3fdb16c971772530e1c610f98ec9e95d879ac38ba04da8fb56bfab510019202491de026db1ee0f1169943439ec0213b0cf47102b3bfd916e558690815fa3bd2

Download Submit
C:\Users\Admin\Downloads\ResizeDismount.temp

Filesize
420KB

MD5
862369ec71834acaf1aaccf012aa79b7

SHA1
aa054675417f1fcd236073d6ccfd5232c39f39ec

SHA256
4c020f3c9e7201e51d725551c3410f8ffda6982acd600454b8d722d437b2ac75

SHA512
b87f281b3b7d680e4ba3cac793daf30dba2a228352252bab740bd3328e48f439f8a215c4c6450197bbd7f05626a1c4f3780f3fa21f267ea08cb4248329291205

Download Submit
C:\Users\Admin\Downloads\SelectClear.tiff

Filesize
862KB

MD5
e83c9bae03e0a5fbdcf67518ccb363fe

SHA1
e89f48e9b4b9031b9670f5f089478efcae86a4e8

SHA256
d91c9e9c045aeeba2b4a8ac6fbdf87ef5fcd01ac1018e65cef8315926240e371

SHA512
c56d5947fcc8c7db84a0c6c4348898dec9c981725718a0e17be36dc446fc57b3db7ff098af54146bbf88562857e5bcf6f31f8d2ba0ca8b08e30cdce7de4a8b95

Download Submit
C:\Users\Admin\Downloads\SendExport.MOD

Filesize
464KB

MD5
3c114468a9ba694c90d55e4f7fb27f38

SHA1
684e83fd28f509616cd25059241c83be262b5086

SHA256
3482fd088647b032e8591ed1b23c7c4b55de5e7a0241f0307b66fcd37091eb8e

SHA512
83011a5ad3ad8bfbe7b98e60ec20e4a83aacc9ebe08451ff914c921bbc68526c6ef8eecb8eb1b6c120829478bb3128280b8c36d4b98272c5bb354afd5c9e24cf

Download Submit
C:\Users\Admin\Downloads\ShowRestart.i64

Filesize
818KB

MD5
cbe38bc98629b7891bc7b2dab332e72d

SHA1
a429cede2c91d5c8631e1f2aa6743aa9e08ba78e

SHA256
f697ef34d7608aaf0b32fc44c494c030667de674d2c6fb8592b5154410a968e1

SHA512
c277dc4c05a32dfafb59fe0128e5100c97183c39a04b8fa265bec44dce6c4457e2ed6a0ed34bde3df4ede7bf3925f6667fd63adc8551db446a82e36430dc4cc5

Download Submit
C:\Users\Admin\Downloads\StartDebug.txt

Filesize
641KB

MD5
21c8de078a3e843ed39cc39b541882f2

SHA1
d69e141a6310a593131ef715a343132f3f9349ba

SHA256
006808dccef5d0b0cb7465f73f062961cf8f01ba92f8288f5cbbe6a2e522bcf2

SHA512
1388b1307f4911344560fc0e2966a63955893444d22e4eb38b02a3e597eaebed6c0a1e24225f51144f27ff9f9464acee753e3ecab0f961eb43254ae70fe93ce4

Download Submit
C:\Users\Admin\Downloads\StartExpand.mpg

Filesize
973KB

MD5
941359393d4b128b6d6b3d226edcc321

SHA1
483dbe473f1d62e47cc3831488f917858d1e224e

SHA256
550ec044ab059c8f8ef63c163b7a30c5e5396ed60bf51087ed89bc8f2e041eeb

SHA512
f53f35241f9eca2657d3cb8633786f14cb36bc9bc191fcf8df6f82c41ad08a9eef6c0afa90c4a66ddffebf2eee735e8957d0e0d16ac36d1b172e28ec2f36f16c

Download Submit
C:\Users\Admin\Downloads\StepCopy.sys

Filesize
1.1MB

MD5
b5f1c4f5452914b4acd72a558575f7f5

SHA1
3cffee6b1a7ec24b089c61025798ae8a18c557ae

SHA256
2e3a17418ccd707ea85ad427ff99959277dc1e0238177c6f25266b645a734f41

SHA512
07ce0bc8830131b511c6fcca57ae28266414f34a5b85dce540a0ddf4b49ecb1a6eaf96bbdf13fafcd563a8e7ce89a7e912f2dcbf7cb9c42ed0e8db1bc43f9ae5

