c24867593c1e7e435dd18ddc3be471fbe304ad558c9ed2076f6004736fc79082

Resubmissions

29/05/2024, 08:14

240529-j4zxgagh94 1

29/05/2024, 08:11

240529-j3aaesgh36 1

Analysis

max time kernel
157s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VBS test 2 IG.vbs
Size

109B
MD5

58f1742a367dbc21d7a8209489bc7237
SHA1

84d06505ba2136717223a6e6b01e0849595a96f9
SHA256

c24867593c1e7e435dd18ddc3be471fbe304ad558c9ed2076f6004736fc79082
SHA512

24f13aae4292da6468ed138446828e7eedeecd4959d6b95213b88dde324df6df89c44e951c82ab78c7a93d8837fa848d2c9969d998745e35301b34b716b351b5

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2860	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2860	taskmgr.exe
Token: SeSystemProfilePrivilege	2860	taskmgr.exe
Token: SeCreateGlobalPrivilege	2860	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe
2860	taskmgr.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\VBS test 2 IG.vbs"
1⤵
PID:2320

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\NOISE.DAT

Filesize
741B

MD5
de78e0c57bc478d47cc2f470b68e1a45

SHA1
b2116df8556f300b286faa1b03bd36428113f34c

SHA256
5e0ea86d897190db8c6e7d607fa2051a11cbb41f8615365f61c5accad7c9c05f

SHA512
39cfefedc03ec11193a5c912b224e7d59bc977c9ee9a2784ec9ac52b6adb200dbc94181196ebc4a4f5894923218e98d7bca5c09fffc55ecc6813c34f0f6c7876

Download Submit
C:\Windows\System32\OEMDefaultAssociations.dll

Filesize
23KB

MD5
81df51229e3f886e50e082b38411a13c

SHA1
ac0fad689437c6dbf8f3fbafa615cfcd43b533b0

SHA256
b9bb350209a606c63efb553f531745b9158bef2e3669d4e8518200860d50904e

SHA512
f385baa9bdb121dafaa126ee2b5482f410571574ca28867419cf1588cc77b9673b14b94fae3f0879452f009b7c82afc48390f2cb452ae14081dee0ff0e5643f7

Download Submit
C:\Windows\System32\OEMDefaultAssociations.xml

Filesize
20KB

MD5
d55b689df6269b40e170eafbcc0c34c4

SHA1
0dbb91d4caa19e16675fed2c3372a7e8a2e8b58a

SHA256
8135232b10b371c75edb9a1c42dd6c4c79d48cf7d131b256d69931fedb7b3aba

SHA512
07c66e54f1f19b3831c08e56b9388d564204d48c9e06cd271d592a0303d5e7061ecf1f672d447348c4a4931316f2ba83cd8f738aaaf7ddc4d7f8520b852b728f

Download Submit
C:\Windows\System32\PerfStringBackup.INI

Filesize
4.9MB

MD5
c6833baf16a419db699d7280422b4eb2

SHA1
3724439586127bb9afb3b58bf8aad59dc29eaad7

SHA256
ae368029682abde480d020c006c745f7ec1a7298162a5fd71745f9c8fa5dca00

SHA512
78ae921bb799a6902efec9d8d6dda2834d16d7bb81aabba2a4d964b84560557c7a1441ecf9d3cc3ce606d364654bf36f7ed6cf7595709a49ef0c09d5d91257b7

Download Submit
C:\Windows\System32\msvcp100.dll

Filesize
593KB

MD5
d029339c0f59cf662094eddf8c42b2b5

SHA1
a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

SHA256
934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

SHA512
021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

Download Submit
C:\Windows\System32\msvcp110.dll

Filesize
645KB

MD5
7caa1b97a3311eb5a695e3c9028616e7

SHA1
2a94c1cecfb957195fcbbf1c59827a12025b5615

SHA256
27f394ae01d12f851f1dee3632dee3c5afa1d267f7a96321d35fd43105b035ad

SHA512
8818af4d4b1de913aae5cb7168dcec575eabc863852315e090245e887ef9036c81aabaf9dff6dee98d4ce3b6e5e5fc7819eccf717a1d0a62dc0df6f85b6feeb8

Download Submit
C:\Windows\System32\msvcp120.dll

Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Windows\System32\msvcp140.dll

