b2f95778fb051f8acecb6be7b9162b94f8df366ed33908cd78e88dfd6ec2a6a3

Analysis

max time kernel
135s
max time network
151s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEmu-setup-abroad-sdk-mv2 (1).exe
Size

23.0MB
MD5

e84f54112e5ca9e499383ebb8d5728c0
SHA1

d0e1df5ee9ead2a26ba7df06b899770f13397c6a
SHA256

b2f95778fb051f8acecb6be7b9162b94f8df366ed33908cd78e88dfd6ec2a6a3
SHA512

e0813d5d58dfbbcdc281c8e04962c59f6185c0524caeb91fd77adeb539020eea53878eb1def083b377e9c6d03dc43688d68a94ef7d3cc3a9cb9fa202add1ff6e
SSDEEP

393216:gLn778Sd3o+84Jsv6tWKFdu9Ck7vUiPbKv647n+YlmYo:27Iq3orD2vegmP

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 3 IoCs

pid	Process
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2680	2180	WerFault.exe	27

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2180	MEmu-setup-abroad-sdk-mv2 (1).exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2180	MEmu-setup-abroad-sdk-mv2 (1).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	MEmu-setup-abroad-sdk-mv2 (1).exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe
2180	MEmu-setup-abroad-sdk-mv2 (1).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2680	2180	MEmu-setup-abroad-sdk-mv2 (1).exe	28
PID 2180 wrote to memory of 2680	2180	MEmu-setup-abroad-sdk-mv2 (1).exe	28
PID 2180 wrote to memory of 2680	2180	MEmu-setup-abroad-sdk-mv2 (1).exe	28
PID 2180 wrote to memory of 2680	2180	MEmu-setup-abroad-sdk-mv2 (1).exe	28
PID 1300 wrote to memory of 864	1300	chrome.exe	39
PID 1300 wrote to memory of 864	1300	chrome.exe	39
PID 1300 wrote to memory of 864	1300	chrome.exe	39
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 1588	1300	chrome.exe	41
PID 1300 wrote to memory of 2664	1300	chrome.exe	42
PID 1300 wrote to memory of 2664	1300	chrome.exe	42
PID 1300 wrote to memory of 2664	1300	chrome.exe	42
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43
PID 1300 wrote to memory of 2748	1300	chrome.exe	43

C:\Users\Admin\AppData\Local\Temp\MEmu-setup-abroad-sdk-mv2 (1).exe
"C:\Users\Admin\AppData\Local\Temp\MEmu-setup-abroad-sdk-mv2 (1).exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 308
  2⤵
  - Program crash
  PID:2680

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef46e9758,0x7fef46e9768,0x7fef46e9778
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1512 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1176 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:2
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1344 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3676 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3524 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2492 --field-trial-handle=1380,i,16459102846144207785,16084172945665032084,131072 /prefetch:1
  2⤵
  PID:2240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf785b3a.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\Downloads\CloseReceive.csv

Filesize
988KB

MD5
2b35beb691a36403962d38e7101d669d

SHA1
f0a9cb06cc04eaeecbea0751b5eea1bf55677069

SHA256
524b74ec8b4e991da4ca662ad22308d9ba14cb58acafe8cb4a300b35c8221fe7

SHA512
048d8bafdf9dfdfaa5da5326f2e8eedcfd0dc42980231595922a11f0206feeea4aaf5325395b86a0c0ce224a95a9199c87b248c72b6bfa5697bfaed18d89aa3b

Download Submit
C:\Users\Admin\Downloads\ConfirmInstall.odt

Filesize
662KB

MD5
46799f595680e30fc46c07803dee3921

SHA1
b631d0278115406e1040382bfad30d7a1bf31970

SHA256
33f09a3c42872c4c93810660d5fbe9f0f2ceac376e5a24205a1b2b1cb5046e0b

SHA512
5bec5ad288c0e5199e19f6846fc509908cbfff788d550fed434e450e6c2b0d26222a81eb73320c87f1a119371c540b3f49cf4e44ecdd7ea0db85130de47af1ed

