002c72eb230946ff5abab1fbdc7aa7617f38024f198ca6679e5e6ef558fa1bed

Resubmissions

13/08/2024, 17:16

240813-vtcjzaweka 6

13/08/2024, 17:14

240813-vr4knswdme 4

Analysis

max time kernel
82s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre-8u421-windows-i586.exe
Size

59.5MB
MD5

4db07b11d4c28aa056a8aa572c33dc07
SHA1

55ca217a888f9ef0b5c6af574dec51302ec4be21
SHA256

002c72eb230946ff5abab1fbdc7aa7617f38024f198ca6679e5e6ef558fa1bed
SHA512

d8787352f4a1a255e1bb38964aafab01f28d055609a61dfe8a8645a8bfad812187c4b2d32716ebf8d01d6aed7990ccd51970ff170878ea617d0992382e8ed7f0
SSDEEP

1572864:MxtlhhwWK77Ayl8veMlmPAmt+Re5bMyB9P:ybh27cylsatB9P

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4220	jre-8u421-windows-i586.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jre-8u421-windows-i586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jre-8u421-windows-i586.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680429276095878"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4220	jre-8u421-windows-i586.exe
4220	jre-8u421-windows-i586.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 4220	4352	jre-8u421-windows-i586.exe	87
PID 4352 wrote to memory of 4220	4352	jre-8u421-windows-i586.exe	87
PID 4352 wrote to memory of 4220	4352	jre-8u421-windows-i586.exe	87
PID 1404 wrote to memory of 2392	1404	chrome.exe	106
PID 1404 wrote to memory of 2392	1404	chrome.exe	106
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 4752	1404	chrome.exe	107
PID 1404 wrote to memory of 1796	1404	chrome.exe	108
PID 1404 wrote to memory of 1796	1404	chrome.exe	108
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109
PID 1404 wrote to memory of 5020	1404	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\jre-8u421-windows-i586.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u421-windows-i586.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Users\Admin\AppData\Local\Temp\jds240611656.tmp\jre-8u421-windows-i586.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240611656.tmp\jre-8u421-windows-i586.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffca187cc40,0x7ffca187cc4c,0x7ffca187cc58
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2180,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3168,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4716,i,12960602720391162077,4086373387733891550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1480

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8b991318-b3dd-4f2d-8df2-e27785649ff8.tmp

Filesize
194KB

MD5
d1e84d1099ab0f482b451a4fec06e4b0

SHA1
f997b3ef702fa572a797a054c3de385dd8c5908b

SHA256
aa9f90062953e4255d19b9e7846390a5869dfb65f9980191dd170beaef07a603

SHA512
fc0acdb43a8b35e4da1306f33e5cdbefc0d29ecfbfc98dd2786ec5536484b2098236f701e9e0490c1d43eaa72604ce98d533259abec3f18d6c7e76e68f8e1f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0a28cb88-71d1-4c80-9004-37194e359ba0.tmp

Filesize
9KB

MD5
623efd3b027b1f9ce3c77d040c8862ed

SHA1
c1579ef6865e2557f3b336bd037c5348304883e8

SHA256
ab433268dffd0e32f7d423fcbf5821d88b5fdb31f87f72b0a41fbb4cba680ccd

SHA512
a475de24617ab4d48e75dc3e3e3a082ca4de55ea79ec4b0012c697be95530379a1e8f0be92e394cc6e1159f63802780c6178cc611dee938cf87a4705379c320c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7e975f0f5e8da3b04c91f7784c9f1ded

SHA1
c8b49b5a12e1ff3496830511b1cdb48a30d00c1e

SHA256
0fe17efd08f264cc3437885447452fab15c1ef0af78ea1bd794fe498faf7fea8

SHA512
1fd61318b17674d01cfe9f76bf003a03a9f9c8b825652c0cfc30575dcd29032e8b79a68f752d28d182bf4791b8a07ed160cc30bcf03aa15363f79cd535dd30dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
77da4b3b4bcabdea87366de4850ccbdd

