b170de7d97dae340bdf12d0c961ba6dc0fb11400ff2e24c0de2a1af1fe87d94b

Resubmissions

01-08-2024 22:24

240801-2bth4ateqh 5

01-08-2024 22:23

240801-2a9tpatenh 3

01-08-2024 22:20

240801-182qastdmb 3

Analysis

max time kernel
139s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

marywoofer.exe
Size

139KB
MD5

703fc4ab4db9c1335a346f39e060edee
SHA1

4bc6125fb17d05a117b6fe62d6d21da09529d434
SHA256

b170de7d97dae340bdf12d0c961ba6dc0fb11400ff2e24c0de2a1af1fe87d94b
SHA512

4e328ab353d99726be1acee91b178fb7c848a4145465b354bbdef620943e3319423949baf6408d862e5989c143b1113ce342bf16400b99209b11ab01f96a6090
SSDEEP

3072:SAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJZ8lWO:SAi4pxpRkyHRZa0Gl278IVNcDcW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670244685137629"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4468	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: 33	4464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4464	AUDIODG.EXE
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4468	EXCEL.EXE
4468	EXCEL.EXE
4468	EXCEL.EXE
4468	EXCEL.EXE
4468	EXCEL.EXE
4468	EXCEL.EXE
4468	EXCEL.EXE
4468	EXCEL.EXE
4468	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 2792	3208	chrome.exe	98
PID 3208 wrote to memory of 2792	3208	chrome.exe	98
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 3052	3208	chrome.exe	99
PID 3208 wrote to memory of 2160	3208	chrome.exe	100
PID 3208 wrote to memory of 2160	3208	chrome.exe	100
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101
PID 3208 wrote to memory of 3184	3208	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\marywoofer.exe
"C:\Users\Admin\AppData\Local\Temp\marywoofer.exe"
1⤵
PID:3564

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\UpdateTest.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff341dcc40,0x7fff341dcc4c,0x7fff341dcc58
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2004,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4900,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3480,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3280,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3512,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5276,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3576,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5448,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5468,i,8493652497674502371,16231880608740712317,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3068

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x3ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9ac1df1fde1a0c23f022042d7acbd2de

SHA1
606fb438b66c9a7190d0e28a46b46966f41902be

SHA256
63ed9092d739b961c51a46e028b998779b4f4c9adde168648879df02bfb707eb

SHA512
59efac0a3de2925826a06deb431520513909a7db46253501561a79522469a9fb087d4bddb45b4bf4a79cf2bbe0da84a8370d6b79c173443a6920f73e7ca4deb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e601d1d21a9a849db961b1e5c1d1e3f0

SHA1
62bd478a63495368f4efb45275c0d1c61943e2e5

SHA256
160419266999f08bacc9ba1d2be0b19f4ea2e3a1178a26afff867d1afcdba04c

SHA512
2903fe6ace8b4fcb0b8c0f2c96012450d77beeae726c847afaa44020e92b10b98c9f8db8fcb37d1ca69d8611b25b14c3406a1aaa8062e53123226e89389dcdc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
a2638b1784fd0b675dd57d9a534345f5

SHA1
5481d685fd94c5d715062f986e2efbafc6dd4146

SHA256
fe1926f415e980bcc9b6ba9e0b05b0fbd7119ab7791c9ebf2e79352babc09b39

SHA512
fea81ad87d64789a88dfc89c18e7b0ce366f11138db59b688df1748f150fe581f2bb511135376b7bcc8ec25126fc0a6e3aa4bc41e9661e8893b2c6763759e265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
42149c134078bf6ed10f5ccce65d8d06

SHA1
83dbc5a5d24bb85daf130bae9d5d6e12478831ff

SHA256
5ff6247294708de3bff992bfc95a8453d4587ead064a371319d0fd240cc305aa

SHA512
b90a743e6d01079e57e7223dee1614cdab086212dff7fae4b6159c1dbc8a5b700f80bf40ec66a38df91e197ba016fefbb297d6ebbc03970fd474452056ae73f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
07b540af7bb7e9f30441d59dad2beb1c

