6c499a4af1f9348ab6ffdcf49eabb0999f2d60976cca109cb4812747c5b7e1db

Resubmissions

22/07/2024, 19:36

240722-yblayathqf 6

22/07/2024, 19:33

240722-x9gjzatgnd 4

22/07/2024, 19:29

240722-x7n62atfpf 6

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

accesibility_window_abc.png
Size

457B
MD5

bea6c589482c2d3823e16178a9e3eb64
SHA1

e19805c08e403f06b7579626fcb6e34166dc9d5d
SHA256

6c499a4af1f9348ab6ffdcf49eabb0999f2d60976cca109cb4812747c5b7e1db
SHA512

892fb6079d12a8b86872ffcdb2dc309993400ec82e99eac275e1e1ae1a402bfdfaf39fb171dafcd0d4579d020d55208281392eb186d02d897b73fe5a22182489

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661504462624505"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 4496	1896	chrome.exe	90
PID 1896 wrote to memory of 4496	1896	chrome.exe	90
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 3076	1896	chrome.exe	91
PID 1896 wrote to memory of 768	1896	chrome.exe	92
PID 1896 wrote to memory of 768	1896	chrome.exe	92
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93
PID 1896 wrote to memory of 968	1896	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\accesibility_window_abc.png
1⤵
PID:4500

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3580

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9da2ecc40,0x7ff9da2ecc4c,0x7ff9da2ecc58
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4720
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6182b4698,0x7ff6182b46a4,0x7ff6182b46b0
    3⤵
    - Drops file in Windows directory
    PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4280,i,16825601959883556724,4524278157849387298,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2208

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b1f4b56b97f6f92b82f037b2ef690666

SHA1
101b10ba2bdbabee1cec5e80a3784b0811528d1f

SHA256
57f8e051d007ae5c96c01d8b38ad5a35bb5b20dd6de9145778d7487033276de6

SHA512
80f4674f41ac04429953fd85cf3038c008eb9bf3b5a5afc2d0aa02ade986fb63513e1804481fb1b72f89cca795e316db592cca4e516913a18e4b137deda19d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f6712afb8a9be40315fe79719e17d8f7

SHA1
2ad2adadf94eb284ff0845fbc438273e7d41a3f7

SHA256
22493bcbff267f6761c22f30bbd79524e5fdab6a6bd40916ef0a6e37a98a133b

SHA512
4a0e0c5259150caac3f9e558bee4c155553e968fbc728b0793ac58e2080b645f59025d32a11a6dfee3692fe89e7d7c92a5d2d2ff7184a5871190da02a021804c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7255b9a181f28f8c0171eba1b8c7c2f9

SHA1
8160afbdd0d00fdf25199940789e50a2af99843d

SHA256
d4d479d2b0caffab2d1351f66dd8a8f72f7cc1e008cadbbc60ead5a5bbb4bd0e

SHA512
8107d0b4e8114703cc7cbfd655d67ee23ede6748f242de9b8ac570f3afd87d37e93ab3d4bf90c51796cfc7f2fe5d105869c11851d2c936ef69bd68b3dedac0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6cf59ba609eec95ccd95c5a9483e81ea

SHA1
9d2ee4acbe193e4ca824f52d304e02139048794f

SHA256
c2cfb5ff951f0c5c85f335f904f976f630f9514e9d203528c96584a1ee4cf2f5

SHA512
f84eb546b11f84b53c4f18d12d091d554a7a14dc80ace6e8cb57f10a39aa826e7cc7a6e2c4db836c95657812523a8e43d71b33dbe3fc5660c157c8d1d49d8e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ead26181737ba6ce3cb7afcada5f11a

SHA1
4a69df5466f61b3eb01685f9eab09f10e9ef7b66

SHA256
448f290661dc8b9ef64398d981d8dfd100c9fab76286bf0e2b3268ff425c82ed

SHA512
a42ae21b32a90eb19b5fbc20330e95cc3b2aaf47f7ade7c256d30278c46f8e2959334ba3850f328b0e9350647a97badbc28e6d918b386a0a86c7fb82819badc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
035c238231908f5d3791c05821651f75