Download Submit
C:\Users\Admin\Downloads\ConvertUninstall.wmx

Filesize
749KB

MD5
97cb51304d6c8e79c7f4701f657e84a6

SHA1
0bb87e82375de07bd5afb5df60219de6cffbd175

SHA256
6360cceb31f6eb4b0eb1bd31be1ef895173637de79e5e042e7ffb495c70895d5

SHA512
2f944d017ceea93c6bbd14db83f7255771918f2bde438b4f0911f714c717c4ba5f176db88a3c51bc6c032eee209e8c19feea765a7baa869765ee8f78920e4591

Download Submit
C:\Users\Admin\Downloads\DisableReset.jfif

Filesize
510KB

MD5
fd315066e88ce59faf9a705d8ad82f93

SHA1
9d8559e68c39c05c352bdf5e4c0f2b35e7c21f72

SHA256
8c2394ade0761433e1a93e5a5813ef9d0db0383cec84522c4d55acb6a2b0baaf

SHA512
51baa8f685044e6601b345fb430617a69e3d13cc3589109c18f8c2d43eee0297dfab3227a657243b58ef1d123d974c2925b12b812bf25bef03fb23eeb80aaf24

Download Submit
C:\Users\Admin\Downloads\EnableConvert.sys

Filesize
619KB

MD5
6b4bce880392c87d8fef2a33d99b81c3

SHA1
ad5116b8fdfc2ac03b700d3578b2f411d7b4e94e

SHA256
b51585b605bf488e16b535e512b135875fd02eef1abde06bb3d1acaeac80dfec

SHA512
5039469b67ae8b6e86db4eda098c897cf886c54320bf279372ea22046ca7e1249090a46b4d7df0dd97bc78b9d489baaf331b4347f9c4f4a82bf0afe66de68de6

Download Submit
C:\Users\Admin\Downloads\EnterInitialize.zip

Filesize
1.1MB

MD5
ffd16110a95df6bed719399b7485d67c

SHA1
d5bb6e8d9b12a773357fd70207eb4ab497068a5f

SHA256
4e65fb67737eefaa7465e7c7e5aa1c0ea00d50cae5b1ae335661dfd072176208

SHA512
b96af23f581fee37333aa86c6911621a358fff34240d38a55b6684d11e60bb40672efaa800e0ec881ab5e83486beb34dfe028472e5632ca3e09fc488ccd7e746

Download Submit
C:\Users\Admin\Downloads\ExpandPublish.avi

Filesize
967KB

MD5
609ca9a1294cffe66723d62cad4b8af1

SHA1
780d48bdf3dc30da343c01aa7c38ddf4ea13890e

SHA256
f8b446db7e52af9f30941a4d49fc610eb30ac9a08dd1c9d820348a7bf07d4b38

SHA512
988fb09d8df7059abb59932ec8a1377aac2d1b329e01b09011385ad754bdec3e2f0e568e311d605716cb41348a6f0bdc9a51b5017a1bfbfdb310c43e9b825faf

Download Submit
C:\Users\Admin\Downloads\FindImport.ram

Filesize
684KB

MD5
3b71530c4099ff948d143294f046cbee

SHA1
b239e6793ec7ae32a890a252a0adc2b98290fb7a

SHA256
f29163bd8db6520633fb598a641f50de137212437aca45b7e8b451f8a564daf1

SHA512
f1847cf099a4e5ef7b86f90aa63879958456ac07f845a957c1bd7ed487784aa66c18ffdc759a84401f22385716fb335a6d5d93fef9e4c91d5c94d47a9315584a

Download Submit
C:\Users\Admin\Downloads\GroupDisconnect.mp4

Filesize
793KB

MD5
49108af9bc2dd3aed541225273fd1915

SHA1
251e83753c4c5a75cd0c2c67bb1e8247e6f3eeec

SHA256
df98c10ced3ba3bca68412ea28ef923726976c47cea473a2212da6955c17cf66

SHA512
9acf58614d77983cadf0d66d002c68dc2a031f1087bf8ca85bbe958519b9c34054664abca91928a1c7d5c9bc7eb5e64266b7808e8ea9ec9581269bc034b5df68

