2cb0e019a442b66ef726131e30c7d061edc6f8dd173fd4ef78755ffb0bd64b18

Analysis

max time kernel
30s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Killbat.bat
Size

1KB
MD5

fcda81e8fd70aecbaf9e3aab9858a136
SHA1

277f7be429baea2cde041965c6e5b4287340ad89
SHA256

2cb0e019a442b66ef726131e30c7d061edc6f8dd173fd4ef78755ffb0bd64b18
SHA512

1958be2541dfa5e4796a27b9a2c6bd8b132c251577463962836f2d343b3757d24e4d8407c3c61c07f3ddcbc058612adb1146763cdc942974090b3b9fb3a47a83

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
208	powershell.exe
4744	powershell.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
208	powershell.exe
208	powershell.exe
4744	powershell.exe
4744	powershell.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	208	powershell.exe
Token: SeDebugPrivilege	4744	powershell.exe
Token: SeTcbPrivilege	2744	svchost.exe
Token: SeRestorePrivilege	2744	svchost.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 208	4204	cmd.exe	84
PID 4204 wrote to memory of 208	4204	cmd.exe	84
PID 4204 wrote to memory of 4744	4204	cmd.exe	88
PID 4204 wrote to memory of 4744	4204	cmd.exe	88
PID 2744 wrote to memory of 2800	2744	svchost.exe	96
PID 2744 wrote to memory of 2800	2744	svchost.exe	96

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Killbat.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -command "Add-Type -AssemblyName System.Windows.Forms; $result = [System.Windows.Forms.MessageBox]::Show('This script will display a fake blue screen of death. Do you want to continue?', 'Confirmation', [System.Windows.Forms.MessageBoxButtons]::YesNo, [System.Windows.Forms.MessageBoxIcon]::Warning); if ($result -eq [System.Windows.Forms.DialogResult]::No) { exit }"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:208
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -command "$form = New-Object System.Windows.Forms.Form; $form.Text = 'STOP: C000021A {Fatal System Error}'; $form.BackColor = 'Blue'; $form.FormBorderStyle = 'None'; $form.WindowState = 'Maximized'; $form.TopMost = $true; $label = New-Object System.Windows.Forms.Label; $label.Text = 'The Windows Logon Process system process terminated unexpectedly with a status of 0xC000021A (0x00000000 0x00000000). The system has been shut down.'; $label.ForeColor = 'White'; $label.AutoSize = $true; $label.Top = 50; $label.Left = 50; $form.Controls.Add($label); $form.ShowDialog()"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\system32\dashost.exe
  dashost.exe {1381bfc3-39a6-4992-bd8c735a71484e0c}
  2⤵
  PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
614f88cf39eb3223246afec4bf1463b4

SHA1
74d738ee6fdada75ac1ef1645073005e3f6b6cfb

SHA256
021636a793f57f23b16356c5b84fdf0122fdcadfaba305e4df4654bfbfa442bd

SHA512
84a7151e0471e659699a15c25d9063af1975e79bb5f23de6b3bc0d3b96cd161d70ad35f6acdbc8123b38bac9918df8b202bd6f1f4ca8061919074973e6063a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f5fc6519219e8ab530a865e149a92a02

SHA1
c87b95f3c358c6b12da350bb978ff195d2feb060

SHA256
0420d40d4963dede50b4fb06bcd7ed341e9bae388c8cade178c52d0f4088d23f

SHA512
dcd64a54d777f4832b959f91f4deea1106a6065dd7d0421d47e5de28a227033387bc9af695111b669aad7b2b36922ef09e5384628c708fe595e7daff7bb5468e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sxnrvotz.4ck.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\AddInstall.docx

Filesize
16KB

MD5
d98835c0f86a31ef4258225918d0afd0

SHA1
7926f710670f66b25a1d152822b16fb48f856aa2

SHA256
e7d341b4e5406779fb1e0c016f9436d7d65f842b2fa8055f62a9c72a39e9b814

SHA512
dc7aa4aa7a516e1dae22aebc0eaee4563c341ea809085fbbdca0604998c72dd4f29499a4080fcb40853abe5f3915fa44c6a514779c953bfffed1be3bee344a2e