SHA1
4ef5f271fa9748762c839c8a76922aa22fc53c89

SHA256
bafca1a5aef899efa19d5b175d3c5374ed9210133625426ecddfd6411b59e8bd

SHA512
7a500957829df23ff08522679fd634cc76fda8df7da65f7b3d1693e16487fc63b11cb763e6b1f0ff3a91a3db08e24700eedc23e4b4c55246607e6e2ee44b05a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdc7b9d3eb5a8b775bea6a05d22d43f2

SHA1
3fe9cc6bf70ce22d3d040f288d8c99858e669e5b

SHA256
d7ac27e7b049a3aa17289e8c7716f64c347e01e23cd9390ca147bad0fc5631ff

SHA512
9ab3564037f36279d0d607b398511b68e27929e15203ee95d47db8f52b21d64e4803ed80a96307247da9d2d6de604393b782d3725ee5783f1310479598b02f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc39e8bf27dfcccf73be107e9391c5f7

SHA1
8951200cdab89eb6a7eda66c2688c6b8fff992bc

SHA256
22f5b118e25f967a179a0749feee37ba1872e65448268fffb9267ef6ee920f38

SHA512
3791b91e94bd65975761f9553e35224d5919e99a73ff64b72aafd89015de4b793dd0cf1c3f77b2a6fbaaf399d45aede2b2016636c859653debe874d67c9e6e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b5bf5fb0eac6639e375f6170b4cf14d

SHA1
53e9bb3bc90b8997f0b2df1602c623d9521078ea

SHA256
6c05c64a28044f5cb45f9adf102dcdd38a5e8e7e4fe8667cc8953152cd8be146

SHA512
26012b107117a3976dcb56b2e61be00f4660df753fcc8c4c0233f0329ce7735b31225da4b0cca600d7f952d25fdfccf641f1646ee40c45cc3c97dd565b18eb07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2086a201d2b09cb7a57d4debe0f7027

SHA1
4b13e5edf91fe01d491e87a877d8230775f4f063

SHA256
42f1ed042bb4012977c77a2f57a5487e903ad819f6730a2e4b9175008f55938a

SHA512
cabe1a243e6df648cfd3355c661c0e4807e6ec3291f300d4ff1fb7d926b447f4f4a5771edd0965bc4a177eec666b238862df45b3ad8fc645083227884278c1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00fe59bcf4f970237146302bf50d4da5

SHA1
1cb29901c989f46fc6d6a760fc500c92e8547caa

SHA256
3a0a60f2e87ccc1241d6b1f745e615e354b3f8ffe3efa53877aac54a146c0611

SHA512
87d310c885ec4a7d5acd745c4fb2543617e121756bba7c013db90e5e3877b6fea582309a6082aa39973cee7ddcc4e8ac30ebcf66d0c2376276ceb1ac3d02dd94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8e6add4dfe2e196611c5f9cd88b30489

SHA1
a8d99215d1a4eedb3cb693f9052c7ac95e79cb2b

SHA256
08be97919c3935752aebda90f2268daa836d112548968b59b3b10482c87d6565

SHA512
945b773ef1de30d0b3da5e378aea4e99aafb2f612ef255b73f72b93c5e2f8dafe607fa7838eb7996d2664e22b5852781945708b109c3cd84f7bfce0256d87d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
8d140fd43e0aff3ac7d2257ad89dd5e7

SHA1
cfe451356ea0346d196523073ccca6dda4230a81

SHA256
0b9e10898072f916661c92e8a4ab472bc8a59ff41ee200c8e1e609edb896050a

SHA512
cdb80fdf6293f3bedd229d3ce125110842b8b22e73ca47d70c32152922f1573f4ac5c5a392d018ce0b94afa24d684aa8fba5764e6d910653908515cb03a59249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
dca7175cb483ce13ddfe8c5671167d67

SHA1
59a2c43d42a560d339e056524c34e7b273007c09

SHA256
f19b6c58623a8c874c12320c18ee21dfbf3f652c7a82ad126021432ec3d42a01

SHA512
c14ad92256c2728e5b4978dedb259a54bda5ca3ac1e3734198704faeb0fa3a7204fff0e78e468515dfc22a202c841c3aadebcc6419f62c0892ed4f59c8f709df