Download Submit
C:\Users\Admin\Downloads\StopOpen.mpeg3

Filesize
508KB

MD5
64176ba4115d5f965a5e280896dc5cd7

SHA1
f17ad3f5bd02130d399e8ed4baaa38a0b805acce

SHA256
193b46a90ab3dada1e959f7f7f047c30aa2f72c57c893def1b82e4b3ba7743f6

SHA512
9979c7892253325c5332001e1740fde839939125833bf2ac38d40c1b28bbe5ff34331a6dea35d6307d4d0531062eb663cc219988eda1e42310473ce2e4513337

Download Submit
C:\Users\Admin\Downloads\SubmitTest.png

Filesize
884KB

MD5
0b83cf65bbe48c6c5d257180db26e0b8

SHA1
e0ef2d49cb4930ffab0093ed1c49ce37b274d1e5

SHA256
28291dc3db1047b117daa607117dc8d54a47724dabc54b1a637b136d533892ac

SHA512
ec73bb5af1c77c67e635107e92e99cfbf20ae498342c508d671eae87aa298ef81d20c04cdc561e22dbbc59ea948b08d3bde166a15f096038be1d2a9a87cf331c

Download Submit
C:\Users\Admin\Downloads\SyncClose.pptx

Filesize
663KB

MD5
dd62b6bf6062d8fcce98c95470320043

SHA1
b9236b5ef96a386a21459de5e7bcd742be98021c

SHA256
45f07fe472d95bf68991a534cbcd2b89fa21be7f21d871da20191ef4ec1e4de7

SHA512
81ee6aa1002f96ff7d79a7f6a70f51a62846284857886dbe133f5457d574497f348f18348ea3964b2821ef2fd2c0c0017967540d8909e46f00f3cdcaf9e73e80

Download Submit
C:\Users\Admin\Downloads\TestMount.jpe

Filesize
1.1MB

MD5
e05ff79a188a5dfa55b71547d1813084

SHA1
1896498a460381630c95e6b85b1901b702856494

SHA256
c7be501393774ad648e6f9a9bff37f04c2b1818539ed9e2e12a700d15e2abc26

SHA512
b421eee4f106a9522c30eef822b2d25aaeb381a0688dc8e6ffe6228bffd76d466cd0b2fe343c965a5e8a1a108e14ff41366df4ff4388528da83fb55154affdf6

Download Submit
C:\Users\Admin\Downloads\UnblockMount.aiff

Filesize
1.1MB

MD5
3e7cf9fc851bc7dee90ee199ddea3092

SHA1
7f256faf6e7279782d260cfe1d57c3f7c8e20c4d

SHA256
7d7a56f9bf01dd74bad049c301c4afbb36bacf6e394fd8928fe82167948e87d1

SHA512
6786e633775914462f3b2decc1508b67803f0f58d070a6437c7e23028bd75eb705b54e90493342021325c05ab89cc3918da5982de34ac03d293265f800a218f2

Download Submit
C:\Users\Admin\Downloads\UninstallJoin.htm

Filesize
1.5MB

MD5
8ea24fa9085b467156102404df1a7743

SHA1
7dad5dcc4b3a2726e7b002e5f1d0a82f0d0e1ce9

SHA256
f7826181ed7512e92e05ff2cdfa26dafe58005d984bef1f16a048d02df9287b6

SHA512
b79dd187230d1fb8c56aedcb09abb5e0c2b769368fcc67083493cfd4171e46f34004b870f572436d58d385d080e7c50da6371b1fdf719314411b8e964ead4863

Download Submit
C:\Users\Admin\Downloads\UninstallMount.3gp2

Filesize
774KB

MD5
e2878be0dc6cc13cb6c1ce64aa0f8da2

SHA1
2500f85981dd484eec21fbb469a64f66869ee3c9

SHA256
c9434abd333c134e6d6d9e192dbedd4ebe7a1347fbce9c0000465aef7c8dd2f3

SHA512
cbd66761b5c84480cd8112f942dcfc5faf64c8b6672bb6ff4d5de37733568a872c23437fbbf224220051745a8cc113f8da113db124dfbda96d53bda20c85dd17