Download Submit
C:\Users\Admin\Downloads\InitializeHide.bmp

Filesize
836KB

MD5
fff2384704739aa1ca9194a10fdef2e1

SHA1
2023c47d66648c9f258da4aaf1be4fa0ecdd0147

SHA256
136c1bce97bac3d19b7b967c53c877783bf84b3b7bf4324fda77757fa5cdd745

SHA512
268b9f3ae79f2123b5b2598e15206d179f7737853f1467062efd7612e5af369ab1a68d293adb1ee389fd9c75085dc09577ad645f6ccfdeb735bc714da26e8b75

Download Submit
C:\Users\Admin\Downloads\InstallSet.M2TS

Filesize
945KB

MD5
8985b29ff1b4cab4ff34ed1b80b7a7c9

SHA1
e1af296cb45d5163c3e89940477d543d64db2d39

SHA256
a020c437e06d17c4b87e92f6a6a3f6b8746ed8e13cd67d989f2c1187df177774

SHA512
6ec57cf1f913c32006ea30e2bdff0bf7dfd069279bdbceda1288476b4fb62958cdc6d7cb2a4cd99fe08021afd5c9cb71315b7a20566a78a8bf111a151e80d734

Download Submit
C:\Users\Admin\Downloads\JoinClose.ttc

Filesize
467KB

MD5
923a0fc7901e8a0f6b63ff04e642d036

SHA1
264acb8b19ec91974e33e3c3dab159115ac18fbc

SHA256
7b41ce5eca086f35edf2152e210387ae1b740139ac5ca30a0a941807b9782cb4

SHA512
ad9f6f5b17ac69d4e04e91b11919a04302244f5170d5cf633357f11db0a085ae7f05ba3fe18fe7a7f915688e9873bee9a19fd8f7b7ed0949ae62b0ce26a8f700

Download Submit
C:\Users\Admin\Downloads\LockRegister.ppsx

Filesize
1.1MB

MD5
5dffe7a7fd8cad7cdb1f1c285ad84cdc

SHA1
6e994e34b5c045bbaca96168c222ad84b2640d13

SHA256
f3b461e7a8fc8d533c33ec6feb68e6a124354bdf298ef9114adb62612a911825

SHA512
310603964abe006b79c3f6493c7af2c04426ca1add8f619483dbef49b7cbfe8b8fb68da2934e87324a2190bd080a9365df2038609ef9ff3df75fa595881d2820

Download Submit
C:\Users\Admin\Downloads\MeasureAdd.vsx

Filesize
728KB

MD5
6a1b635059ac81cba3a112e486ba4c46

SHA1
112e2edce9c4c637baddd79230b60e788ef984a9

SHA256
938bf26574027799cf07f9ee6ab1339a80aedd845933023545d4e7528b34d3c3

SHA512
a8d1e657e68a39f0df5e461cd944030ddde9f590550ceebbe4a018482bace5e5dfe130dfa9666ad1441805ff257aa37f4151ce5891bafba5ea220cdb3332e39d

Download Submit
C:\Users\Admin\Downloads\MeasureInvoke.dwg

Filesize
423KB

MD5
56f1a6150a7bbf817654874648ec323e

SHA1
e05653e9ceaddd8125f9fb6454b9df88a9252bc5

SHA256
455d51eb11d7d66add0aa58ec7d72d23982ec392142f88b89561ee775e404e27

SHA512
586845eabc1812a8ecee2b6f82d6eea140cd46204204a6c198cb42255fe9341adf7a4213d0f01354f52084dc12db58f7f91426b45791ec32f1d9dedfa4f47df6

Download Submit
C:\Users\Admin\Downloads\MergeTrace.avi

Filesize
706KB

MD5
7e589a8e76475dcb81f7a556bc9e1fa8

SHA1
3bfa900968a7e25787ed3e3d820ec0d53e977d78

SHA256
506ec6cac78747890992c537adf3ea6e476859f7193e1b0ea403b3bda17c4bba

SHA512
f937f3fa06236b3649f2d1e7fdc87a472143edec9f4de0a2ea8f05602ab67135aa96624dd092294075148491254de5b4cbc659531c52a9835376eba36ce4cfad