Filesize
554KB

MD5
c7a693fcffcb6c245282d1132e38ac5b

SHA1
8965f69c938eecb2226ad7329a9df5109d93cb8c

SHA256
a8102891d06b5f21c35c67e4ab26eb84f54405b67e67eaf75dadc62cef08b55a

SHA512
321456ae04eb392734a0aba27e965500467d58dc1277fc550b6573916607ba53c686db05219ce326fb3f9289cc4430b85990362f630e4a7829345067986ca6d2

Download Submit
C:\Windows\System32\msvcp140_1.dll

Filesize
23KB

MD5
1dd99e6af2a3540646178c6cff4bb1a3

SHA1
e6ee44e1757eeefcaeec0a8b59bf26924ba7115e

SHA256
3b863fdbaf3d8743f49f9582c7424abe82874859752c89a5dbfe410682e0df21

SHA512
77f52f97263cb596e3acddeec96462e5c7d037efb3c99d88799e195fed971e85faf765b02a44049296e41bb7a61485201fb39675cca926f5bc0ed9713facfac8

Download Submit
C:\Windows\System32\msvcp140_2.dll

Filesize
181KB

MD5
4e15ae636bda43111ce456ae0f28c535

SHA1
c84ef65fbc8fafa30cf5963658e9bd05f6ed1944

SHA256
5bda82dffa3e617808bc32c00918bcde8e6a4ee7648bc362a477549c86dec907

SHA512
244eeaf63af0e87395bf4e1bb1bf752b4501450b3cf172debe8844aa94cf77ccd1906d3c2faf9ed8c1827eb4be3ad4f2486276e44a9987e872ac026d57df46b6

Download Submit
C:\Windows\System32\msvcp140_atomic_wait.dll

Filesize
54KB

MD5
3e57edd976b8c200d53eaf6f065abec1

SHA1
14bfc824f1c2c5372a04d84b757418bdbb8f43e4

SHA256
c4ed383a021518c99e94cba9367a155aba1ce394f4423d02d2a52953ac3ee154

SHA512
3cc77094fbfb0e426fc11edc01242b59c3c980cc59f3bd74ae050fb349f378f167b8edb7541b46fa554963d85395fe493f5ac2c620f301dec3647c554a80e8ac

Download Submit
C:\Windows\System32\msvcp140_codecvt_ids.dll

Filesize
19KB

MD5
3dd7dd018d9ef510b571068562d439ab

SHA1
e78d09f5b5a2f92d2af52d52ed40efeb28920680

SHA256
5baa6445b21d07ce183144cc2a997d17892dbe38d7fe3acdcfb37e081d41eb17

SHA512
a6e430da3fa92715461f21d7e48bd5002cd16ab9f9827304cd789ce8e615b123f0e377958b1a49ac85ca1c15147f9cbaa9656b1322a853cd51e748da1a4973de

Download Submit
C:\Windows\System32\msvcr100.dll

Filesize
809KB

MD5
366fd6f3a451351b5df2d7c4ecf4c73a

SHA1
50db750522b9630757f91b53df377fd4ed4e2d66

SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

Download Submit
C:\Windows\System32\msvcr110.dll

Filesize
829KB

MD5
7c3b449f661d99a9b1033a14033d2987

SHA1
6c8c572e736bc53d1b5a608d3d9f697b1bb261da

SHA256
ae996edb9b050677c4f82d56092efdc75f0addc97a14e2c46753e2db3f6bd732

SHA512
a58783f50176e97284861860628cc930a613168be70411fabafbe6970dcccb8698a6d033cfc94edf415093e51f3d6a4b1ee0f38cc81254bdccb7edfa2e4db4f8

Download Submit
C:\Windows\System32\msvcr120.dll

Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Windows\System32\nmkhunfbbfvzi.exe

Filesize
10.3MB

MD5
1f7e5e7dc911009b6f69b563ba5601d8

SHA1
bc89482e51988e7a76b8a11310d007b19eb7630a

SHA256
b7cd11a0c4dc526bd27ce344c97795a342b8b5d633bb20462b31f772cbdd618d

SHA512
5026457508e1ca072f90476928d4815ceec7cd8983fb512b388fa4ea202953aaaabe157f426b42a866620456010521d3fed1a2b7ad9dc2eb34eea2877cd5a4f2

Download Submit
C:\Windows\System32\ovp_du.exe

Filesize
7.2MB

MD5
f6d8913637f1d5d2dc846de70ce02dc5

SHA1
5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

SHA256
4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

SHA512
21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

Download Submit
C:\Windows\System32\perfc007.dat

Filesize
146KB

MD5
5ed02abcca9bca91a5bb51555f227329

SHA1
6269df9e669b50679e8db530640029cb0c7c6945

SHA256
b787aa97087631f0c35b3c81695fba3028bf3b2670239e27d77e6e1af6c02733

SHA512
78ee64904bb5789237e8e3fe739af50e1e2502c0d6e3f43f1edb12091906224ebc1445597d11256e4e2fdb65958041347bcc439722788aec8fe637c916608983

