85c8f486b596da3c33a930edf5f9d0b69fc5b97fc04c9b77a57d9897e87aa19a

Analysis

max time kernel
1042s
max time network
1054s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

In3ectorV1.exe
Size

551KB
MD5

ac851bb81a963de27c74522d6a9e0cbb
SHA1

3d26455b87da973a2d25063e64365ca8398b34d8
SHA256

7f354d6ccb201b2976290ccb26a18d06fef7f046a4706931a07deff8fa7043e9
SHA512

aee0093465fb554dcfa24d65bf668c9daad55cccbb3876d4a0982f024fa89e939567b3ec27db7a992b33b3bc70b1f2d1e4a6e0818f060fcd426ebe03b759c5b7
SSDEEP

12288:83vt2Yxj+paCZe0xJRy9jWmLW1nC/vTElL/NY1vjNh/PDhv4YUDjfNFZvcGN79/I:+DSPDxJRy9ikH/vTEW

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4884	In3ectorV1.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4884 set thread context of 3496	4884	In3ectorV1.exe	82

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeSecurityPrivilege	3496	MSBuild.exe
Token: SeBackupPrivilege	3496	MSBuild.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2212	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 4884 wrote to memory of 3496	4884	In3ectorV1.exe	82
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2904 wrote to memory of 2212	2904	firefox.exe	102
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 4804	2212	firefox.exe	103
PID 2212 wrote to memory of 1140	2212	firefox.exe	104
PID 2212 wrote to memory of 1140	2212	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\In3ectorV1.exe
"C:\Users\Admin\AppData\Local\Temp\In3ectorV1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3496

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.0.1543389337\1196086377" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8aa2886-bf94-457e-b66c-a7160804cb90} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1852 16cf4322858 gpu
    3⤵
    PID:4804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.1.2114581249\1364758898" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22280 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {525464a3-9371-40d3-b4af-c14457788b01} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2420 16ce7589c58 socket
    3⤵
    - Checks processor information in registry
    PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.2.2123356601\805491648" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2904 -prefsLen 22318 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9249a17a-29b1-4677-b93c-eae04e6cc648} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2924 16cf6fec858 tab
    3⤵
    PID:3040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.3.1336255758\1869981793" -childID 2 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {223af401-20f3-4b4b-97b3-bd15f7bd9a55} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4064 16ce7573558 tab
    3⤵
    PID:3504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.4.1623470036\1885489609" -childID 3 -isForBrowser -prefsHandle 5012 -prefMapHandle 5004 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c26208b6-4ee4-47d3-bb22-977b646a3dcd} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5000 16cfadb4858 tab
    3⤵
    PID:3960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.5.450246887\849771849" -childID 4 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6506972f-4a37-4fdd-bc8a-9814eab74671} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5144 16cfb09db58 tab
    3⤵
    PID:1096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.6.1226152992\1931744197" -childID 5 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45d52803-3606-43fd-9adf-8d49cee974da} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5336 16cfaf4f358 tab
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.7.97753280\747782322" -childID 6 -isForBrowser -prefsHandle 5756 -prefMapHandle 5752 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb44c889-732b-4f3f-94b0-131d2d7710d4} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5764 16cf969ee58 tab
    3⤵
    PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
0cffff6e312deaa9d3794f6eb1576bcc

SHA1
df81d8e28278e02a4906abe22165f15ff92aa2b1

SHA256
baa330739342960ad4f04c486985b4356c5c23c781e01e6eea99fcc380e73acc

SHA512
e137b475ad3c59a0ecf94a034a8cfcfd7f6e083627399354ad06e8969f899457b90d888f1dc50a4d1b8e3f74bfc243ed49f0f8bfc0a8ddf977767051b5df27c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

Filesize
7KB

MD5
a5ec555c84d172e82dabf9e4a504d93c

SHA1
5b2c2db205221eb7f8d721403c9cd7bc7818d903

SHA256
5bb256eb8380e01a3aff33233894341dc5f13beb75ff00c5fb73725c0508a13a

SHA512
e3f0799c214f3c59e76d29a23bd12a0960b2f9ab9c7bb2e31e76bbbf7ae5482c534cbc2dcb9f7fda4d21b023fd683c77c8c965e200d7a6cb5f3898ff1ff872af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
4540ee818f37b59bf0f2b889890d2389