Download Submit
C:\Users\Admin\Downloads\MountMove.odp

Filesize
1.0MB

MD5
edde1c0a6c032aad41b67953dab86f98

SHA1
b35727b9222833117f595a3421991cc9472df686

SHA256
7d575606a97c87adce1fac31648b718852254cb4b6dc60c22458abf3d48c1794

SHA512
845d6266f627cc7ed90e451b4c36771d6aab53393fb2aef09da20b566e800ca59f763c32d3c1ea589f1421b06f0394a3f3637a71360f589cf4190052609c759e

Download Submit
C:\Users\Admin\Downloads\NewRead.lnk

Filesize
489KB

MD5
2f81959847b0fd83128d8d4ec9d1fd30

SHA1
21b5d39a8eefa1f3a6d33ceaf295888667335fcb

SHA256
db8b4f929fca23f7ff40f677386609cb017772649eb73f3fafef183b3237e3a0

SHA512
8a89a32d3cde2078f2d8c381d2b455c94de860a021160758d45f3f5eb6b1959d83b2b5a0f932b279be252de78d4bb87a514b3e629d359d256da69fa334568791

Download Submit
C:\Users\Admin\Downloads\OpenWatch.htm

Filesize
858KB

MD5
4b7a8d62b30482531889515db70d316e

SHA1
bfbd1efad25a90551fb1316bcfb5e70a4d4f1191

SHA256
3e012d3fc829920ba6734d5ee37833b3ca3b423cbe66881cb2620ddfad633df5

SHA512
33b3c5d19e3071aa9acc052532f519c37e80e03e4b5d9af972d3e87f2f96936a8dde288cd3d3aff613da3f24419b2fadea17a97c4586cd0dad6cd5d9d7b7e03e

Download Submit
C:\Users\Admin\Downloads\PublishCopy.reg

Filesize
1.0MB

MD5
69d0e6e49f0a9bee50ca5135c4c914c4

SHA1
b5b8eddd31f0c9c4286c9267a6b55e2b30dcec6b

SHA256
0cd7107e3e52f5e3f14165ec0164401fb62d0c250bb94c522f5ca363ad3acc5c

SHA512
9947c1a1c59faf7ee6e2eee0328eb51763c4de8deb3e4ad73492ef70e87f2a82d2b249565536ba91d3548df8d5c6ea8ebe266b7c75bb39a0545b2321691ba91a

Download Submit
C:\Users\Admin\Downloads\ReadTrace.ADTS

Filesize
445KB

MD5
44853409074f2a3553f19b7f786073dc

SHA1
fdddaf81820f47cc4db08cefd11c5e0cbe2032e8

SHA256
6990e800be7cbf284d2eadb5a79468a3859e8e8213ae151263f7c2ec1058289c

SHA512
0f1bdf0552e8901fb26c8205b9b8cbe6ff40b261403408f7192347c6df9fa22914d887328054c827e2a08b2d9ff4371eff93357c95ca5dd41a67ea81afee10c0

Download Submit
C:\Users\Admin\Downloads\RedoEdit.svgz

Filesize
901KB

MD5
310730ac6a0a39fc39867815ee3298c6

SHA1
d5c953bf4895c23593b5862fc448292c91828f72

SHA256
7ef1b96be7d9b345a00276be369da75cda0d71b25c4b22fc8113b5dd87acccf3

SHA512
182bbbd653e2abcd35dba601dbd19cf8e42b8101002c585ecb3da252efb7c0e399cf8b5aea660160b81da6a306816de1a9441203580b5c0230775fef9efb4016

Download Submit
C:\Users\Admin\Downloads\RemoveInstall.pptx

Filesize
554KB

MD5
00553c1f8aed10fe28d44c1071014c07

SHA1
03575d0887fa379e86a1f6c74e000789f68883b6

SHA256
db983c64b1ca8027ef156442c9fc5e40441cafadac5e719378d949abc60f2642

SHA512
65b80e2ef1134e94a00cde8e29f609e63104b19a7442c32db416032db4595d1315987e453a0a11ba8e2d7d8977f6735dc6395612627b032b9131858543813b34