SHA1
e6daed458c0ed18f629c013b5feb3dd0884ffb5e

SHA256
6c46bcbc6233904262f084a4ce1e990de0acdb1da24e4e35857e833ad96a766a

SHA512
006cd81f44d2df7abf724650e252876c0b19378895b190d98314191ba937b289dcf8303361a99816310321632abcaf6987e96b70e0267d5a3883eafccb1ceecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9dabb9ea9acb3e4ce1cb14ab001dbafb

SHA1
d55ed517a1e497bf1061e79d95efb4c6966d8450

SHA256
357980de88681d4fc7504d35ec9afdf56f42c1f96dd435e54b3732061d3bb8ad

SHA512
c342ba9f0faae90c92b68d354c222e8cd571c90b2ad48ac6a2c8a723add7b0e91ba4d43d1b007c52c77da20f4709d9b40583b66c746f149ca01b74f4d982023a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bcf0e77f36260f8ebd3d31ea29e69ee9

SHA1
1160aea3f6e7b2b0abfece9095f9450c562f0ffb

SHA256
a712ed575cc27bc361f7536bdc7178ee2f75995e0e9bf2ce0a8625b548125737

SHA512
fde9d3e3648e0546c7d136f2d9f0ff26fd71f20153e41b69bfc2b0ed40b63932eeb726054904820ee20702f2353c294fd21f61f5428b0a0cb57c6ca3f6371916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26a22217f2afca0f0d3e105213025558

SHA1
c99a5eb86b277722f7e4bd541e225e718250eee7

SHA256
c4ecfd955192feed428864ffd08ff3ab84385536a376fcd2c6f9e56a58a97bc4

SHA512
e9e8040d07d9e1f1bc5cffb53f38b7168e672b03bff9173ebf134e79c4b46b5693f8663a284eca060dda1ce7b85d83d93a65c0f1e0356dcb406ca3387e3ade33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3c91caa5fb21ab92a3517ed71ec0aa8

SHA1
79368b82f601597e6fadfcf83fb0d39b58a00894

SHA256
87f879e73ffd4f50595ec65e25cce3f4d55575db21508e06397c07ff0dc3361c

SHA512
8f2d2e5868bfea2d11ac2e4cf105c1b134c895a2d28654eb108b224a23d18d2de121771787805ff477a5fcc969c5c80a10f45df453435530bbb85bb8459a38cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2e5d1e07eb4bfeddbd73df7e032039a2

SHA1
c420650c86d502e2ce8e358d92fe20338ba69074

SHA256
d3f082eafbe883391f2c6a0cba47b40510b582e0bcd8418ce6bbc82d02049d8b

SHA512
a8342c10bb0b2a6c4012d1f0554cf7647952c110efd2d68250539f2e120aa4d1c7f27b79662463181ec29dd40d5b1e9903830dcdfe20212e41f8b2fb03eb7254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
b836129250b3d8711ebfaf808ee4e73b

SHA1
850d568a7fda2bd9acbc4c98388ce6036b8b3f5b

SHA256
ee3a1dd11055e78aae8f750150b00449010de967db38d8dac0d28c42d8ef12e1

SHA512
924e22f445f0f9846b05f00b078ac6c6bd31ec0a77c3564baffba26191583505a2062699c9c9147d0859e628fbf857c41cfeea2db9460536fe07e0882bcda056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f31855159a97bdf9ab4f3413e9f4a8f3

SHA1
1db3bbb6362ea80beff2be22dd5162f916374530

SHA256
6c2b72de107e0ae843be11a9529cba4c79060c6fa4485211b1b719951fde6f15

SHA512
2fd44d761ae9101a5b38ac647a765b330db1604a0c235d00130acc93c2dd43ad845ef3fd6c6c62819ec8b626a50faa4b325bab73d960821848e0b428c4d95d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
164KB