SHA1
ab9bea1dc1d077df82aa8501e7466cb35c3cb026

SHA256
8a661b90b82c03b8502d8674e9700fda5bc2c2208f8ebf2a8d7bf246fed205ec

SHA512
11d46f2e60c31da3655028acfe3da867ac5b301a17bde8a975e678650a26ebaebe7d815362c03c25d49e2c8fb98462aeef4064f3096194c9b111075bce05d559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9a5d7e21c506a7f79838ca9ac2180bb4

SHA1
39c9cba0600eabafe7695714419983e5d51eebe5

SHA256
95f37f234408141301f4d9a6b2f996b0ca79081635ce72964c7d7b3c4d7a6d81

SHA512
8fd7fb295e1c9d1bd55b589e84aec54f3fa2e00dab6c9c02ec7b44c20fd6b8a47895f8a728803f7982fec4bce5c1bb46494e4607edfee97364445d00c63d7e03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
e74348d0392e51304a2a3182d290381d

SHA1
afefd35fd9adb77db44f0eacbddfeb9b1e5c21c2

SHA256
f86b035071716d2a5433db884b9de6505969604eb1f0a773ca66f5c42560b28e

SHA512
7cf8b86dad60bd84576f503889a16c18f2c8b637c0b774f8cfa3bb5728322ff44f1573cc7f618b3fc444728976574d928f4126cf4b4fb12a97a1f80c69e4ce1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
156b14523eddfb7419ad2edc60fae1f4

SHA1
a27e235666d6f6acbfc75a8731cb9ee8cdfd9e27

SHA256
a73b5940c9c1a426c54a04165b93d3c63050acc671d3c4be276bbf71e129753e

SHA512
62e75c9b2b3598a78e9148f449ca46b18d61164b2391e6ee39211cbf7f7d4938b40b834ad77cd49fd59154a4ce900f59bcdd2a873cc04d989d6dab33d5105a50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53611b23bf2975669cfa867c1cf91c1f

SHA1
28a63fed5c1541a87755e9ef159146f8780580aa

SHA256
7c7777cd651edb0a7a7124ec80a32cfda15663779f57c1e0537c487bddac4189

SHA512
39d17cc56e9a14f18cd394d0b0ddf753914f8810ae8800948194eed31fb3265563d2b54b986aa83dbd28e94fd47a51d43cfda420cafea1640f5a67a982ddf9bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2155e3e0cfd79b3f5d4beb549082ea33

SHA1
e92198c1df919c23ea4e806ea15531b9cea9a1a1

SHA256
d2e813fcd07c6cdb54d86b75ea185331f34412e76fbdcfdb9357134c0ba4dafb

SHA512
066658a8629b3456c0a4334b0a33cc2c69f2f61ebd6aff71ad67a108af2ecfd6c53ca66562e42af6a564d4f421502658e0c40a9abb9ee5abbdaa5f8521312eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5d3112ec129160cbbb36bd25e9c4beae

SHA1
5df73db85b23cd11494de1c524ab0148f0a6b61d

SHA256
a96581b6eceafcec7c95c327554aa45cc87921c2bc0ad251c8c7523b5ddb0e24

SHA512
5f1efc73d4b577168e43416d618cbc967cc04a9e7ecfcafc3c2e5d96e5609af990ae25492372b108ecc8d66db428a59df0bfe96c5b3949912238ff03db848a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5454cc3e31e1a2593a9024090da8d320

SHA1
f1a874f3ea195ba56c4d1128415530727dc7574c

SHA256
5849343f88cc8e24f0b3f7bafa98d7fab5bae364a7630c3a06bbab6252c98ea8

SHA512
c2a2f74215d73d259244e861e07d51d88af6175ba1ce19c5deb2b327917f12c3406398cb4d2e6459c04390e9bd94f5aabc7ff17a1a40def44596f5962b91261e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3f17ee2b14ec65cab7f5af16fe78d18

SHA1
ea6199fe2597cccb3b04c3872ef5f228f6634f8d

SHA256
7df9458a01aa2997fd63f0bfce80d531f0a141834ae57c6acf2ded9a5131f308

SHA512
e527fb52f97b6302e963124bcc76520342fbb0d69333793f6e954ad640fc737abe50dacd805c66a4bd3912d0ae1d47a15e470d077bc07d21789db2dd60a89b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
59694907cf10d290d9dbde96ed1a2b94