Download Submit
C:\Users\Admin\Downloads\ResumeBackup.lock

Filesize
532KB

MD5
df92444681079976e4c54082c21944ac

SHA1
ac0b7aa4403dc6d292246530bd157aed0573a560

SHA256
98a8df34d8faae6418418326d5c743037ac3e4dc630a27307fb089413c06dbeb

SHA512
a2d16cb2eddd0b43e62e6f07acd04316ea40d4c4ad4f8924a628dc2f5e854f2e5b95ef13607656c5474b013ab0781512bb5e8e86b695f2c1b1d8b48468dfe3a5

Download Submit
C:\Users\Admin\Downloads\SaveSelect.wmv

Filesize
1010KB

MD5
9a1bec5dffab115b20452ff2e031c30a

SHA1
826efc1cb17e440f24d041853a88469858a9b7b1

SHA256
48d5fb34b926025afe58940647a0bc3deaafcee080d1e1a34e4a144444c88ce4

SHA512
a310f74a5b4fa9a7eb887895fef94c1bc7a03940c082f8318801a5c604c5a9803a65d6736308572953224615b9e29e3fdad2e271837f3da810f396e26123eba7

Download Submit
C:\Users\Admin\Downloads\SetLock.gif

Filesize
641KB

MD5
34f31ebed8526c655b5246594d31764c

SHA1
1f8049de27a6a19894814ab0686566d2da1859ae

SHA256
86c31627981d709993077fbca697e21f6233e709abdc0c0fb32ef7b888b6c62b

SHA512
7665d830ec3b6dc76083ef07d1b431049c9447885fe2a02b0139083250477e9c50754b6f02fdf382c5a6c00e351f9635f885256922447694f9d73e6a7613f3f8

Download Submit
C:\Users\Admin\Downloads\StartOut.ppt

Filesize
771KB

MD5
4f8c1fa30feb22501e58ad7aea071c1f

SHA1
3680ba1ae7b0dc98dee300b65f1e106aeb970304

SHA256
87fb02ea3928f97510a4b6f8710897cd3117d0a82c2583b2099802d815984851

SHA512
c102361160d3ce391942a306503fee838ae1736aca7cf875c193611b3ff22722ae9ea555eaf8a6323d4d7c58bada70aed97ed061c6b7796af8741b80dc271188

Download Submit
C:\Users\Admin\Downloads\SwitchPush.ps1

Filesize
380KB

MD5
12cd5a6658497caf52c455a35dce82ef

SHA1
8230913a60f67e4609ee85007fce57cb95a52dc8

SHA256
ff712fb2e3da2efbaaf1e463a8d9bf9fcac91a57269dd339956a4d86f0bf818e

SHA512
aebab1a859b71eb717dd65c980ba4433e5e3d03cb99baccce785277a0d5308b4782ffd19e3654a3730829db28e05d7a654aa4b7f770d372849253b913919face

Download Submit
C:\Users\Admin\Downloads\UnprotectCopy.dotx

Filesize
923KB

MD5
a6ff94d1471dde215aebdae6538414cb

SHA1
8c4b57ea329cea620e7749be11c2a96c384a3d4c

SHA256
e8cc21ab43382de1875b98a36e2e54f7551716f4cd90a7b36e5264eb7eb97d2d

SHA512
f934e3ad42ac1294cbfd628fc1a3e11f7c3ad1adf69a906c8828d0cf139f7005a8d63bad544dc6f404756dfd1bf3f7b50acbb795ba2d233d2c79c006a0e86fe2

Download Submit
C:\Users\Admin\Downloads\UnprotectDebug.odp

Filesize
597KB

MD5
de83e5dc6277f57d198bf28de98deaf0

SHA1
64a538423fab141232868dfc424b026943e99c81

SHA256
8c0e09f7355e3a9a67e1c8aafe447f90f88869ee6a30721067ff3db9f94e0b3f

SHA512
e455b46258561e70931580180eb9dd427c88c9ef114f988ab81d44a0f3470f17fb05899349ef193ef8f8b755ca9fc5376d2ecf677747e0c6e89766d683fe5157