Download Submit
C:\Users\Admin\Downloads\UnlockOpen.txt

Filesize
1.0MB

MD5
ea5ca4aeb22e69d09019aed242d544b5

SHA1
f8dbdedd9771c897bd83cc623756b2de6bf1824b

SHA256
b159a112c30ac1c7a17c75eae0d7d12b62cc889f868d104628b6c035a1b5a80f

SHA512
886929b9b52f0e2c8691efe41a23b0733f33eba9d9cbe1af8357196e83d564ebbd3692eb4dc4a61ea6046cdd67df0b59cc76d2641ccca32bae4afbd508a5117d

Download Submit
C:\Users\Admin\Downloads\UnregisterLock.jpeg

Filesize
1.1MB

MD5
dd069ae1c8db095d5e1255d58e3defe4

SHA1
6cda3f4c8d8d0428277aa2fc67a4dabe2112219b

SHA256
d356781333aa1bb139db613339dd10b68669d53d68096b0a2d52d614b8df4415

SHA512
67a792cd1afaa2dd56e75be6a2cb28b7acd01ab3a9296b7ce67a3a83eb570e92917d383921d0ba39cfd5c09064b13e6fd5386d16e7b4dd83fb6f85d17dd7a9ef

Download Submit
C:\Users\Admin\Downloads\UnregisterPublish.mid

Filesize
752KB

MD5
f53462496fae96d13f7624e69cc4a69c

SHA1
7da97073792412de8f69c78032b66ff02bbfb5af

SHA256
bc44cee0ed43e880cb16dcc98e813df75fce8266a104bf0078f45746599c5fa2

SHA512
2363e76c0b1c25655a2bfefc307d7761f1eb6406ead03e7f63881247589b286c10f5858f4e55441cf9855421fc8fed6ba626680748fcbfa3c11a670c5e78d814

Download Submit
C:\Users\Admin\Downloads\UnregisterPush.WTV

Filesize
995KB

MD5
194dd4bc0bf8484a62fb884a0e8a288d

SHA1
2d7550ab86b69240febbcf47304e9166da6667dc

SHA256
438b0cf60d8ed85d147f00b049b71d7ab7d0caa3a8c40455e1243067f79b4d19

SHA512
c125c0428645074fd8876b05edec073a6e34b96be30745939cb972b8a9cfd4a8005b9ef5ac9abbf1bd381220cf9f5a57723a2b1446b9b4318dbc1c6ff8ce9c2c

Download Submit
C:\Users\Admin\Downloads\WatchDisconnect.emf

Filesize
929KB

MD5
e8cbbeb62e02e9807fa77a8b9e3c9691

SHA1
163f224a147747a19ee1b80872b5ff4df424a6ee

SHA256
0df53d6fe9550c44c47f01cf717b549fed6b6c0e36c7c1c1d1b9936c50ccdee1

SHA512
3fe2ba453f5862481f9f9511c1e4ef8b3ebe2ccf4e79c5ce754b4b158ead293c60d1643145bd7e0fca51e6064dd300d388023daefeb93d0080474dfaaad8688b

Download Submit
memory/724-9-0x00007FFDA2C70000-0x00007FFDA3732000-memory.dmp

Filesize
10.8MB

Download
memory/724-2-0x00007FFDA2C70000-0x00007FFDA3732000-memory.dmp

Filesize
10.8MB

Download
memory/724-0-0x00007FFDA2C73000-0x00007FFDA2C75000-memory.dmp

Filesize
8KB

Download
memory/724-1-0x0000000000B70000-0x0000000000E94000-memory.dmp

Filesize
3.1MB

Download
memory/3916-11-0x00007FFDA2C70000-0x00007FFDA3732000-memory.dmp

Filesize
10.8MB

Download
memory/3916-10-0x00007FFDA2C70000-0x00007FFDA3732000-memory.dmp

Filesize
10.8MB

Download
memory/3916-13-0x000000001C050000-0x000000001C102000-memory.dmp

Filesize
712KB

Download
memory/3916-14-0x00007FFDA2C70000-0x00007FFDA3732000-memory.dmp

Filesize
10.8MB

Download
memory/3916-12-0x000000001BF40000-0x000000001BF90000-memory.dmp

Filesize
320KB

Download