Download Submit
C:\Windows\System32\perfc009.dat

Filesize
130KB

MD5
aaf1b0ad1af7991606688d05b1c7dc84

SHA1
c36b7036547ed707d5f4de3cf8d392f78222ad5b

SHA256
2fb4627e283545e8f4c857b22a3c242bec944f9433470d720fdd95f45f5b2608

SHA512
bc1d8872a903cc328503a210bf3b9d19140664673af0897c19aa88a49cdc2a8d20cb7cdb0fb9d6288e8f04ede4fb4aae832bb9af07e05e01cc450744610bb949

Download Submit
C:\Windows\System32\perfc00A.dat

Filesize
151KB

MD5
126ba0794b2573b1d9ae9cec193619a5

SHA1
6a66c8959b7ad325461cab16ec264c21b0be92df

SHA256
a41a8aa76a3f79903dc9a4c6615e0b41162bff792467411286f0fc458dc6837a

SHA512
c755744868578f4060bd2e880bd0e36e75d4f673ddd47e1c4b1f9e4b6b4f9b12a98b5161e89442687400d08e266d05ab60ffacb1abadf9b8cf2d8f5c46ac2f3d

Download Submit
C:\Windows\System32\perfc00C.dat

Filesize
145KB

MD5
c1574b4b8802b26d287ea62d8c570cdd

SHA1
0a072e6cefadf908fdb05d843a917872e0045d90

SHA256
4746cc05934f69596bda9cfa678b80e3311cfe21de4682120c6fff1b140fd893

SHA512
1d5600cd2abd376e3feb5055c885fb066ce010efbe40e432f607b846890f92b2a38e027699658e4e4033fdb9ee80bcfbe4c23f6b47a5d6ffda09c4bd4526acb9

Download Submit
C:\Windows\System32\perfc010.dat

Filesize
142KB

MD5
dd17fab2e74e18fa9a8dd7c2475de6fc

SHA1
0fb0656ebdacc28c2d056ceff2579a485507b3f9

SHA256
3b56a360bf9cac36d8cdf9a76147c504490444e65c1435c188d0174e63da8a65

SHA512
3ccc0f4e536649d88a524e0fc2a4036a2d3354d76a7b563733751ff70b8e4fa6603de61c3d065db28df8e27fab32fd7a83297b3d8decbd13433bcd3d221cbadf

Download Submit
C:\Windows\System32\perfc011.dat

Filesize
129KB

MD5
75d37b9eab31658094d5ac5391445d1e

SHA1
f32711fee9c7b7f53827852f860cc5596e991bb1

SHA256
8d4fcfeab4922cfd4e6d8fbbfa7f51cf2658a3938e9a4a246b5957ea0f982d9e

SHA512
dce15adf8894f5cde468083f644ca22aea1cc12184a4b8da9c48c95594d25a62a1a1d1672f69f0ee9459f17f7d4ae963b88e016f8ba42155f03ae6e7bae2f3a5

Download Submit
C:\Windows\System32\perfd007.dat

Filesize
39KB

MD5
c6a00700213a4cdfac7b02faabc2fa10

SHA1
d1fab1803050a67c59dfce442c1f1dacb166d0dc

SHA256
987d276742eba82260ac1509adc8678651d30103162b44d4e62fbde1b2f28559

SHA512
e3c879502f91b7e4ccbd300372108ffe0cfd2e49070c54f1b27fb83d3c0a7344ea7393b619f1fd6b21314915e32c50fb93f5a1511a383098107c57f1a14faf1d

Download Submit
C:\Windows\System32\perfd009.dat

Filesize
32KB

MD5
1e60bc5e525063b96078df17fbd3c4e1

SHA1
bae8eda409cb3e016ddd420c6354aeaac2d267b9

SHA256
a0894847ca6208cf7e519d8e825458596bbcd78156a453e32872de7592ea20d8

SHA512
5758d535e4ce20cc30b9b57fea1811feffb2655ecc6eec69c942defb4b4f8c06e8e37860f85ec7cad26df9d7635ecaf131a68ec4ee291aa36e448c7ef2339652