Download Submit
C:\Users\Admin\Desktop\ApproveRemove.jtx

Filesize
790KB

MD5
4d34ec81c284217e1112035850ff7c24

SHA1
f7dcdde548e43e833c7235ac98083ad42446c9eb

SHA256
79758363a98bcae7d02018e276e104e48f635950b8bbe0f770e458af82f12587

SHA512
90a9cfd68f43dfac5f7ddb18754b8f5b0b4ec61e704fbc76cbf76af0eb5d21f04e20a48dee2c5a7e2d3e62dd0a41ff1c1f6d42c16a08420d53d9d73cb52ea91b

Download Submit
C:\Users\Admin\Desktop\CheckpointConvert.jpe

Filesize
474KB

MD5
55fc550599ed090a13d6c1d69c299fc0

SHA1
c42599045b1e6c41d4563d8ff354605326ea216d

SHA256
f6b8a87e49426166ad4f1cb9cf2386d972b065f0acea93d6ec50046d0440f176

SHA512
a4b3e092938e140416ecdf5494b335601c675dc27f5a2aed91217e5cdd1e7e3d027d207887bda460583e9d5665a55801e5c40539b82a111c1d0dc31191698ec3

Download Submit
C:\Users\Admin\Desktop\CheckpointExport.odt

Filesize
215KB

MD5
a04cd3227ec1b374deb6d8b0d4694a6b

SHA1
acb9b71aee98e9f869e4e723032960cfd02f3d32

SHA256
99a172363876c854095712d86fdda8dfc885aae8fe88967a54b0a8eb7828d7eb

SHA512
58a5abedecbf0f200d466b86deb45a0d95925060a033ea5f5bada398dd91a05ddfe299462f4a27adc9551ec13fc1ed3510a4b86720fc7170c4bb6969a39e95af

Download Submit
C:\Users\Admin\Desktop\ConnectResolve.docx

Filesize
13KB

MD5
acc63fc051d4a4dbffd02b0bdadb01d6

SHA1
60cb94bcd19d722a65151da8eb596f756e8d6a6e

SHA256
ca39573e3af843996253058c8368b43352b0f7e40fe2acc93787122cb1a0b1cf

SHA512
7c7197b83d0b5d7533d9a3eed344a6951b32ec808c7d1b33fbc7ae9d9f0d574302b5ac4b35eba94ddd6188da90b9c1676ac16a6bfd38ee5fc82df82511b0258b

Download Submit
C:\Users\Admin\Desktop\ConnectUse.vsd

Filesize
287KB

MD5
66c1e18ac5d9ab3458ca15a40aaf27f9

SHA1
a0a7b1a91b917bd6dac8b8f780b90823eb20d489

SHA256
57e1041193032a8939e4dbd73e35009f9190994e9aef6de691e1348402868649

SHA512
2eb9ceb0313eedb71766a4b3eb6a8e4e136c6357e1b84e146281717ca47b178de069f2af1ae496498f35f7f93cadbd308114ae617278311a2c9db31b119ffcc4

Download Submit
C:\Users\Admin\Desktop\ConvertFromExit.wpl

Filesize
402KB

MD5
7a133534891acb3fc91f552bec810267

SHA1
cfc74ea5a4291c447524b9808341c62552172048

SHA256
350096c5873d03833219932ea1c7893217cd19e329f65c57e4c5490ac9d95ef7

SHA512
b7faaed6f0e2eccbad5dd5f3044341b3fdc35bd4ff313f896cc836a3c8f60b47beac63602c4419c5e613fd810f79fe229b82a1bd02da8566187dd0db626158ac