Download Submit
C:\Users\Admin\Downloads\UnpublishConvertTo.mhtml

Filesize
1.5MB

MD5
8537dc9ad8e12573bc74a1356d838e29

SHA1
50d76dc6f26b0b187c7d5ff81df1daaf27a5cb7c

SHA256
bffbfc3d200ea8137b3314dbcde2aab66538787111fb6825c4c1686e3b2762fe

SHA512
3415ad639b23168bd260236b3fa832c76705483868fb4048fd61f90488eaa1cac1915c4ad42de41a3f681b6f7134e24bf07ffad427ef3fed1e480577cd192356

Download Submit
C:\Users\Admin\Downloads\UnpublishInvoke.m1v

Filesize
575KB

MD5
4b50684048d009e3dc3432740bedd2e8

SHA1
36154726b7b0ab632dafacdae47705204c7249f6

SHA256
842eebdf1d5f0e2376cf3c8263c1250f79700bf7d86526797506a55eab11af8d

SHA512
da01d51fd477daf4408af5500471b535e3022806d7d52611263d8985ce819a0ce166ba01ff51ad012d91f735e5f09ce3a39f724ae8e0bed4ad17354524f0fdda

Download Submit
C:\Users\Admin\Downloads\UnpublishWrite.dxf

Filesize
815KB

MD5
9cfb1ebd16e6b15d2be3729f435b3472

SHA1
da3ee6e49dcd81c54c5618a727cd0f61d687ee0c

SHA256
734791542790269880acc2d136983c9d71e73c57ee5848b1548610e2ab513cff

SHA512
f4f2f6ed2de2826bb0f609960a2b9393e70c66d7e528e0a5ad6226643f57bc2d49fbd1fec732576867c8f225a64f227d561440dc2fd904de1d38938169dabcbe

Download Submit
C:\Users\Admin\Downloads\UnregisterFormat.asf

Filesize
880KB

MD5
30f59fb0d19a2ed20c184aa787ee70c9

SHA1
e14fc6ba297040771fe47c404fa83390b257f40e

SHA256
f99f59c51d61aca603f0251ad75fd0a2ab08e20da4a9f78304bb03e92fcd3fc1

SHA512
f7f6d3b4afed5a02edcd3cf623671b284a33210a5718bb9f4bf9df454698127182546b157f5e757ad87909dbf209bdd9bb7b67a7754deed92b709ce9d9e943fd

Download Submit
C:\Users\Admin\Downloads\WatchInitialize.ps1

Filesize
402KB

MD5
669be565c54a8e453db4a4117cd40809

SHA1
1555634dd70d8b71d72421bec3265bbe8f8382f3

SHA256
415f0ec9b9dad5d4c10adff1869ba947b8010c02f4084642929d321559a5d4a1

SHA512
6ee67e7c8b15468f65169d6a0645bb5606abb3e4d78e191f9d6d993fccd4872de8a4a9e743057cb1e9822ceb03b9cd76d531a0e0feab538afd348dc6c55c127f

Download Submit
\Users\Admin\AppData\Local\Temp\mds\mds.dll

Filesize
212KB

MD5
48f07e86c6d50f527d7fd5026a3fbe5c

SHA1
64184c950bc0622df2c8e7707d37fae566ee5722

SHA256
b1317206a12f105e28338fea33c5d1a66df07fb35586bb4e1727555bec90e71b

SHA512
9172b41d51643349cb0d755d1f90ffbe15cb7bd4ed80700d91c73f4afba17055f0488fd1d5858dea2843d545fd4752751d081dcf2117204cafe0f6fc3cf30c5d

Download Submit
memory/2180-18-0x0000000074A40000-0x0000000074A7E000-memory.dmp

Filesize
248KB

Download
memory/2180-17-0x0000000004080000-0x00000000040BE000-memory.dmp

Filesize
248KB

Download