Download Submit
C:\Windows\System32\perfd00A.dat

Filesize
42KB

MD5
08728aef33bbac5884423c1597e74a29

SHA1
64d28ea3dc5c4392a0210b4d26db146b26e40f0b

SHA256
fbd64fca18300003ddcdddf3b25ad501cf224035ef5975dedc64c7d139eb69e6

SHA512
001cc1ef7a69ce59a9e37133a8cdf14cc8e7a09bc74d4678d9af25da3eaa9d99efc6fdf64fd2e301acb796cef4a988d502b63a61dcce14511568130bb1551a0c

Download Submit
C:\Windows\System32\perfd00C.dat

Filesize
39KB

MD5
9f9af8517189b0d61b2615007e071084

SHA1
a33753ca07f370b7d99f6658b32abb97eed7bbc4

SHA256
b6dc84d6c21f558e69174d3b62e13fbb8aecd5e49de0fb737f56445a9b883034

SHA512
640f51590a6f5d61e9dcb9a463a6b7aae6d88749843d1ec62f30a00c95b4a449b442281ac61058db4da464bee03e62a1f43a91b0a05914d4dbda2bce007d745d

Download Submit
C:\Windows\System32\perfd010.dat

Filesize
38KB

MD5
4f32511bd6124c1b65c8f7fcd244a82b

SHA1
6d840ddec80ee4f6ab99a1d0b55c50a568edd722

SHA256
8ceaa2e1a9cc8b7f76e6a2551bb1dfbcc64896c8c3fd5901e417f41ddff35e6d

SHA512
ca8c8103a4ec3b8f1a070ee2a3301f8af64e08cfd40b21022e5d9f54e3decfc55b7571112d186aba9d7b4c7b5720f7eb0ff3847b39366dd04b912dde386a73e3

Download Submit
C:\Windows\System32\perfd011.dat

Filesize
32KB

MD5
50681b748a019d0096b5df4ebe1eab74

SHA1
0fa741b445f16f05a1984813c7b07cc66097e180

SHA256
33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

SHA512
568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

Download Submit
C:\Windows\System32\perfh007.dat

Filesize
724KB

MD5
2c0ec88545af92328c019d26a8d2cb5f

SHA1
5124c85261b5b555d8728f9a2278265b19ac806b

SHA256
24d008dea5aea97906be35e32891c98b5f7eb981cb27a5f80bf2e68fb7f49340

SHA512
6c6c0225ea45148affc32436af897382ef31c7e6703982f28d037998410b1e485018d4dcd81cfc1356d0ddd070c5295fe7914a7a8ad8701760654d671ee848d1

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
693KB

MD5
3071151784d57e71d79ba530a9cdb118

SHA1
124c701e68f04bcba17c0d2cbcca31adc3a3eca2

SHA256
dd7aa1c18ed73c796beb59078d146201a58f4124d7c744e0f7efe93283e32914

SHA512
865b2f10a54088edb4a9ec58d6766e3e0a222a8e6d159ef5a7454776d94b0c65ff81c8e215b2c0e71877b7857f3c0135951c25364c4ccd6eaecf93c7b6128011

Download Submit
C:\Windows\System32\perfh00A.dat

Filesize
767KB

MD5
feb35e575911f5d568fbbfa7d0434412

SHA1
e896dfc32b25633322d2e252cfa65520d30677a2

SHA256
bf628d6ab769fc710e7eb097ca0132bd88cfbf63bd3aa08e24cd5820594fccf9

SHA512
c9544c2cfed9fc11696896cd6d6184f9de0e8e26d3d61cf211449de77d9ec8cac000d3408ccac8baf078a82ed73f735e9f740a00af59a392f14673e2bae056b5

Download Submit
C:\Windows\System32\perfh00C.dat

Filesize
771KB

MD5
099a4cfda7f72958205e2dc897df9d70

SHA1
3acf3a8bc62f4acea89fcfc721d0c57822bad6cf

SHA256
454dae9e37ca1458c67087f801a7a8a73d73f43c4efb57f64d624c5190662c40

SHA512
a531d8767afc2ce8005c9433f430acb27011c7ff41db25a69e70f0433fe6224a8f42c7d95aa3a4680d60c4351f26014e05a7d79d9faba42817a3e700c385750f

