hxxp://A | Triage

Analysis

max time kernel
60s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 03:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://A

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "74"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
3400	msedge.exe
3400	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTcbPrivilege	5076	svchost.exe
Token: SeRestorePrivilege	5076	svchost.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1012	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 1292	3400	msedge.exe	85
PID 3400 wrote to memory of 1292	3400	msedge.exe	85
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1536	3400	msedge.exe	87
PID 3400 wrote to memory of 1352	3400	msedge.exe	88
PID 3400 wrote to memory of 1352	3400	msedge.exe	88
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89
PID 3400 wrote to memory of 4592	3400	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://A
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7fffb9df46f8,0x7fffb9df4708,0x7fffb9df4718
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5107508793591709629,9941844162676843765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5076
- C:\Windows\system32\dashost.exe
  dashost.exe {cb5e6258-1345-4adb-b3cc44e4c1439d22}
  2⤵
  PID:544

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa391a855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a4bfd21-6a7f-4abf-b964-9cd76a1a44ad.tmp

Filesize
5KB

MD5
7c6f4e6c98b500a7810e9a36cbfb0d3a

SHA1
24353cb94105aab987141ec0d6e86c2a338c1131

SHA256
79872fb64d72755d9c06484f1dc52d63c56dc4e08c1b26221e8c2aaf2413df72

SHA512
c4f9c67996702f780d71763b5a0ecb796808f419feb729df867fa43c1366c72b586b751e6888d2fd62bf61e94b8e3c20fa9b9e07892c97281f065cde257dbe0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f1c8299dc327852534ffa5f758ea956

SHA1
6a99005aa8c48ab8f6f9c34f16af5439f8dae3ee

SHA256
d62bf588752afa1821a890b5f6338f258362aa8676518bc799eea7f496d50534

SHA512
e4038ad549472e9cf1601e0a4e67c9c7293d58251ddf1f20028b3882571229401d49014b7563f0c6975c5b65e41d9adf29f36311afae5ea6959fd343ef08d940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13fe19b34a2340a2cf069081658e0dba

SHA1
265dd65ee75cd82e2a9c8576770d00dd49a3150d

SHA256
5d731316c2d4d300cf80effc7784106fec1c0b23ee428663cd4d25514ba50155

SHA512
8d341014a6f7532f210ef8743cedfff11dfc2ffb8a9ea7715b9a294ed5d6b3c0ec1e5da8fe5cc2589dd9f8323f21e4c7ac2ef03ebe4fba488c377c7b2a66a5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Desktop\ClearCompress.sys

Filesize
727KB

MD5
702bd4be21ea8d76ac4ae761445b2cd7

SHA1
214d7c7111a4669a3a74fe07e99f254639fe8160

SHA256
5e332e4c24c42ded2f35e3ecf18bbd0ce834112dbe067fb60d1d6270090edd67

SHA512
8d5e28c410729ff859a16efd8a905b6a1e0d8ec85ab50459d2a21476c4ced4d3f97a2e05cdb005bc574cb2d016f6e90c3ebd58c79e72456d1a05a7b9bbdb8e44

Download Submit
C:\Users\Admin\Desktop\CompleteRemove.docx

Filesize
14KB

MD5
6eb9ca16c5580ea705909def7f0d9b60

SHA1
2689d3562e6d2822850d292367242134a6fb6d3c

SHA256
23754f01052bd69f9cca01f95d749b9fdd131fd5715173a00890d3a6386d79b4

SHA512
4546980a99fb529ccff46eafae786a081f0dbde62026304026ee4e75d3c5bf04b10e102670ab18faabd22df7ca60cd7d9c0addf0af46c517d468484f64751a55

Download Submit
C:\Users\Admin\Desktop\CopyClose.001

Filesize
639KB

MD5
56cf4e95d953abdea4bf670752bde8ec

SHA1
e12e9a8c697b571ede614e372726fcfc977f1692

SHA256
62cfc6f1543ef16975e76b3bc4200939b08cd0c08c668817703b68a60e4b2871

SHA512
890305af0d5dc729f07e452d3e4af973c9c9a31df9c388c3829d6e5c7b9fcad82195a2f89d6232efcca56239d77a6c896c9e1547748c67a453649000bf9a6dc4