SHA1
4f4cf1e7fd145a489c0bd43fff1a10a19bc2edbf

SHA256
d4b43a2bed36ecc04a3cd583d1c3373caa1ac450c1b8a7ab87a33e889f99d150

SHA512
756d7b482d079143cc17cf56a0fb6e272fee589751066831a36d776df36c6d4d93fe3c5b5bb94052c9c4d46430dd8e5a097df1528d56581f7074e979125dbdb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6b736cda535756394bb0e0ad16b5a53

SHA1
31b892d75c41b0d45d9ccaafccdeb25e2b9f74f8

SHA256
831048d50296b9121cfc168423d7a2263df51c6ad458d2342998515d6c872a0c

SHA512
4428ac5be02ef7a7bcfd05710c17ab0449ce1a8b57da7df54b61a8e36922ac35a27d79ed4f3d0a82b7437b7e9bd5683fe3ec65ccdaaf15b27f194e8bd131acb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ba73f3ed6e3dfb35fb8f74cf793991f

SHA1
0490be0a7bd8f49c70406cdff2a14e5024cb3558

SHA256
bd71dca8a0b911dc439b9ea8943f31ac111c2f3e301e9caf0a1d84293649e35c

SHA512
da869c0d0345641d6146e81b10073e510f555c20b01ae08abf5dbe7785218e7ec3e51c5967e2a07df008affc69f9a2cb747b4ece2f0aa891ff0e048e9a3b60ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e9c82f42c6046ec7097979b0e6bbe4ee

SHA1
bca959d1ab49f10684034a3fee536db8e137b87a

SHA256
40758d5f4aa654486fd6d79801e75b56aff7712cd9e17d43c9be87dda8629650

SHA512
a9834835a568a1d099b67d3d494660acaadbf76e29b453fd3555329d206d99e2890c488ae4537d1b1e5259251baa680339416740bc1753096246b331ddb949f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
49a348efe6cbfe2213750d9aba12cf1a

SHA1
6c54ea77882a2ac4fb41cf52820a31a6fae61538

SHA256
f9be96e18e89d930bcdf62c72c06739a5261835102d99dde67c6a077874dae76

SHA512
d77d712750d1fde0782b0f75052a3fd3cd9ce2c3fada9b9eb60ae4f5353fd5ebd3ea7bbe58b7bdf2a9ceb4a041e6f401a5b2b06df6fae8fa7732724dec230ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
3e9622a10bb2c5f44ddf2baaf3226f7f

SHA1
b004c0fb47c96be2bf50d0ae60cc2a9e9b2fd61d

SHA256
ffbd2f32135260c74d34e7a0289346f5443e704ed1b28bafb2da367c083d61e5

SHA512
24bf072eb1759f4b891686b96163482b1c687500a1e454b510789ce3973c9db539a9f1683cea1f3f1e702c6eda3b2ab9cff131f6bbd6c4c748db9c05ef9a32a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
14709aff55209f6a58b5d277faeceb3e

SHA1
437ff12caf5c0c4378119c5e6831ef510664ad0c

SHA256
b164e5d33bc6cf4d75ef1de075b008138b5583bf112e6a0dfdd067927ece0fa5

SHA512
727da840f73741df6e52c862825b9ece9a536f6140dc1cfa3c5c7b092297767050064b9cafe0adb58bc0b66b6fb2f3212026d2316f8869567fce5795a327127f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
8101aaec914cb2a8c729f4e470e02eba

SHA1
d25a4c438969bfe4932484880993f9ed43c328b5

SHA256
afe4f63250841e96f9e6e1cc2375724a7f2591fbcee600a45f103fd961d4348b

SHA512
f9eb478b9e80b234a5543fb63b935b78d174011fd1350fce746d6bcb00c9d0ae859c30ee177200023a036407a84555cd2d885b19a4cad14a90047f86e79d2610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
33efea79b689dbaa9fc1f9d3f52a5fb3