Download Submit
C:\Users\Admin\Desktop\ApproveUpdate.ttc

Filesize
392KB

MD5
f086372f4a1e02dbe6208d8fce50c34b

SHA1
8b65cdec239d3f0f34bfe8ac956c623ee9c6f46b

SHA256
65ecc9f68a56e0cfc6632510dedbd62c4468cbd54441dcb56efb4278a79f12a3

SHA512
5d8db2f942ef76f069720e797c02633d7ef19ee5174001cb7db8ca09b65f2d65c42c2551b435f7f10943cbe63a89fb4963ce99a5f56fe567bb47cff23794ca15

Download Submit
C:\Users\Admin\Desktop\ClearApprove.emf

Filesize
339KB

MD5
38aafe063c656ebacac4872aa6beff53

SHA1
ec8d3abd53df25a55cfad35a63903efe240648b2

SHA256
dc8a44ad03897af88d328cd9c6a275f18dcc4f8841cb2e8c9c881af05738ed5e

SHA512
c4a200af7b7bfa71f457e7a23b649f07a33d2007dd49e2668c5b904099e68f60dbcca086002a046bcaa196ce48c41d29b84a39917f94688d6c2a5a3ee3a67927

Download Submit
C:\Users\Admin\Desktop\ClearUpdate.clr

Filesize
212KB

MD5
46b3b8870f00e9bb6f3d84162a91b50b

SHA1
d98092b4a5b935ab3979eab167c7cec54c4a26ca

SHA256
94f7d299a24b85005218a86e3edd0363da20eacbd867269c4e2ad9fc48fc6b6a

SHA512
9ef25b57b79fb8698898e333439e435f18698226568e69ff36480e2570f04e1cc86d8b6542916567d3932a71e6e2fe1522e1c88d754df9ebbb5218186fefc8d6

Download Submit
C:\Users\Admin\Desktop\CloseOptimize.xlsb

Filesize
137KB

MD5
4c28d4250decddabdf125efe974c34d0

SHA1
fa05cd8d5b1749d72d33e9c5abe3b14c67fcc561

SHA256
7720dd3ee138d6349c1b0ab3d0dd10e2401b22ed64cc814f7a8a2c45d88fecce

SHA512
03562cef6104ee2f23f72ab247ad45ced84ab37a490a7fab624645734d25b66b0b9f03f1cf11b7fcf4b2387b82088b11821f20b5967272f5d6da11ce5daa5005

Download Submit
C:\Users\Admin\Desktop\CompareAssert.xlsx

Filesize
13KB

MD5
7a471e648115f53f936a5ce7de89971d

SHA1
6de43941a038fba0b721507efe6494155b470d9d

SHA256
e352ce0037649925e8f9df297c8de072cfdbab1b9fd5ad80e6394dde6b96dbdc

SHA512
cda4d2bcca505bd59ca4bb2029c64d7a287ce8844018422ccc1279d8da793a7dd4df11889c50b05df19096712fff44c3c2f330d03d47911ca217250b61b1c7ca

Download Submit
C:\Users\Admin\Desktop\ConvertFromConfirm.mov

Filesize
169KB

MD5
f90bd987c74bdcdcccf4919b4159cb72

SHA1
7c1eeabfb6d8575985e8f5db2a5902ff744aa261

SHA256
2aaf80e9011ae10b55a68567aa1bb6f10d36bf18384baa6a33420244281e33b2

SHA512
1b857cf8dd5e6bcb7756003bada9ac229f709c0b2c4b5b9d350cee35c9e6c5233fc64f5b27e85594a97178c4f41b3af6ddef58ff83ca1bc63afc05e0afa25d12

Download Submit
C:\Users\Admin\Desktop\ConvertToGrant.vdw

Filesize
243KB

MD5
126db39624a7f65e3479ce59d6399b84

SHA1
433cdaea8e54d8ca8e59a57e91f6667cf1b3b298

SHA256
f91e03057273426e21956c15a0f5a4f799e50eec26507d59a4003b68b0447e7f

SHA512
20f3bfe28ee10d7cbb148c3c1e0a1c43db27eec64050a63ffda29ac738cf3a946a7638944c5d65dc54eb5bbe6d3132161a231f7bca5a416cb35fc478b40453b1