Download Submit
C:\Users\Admin\Desktop\FormatRequest.txt

Filesize
1.2MB

MD5
1135032fc46915bbe6bfc6a9e94bfe37

SHA1
3efda81f191b66550c807e16f3f9a045aabed131

SHA256
5f742d40e41675c36031100f2de2f88155df63ce9b7ae605fb7189187c0dc129

SHA512
6d8f980e0718733a3c8cf74de9fb17b59f960dd333ea8f62d115de4972a2b5a97452e37b3cd6c1cc9b860ed90a64ab5df283b02cf9344a50c45b33c688cf4ff0

Download Submit
C:\Users\Admin\Desktop\HideDeny.xlsx

Filesize
11KB

MD5
affeb4935fcd3362fe0a5058fbc43d14

SHA1
02bd89bcdb83dbf65ed7e5d19b646bf002e329d4

SHA256
e762d010eb32993361e23439fdfaeeefa06713fc526481ffc674b85f78cb74a9

SHA512
faa25ea69b8bb7377ddd3bb56e9927a217e913a0120bad411a8ae95a3328619dd8d6587577c28777beb17e2ff8beb0d25a5ac4c7e1c15e5fa44f28bfa63d06fb

Download Submit
C:\Users\Admin\Desktop\ImportEnter.ex_

Filesize
551KB

MD5
079fb2fec3d8406119f2eae5544fa7e4

SHA1
e92031934cd636297e0bf14b9c5f0fa43790e41c

SHA256
f26dcc383d5f96668ef2f6f7798a4922fb74c673e30dd1cf2592c54f866afc88

SHA512
e68f72c4836a03f092461be70f6f82d6753fd7d44e99ccd6b4acafcb3c9fdfbe6702668abf8125397bfbdf42b270cefc85783f5108606faafa4a8729e795dad2

Download Submit
C:\Users\Admin\Desktop\JoinCompare.mp2v

Filesize
1.8MB

MD5
b7f55f9f8a618a96994bc8c85a216bb9

SHA1
9d9d22a148721a5a6c4434bf3ed1e6b3b1502ccf

SHA256
692182ced108c1ea04b79a5124a3465a521cc0d6a2e99a2f3cc511e80b29faa8

SHA512
6cd5c33ae6ea941412da95b7bca1c4e8bc8f859ce189ab9d359bbd5c0926c971a5807ab188b215f69467c6b13389a84c90ab9771eea704cc1a19077acc2182a8

Download Submit
C:\Users\Admin\Desktop\LockPing.xlsx

Filesize
13KB

MD5
2d39632f0449c730ef7d51dad87eebee

SHA1
5f7ba19d664656aec8551801cc49e28b02f5bd7b

SHA256
b0122d67bdfd0bfee7a581b019c65eaab9ea6975481c46a8949fc12aa379a049

SHA512
3bd7fe5a43d4cb873280eb3a6c51ee10d654a8fd18fd1ca018595e77ec2334882bda539f5529ad576063188ef1f47d578ef28028d0c588cf56a6f02e3a5cebcf

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
c64864d6a194a58d5536240081a3addd

SHA1
eb9dd797d1857956f59d609a53db71f6e8728104

SHA256
2d2e03970eba49ad72b5337957dbba044f99d8862fdf17a274ea80db303a5be6

SHA512
9a56d070b70d55591518adde01b434c19798d1688153ed89f1f7571a645e46e385db3cbd045d4284f4da095cfa70c5cc2cf5eda75e2f1b3576ba718f5f961901