MD5
f9f1d750c8b8510c5349d5f5160dd17b

SHA1
1d10ec7d54e77946411512b1addfe27b3aa0413f

SHA256
87daf36b8a4a2759f488215bb8ab3d9984356e614a78c11c966287c7ad3567fe

SHA512
ada7cec94008f5c78b0da88371689c71e83d19445a1e601edeba7297e4b818703ea23b596dba69bfeffdbc4068988974b488b6bf26b7687704e75beb70ed7456

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
164KB

MD5
7750cfb8ccd71adaefef455e3d6ccddf

SHA1
07f70ce6c589d603c462facdf5aa5e55d1f33915

SHA256
8d3d0e48f4315dfe362708612bf21a9479e2507928e82d00b89d8d0d05455072

SHA512
e0b26b592fb9e3c289abd769ff9715f9f3663996f5ebbb90a6cb2596a11945f1ed7d140851995f2e4bebce0fd2b0a76f458716a9efee7fd4e05821ba93aef25d

Download Submit
C:\Users\Admin\Desktop\ApproveOpen.MTS

Filesize
869KB

MD5
f233cc0dfa49c69ad7447adc81b070cf

SHA1
b6e3b0a2e913f0dd2c3d99597a238a5515c75c20

SHA256
29b8b9e2e8957221e5b975b5fbee1b932ca113694981fc17a7c811bab4f3df9e

SHA512
5149a64530d068a5dcc2a8f839f9a575acf2db5d638b887bf7fcebb9b0046fb685d439f4d98f09d3f7e73780b166d876c2f35a6ac0224a08e036d983b872b2d7

Download Submit
C:\Users\Admin\Desktop\BackupGroup.wav

Filesize
575KB

MD5
5bb28e452fff635ab43f061342dc73a0

SHA1
e8eb2bf20a0a35eb0ec79634c8b0388816d8f8ce

SHA256
6fca33b434e7eae8aaffe2eb485ad84964960018c4d149f3e981025960becc62

SHA512
8ea54db3202c23af64a07cbb542a7944bbfe02cac3c1c0fa1d125bf3bd178b9580306858b002787a5eb5cc652d799e756a133cfa81bbbb068c298cacdb063a05

Download Submit
C:\Users\Admin\Desktop\BlockTrace.bmp

Filesize
457KB

MD5
a48ad92974bf41161c86b9d82319d9bb

SHA1
d44b4ed407ff6c7abafb49d29268e99544ceef78

SHA256
e6ee964f20bcddafae8d77ea380c656311dbebfa975e3ed7c776236b9c1cd3f5

SHA512
552c91eba4ba2f90699180e3f2028c6fae001cb83e70cfb19478f37f67fac066a129aec5eef9ad0dbceb62e9753547e0dbf7737834f67c98f5ac99c25b630287

Download Submit
C:\Users\Admin\Desktop\ClearPush.tiff

Filesize
368KB

MD5
4acfe5c824eebea230857332e60fe292

SHA1
951c27db6920fef15b68a3b39c72bfb2bd3f9d14

SHA256
e594bea4aa300270bc49285c3569dd2f965a0f17f32a2f4e7093b3d678772cdf

SHA512
0d7e444e1a3dd96996082aee89b55bebbfc00557647067ad4a66e361899a902f4c3bcd834c048f5b99e98e9af80215fce20b69243b8e79026604371cb339d5d9

Download Submit
C:\Users\Admin\Desktop\ConvertFromOut.wmf

Filesize
663KB

MD5
be4d40f0f4435502e9fd73e59d2e9a68

SHA1
c64cd09fda36fb68f0a0f582d81ff904c85e945b

SHA256
683dd00fe503a190be2cebfff85f47b6cd8d6dbcb45d53b9f1f5f1b7c64c5b41

SHA512
c021d13b59cba5b8d951a2b72cc248b19855d88d15fe5da179aefe2989dd8df22baa9363faf44849d4b514d80d9ccf98e50376d7dead81efbc2657b0ed8f23e3