Download Submit
C:\Users\Admin\Desktop\CopyReset.dotx

Filesize
318KB

MD5
379dd69f94572fedd5a0c961c37a91a9

SHA1
ab6fe8c7bd2301efd45862526cec94ee56fc4028

SHA256
00a3ab3c9c50dc510a8bca9ef8ca55d54892d769c047d9014877c670eaf07ce5

SHA512
f23f3493bc776ec0f1419501241e0f0684ca0674164b931ec73ace1f2c81338b2f84c19c57322d51e8147c5ba2be3fdfeec9d6e8bb3fd634916a1b33db12f852

Download Submit
C:\Users\Admin\Desktop\EnterUpdate.m4a

Filesize
148KB

MD5
8114cac1d7d6c4d3cb69cc8243c7c51f

SHA1
31eb435e264d74edaa1d0365be74b68484073f9f

SHA256
85cf5a6e3d845b69e2ee862ba219a1fadfbf610f113652562fdecb35c4e3e7e1

SHA512
f55c92e69614099ad766514a56ae37ec0f21bd70fe0a66b049d039f528441def6f3b7ec63cde9d71673b60e01e83f5176ad2eb877cc1305c6093ef049b362069

Download Submit
C:\Users\Admin\Desktop\FormatSelect.xhtml

Filesize
159KB

MD5
c0042ad8076ff88a164601ec5f5792f0

SHA1
e7971e2466b623ef7431268bff5b1ea02e2982ff

SHA256
b942f521ca45df7832ed11af12764e00b41834a16e8e135977342e20eb699810

SHA512
f65dc2e200b2edf017dbaa30878c4459a1b8ca64c800c6e82c90455cf852327d0711fdf745cc58e2d1a9f5f06b154de0fa26cab3702dc35e7b7a6303abbdfdd3

Download Submit
C:\Users\Admin\Desktop\GrantClear.tif

Filesize
190KB

MD5
c35cd74cf1322793a1d2c6b1af83b974

SHA1
b323dffbed5a8b7493c1bead9e3feab4bdafae58

SHA256
eb1d3d8d781043fe32a4bb12e9743241df2dddd86a5bcf55ca53372cbdf204a4

SHA512
5d132eab6cdec31e2fa8ec1847808a5114b7671e847eef62bd6a177745f4de2ad745711ece88099b29b3412ac3f78248a19fe0dd03846c2715c51aaff95bedb9

Download Submit
C:\Users\Admin\Desktop\InstallSet.html

Filesize
540KB

MD5
3f41d557de5cb5e6562ce62c23fd2925

SHA1
73faec9cedab8e204a1bb999d52136d01d5ff59a

SHA256
767a45e38f021395b12653977862785e882ceb330f2cededf748fdffc40e5850

SHA512
61d02e75c524da6d8e5e82c3b6bc9b404d1faa906da540108cbf08295b6e0da388843002ede2370eb607614745b756935260600a001743728ad1368440812f26

Download Submit
C:\Users\Admin\Desktop\JoinEnable.fon

Filesize
180KB

MD5
6a6188ef27101690ec0693b42698d7e2

SHA1
a85a3d2d8b64f44e7260473b4a418ecf555a408a

SHA256
1c5db227bf7bf6887db94368ffa0146d4fbf9c2fd54d121a9778c78ec828ab76

SHA512
488bc7cb4c3990036b41bbc57c16fc9042ea3356820696361bd70866373cef3f1aa32d242681244658326693fbc4fd77092f37ac7d86a9ef4c86365883da1ba3

Download Submit
C:\Users\Admin\Desktop\JoinSync.wdp

Filesize
296KB

MD5
c50f4711b901da5f9b776e81b89b7e6d

SHA1
2191217edc84dacf7a690c53a68e2d60b2a82579

SHA256
2dfe1f6c77ced48abd8f4ff5f24be1bf7281fd27712977631f92f43af312c63e

SHA512
e974c506bf4cc7d7c31edc9034e37e01e8fb9dd7f04818eaa0e2f29105b8f38d43e49c9c18c154c811270fc1c23ef1475c653ed62667e4ce0e2f47ce27a661a9

Download Submit
C:\Users\Admin\Desktop\LockBlock.css

Filesize
360KB

MD5
988e306d2b71713f608d0a92ec25c9c1

SHA1
f050f7432b27a23a9685db6cf28d149d38ef65a5

SHA256
1950a34f90a5a617838ae0dca4baf7aa5e2ca172767c8bba2a4949734551c5ec

SHA512
9565d08544bebedfed0c41bf7b78f820c3968616469bfc5603b732ef7bcc03a3f0e67cc77c9f988fca95ce9036ea1c19cb654a2ab4ca0ecac6f3dd6891ffcc54