Download Submit
C:\Users\Admin\Desktop\OptimizeRestart.DVR-MS

Filesize
1.1MB

MD5
b62babaf60827651cc4ee37e119c2beb

SHA1
e8d7b5ddaa0ab068d830daf12508c9d05eb2fee3

SHA256
7ed32d448f57fa11789335622b6a59e6e30c2e83c4fc5feb9951335ecc1d2e8f

SHA512
c6c2981394cbdb1e6c1d61b25c1e0044969db316dde68d71333026cc6a078c97708ef9981d092de3bd7334e9efdab172aae759b14d2f5d09690325b46369685c

Download Submit
C:\Users\Admin\Desktop\PingJoin.xhtml

Filesize
992KB

MD5
4ffeb39e5459825468b7b72be00c3b5a

SHA1
a226d788e4b8632f250ed77c342518bcd33af9d0

SHA256
da4c6c22573b58cd3b9c595223cb160d0615cccc351c4742c24ccfdfaaba4215

SHA512
9bf80519138a3f46fda58ad80bdbafd98bddda5094e23ae04bbfc39d7270fab1ce6a6bcc4ef9577c09c60645739e7a26925158a9a49036d350609ce9d4685ab4

Download Submit
C:\Users\Admin\Desktop\PopInvoke.xlsb

Filesize
1.2MB

MD5
652fba34f667b2ec57def138e7f0c902

SHA1
b8ba4e6401cd40fd59dd388ebc3ce2e68c32cb6b

SHA256
6306b0cef93efb665523f0a01298651826503e8c558333501c97c07a0332aa86

SHA512
bff2490164e13d307cabd1124bab33a74364c0344b05426475b1ed29fe3d51269ed542f30cdc9154637fd4d38a93ca915efc8d45bbc4c7a587a2f9bcb33db596

Download Submit
C:\Users\Admin\Desktop\ProtectMove.css

Filesize
1.3MB

MD5
111979dd76454fe5c0d76e53ad228a27

SHA1
d7570e3f5afcacf5e98604d86648db50e2f89fcc

SHA256
9bdf940120e1587a6ca781a327968d7701f9df29249baa042b49fb8c4880934a

SHA512
919a87c9ad4e263599a3dbc728937d8f319d5b61fa52d9bcde5a2cf48fbf415cf1b30be06efcf0cd7ab29b002905652cbe25e1abef1d37e9725fcb5a5b29f205

Download Submit
C:\Users\Admin\Desktop\PushCheckpoint.rm

Filesize
772KB

MD5
054dcebb2c02f311d152f80a42275ace

SHA1
ce0a7951c6d006c38e2218f375e8e6190a14d821

SHA256
5079b1383b8cdb0a4f7749b96dc59231b6a56c5930f807ab864bfdc4242a9aef

SHA512
a8fa28bde777454a1dd4255f60c4e5d7128b548780c74882ea27b8c165cdf1fcc356e51dfcae73e487b83536f006bc009ce8b461054ce3fbb28974c4fabc9215

Download Submit
C:\Users\Admin\Desktop\PushInvoke.temp

Filesize
1.0MB

MD5
9b55f1634104282b63131a04439132d2

SHA1
9c9a537ad220caaf689292c44c9ee15fc05782c7

SHA256
530428e29930847682d8da6579de6cfaa131ec88b307d35ea09286ad2f26e0f8

SHA512
a5ebc648d730b5b349d0772d6c23f9bf37971703c06847420c0e2251420d0ee33034d4ff3e09f6236ee1ce709e9df3282ac87196435b3ad551b120e5e711c84b

Download Submit
C:\Users\Admin\Desktop\RepairLimit.otf

Filesize
1.1MB

MD5
b5bb720638406b1ee85f328bc669593b

SHA1
6c6f2dee46b4c7baa5b4b446d0a205777dee28fe

SHA256
631f2049d0be6546883a5fea0466018c94d689cd7caacaf62a050ec806937354

SHA512
2a95a2b0d704c08cb8a0cde94e50cc4d6d02201a4e849cda5f63e0088618c54cec1b655c73f3f8e0126e92957d5656a220dcdffe940be4311abf3c3aac064497