Download Submit
C:\Windows\System32\perfh010.dat

Filesize
760KB

MD5
2b41db88b556a31593911ade702a8306

SHA1
9820c8ffef6b27fad15badab22408eaf52d58300

SHA256
61a5192c872e646050ee10eaef95bbc313fb7ae639b43c1ed3d2040f50cc1186

SHA512
0b0c6b8cae683aa645ea2e0285209ac6d82624bfdacdb4e0b92d8118c30fa2fa6def665150b548e4adbee399074f73a961217e6065b05e65919c198efeb424f6

Download Submit
C:\Windows\System32\perfh011.dat

Filesize
475KB

MD5
7f2b576ab40800aa5f1e3c163176c1c7

SHA1
7c24fd2342498e1095f58d264078988323834e20

SHA256
f98dfd85751e15486b725d4f36f7ef3fa0d72b76dd48401ce93e68b19e486e60

SHA512
6780454b0ca385ae18baae45ca37103aa69352ce5dcf1f16debe6a49923a4137e4e1471439853ca8a965c12a9a5498b5f634119a1d9daaf5301e43663da7db94

Download Submit
C:\Windows\System32\perfi007.dat

Filesize
298KB

MD5
eadd51b4e0a81aa0a1ec7392a1ce681a

SHA1
f384c3bc0f16ccb5049ebbf7df776e684da84706

SHA256
1a2fd21891c4055b2ee03ee06665f1a09a6503f7a4b57acba67820ec561d12e4

SHA512
de74112ed8f81f4723241102e9e493921419f836e7f095000a0ae34616db1886c22dff6ab4dfd5bd1ebbc9840498c3606ac0e5791f7fadac1b52c18043571ae4

Download Submit
C:\Windows\System32\perfi009.dat

Filesize
290KB

MD5
56c3b96dd714b0da77c0b9fb0d392c86

SHA1
6dfd6e883c67ea4aef8a03d28874a677441e512f

SHA256
1bc70ca290a7b4afc37049a8435c81d9b863520609d2e4f627d08cd21c07a58e

SHA512
c2036039da93d0c594b99aad74f1bb807c7230a746d749cec57a5f6012e8dfc401f9430fe1c7090280532ffdb044f7a4970e17e5cede82581793d69e9bc6d10a

Download Submit
C:\Windows\System32\perfi00A.dat

Filesize
338KB

MD5
757de55399f7c5167e7cdfa65f184108

SHA1
06876adabd18e79946cc5280861145432257d210

SHA256
e7c22cb8443fb549de7a3e826645450ed47169ce0168c740096de44addd360dd

SHA512
51977c1104108e5b5ab0042e6d10ec95195be8c62dbd547b85626cc02b35e46cb363be8804f360220ce347709da3ba1626f253477b7512cdd414f1ad96cf4571

Download Submit
C:\Windows\System32\perfi00C.dat

Filesize
342KB

MD5
9a780b14eeafa8b9a2409f02bf9d9af0

SHA1
f52c28235879e45685ee0163f97c31099baa616d

SHA256
a04ee6316af61e7a475d47ab74744ea485b419566f5e40c96ec09b400926b932

SHA512
f316652ec8dc3af06842de056329230152e74f53530c4f099a2ee73a96106f2fc3dbf244dce75c10e3131cdfbaa3b4a28d8ff116f8d6d7ae7b5553688c170d7a

Download Submit
C:\Windows\System32\perfi010.dat

Filesize
333KB

MD5
70ac53e2ebbd863ff7f319d68aed16f7

SHA1
90109a5028b07e8aa36846fe5096e04bd97839d6

SHA256
a4e35710b8277d733eec1c165459f85d9660fbe264ccabe0a624626e93763e37

SHA512
8fc6d4c665a642e86acfffa35ce6c6d7bf49c1a414de8b15fb5cda8d121f4d671914aafe0625ad11e87fd74f0bba2d40b9a71f373d1ae67a12b238b023682af1

Download Submit
C:\Windows\System32\perfi011.dat

Filesize
141KB

MD5
ab91dd7fa8878b8d14608522cc38102e

SHA1
c4cf62ad6183a2d341fb3de756cb672516897183

SHA256
7aae74ee957962add631778e45a174693a15a2e9ca48e151f2fb5e31488eecf7

SHA512
f1202cbb56c93182d1aec675d9d069d1156d2cbe11cc6b05358f0e83786e4a04b0a6ba42be378574d01b8d17a3f2e38110d45f7d7a10cd89f8d7d8c83ff35455

Download Submit
memory/2860-9-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-1-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-0-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-7-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-8-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-2-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-6-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-12-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-10-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download
memory/2860-11-0x000002721EFE0000-0x000002721EFE1000-memory.dmp

Filesize
4KB

Download