SHA1
754a516529194aec28d43ef4637da3608bc100ba

SHA256
01fa7e674f0f20bac25b486d78f2bee37bab8e23e34814610fa5128a09cedd67

SHA512
bd50925bc514009240ebfa50ff1717d8f438b09d84114016ca4a063f0a234947325e4282c6f2fbef3a4d38cfeba9b802688fa181ede5761cfc6d4cde06c8290e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\BlockRemove.potm

Filesize
1.1MB

MD5
f980711038b5a92d60ef2b1e01a4febc

SHA1
78ab6cc440a14f95f46050365e5f7ba1cca5c1a4

SHA256
020bd7d708df38dd49aa0c160efdc06d0a2158746918e0930cb20dc70335aa87

SHA512
37e927c14acd2d4cccb32a34ad47d4b8d3979155237cdf6095a2c4ab09f96d11c77f726afacbd51502dc33b2288bd279141490a23969c415bd070f532b2f05a6

Download Submit
C:\Users\Admin\Desktop\CompareWatch.m4a

Filesize
742KB

MD5
39b6d35664bd47e793bbb1d3ba1a862c

SHA1
01d9d908a9e4c1ee79428c4bd3f1389310a8bf1f

SHA256
54916a71e4a277eaa29f651ba9551472ee2be0c12a5f4ace7cb86709eb205cba

SHA512
ff70e6af5a3b74df08e55b81ff8f543708dc3a0421ff745db24bc81aaeb9a781790d7b8ed98b0cdc8484f8c4494a5014e318cd646e10ac8959089e4b80cb27fc

Download Submit
C:\Users\Admin\Desktop\FormatDisable.xlsx

Filesize
14KB

MD5
4186abd08bb111a70b1ad49573283608

SHA1
1624768b4d8c1984cf8740eeec583ca22b2446d8

SHA256
73c726ee31a46653201a6b83b9edd4cd178909664e41787e23136dcf4f315820

SHA512
1ec9e447b2ff92f97bde78abe025e7504e90b61cbff3ee421f207728e2b2280593c687785b91ecfae433f6cdcde74093c1f19b8e59126fb55f394a21e5bc9b95

Download Submit
C:\Users\Admin\Desktop\GroupBlock.tmp

Filesize
792KB

MD5
8179013f37d8596189b3d7d8beb4fbfd

SHA1
e2dfcac1807d4accf35f93aa58d3a36b1addcfe5

SHA256
d3c487a8fc30e8392db33780554b515fe01c494b481e6ae839b8cff177db8409

SHA512
a77399b6e84dbf5359d29e6cebad86b0bc4b7688c731ef222f4dcc3a4887a330dd30171b595bcc9c83dc40ad9ea80b4a68d5df29b68c79716ff6952cefc8dc2e

Download Submit
C:\Users\Admin\Desktop\JoinMount.docx

Filesize
541KB

MD5
96aafa4ea710c61ef0ecdd1b1ea3996a

SHA1
7c8c5f62af47bfdaefff9b2e230d0ccf9fb22924

SHA256
ade05dd72fac6eb83b290da678405e8268e14a70703be662259b3fc2f6388ef4

SHA512
5dd75e1bf9e4b31cca311b385947c389e14f5e4b076d438d3f2a3bdeb9823bcfab176dec5872278c1a3fc983472f489d91e6bb7398a069a08438ad8e2333a7b7

Download Submit
C:\Users\Admin\Desktop\MoveConfirm.vstx

Filesize
490KB

MD5
4dfa41dc45676b648e2093260c78ce91

SHA1
f0e3d8069488735c62a925fd7d20da2592797649

SHA256
33a7a91b2f16d2bc69f815bdde921e772d7f41911252566a8ca4849cd36d467a

SHA512
f0a1a8770e08371aeed90c16f7d84c4e8a362c7e62d8a5b90ccb813f110432cd89683745256b2460fc8775a5529de0ced21fd439a8481d9d91d3b4daa67d96a8

Download Submit
C:\Users\Admin\Desktop\ProtectEnter.bmp

Filesize
641KB

MD5
616bc247fead9f15b7cce3ebe022cf08

SHA1
1d2cc28400ad2405c178838fd99edcb0b87de057

SHA256
af21d67ba0f966af7d6ab4208a3b0a5f75ee7aa67af4140370f58ab238dd5b91

SHA512
354354a376ef0668452f9165a65a58bfbc6a400eb253230fa000da3536d399f52ee35b79789087ec7c4b951f72e3a31b550a27257e5a59bde7dc27299eeffcbf