Download Submit
C:\Users\Admin\Desktop\ConvertFromUndo.7z

Filesize
502KB

MD5
a2895806c5f9ef0cabffe91a7c17427c

SHA1
2c82d10fba517abe4098c03f7e65d4ee9b41f106

SHA256
45e5adbaa8e0d1225b531448ac78c62a6662f705e4c3b4cc964c17a4c98a93f8

SHA512
bd990bdb8754c524084dee7dac834b80838816e8b1e70f23020c31e2ec3cdfef0c12a47efbe9d02f43786780d7709e34fda9eb3dc76fdbcb582f47f261867877

Download Submit
C:\Users\Admin\Desktop\ConvertToJoin.wmx

Filesize
416KB

MD5
07cc580f9b772576361ac4196e2c9246

SHA1
e0da8bb47cc54a7241cdfe095aa5a302ed04ef05

SHA256
476385e65694c4b14037c052e274d1074d6c45406cc09761cf833608d68af138

SHA512
a787fe180d391e5385e1f73ca4c50033bd20b3e8f2fd3dbc5ddfd649b49100689e9f1d84590033e931d8e5765b946ac29e0300a8cc191bbed2821d7034aed0c8

Download Submit
C:\Users\Admin\Desktop\ConvertToSuspend.dot

Filesize
373KB

MD5
1b106aace72873d7a8ba9902c0113951

SHA1
30f5888264bf037792d10fbecf7dd5f2e14f9800

SHA256
aae2f124be84f9f843498649b649d471148b8c31027ed28246cacc8a6ade72a3

SHA512
27549ebdf9524fefefd11ca401eae25716361a5afd2350f24e7c96b05ba55de467f5fd4520faea4fbf495fdaa81fcd21f418a965ebf0ec9f2d15078b5e9a72a1

Download Submit
C:\Users\Admin\Desktop\ConvertUpdate.m4a

Filesize
517KB

MD5
eef4019ac94f24ac66b3dfede3e9ddea

SHA1
540885f32866d9cf864224562f607d4561d72704

SHA256
dc1b58ba72bbec589727c3dc2c30b19881bdec66b4e8e270c58ae86b56e3a1d3

SHA512
9f2173fe0d2fb3daa1264a421eebe9fd72e5bbf460a7f2c44c9c426acb9bb6051fae146dc9b66a3ed6b05453655d1713c3fc01d5b42af75385c9a60368bf38ce

Download Submit
C:\Users\Admin\Desktop\CopyRepair.bmp

Filesize
545KB

MD5
437d6db18eb52782946cd32939353961

SHA1
37aba5abb1a7b29b10421247efc2510adfdd9b5d

SHA256
14376ccf3c61bfa6edd20713144d0e05c276fa07d487e126eabee2f2600bfc78

SHA512
40c83f880bf38cec865dde767508c42fc9d10d8371dcee2fb26f2e68e577e1c241cfed7cc6d169e3d91e2f283e30e67a1e074f47880e9db84792716bc9749697

Download Submit
C:\Users\Admin\Desktop\DenyUse.M2TS

Filesize
301KB

MD5
9cb11ebd16ad480ea27c74b62a3027b6

SHA1
1001bea08a2d4f58279a79e412378bb48b7579a5

SHA256
fe256472e3bd5989da36ec0d5a543b8bab2ee3542b3e2f7d454124b1fe1ffa26

SHA512
84749a7341311a18c877a406f5a0f588303c8d36d015d6c2303fdaf14b1547c9c272b3ee54890283d18eb6c3cff8ca80a5c3ce46734fb157b102e6a7a4f9db75

Download Submit
C:\Users\Admin\Desktop\ExpandOut.xlsx

Filesize
10KB

MD5
97007176de546d41c65210e3c2a5685d

SHA1
2ef5d9173581a7a4dd2fe0d37e31532dabc8f306

SHA256
99f094694d1f5cf3202f45aa7c435a3b9a69781ed609321c81816dd1e7e1de16

SHA512
305dae2542ac03ab38cf445ed8408b87b094ffbb2c4b4a7bf321e88dcff5b8e33c88a16e740ccda393a285ea24c8703057101a15be90e8c954fcba36924a67e4

