Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
30/06/2024, 06:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://downloads.stacos.com/TDS/TDS_Downloads/xLeTDS.zip
Resource
win10v2004-20240611-en
General
-
Target
https://downloads.stacos.com/TDS/TDS_Downloads/xLeTDS.zip
Malware Config
Signatures
-
resource behavioral1/files/0x0007000000023581-86.dat -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" EXCEL.EXE -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642032741455641" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings chrome.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 4736 NOTEPAD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3612 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1716 chrome.exe 1716 chrome.exe 4996 chrome.exe 4996 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3612 EXCEL.EXE -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1716 chrome.exe 1716 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeRestorePrivilege 4368 7zG.exe Token: 35 4368 7zG.exe Token: SeSecurityPrivilege 4368 7zG.exe Token: SeSecurityPrivilege 4368 7zG.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe Token: SeShutdownPrivilege 1716 chrome.exe Token: SeCreatePagefilePrivilege 1716 chrome.exe -
Suspicious use of FindShellTrayWindow 43 IoCs
pid Process 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 4368 7zG.exe 3612 EXCEL.EXE 3612 EXCEL.EXE -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe 1716 chrome.exe -
Suspicious use of SetWindowsHookEx 19 IoCs
pid Process 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1716 wrote to memory of 2060 1716 chrome.exe 82 PID 1716 wrote to memory of 2060 1716 chrome.exe 82 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 740 1716 chrome.exe 83 PID 1716 wrote to memory of 2856 1716 chrome.exe 84 PID 1716 wrote to memory of 2856 1716 chrome.exe 84 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85 PID 1716 wrote to memory of 2460 1716 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://downloads.stacos.com/TDS/TDS_Downloads/xLeTDS.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcac3ab58,0x7ffdcac3ab68,0x7ffdcac3ab782⤵PID:2060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:22⤵PID:740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:82⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:82⤵PID:2460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:12⤵PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:12⤵PID:4500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:82⤵PID:1252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:82⤵PID:2068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:82⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4304 --field-trial-handle=1864,i,10473935327744079635,3278805331802187062,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3252
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1256
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap27745:74:7zEvent151061⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4368
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\xLeTDS\1_ReadMeFirst.txt1⤵
- Opens file in notepad (likely ransom note)
PID:4736
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\xLeTDS\eTDS-XL_Blank_Template.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3612 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:5056
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:4176
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
138KB
MD5376cc760fb122ed1132d79de15493959
SHA1167301cf0cead31333a5d0a36163d4acac5cf2cf
SHA256b7a803ef06bf403317537ffb0feafa088aa2d17fd4f325ce5285e2ada21daf59
SHA51200d713d25c4b3dee81586270156e3f0c881456c863d0e6296cb9382b3ed9002d6896365737368ef26ad0ee60bda9db84c8cc01f81dfbc8e9deccea9ba4a9b112
-
Filesize
1KB
MD57deb6d4c175cc58462cd26d61a260d15
SHA1a627cface2f822a38824683a1e13e27f875a2ce9
SHA25604b8e2c296b8498aa4868dcb53053a4a822ee0f5b50d8917f5928ba33237bbd1
SHA51235248e3574bb473ac041e446c9915e0beb0cace155600c7194511f1c833cd0599264e424e934f0e84b4c51e5453a897021b8506437e4e40eef846d17cffb4423
-
Filesize
1KB
MD5f30bdb6a59a803cc087919370ede25d5
SHA1986e3df269683fc327a614e28c7bb259e2f2fc86
SHA2560b9cdba14fb39d7e7f9627b6db8b4de87b0c4eef22f93e59b410653e284bbdca
SHA512a3053e61f99cc76d93b21c8b6c2ad713de793cffccc04ff98ccb2b410a2611156e3a3032c600660d8c21ce87b216c1b1b49576682c289888cb093ee3432931f7
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD562bf612d80447e8950fef348d2a03330
SHA14954d0766413115f6a5f2bdd99fa871f1e6b9cc8
SHA2566300cb29f972433bd68c636e848a314c09f64cb13852d92022f631154c600895
SHA512923013f5e481094e7aa52c8075bc5337b1ac0113273520c00a57ca157252a188a7c9ce589e5be487584f4655d5e3e1e82008ed1397871471ec60c19c9c99df09
-
Filesize
253B
MD5afa1e695f7c8200629f3783ce879ff97
SHA13b8a0ac47e8c3d4cf083b1b7803c2131160848e6
SHA256f955094ced3b277d79e3364892deb0767ba559d81b0379cdbbefc89add2277b0
SHA512995e1418ea019ceff28cbd9dd94530ed1897526930cf0c6c213c592e2c8a477376c3c1027da3d017d5c73fa4761f56170aae7db735db2be6b75e6eb7c08250ef
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize24B
MD54fcb2a3ee025e4a10d21e1b154873fe2
SHA157658e2fa594b7d0b99d02e041d0f3418e58856b
SHA25690bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228
SHA5124e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize821B
MD5c1660e9f45a5a4b238d7f15be0848508
SHA1ad3393d7d745520bec1a4d192b5457688baaef1d
SHA2563f418e6a301e18ecd308c7ac1f9629e9eb57ff0212bb5e99c86bd2f4dd39a8be
SHA5120801c707681f4a8c177fc512aacdc59418a082781c63593eb83163a08766848528f567f74dd75d1107ee2472ac43c7941d49b0278775ca8f2f206bf1fba78ce0
-
Filesize
4.2MB
MD53a7ae6c7efa33be853965dfd78c774ed
SHA157783017c7125459d8bb687263e705420de0292b
SHA2569f1f012b2f9f57cd626ce78c5e3e4fb8cd875e74ed43d649702d8af21c97794b
SHA512dc08380be58ce17c992dc301d5b917dfd310f21ca753a688d9ec45a3e8845bf0bb21400278356fbf12faf4eebe5d91396c3bc3f69207728113749905cc424acc
-
Filesize
1KB
MD530d95e3c52a58b54bece53c63030cd22
SHA169a5a622c77010f6a86b6555b3d63a877d9742ad
SHA2567c36023fac5b5b53901acf13a19dcb78b872dc6b93bb69af70c45368aad99a8f
SHA5129185767f4cf9f9a9b8264cd387cf0a279bfb6db38804601aaca9bc83d6c5a2eb4d5874d7c9c2412487c9c021c38d5d76fc20c26784df67c2e36a8e681c1c8c70
-
Filesize
1.1MB
MD5e7c8154d3ebbf45aff3d01110863e860
SHA1cab322c57f8b684e71dccc4682391cbc44088b1b
SHA2564d3ddc3287eb3208c25f2102a3dfa6093833bff9e0c14939a2e3a7bc3595b055
SHA512b2b2e4a45b713f49353b2b80b17f4312f856f769b0ecd0ecdcc39d996ee5bf4e7239a8dcecca762f5be47e1f37cb0440867fd7cc27ae4d4e85abedf58a32e80a