SHA1
2d61d1dee1494f7f2d4f7520fa7e9c5405213f20

SHA256
da19c501943fbae2436a64f5097be790ec1ccf4f80ffa8230ee6a7cba5e011e2

SHA512
bfb37dcb974a1161866ab49ada89f5ca11794f0e0b1ad681f60e5fc1d2ee8fafd96f9d81072fdaf6722707c287af7a5de70f16486da0fcd3dc0f5bd8388c84bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
2d7a46c30d19d3241da60a433efcd69a

SHA1
533805ba2df9a6459cb04bccf362b9bbad726f09

SHA256
3b24b01cfafdf5c91d52f84b2f204e4babe2556b69530ec2d7f2d6aae4889043

SHA512
93aa2d796edf5b2a4c480f556a2690bfcb723fcf6b99aeced2bf3478cea10a87117878cf636eebaf174abd100663f0ff62501ce12fb3e0d4bed04330169385ca

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
461KB

MD5
cbb188292c5178f304429421980112c5

SHA1
7eff819fc8e5b6d5ee3ce320ff326f540c72dfa1

SHA256
6196421e99dcc15bbc01d201ec890ddf2833c4e1a59a92e801368a87892f3865

SHA512
13c6ed1b4659aabc504825b407e6bc0e8f6a933fd68860a27e46dd02df6ae24c3ab1a1374a224e0aab7e895e84448c0c61becb6b56dcb0d10a1b18440ec68e9f

Download Submit
C:\Users\Admin\Desktop\CompareFind.3gpp

Filesize
1003KB

MD5
4c11ee363828b32f135cbb5416cbf2f5

SHA1
df5df936895ed691796881bec683b2a1ad33d4b8

SHA256
0c7634a2c80fd52517804b0084e53bbbf4992537cdf9122bcef4d3d0aafaea8c

SHA512
f650638a3fd8bed96f0bd518e24cd714e54e41710a310859c47b90f554404c9342b111d6b3992d0fcaf9b88443512a60a25cd37f2f61421a1b73a4273844d37f

Download Submit
C:\Users\Admin\Desktop\ConvertDismount.eps

Filesize
510KB

MD5
4da8c923dc4276acbf6d0e98d27637d0

SHA1
55808e0e09f4262a1e0a47b5a8eed5523bcdf08e

SHA256
87099efb30d4bc3de623a368dfd6e15731548d173adb608056e27785fd56a153

SHA512
c6bcd9d9fc18a55dad3069e5729cc0ef5f48d81ac5c2bf6afefcb48e9d6c5139da41b28e51394ba46e0931c0d78f457bcc799735c35684bf9943a5841a34ddad

Download Submit
C:\Users\Admin\Desktop\EditTrace.ps1

Filesize
970KB

MD5
ba41653e0705df187cd7bfb6d472d1da

SHA1
d801a4fa99ac430d47d18b615d6e749ed019fdc8

SHA256
55dea5a205c8a8f0925235815c4443da35d9d72bf1a9c84fbefa3ece080a87ae

SHA512
e1243a2c898693888283f68209ed0fecd90220a4118ff65fdb9c900669289ac2e77e3d076276c737121fc9e9547505bbaf8da7c9641978146c25ff5bda10fd17

Download Submit
C:\Users\Admin\Desktop\ExportPublish.wmx

Filesize
411KB

MD5
4d5022194ccee99575deccc838931dcd

SHA1
62247b06dadd745b06d506db3355c0f93a9c5394

SHA256
bb735ede75e5bf174bffa1e5d97a29c0f38d27269be6f8dc71307f9bdf013417

SHA512
f9e28619c85fb1f5fa17a30fe4ab66f26b408e1271cc2878789fb0379de0f93476b9fdfdbe9dd5f694ba3c192a3c10b091122ea2b09e5432ae51faa0edfe6372

Download Submit
C:\Users\Admin\Desktop\FindMove.ppsx

Filesize
707KB

MD5
ccb0939648ff31b8db4aca698c2f118f

SHA1
db7e5d72c90f5fe4d27f2931eb38140950169719

SHA256
b6b82107c2c90a5ed2f013dd143bf5a47cc31fbfcf217daa6525e388032e9295

SHA512
cd4ca544cc477ac4a9458682faefe7375513dfd236f0302d6191e398c98d6278304de52d94cadf5e8511b045f16d6f60195c6fd68f82cf0f94bebdc2227c840c