Download Submit
C:\Users\Admin\Desktop\RepairRedo.lnk

Filesize
595KB

MD5
7bd74b90cec04610309fbf97290844d3

SHA1
cd0a4bced296c0c06d0c0d5fff5cfd5d56b838dd

SHA256
07a8efb8eff9772c00d7a7dd4634d44aa5d62564d7970abc3b6c50b72f7c7637

SHA512
aacff73f666add25233d5931a42deac204cd9f8fcdb68e4ed76ee210a96cf377343b9f7e8ea27a19958a50733c81fc29da716922d880107f347db8d7d97d4d67

Download Submit
C:\Users\Admin\Desktop\RestartUnpublish.docx

Filesize
14KB

MD5
976041b44668031714887aaa391c2a34

SHA1
8c1d7e984943bffa6196bcc23f37b58b6607351a

SHA256
ee779ead94ddf2131dc9299d3b648c59707ae5d8b822e45faca85df1f08f8e28

SHA512
1991b6d586eb2a520378d4848dd98307f9eb042944a5c1ceb01ea00fef6320b314b6420a76e7621e1ca150bf7540e53422154c7d2a49e763bd82d414f5824443

Download Submit
C:\Users\Admin\Desktop\ResumeSync.TS

Filesize
507KB

MD5
84ae4947b80fd29364369ef08419778a

SHA1
b54ca8aa0cdd56bbe66cf97cb964db850b2bb409

SHA256
48d3cad3f954610b91ca473c688198d2fa544c177d7bdfa65a3f6382201ac98e

SHA512
6fd18eeb5d23f82033a8a70b247f4cdfbbb86098e6fc6a24fc78fd98daf772ff1a759b3c2e24f3e0fdbe10f7114944edad21715501afa1ad94e93921e3696248

Download Submit
C:\Users\Admin\Desktop\SendOpen.m4v

Filesize
860KB

MD5
7a468d59a6c72ac7da8cc1e95138e48a

SHA1
3119a019d9f96aab10051912f8dbf1d040a7a8fb

SHA256
d7ef57fca80f730ba2be4d8a39551d42ee17a15796a94a8240e3241034adb27d

SHA512
38977fd63e3a597122f4b62a8da8f8e4e3a54476bd0f9377140b7f37879fe6559774d6617b86a87f68674436731ea660b294608c3a88391d47be3127d9e14fe0

Download Submit
C:\Users\Admin\Desktop\SetOpen.fon

Filesize
1.1MB

MD5
eedf15cd0357e60a813d1ebf898ba297

SHA1
e3f3aad0e210b15e8b409a4ff109f82fb399cc72

SHA256
6df7b154b5a02d243f52856451786f4c8aa8b6525d0a5efc8fab64609b33417f

SHA512
97edec2ee6a1c839e2c5f2bc4f14ce4ec12dd5e4c419eae82f51c4eb93a440327b995d0c38fcd884c863e9d5ee1b2c81022eb5e88c70399da56d0cd5443728af

Download Submit
C:\Users\Admin\Desktop\ShowCompare.mp2v

Filesize
463KB

MD5
d9280ee9f750712837f07605c3728344

SHA1
3d63edd40005429d8a7b64f7b0b2e66a76f5cf03

SHA256
02c7b81e7152ff053e62c81206e870cfdb0dcb89f6887a5e00782a2daca0e3fb

SHA512
eba48e773c8cb284586cf4885430aebd7a377e3fd87f7074cbe298ca21a3254d019fe1c46d2656c4b49552374ce1bf09e33478e595c3af4e4535338cb0001711

Download Submit
C:\Users\Admin\Desktop\SkipMove.dotm

Filesize
948KB

MD5
da0c418d473afbcf2b017fe7c356bbbd

SHA1
d7f198bde363632f91daf34b4ccfddd566491442

SHA256
8a7539d78651e1147fa3dbd306e3c365b64b54601bf2584c7941bb6d00a4cb5e

SHA512
335500a7843675ccea5b251e44e85c26baded41dcb5eb603f0f7f0ca5bfb0b97e1071e9f152c890686e6f86a4cbb8d8079418c9a83bb711cc92a40eba6463a6e