Download Submit
C:\Users\Admin\Desktop\ExpandPing.hta

Filesize
272KB

MD5
48e245ad29e7652da2d04b8df2c28e4f

SHA1
84f78f3ec0ab60cffb15dde62862e40574d61dcf

SHA256
c1f0446cb5a5a146d82e96af67d72ad037870bc8a7d78d9895e39db0c2a7ca7c

SHA512
15bdc1106755152e088740acdf1e7934364b8bd5abe122b65e58763866f6833ad36471fed1943396956bacda605ea10f9f3e310fbad25918beb1fe72756fd2c5

Download Submit
C:\Users\Admin\Desktop\GroupLimit.ex_

Filesize
574KB

MD5
098ece32708ba86bceb219483966fc77

SHA1
80074f66d4742ac0373d86c050b5ec836040f7c4

SHA256
6a519c1e79928892dfd51783a61776ece28bd048aa0a68ddb6bf318b385d51d5

SHA512
4a5330a5a88ba052aa1034f8d606c6b48181c451c7f9c6bc90af145d9f596f8634c07efc78859f041dc5382bd150ea94d4b1001575ac9e698af7c12db648f692

Download Submit
C:\Users\Admin\Desktop\InstallShow.docx

Filesize
16KB

MD5
9b6cccdcd1467706f13ffec3efdb0218

SHA1
320c09e385df09c72e86f86290f4eb262ffb0c7a

SHA256
fd159665686a012f0b8d14ce307404994af291265ff935fa19547ab3c7081ce1

SHA512
340d4809290d92bbf0408c29483e153869eca6f02aabc360e7f4f0770cecef171a9211033e51f65bd2929676212d1343935b8a8c3a85d10b98acd16cf851cefd

Download Submit
C:\Users\Admin\Desktop\InvokeConfirm.potm

Filesize
359KB

MD5
fc7233700b6497c5e36a32ca5d84dfc2

SHA1
e6ec3c241b0761fb92c8c33d6f395a130b964040

SHA256
7c05d78311a9f048fab2bfaa3492575ef7b7ece95d420c175dad2a6571b74ebe

SHA512
f5a868a1623fc21ed366b4ca1d5b33be8b9fc026951e9df10112d91325c359b81bb215b8df4ad8d0135f7806c60244aa33b49b5b3540edb0e297b5e33f0b08f0

Download Submit
C:\Users\Admin\Desktop\MeasureLock.ADTS

Filesize
531KB

MD5
5ef772ce320587175cffc3809a05fe84

SHA1
1e4ab68aecf10cbfc339029ca513c1fd73daaacf

SHA256
1e3587e0fb344960ac18ea5eb1b118a1b6c905ad7834119d155bf0baac4a3e41

SHA512
c578afc90d2c0a222ae9c17d53d002ebaef4a1d1a6d51a8d0d10e71515094124ca62dfdb37312d2c9409580462fd7c5ad7d49f15821a462dfd7eac30b94f6aed

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
5c0e996fed1f4dc7ad909218d943ef33

SHA1
91bfbf0f96cd8957d084a3f68630c3561e7e9ef9

SHA256
051e147e9bc65cb596d71de1aae95e1702e7d9042e57fb9f1f02b0098aaf771f

SHA512
2466e0b79d96f51984c54f16514138d27d52ab9822b17e02a6142ced1eadfc382fbdd50c783084a720fce976954011204bf139cfa525cfd5b3d367bff4ccaa8f

Download Submit
C:\Users\Admin\Desktop\MountInvoke.jpg

Filesize
316KB

MD5
0f34aa2f3fe01b11a93ae5fe03dbff71

SHA1
94d52ee75a566a36785c9f3b6b4a4e926ff82013

SHA256
263c382a62afa2bdc90d20e6e27a3d6ddc566a49ed661a10f4371b39a07e62d4

SHA512
2dd4e947678b9c3557f831249b1fb2eaad8e9e7df3b4f25a0df94d8f0c0e5fde1e63ee381492e270f2fb6c6e28c72b3c28970e767e0de70a4e82c3f2685985bc