Download Submit
C:\Users\Admin\Desktop\FindOpen.xlsx

Filesize
904KB

MD5
6a4b4fb9a4dff3f36df3491f3adb9e5b

SHA1
0bdbe4c7e16b4caa2bf3272bc77739ee3d650097

SHA256
460471696184614fb34cf374b09c576009e10abedb17ac34b16e31c44abee2ac

SHA512
b599206f22ffc5782ec172b6337838fba5e318ca6afdd5991f8a7e4b4a6f7789fd9f7659286c3309b953411ebde064b1075da8ef0f3873f0cc4ce3cc2a1e8fc7

Download Submit
C:\Users\Admin\Desktop\GrantReceive.vst

Filesize
839KB

MD5
792566ca65ef3da0b0c31db1654a9e3f

SHA1
ccbc029660e0a78f07081ccc4eb0c23e11782737

SHA256
3702ac416a2cfa3d60992785b7ecb393e0c00b4131a7986391698e2c43734b8d

SHA512
1761d6bddce1508b35d0ad9975eb482976a548be84fe722c6da14b4ebb6d601b2bcfb5e6727d340bec9575b9bf3dcb1a19c0e523a7574ae1ad52ca1d704e9460

Download Submit
C:\Users\Admin\Desktop\GroupGrant.rar

Filesize
1.0MB

MD5
36085f86ff426df2209c357f9c188783

SHA1
dc87a086e74879395ff62cda63b1fa2a070aee8e

SHA256
12f945bb32e6ec734e5ee16f3f6ad44a67235cd4cd5ef904bb2a2af2e5181360

SHA512
684dd2fe3a0f18d208c3966aee88dc9cafe80ebf11b1c88dd41086c44eeb12293ae46d6845ba54b0336a4eb97920affa6b112859c21e2daf4bf597551f452acc

Download Submit
C:\Users\Admin\Desktop\InstallConfirm.WTV

Filesize
641KB

MD5
a821ce2679c6a3d530f487bf7eaa62aa

SHA1
7aeaa0e7a70d33fef5c522e11bbde89c3db6a0d2

SHA256
2b362279277c813c3cff74f9a1d9bb7241676fae7c2913905c162035bfd98fa7

SHA512
68f653dd02e4cf0f79c10c76976195c4919180e8d6c04023dbbe88bf11e37fe4bc30310a3e47a12093edef88873b35b65f5102d6cad16a13439c628e7f395b01

Download Submit
C:\Users\Admin\Desktop\LimitUnpublish.TS

Filesize
740KB

MD5
f956b6dae9b3ece7a37acb0e68b4152f

SHA1
2201a6a485bd81420c7c030c73b15c6c229156be

SHA256
093e9d1d2f27e512e71b7ec2b6a308c4182b7b62a50bd24918740e35bad553b4

SHA512
7e92b5572b6a1594cdc6df6f6b8ce865418e043c2a62352f1b645a0fab97b422611002bd95925ec9a3e36e8945b2ce0771bf99c85ba472bd4a2b5fef575a45a1

Download Submit
C:\Users\Admin\Desktop\LockDismount.mhtml

Filesize
1.0MB

MD5
55af940b779703c5217f8783ea92f96c

SHA1
3971098db0a82913cd30de6285648028fb2eac41

SHA256
5e328928387aa58ed134676f0a355c46e483e8b48776a996f44b01cf8d3fac2f

SHA512
549c1819f8312fe3bb7be9b83a84e8659cd581e04aab12ef1109d89556b2c02b8a9a82ad8e27cb9c4e7dd7034abbf296ace6febd931baac4a8575df64c2e87f1

Download Submit
C:\Users\Admin\Desktop\LockRestore.vstx

Filesize
575KB

MD5
018893360665fc2b146796b19f4fc6d2

SHA1
840772d8d76da7618a6337206a0240724fa110fd

SHA256
0d1095021e332dc52ab109cfd4732dd9017dcc24cd218e9e25fb0035ef88d1ef

SHA512
fbc9cc16ef09f00e8a89a589cc45f92b0bbb4ecc6478432df8eaa2023bea5c10818c849f012fa8d47489635ddd1b91f2c97a94da62c0a67e6afe9abc4b4039cc