Download Submit
C:\Users\Admin\Desktop\SuspendRestart.odp

Filesize
816KB

MD5
725c1943ad2fece7503fd1e01f8f067d

SHA1
7bd42ddfdebe5176cd2213ca32da9ffccb3a9c34

SHA256
b50d835e4d5a52285d55bc50d8c2d23c60c66b9532f720bbc58baa56f4e2a64e

SHA512
6e1fda748acb725d5f637382a9fcd49c646be50ba78852899398c6173f943450b3ca163db2ee0b01e40b49a02dd454a1bed7827b51867acc4da3012cb37b4799

Download Submit
C:\Users\Admin\Desktop\UnblockSplit.ppsx

Filesize
683KB

MD5
2f84bce9c6a5a7e433ab92861163543f

SHA1
9a73c3fb1747b39dab0b1edb4ab87eb01b266348

SHA256
92358e6a4f79acd3124a885f8cb63d966a8ffc56bcee5ae04baa08407ea79788

SHA512
33251d689d91bc852c5713c59e7f01b4c65cf807f56ed6cea925c2141203eae5264bbf58e0dee9d7b4f1c05242ddc1c4460e4209807e17a6377633f264156473

Download Submit
C:\Users\Admin\Desktop\UseDebug.tiff

Filesize
904KB

MD5
b1c84f605340664020021a47d1da8ce5

SHA1
ebd0dce1e99766b119b729b6d8bc3f8fc51f1b6c

SHA256
de329b300e7878f6b234e835c01e1d5cbc063b8c4dbb0a8a6f6096de4d8c970a

SHA512
fd7d75bf56400e487417df592c6a34fd24d9a927aa4545187ec5380a13915e98428651e02f30f52f66adee5aeba9c284593d8de011a8dd9e59a6ef590f184445

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
79a69d2dac9b08fa6d7dd4dafd80357d

SHA1
c775fdb2169ea579c5c961c9e57a18525d4d2312

SHA256
87b4a71d28cf78f7e9a704e7bb24caec6ddf3200069b92be98907bbf4097989d

SHA512
423867fd37383262a9208a6ff03c42b07096ea98a51e6ffcd6518209fc062f7f872fa09d01f4e6b42385a12bbd0700f7946a78097cf654ce7aaf74260c5e58f4

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
e08ebbaa78936a73061ce0a03b333e04

SHA1
cc4c0cede34143f5614eddf0ae33dd738562d053

SHA256
a03ad6083ee6cddb441019921172b8c075e1830eed84b6b02679edfb1faf3de7

SHA512
48dd6fb92ecb1564cb26ebd23c1cab13b56162df22863539c7d47f4e7081633f517e2a3f213de4c33a0e1fa773d7b8f04418eb13a7a9e84a60acb0e0d4e0b97b

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
e83ba60451e03769c71ca7d6f562b79d

SHA1
115fe5fb43053441c7c9cbf9570153c008e7f7ab

SHA256
477a91dc038fe5153b8d142781692e20a10c7cd1aaaba716c0e5761b9281221a

SHA512
0bfad60f86627c435d10464d3dd30121a26dd112945c3f543c51997c8238f4b9e0485bb4e2e7d488d2f178dcf09991c157bf1abbc38185ca39344950d00b8396

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
40ff2ad76890b7b0bf8bdedb1d6f2454

SHA1
752e40128b22eeccbcd2e86e7d2ad4554ef5b6cf

SHA256
c2f1b35051102822ae24f683008004da4d63314b1a0fef26eb1eade6e33b1b36

SHA512
aac14c8dc36e968a4d95bdcd8881f5419310b5fed19343070dd9da1207034c7ee056eeeac36112e76d5293ea9105a298e112c82e7f8a40f3d58827965b0cc2cd

Download Submit