Download Submit
C:\Users\Admin\Desktop\OptimizeExit.xht

Filesize
229KB

MD5
81fdf2be9c068bfb420cdbf91bfb1611

SHA1
50e19b1f9e765d98ff17c3c863eed473dc696e7b

SHA256
cf1d28707a8be9b8b4f75a969afa58d48d10ef45c5f321634ea437c26c06acb1

SHA512
2894c81d181feb2e1ec21b3c301004aa23d58770fcdbca126f370b98fbab5366fe9926e33b7c95cd273f7e223fcd30869df26182e75aebc5dbf8da57457d6aa4

Download Submit
C:\Users\Admin\Desktop\OutSet.xltx

Filesize
344KB

MD5
fa761db5ab98e5610883710fad5f90c3

SHA1
aba1190055f3ce48bd93d719c127823cd4d7f88d

SHA256
6f9a13918af7c83d552f5c80aa74de30e03827f933060c14c3caeb10c04d7b9f

SHA512
8940bd1b956885ccc792b2dfe2b6acb9a5728ea2c6468b5e610dc0b8165a477a83ac8ffce15b41bdebc00a24c6837c61090eef4b3826ecff06c3fb24449adfaa

Download Submit
C:\Users\Admin\Desktop\PingRedo.xltx

Filesize
560KB

MD5
789b00cfb38a331695442bb9ff4c2e8e

SHA1
da54e2dfaf47c2d80c5ab2a2f1c5ae80340fa3b6

SHA256
7e36b52dca7b564f8150075dc7b40ec83c2d11f8ebe0ac5229806ac788b785d1

SHA512
40436f19a20fb96b7cb9ac02661ecd56bb118b5c6dc3d5febd868fbd1e2a0bb1ca18f6decdc31cc8215ce7172e7e7fe24a48e840ffbcc268d352174de72317a7

Download Submit
C:\Users\Admin\Desktop\PopRead.docx

Filesize
13KB

MD5
34c3b1fd64468fd10e817a8fd033316c

SHA1
20c510a85df74e5341a19b95ae4989af370d6c0a

SHA256
c5b89d3586dd9ee803c3e4b81e56fcdfe9e00e694b6ad1b0c5fc223ea5874fba

SHA512
9d7e6d3dea9e543f03d8b52b726af9fbe2d4cc62ecfbe98e1fdd063e0fdcd5818b590eb231912776013b03ad48bfebe0b6ae30de163663e94999936dc34b7215

Download Submit
C:\Users\Admin\Desktop\ResizeCheckpoint.vstx

Filesize
445KB

MD5
957c3399b12347f9fd50bbe9e7801161

SHA1
ed0b54a47f3aa86b4e313f0792dd1d1416ea3b1b

SHA256
d74e9e2d39535c5ccef76e503009a05ba59148e2fc4876ee96b82a6afca5a63b

SHA512
0cd95595f343de48881c4eab5f4ccd9ea043cdaa9f8c3d163c36e71064e6b6b79ab816fa3edc6868b2ef834dd2d70ea52c75f74d25330ba2e2dd5024968f7cef

Download Submit
C:\Users\Admin\Desktop\ResolveSubmit.cab

Filesize
431KB

MD5
fcb9bd518bcadd5bedd2e8c6079f5a39

SHA1
0842720bfb8acf86a8147c70f858d8067d740b5a

SHA256
7afc375d1fa1fcc94015b653dcafa22ac5fbe6af11402cc9a454cd5a8d60bee7

SHA512
687180a469e67bc04ba2e130748975ce390fb18dde5bbf5d436df564a10323363e47b4f4bec91831254fd1e6f6386397d26e31d60d069713c161524b5c41b9a6