Download Submit
C:\Users\Admin\Desktop\PopEdit.m3u

Filesize
937KB

MD5
537f99b6b8b89d2a873602e4ac0e5e70

SHA1
bba4b73849fffb2008cbf374599236c214484d0d

SHA256
77e488c5858b3f73ceb6b713438e27fc7a22fe2bca0e321dcd3359064d7be566

SHA512
83b715221dc41cb14e86dd656b2acf9b9023fc3d993f3115c1f0decb27913be0ac6126d8073f130c00bae3b412ea6b5b55fe2885de086e6d22b08532ecfa3ba8

Download Submit
C:\Users\Admin\Desktop\SendEdit.bmp

Filesize
773KB

MD5
70ff6b1dd5c8232b242094024e9a8963

SHA1
3d98f8d8d4ff66c3fee82b79f1f0edbda47dbf2e

SHA256
01d14608366eeeab54b88a34135cd7aa2b0e5455ca75352767ac7ba794dd8686

SHA512
8225bae317bea6c0a05a8fe6155397dc22636c9d17169963143e7f45f4b81df672592b70b86c81a3c92868ede19e930ef879429b3ed5977e903c3cbba1456e46

Download Submit
C:\Users\Admin\Desktop\SendEdit.gif

Filesize
378KB

MD5
1bd923444587aa2f33664eac1c3d8782

SHA1
a4ebdd9edb3f03fe2f61759d774a4554ccfb750d

SHA256
62f31d4a934ca32a629c307232dd7a14868f762d4b841180db1378ca75361c78

SHA512
df96f858640065ca114ae2f2ecf577e239e36c40549083fcd9309a77c67a2b949f0b52dad32f114cf5ce7f53364d82d0629c765c366ffb5191f5be2ec10366b1

Download Submit
C:\Users\Admin\Desktop\StartUndo.vsdx

Filesize
806KB

MD5
c98544fc3149c4e8281cd380fc87a740

SHA1
e570c8aeb17cf548e05ebdccd9eaa92f881c236a

SHA256
db2b561637b6e7475c9874c2c4d85b76d7fa50b999e35dba5ab8d2a02614d808

SHA512
5bb7c472439880cbf21d94d04c13d55e15cfdb0d365c056cdd74e10747a3cb8a87b26c3a6466f8be9d10e4272cd63a77c44af33f329a2974a358b5ad871eab5d

Download Submit
C:\Users\Admin\Desktop\StopSplit.inf

Filesize
608KB

MD5
defee6a24f1acbae3fb50e33e2c22d15

SHA1
105efc32fc83b9d22a7c2259350eec0fc9857a76

SHA256
8c24b069326c4ba71bcceac87900da1fc1b5ee01ab07dfc7da40d63ec3f9f7f6

SHA512
dcc99dadb580a61d173ac0f751b9dc3e8f6312ab7efd07df47d01ddbc07b98ff61c71e7dcbd0d5e036b694da7563662cbb07c79630a1a16f8b8d53c3b886eb37

Download Submit
C:\Users\Admin\Desktop\UnblockOpen.mpeg2

Filesize
542KB

MD5
2c697aff6d73bb55b45498296d8504dc

SHA1
db3f0ef4c31df55cbaa24f3f7512a1230ff06d6d

SHA256
ca47d24e856c7f5374c81f50ec4a41e42306327f4da299dda5a01f2b507a34a7

SHA512
899cf3d1a06091df97d128d8418a8708b9b82852960b9ae6c8c06d40a9101a124181bdb57b7f04bdf88e5e0d2930af120b7f904065344a19c3ccae0ce95e789c

Download Submit
C:\Users\Admin\Desktop\UnblockStart.wm

Filesize
444KB

MD5
3878a987fe9fb350efbaa3dc0e3b22df

SHA1
4ef2ee8861e3f6625f9673683165a3f715e634e1

SHA256
2a0a2704d3f8f3c7aa84d8616ff98c363004e411ad48057df602b082fe0e2c08

SHA512
87f86d547f92bba2085d4d2941c6f9bc727e7c3d3c15355946da368c55dd4cc854118e3f2d0f3821327175989ed34da7d17ce086a82913623d3ebd878288ebb5