Download Submit
C:\Users\Admin\Desktop\RepairCompress.odt

Filesize
692KB

MD5
a0f97cdc99cf78f208794602f20ae5ec

SHA1
8b201679e8e149cd258047dd304ab3a666b58980

SHA256
2917b46e6f64d2fc1f0791595ad75351adebffcbd511b8e5b4288307f37cc341

SHA512
74d09be3e0d1a198e3e19689b6085a2472a343872042325bab6880bdd12c3b76a968cc4a8f8b1a35c46c899422485129adaa47f68e7d6c8f7b0118c399a6b631

Download Submit
C:\Users\Admin\Desktop\RestartOut.mht

Filesize
515KB

MD5
d10dda1ec65b26b1c24e3809c46bbea6

SHA1
30ab8e382f6a02626cf987d5a1bca8c9fe672ceb

SHA256
7dec8c3ed3f86e4e9476293de7e10715f2819dbef27c9ddc628f75322aeba38c

SHA512
195d179ed5e03b081efbc1bf818ce8b3ef8f06ce534c93ca1902a92b44b5f395501d1edb75769effdee9b027cb73582755f224dc326d55d73bb66300ea64c669

Download Submit
C:\Users\Admin\Desktop\RevokeEnter.ADT

Filesize
666KB

MD5
562affbbe7d6f97795135040f2fbfc19

SHA1
bbbec0180c20e455d09cf45edcdc3cf90062178f

SHA256
d0136ab605d2cfea93349d5070db1e4cf8371b887ecd28d53592432bd8b5c96b

SHA512
719a55ece7c5ba74e4719f10b7cb2b88007bacdb4ad91ee0b8576b66d086d0a7e0c3af6f07001929a08d7c166c076b678debfbd76e1e69c3ad5c33cacd060161

Download Submit
C:\Users\Admin\Desktop\SetPush.mpeg3

Filesize
364KB

MD5
ff16cac636572bbbd68dbe07691b3b24

SHA1
134e829a5a1fc345508ca70d85822c161ed11fed

SHA256
ee0276cb460bed78e43f948f3580d4dd888f552e131f611bd79d9ccfc61be0ff

SHA512
3cf6f3574a189564d65465de18372b8d039ed709589e82b12a8c25d43fd2876207daab1eec17f310b1199bc9de94d948a3a0221f8632c60dc341f8e360cab0e9

Download Submit
C:\Users\Admin\Desktop\SyncWait.vsd

Filesize
415KB

MD5
09821b8f223b009731ceb0098f74ba72

SHA1
66ef27e51b45da3119db257a02c3ac8df2061c82

SHA256
d0ad544dab0a5072a39d46fc292323dd5e403731b72d947c0ee3126d80656e4a

SHA512
8c871f7b2d30e8310d9a382827a8538d4963e62c90a6d697aea14ce74b2121e67b78be3c4ffc89a7d37facadfe432189ce6c11e2443d5cc7dba3e68c1c080f88

Download Submit
C:\Users\Admin\Desktop\UndoClose.mpeg

Filesize
767KB

MD5
6b7fc7628c6c438ae9981557fed9d094

SHA1
92b72494e410196f54f224dc86d4b0aaf6654332

SHA256
b2f666301b0df833588b3b0ac10c240b517758c718c70336bdb4ffc3f4fd4c0d

SHA512
79762b460ea97d253f0f5d82d23d85bd6a72392345933e3137b9cb1afa5e419b2c09a78a1514c3d497669dfaccc4f864133da3b43ea2a1fa854e329849941439

Download Submit
C:\Users\Admin\Desktop\UnregisterAssert.odp

Filesize
390KB

MD5
4e956517818a4b4b6d85e289cf807ff7

SHA1
aa0cd8bfbc81b35b5c0c4a4bee77913e15532b78

SHA256
2887bbd5c3d7efee9f1c48992f03b7eb5f9dfc5c2fbcf6b78508712ceadcec3f

SHA512
a00003887d10e231a2ef59d1f8b01a8c8a1a521d71aa75fb72b214e368a6e77addc0bdaa7ce35615f6ef678620aac497c7a81ddf4248b4ff1f6e6bd3400708c0