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
f83d0d663c955cfed2fcce612e9af0bb

SHA1
7bd6554d49f5db3df51d22ce91bb66f673b75c38

SHA256
09f6b911ed34cd2805f1383dbb7e2c0d2d464554a835c3a23e8566b958a30505

SHA512
d79c9c8c64f13919b0ef5376d4a899634c544575c9ec9822268c361ed8b32808d69f1998e398a1e9c4e93df622df5bc84da55f19a49e14a508ad9898cf1c8e6f

Download Submit
C:\Users\Admin\Desktop\MoveMount.asx

Filesize
275KB

MD5
d217e9ad0364217df86319a11e95c9d5

SHA1
a9551cfda085bf4a39a7becf8e7eae55dded4abb

SHA256
28fb36d71e0211067a42dbf61a6e48e66aa7f32125841517a48517dd6594f4de

SHA512
162e9fc58b1f5c4ee204fcb35186759affcf032346bcc8b18f16baf25a225e447e06446236e335bbf343afd18f866abdb920e2d090fdc917d1c205bd51d8c53d

Download Submit
C:\Users\Admin\Desktop\MoveProtect.mpeg

Filesize
201KB

MD5
0daaf4d5955a2dc8fa50f8a22a878afa

SHA1
51b380cf016cd7e11455587d88e639bfd3b2df81

SHA256
0ee85958d8ed1e6945f58608e996d61570f54e4559d62aa1ffcccbe93bf2935c

SHA512
23c60d3a4ac1a86e379b8c83c16ff5558118eea9202f04c6b4c842c6d723cadf800ebb122e7e00ba6ae3be6b516e84cb0db815335d1aae21d5a6025bc53b2138

Download Submit
C:\Users\Admin\Desktop\RemoveConvert.mhtml

Filesize
307KB

MD5
f78e86d01636792cab7610e6d5f39e30

SHA1
46b129ec7cb950fbf6f7b0ff536519052c54530e

SHA256
42c1371111e60b686d082aa7dc637d54f08a19e26f5824c9fde316d6d3690513

SHA512
fababead8f86f338935d898bc4b5d6b1e68c6065bf12c1c0d0ebf5694ac4127eadaf63a3ee8c13199071161105e3e3fe2196999f7bf15fe9ad6adda62acbcc30

Download Submit
C:\Users\Admin\Desktop\RemoveTest.raw

Filesize
222KB

MD5
e913a813d70992ce7f67527c9c1351da

SHA1
9375ce2865acb74042badae15148a86352cd082e

SHA256
f1d98c3012ada2beeac78d3d29054db4aba121798eac74037d1e3079e77811be

SHA512
cadec2cf4ca84c44c9f3487d76096a620f76b6972935d002d9d459d44e00b7ec4775de11d64a3f0f1f2c63761368a7a986d7fbbda2caabef8ddbf02b216b4a73

Download Submit
C:\Users\Admin\Desktop\ResumeSplit.docx

Filesize
13KB

MD5
22289e7c020e2fc55fb8b092932d47a5

SHA1
d603d69a975ce33700cc0b000fe58e6a5e6203e9

SHA256
1ac2df0b7a693c3407e6651ae2d08f5e05563ece0f44b5fc2027491b20b09e1d

SHA512
9bf31c43ac6ad6e37c237b8ce9bb3adcd2ecb777674843882ef4f53b56f9a04020b8f01cee834bd3355a601f9b755e2e97a2ad672921fbacdf0981341ff387ec

Download Submit
C:\Users\Admin\Desktop\SetEdit.m1v

Filesize
381KB

MD5
313389e5e9e87dd01355d534e47055a4

SHA1
3b8d4343798960dc7aefc434bd3f4bd4ecc378dd

SHA256
f6a9b4a71341a79d1da9607157943108fe1c4fd7288fee7eb5db413e3f1716f9

SHA512
17ae6457f5dddd9669cfa8750384e81db323e608a1c19e5143e9807f44be3d29ed8eafcaa5e994de871d353d3a1124290ce8ff0fef52be930b8bb74aa3b99a0f