Download Submit
C:\Users\Admin\Desktop\UnprotectSelect.au3

Filesize
1.4MB

MD5
7781bf8bd2007c989e543e3bc52dabd2

SHA1
ee34adfb51d48fa615a6f2d764788ba6dc603f1c

SHA256
5539863af10ba4b38d3228e4d4bea9e06191dc7a3aff383c4c335e0320cc2168

SHA512
a428c65cc5886cdb750800892a284448d275a1e8a88d94f036dddcd1b1fb943999586e4d9eadbb62ed8616053d70362021fe86c04778ca38975ce25a2e7514e3

Download Submit
C:\Users\Admin\Desktop\UnregisterRename.vdx

Filesize
872KB

MD5
8685997182e56eccc311f00f3e7da5e7

SHA1
1aa93809c06a9e46ec4aa8e42bfa4300e3a7071e

SHA256
8751cd518fb0b37bc0403d447c8a497abd48f6abb2f7129009ac0f2d758ce427

SHA512
700f773120dea1112cce3296f2d2732ebdde054d83e341a3aba8e97bc34cc3bb9eb29b14ee5818f37237ec0e2d22e649613ba91630cdeafe837f3b4fa3807177

Download Submit
C:\Users\Admin\Desktop\UpdateConvert.odt

Filesize
674KB

MD5
5f66e5a3ad12fa38e8355f1e3dd64660

SHA1
dbc1ac671b83cd235c9b55a3799c35cb8801efd0

SHA256
082a8fc41084056ead0de3a098e9d863276b6bd38ef591652b8c457fb2175c62

SHA512
c42844d5285d1d34de2ed20e9f1a3a92ad65e63b16028d0274f1b64a05c5155801e277362db3642c8fb1123125d16ad551ebf25c879204c608856b70b41dc289

Download Submit
C:\Users\Admin\Desktop\WriteMerge.jpeg

Filesize
477KB

MD5
b2644f0401fa9cc079945fbc0dfa5076

SHA1
4ddee3623d84d586ad56dba0e61fa6f328cb085b

SHA256
e2fc0e2aebaee8f65e1b90398ef0722e45e98183def849d02a2a84d12efd65dd

SHA512
f789c66c0e00dc8b6e487e1e021f592e12de11f5af8c6570c5822d131dd590e1cb2bd46de483e11a06a69923eddfabbbac741b05b6aa65bd7f58a0ba28a84574

Download Submit
memory/3496-16-0x0000000005850000-0x000000000585A000-memory.dmp

Filesize
40KB

Download
memory/3496-18-0x0000000008A90000-0x0000000008B9A000-memory.dmp

Filesize
1.0MB

Download
memory/3496-9-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3496-21-0x0000000008BA0000-0x0000000008BEC000-memory.dmp

Filesize
304KB

Download
memory/3496-20-0x0000000008A40000-0x0000000008A7C000-memory.dmp

Filesize
240KB

Download
memory/3496-23-0x0000000074E10000-0x0000000074EBB000-memory.dmp

Filesize
684KB

Download
memory/3496-17-0x0000000008F50000-0x0000000009568000-memory.dmp

Filesize
6.1MB

Download
memory/3496-15-0x00000000058C0000-0x0000000005952000-memory.dmp

Filesize
584KB

Download
memory/3496-14-0x0000000005F60000-0x0000000006504000-memory.dmp

Filesize
5.6MB

Download
memory/3496-13-0x0000000074E10000-0x0000000074EBB000-memory.dmp

Filesize
684KB

Download
memory/3496-19-0x00000000089E0000-0x00000000089F2000-memory.dmp

Filesize
72KB

Download
memory/4884-0-0x0000000074E4E000-0x0000000074E4F000-memory.dmp

Filesize
4KB

Download
memory/4884-12-0x0000000074E40000-0x00000000755F0000-memory.dmp

Filesize
7.7MB

Download
memory/4884-11-0x00000000778E1000-0x0000000077A01000-memory.dmp

Filesize
1.1MB

Download
memory/4884-22-0x0000000074E40000-0x00000000755F0000-memory.dmp

Filesize
7.7MB

Download
memory/4884-2-0x00000000031B0000-0x00000000031B6000-memory.dmp

Filesize
24KB

Download
memory/4884-1-0x0000000000E00000-0x0000000000E94000-memory.dmp

Filesize
592KB

Download