Download Submit
C:\Users\Admin\Desktop\SendGroup.jpg

Filesize
244KB

MD5
1d95e36406eca697c11018b6e4830c59

SHA1
733ee9c828ee11e4d369ad77f6ef2b8f3f3e4c19

SHA256
ec45ef65affac11065a4007e712ffbd8568ca67faf8f83fc076407816383559a

SHA512
37af1579283aa50be855293f615128fdae54a07284827744a31d8eb513e5e3906772f3a6191dd09617efbae71c3696712f2f03bcf5c6d09a1a2572dcc7bf414e

Download Submit
C:\Users\Admin\Desktop\ShowClear.ico

Filesize
459KB

MD5
f16d583b199b86c64ad55f1383abddf2

SHA1
666b9eba465c592db515f7b03307c8057c06fe78

SHA256
6b16c9ac3906de3b816562b8db88076b47afa8a9c139d7d943855ad8c422a43f

SHA512
bee98406660f174f0ef7cea97a55c81b62e2d6ddb20f9dddd110c37da3ae862432e724bacc274e5e521c3c1349e7653b556fa610481178ff43ffe2cf5ae0768d

Download Submit
C:\Users\Admin\Desktop\StartSet.eprtx

Filesize
258KB

MD5
07bc00fef2f95f165f8f663185d0c02d

SHA1
2e43e292b8dcf3fc7714261c7f0cb309eaf732c0

SHA256
788c52f7de97dea4109bff5dfda8069feb9b1062373bf83bcc877e74bf47f1aa

SHA512
fea6ef476e1ed45f1cf7fae4f334c51398973563685de775233897ad0858eda21c5b21cbf19f8a2284873e99e3ceba91703f0240204c99a5412d2352a4d80284

Download Submit
C:\Users\Admin\Desktop\StepPing.dotx

Filesize
330KB

MD5
42b5e752517f2f1b4b0e2772b99d38ea

SHA1
2a57dc0353b178e75362e7b2ae2a64106c468beb

SHA256
05e3bf2a6373223c81a71f3d03f1b35cb30b054530d214f66b5591db20344424

SHA512
7a6826dbc789edd45626400e5896c0f5a8f284cc20bb2c7abe79527fd43fd9abd311f64c068c2d0bacfdffce4c6dcc7a187777ec963e75deec997544ee22520d

Download Submit
C:\Users\Admin\Desktop\UnprotectClose.tiff

Filesize
387KB

MD5
790c0d41f54c900af7788620c5194398

SHA1
5c3ca92a80c238b293ecf504a5b6bcd73aca8357

SHA256
8169d0a2936288c6c465e2309a4966c82641120179414f7bb26ed94e45c3aedf

SHA512
320465bd8b23e23bfb3961c7f3f3820c924ebd64bc9f21f3f85305d18f22782c0f2f63848b8366c5e230886a74cfcb5dec359735da72cc3cd7172cc7b96e11ee

Download Submit
C:\Users\Admin\Desktop\WaitBlock.MTS

Filesize
488KB

MD5
4fd8a9d601f080b6bf25359a28094c31

SHA1
4729355bc7d906207661b09fdd0d1bc8a089308a

SHA256
ef526e670119b61ce9142e8df7d718731595d0f4611a35fbb9bc824cc7ec5a4e

SHA512
2753d0526a8136ef178e7e19225decd744f5f96fe51af5b76d70d881d369af5ed6cc933b929a660e9cef1b39faf8b5ed48fbd1372a2e135267b5e867d3a37a5c

Download Submit
C:\Users\Admin\Desktop\WatchResolve.xlsx

Filesize
11KB

MD5
1ff44635b8c831fe4a46bb41b880256b

SHA1
b126db3452c12fdb4976c932685d2f56b8c18c31

SHA256
5fa1354fedb8675a3cdc6c31afa3352b6bf6ba6e8dfb9ccf9d667a8f22af3bb1

SHA512
b9b138e15791e9d115cb992fe5cbe37756f7e01031ab7d3f36d20cfe1810a572071d08ef55c0036a8654fdf15fb115f488da6be7a73c8fa0b30aa1c860956948