Download Submit
C:\Users\Admin\Desktop\SetWatch.dll

Filesize
349KB

MD5
e78700589a240e570634647546edc5a3

SHA1
4eb31333484bdfe4c5b1a60914dff7de80b1f876

SHA256
11498eebd5b0c711fe05305fe66596af687bfe5479424aacb58774c0b600251f

SHA512
5894d2c7267a1662c94a8983a11b37206066cb47a549577ca8e2fda6f9eeed371003168ffff1407fed1e25d148ddfe98aee1b1b65e622e2d24f4910257f08452

Download Submit
C:\Users\Admin\Desktop\SuspendConvertFrom.dwfx

Filesize
233KB

MD5
4d649fff5a9a1d1d2dadbe88224e3b5f

SHA1
ac7186b91b054e7a4c820ef203397a4d9f20ff5e

SHA256
1968691a466a0fc5a67326a557f3416b58b40740dd9dd5bc358f24ace37d6214

SHA512
dcece01262752fa897b8556a7ba0aa16ab79d8f12ade43e31daf2d7bb57681f64115073c42bc01573dcd985b154215f8588c85c7be510d638b54cd3c72e79349

Download Submit
C:\Users\Admin\Desktop\SuspendJoin.xhtml

Filesize
286KB

MD5
70bb1921c52aaa1b2651b60be47875fa

SHA1
7fbe080bcdb1c3fc2bd8b2d44fcbf562369665d7

SHA256
831c338916c3349a4507f46a6827d8d0e3c29c405cc9c871f6cf79c98fe7d9d2

SHA512
82e5496ea55a50fa5568d8865b1375186818cd86429656c44925f0f35c5d97cc3346fa8f07b554419f0444c1d6d5c767a4da6d7b2902259f502aa6db1eb63cfb

Download Submit
C:\Users\Admin\Desktop\TraceCompress.pps

Filesize
254KB

MD5
b2ec028676f37fcd04c5e1227e69563a

SHA1
16af2e3a025a70940cad166bf6b89153ad5b01c4

SHA256
0463197f4aa4c75b8e69adf112b08f21b012d6c03d8742a422a6f0e7a49cc709

SHA512
c686653c890b2d44e9a17ec8767c004ad406544428af60cbd6f2f5714ff1e1b32ee7a12de14a1b2d0b585044aaa8052abe4b17bf7d02af9623498ace68f3bb27

Download Submit
C:\Users\Admin\Desktop\UnblockSync.xml

Filesize
371KB

MD5
d472877aa40cac247170fb94d6aee9a4

SHA1
9764b252d4d846578b080b06197da016c9c453ac

SHA256
e1b6eb686fba861f5a2f6fc582e572c2774243afb88c8d2ae5d7698641e8e207

SHA512
cef23d9a2b1467c0101609fc22cd97098cbb8c4ff6c161f08a0ead8a92605d1b710ca7e512f1453338d962352356883714fcbc2b9908aeeaad831ec57d42c8a0

Download Submit
C:\Users\Admin\Desktop\UninstallCompress.ps1xml

Filesize
328KB

MD5
e4159a8b510a2bc5198b40541e3c4947

SHA1
08482af11f5ffd377af2784a36b0cbe61004fb9b

SHA256
29998790153b14ebeaf9d7f703ebc20efda8f26a74f414b9e0d4132b73a34c89

SHA512
8a319333842cf1975f5a7eaddc5628a83c6eccbe6f683cd85e6a8924e169c5565d66f6497b2e278341b1eaef7c67c6f8bda48ad4f7a623df31585371838359a3

Download Submit
C:\Users\Admin\Desktop\WriteGroup.xla

Filesize
265KB

MD5
9e76273a3403b8087f2ee84bacde33f0

SHA1
99ac51f5bbea2c89cd53ba4fe7ddb027b69d2ea1

SHA256
cd19537ab27152549a5b643c9b6a498ea5a17ba5d8b564c666888c93df446b58

SHA512
30a41cb76a5cd727797b5a0e8d6b4f8b3e0ce72c6a336595b56b7d2ce03abcc19e200857a962c34946027cb7d78dd3aee704124c0043e1eeefad794102a6a039

Download Submit