Download Submit
C:\Users\Admin\Desktop\UpdateTest.xlsm

Filesize
717KB

MD5
7618f74bd7237f987d4e806aaa128a94

SHA1
9e15a576461b1d9c1852b4fbf0e5e2a143cd7d2f

SHA256
2e0d41209e2826323d11db625ee5964d125b94f9b5109b1e5b80937011cae185

SHA512
814a1f393bf009539b056882f23e5318e58ce4c288fb8c5dda28714577b4922ef91336c78084cb10e2705d131ea161e763743a4d102387d1b762447a62335e03

Download Submit
C:\Users\Admin\Desktop\WaitComplete.docx

Filesize
14KB

MD5
6c5ec5e115d5f6b2842f24417463f844

SHA1
ac75d08f3f354e422136e39b5fc49c5262262dff

SHA256
1026109c029bed6d9cdfaf38f7d5a7953fe913b4ff4b982170b8598bac7d3b44

SHA512
dc75d3da572add4c1b036e92a66bddc049c833f735a128bd8ed1127696e44b92ea52f054a4dc414b9e75191f32a5d8063e8fb7f8fffeace242abd09fe0afd6d8

Download Submit
C:\Users\Admin\Desktop\WaitRegister.vsw

Filesize
289KB

MD5
ecb7f84ea75f60e015ffca603c3ac1f9

SHA1
e4ff194f6bf36eeeace6fae42169ef214d0e23b8

SHA256
181ce5f85d0a4c9aa3359dd024b67569802f41f2edd9b4bf22726bbc11728bf8

SHA512
b1643f8bc8f7849cce0328396f5a5a9d95932f9994aec9f1d4c9b8911a1fd9faebaa0dc1d93c18cb405caa3f55e829e6244ff9a66de4252bb5e487c4c6bbca24

Download Submit
C:\Users\Admin\Desktop\WaitResize.inf

Filesize
817KB

MD5
160b8bd6ffb35a491f8dcced2670d951

SHA1
34d40b7ae6aa857013e432539109dfb1d9c954c6

SHA256
487458311338f903699cda42f9686557330c57d5aedcb09a0a7e5a8a28259016

SHA512
3dd1aad39e91e0c5139849e56003192bff277aea663cecc1e1e4a6af324eaad8f9b8e3084b3f7333c36b49e51cb6a7d9f0f9441df95279cc2011d65bdc1e519f

Download Submit
C:\Users\Admin\Desktop\WatchOut.pot

Filesize
616KB

MD5
7434081cc7f8cd1c51f7ef968acc1e6b

SHA1
77c3facb693e0a9a4c47984aae0eae419d70b286

SHA256
09fb5b166526e004b3854df9c0c7d4844cd469c92e6c934fef10958ecbe7d0e3

SHA512
4c2bfbc2c8a8e6ecc8bf88311053096c9de6173c3aa5b66513550ebaeb9824b36b861659bb71a3e60dcf1fcc7da86b564473a1da9a672677b5a7e71d144a6ac6

Download Submit
memory/4468-39-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-2-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-37-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-38-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-40-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-5-0x00007FFF522ED000-0x00007FFF522EE000-memory.dmp

Filesize
4KB

Download
memory/4468-17-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-18-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-19-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-16-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-15-0x00007FFF0F970000-0x00007FFF0F980000-memory.dmp

Filesize
64KB

Download
memory/4468-0-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-1-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-41-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-12-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-13-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-14-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-3-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download
memory/4468-11-0x00007FFF0F970000-0x00007FFF0F980000-memory.dmp

Filesize
64KB

Download
memory/4468-7-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-9-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-10-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-8-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-6-0x00007FFF52250000-0x00007FFF52445000-memory.dmp

Filesize
2.0MB

Download
memory/4468-4-0x00007FFF122D0000-0x00007FFF122E0000-memory.dmp

Filesize
64KB

Download