Download Submit
C:\Users\Admin\Desktop\WriteOut.docx

Filesize
201KB

MD5
6eb483680c2b730df2cd99b73f6e85c2

SHA1
7f89093de48beb8c5f6303cded4da5ba1a53957e

SHA256
c33e0f58c0049f4855c3506c40e6bb60d8a1b88acb83617548a605be89d3bd5b

SHA512
3d3cb6e43dbd02e24d7515c8159ff5578427a10a095547992e6b9fb2c7ee4a2f59f09a6f06dc21ced70db74907cac92c901848eb24a825b8598bc9c5fc3e29be

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
1c9ac8dfa4d83c08e6c2e2f3947d2871

SHA1
a67f0f32b333ada221023d96288421533e3f3e88

SHA256
714746b7221935ed1ee48fcb28783a1edac9aef228a1ad513a352716cbbec75a

SHA512
38a00b8e9c54a9e45b30dda12aa710361590a438b3402cac142c8a3a16a58f449090a2049c278e2e85efe6443d98007cd25e115614ae1c51f54e3b9613dddbe6

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
d61940402b4799c5fb2ee0fd12306421

SHA1
e6364ad1331848fb8d8f1ee2594cff064894daa3

SHA256
a6dd9befec093500b10a0a07287a1b7a45dc92975042d873b3d9895e6416d57d

SHA512
af8d9efa71dda7240dfa2841e163e523cd21e3684fa78d90f95ff06102682c5aa631201a50d3b000f7c37bc6b279664c6e8cf255f5ab481cf6be9c4dc75cddb9

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
de3dfe0215101ed2079a56b1219a259f

SHA1
84f8c6fdac578f578a926493323cd780cf3aa8e5

SHA256
f316e44a5b4172b9f693f37bceca27f9fbcfb3b9599143caf68347f89bea9618

SHA512
03f3e04acd72487c77d9b95d90f5b0408ffaf3f41aebda90e728fefb51465652624422af1775e161436e0c39ec4bd13012f3acec4373da8647147d4181dd0eb2

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
2dbe64e7fca55d5df917046e1ca3d279

SHA1
986303376bc8b05537d85ab90d25b661f013dae7

SHA256
c756ec9517599b62c431e9961d5cc406da520ed7e0d12356bc7c42e9d6b89610

SHA512
4d641927d49598852d45599f0d0bd5eb5dd018eecafddaa6606517aeab8e759285ae6b66d7ac259552eaf1a997266ac6fc110c4a4814e00464a230831d9c2b3d

Download Submit
memory/208-15-0x00007FFD676E0000-0x00007FFD681A1000-memory.dmp

Filesize
10.8MB

Download
memory/208-0-0x00007FFD676E3000-0x00007FFD676E5000-memory.dmp

Filesize
8KB

Download
memory/208-3-0x000002A972130000-0x000002A972152000-memory.dmp

Filesize
136KB

Download
memory/208-11-0x00007FFD676E0000-0x00007FFD681A1000-memory.dmp

Filesize
10.8MB

Download
memory/208-12-0x00007FFD676E0000-0x00007FFD681A1000-memory.dmp

Filesize
10.8MB

Download
memory/4744-30-0x00007FFD67A60000-0x00007FFD68521000-memory.dmp

Filesize
10.8MB

Download
memory/4744-17-0x00007FFD67A63000-0x00007FFD67A65000-memory.dmp

Filesize
8KB

Download
memory/4744-20-0x00007FFD67A60000-0x00007FFD68521000-memory.dmp

Filesize
10.8MB

Download
memory/4744-24-0x00007FFD67A60000-0x00007FFD68521000-memory.dmp

Filesize
10.8MB

Download
memory/4744-32-0x00007FFD67A60000-0x00007FFD68521000-memory.dmp

Filesize
10.8MB

Download