Download Submit
C:\Users\Admin\Desktop\DismountOptimize.wm

Filesize
752KB

MD5
387d2127457ee9b3215d91bfdd98ec41

SHA1
503e7f9ff9324adc95c9de22597f11c683717532

SHA256
783f4fa72382405adbdd457ead034dccf16e581b6028a9e1e9cd45aa8ce20740

SHA512
26f03a9ec4192192b7c7b2fef982f96cb40626fa8bb3cd617f7c873b91e37ec9d37ecde8d22348bd6be854fe630b231fac307ac7f51d83bc5fb3009e056fcf13

Download Submit
C:\Users\Admin\Desktop\DismountTrace.xlsx

Filesize
13KB

MD5
75ef2220e02cbee3c9998224ea8bb641

SHA1
ea7cdc787eb39b4ecf78e27a902e5fa396b187e5

SHA256
0e0222f42ee0a439047f388b2bca60ddd5dd241b2ba79f4feeaa20a7bd91309b

SHA512
c95545e138ea6402a83c5d5d4933e1c002a6c3cff13eded42f624d0a13870661f1d71a2bccd21916436812eb215a1853a5a0f90a3cc84ae1df30367671496b17

Download Submit
C:\Users\Admin\Desktop\EnterExit.fon

Filesize
398KB

MD5
ce53de47821a7da779db46c38e4c95b2

SHA1
270ea8a8c1b973e041d2dec5c3a20968fa814e13

SHA256
d191f77e2d41d271a0d395df52c1dbe43648caf150736a224cdb68b066649422

SHA512
22d5f2cbe4fa92956fb9920d3f7616aa996dcb91f03a68b6ab5f024f19c8f7417ff2e7d7be4286e09a8a66b82bc2c37a428ef5de045b4d6e9bd842004aef0967

Download Submit
C:\Users\Admin\Desktop\ExitUpdate.wma

Filesize
486KB

MD5
71664e22d1463a7763ce48643b293d99

SHA1
da4a82aac2434ce657b4317e82b48fdf2542dfa5

SHA256
fb8ac8e72a5b3178306dc14d1c577bef90fb26c0c4a2000a007c1c217b0d2437

SHA512
0f1b5987d91dc6c456541ccd1a304ee693908c77c1c7af4e0a1fed28c4194a7b73928a1e7c2cc69f264758ad0f415d4fb56cb04709ee43050350615fcc6e7eaf

Download Submit
C:\Users\Admin\Desktop\FindUnprotect.xml

Filesize
722KB

MD5
5aa43b20b7191e15ea52a9961114d4c3

SHA1
79832c838d21c231b0b356d14f423e5b0fb9509a

SHA256
22f1166b32b5b98694565af4311c0c7706dfc1389709e54bd34b304a44c73294

SHA512
c96127a4c80691b3b87b3fc91620e5373bda37622a5dbc8702aa3e6c5f880237c4f4696c396be0020c72076bab9c5ed5aa88a11451bd2907cda4054aa96547ff

Download Submit
C:\Users\Admin\Desktop\GrantMove.xml

Filesize
427KB

MD5
b9bfc61277797f3d3488846d1d0c527d

SHA1
cc33c0896cb100d9a6db0ac9b986b0fd280d333a

SHA256
2bdea8a89df23c07700eda52f1b12a0fd61ea3877fd34b939cd8b5a88e256fd6

SHA512
ea899001ddf6fcdb2aa98f49b7bcf265fe99bdec68ba57840ec1d1334eb5af3cf5a5117d601cd68e8af8461da881aa37debdb8cbf14cff675981a6e933975d1f

Download Submit
C:\Users\Admin\Desktop\InitializeClear.gif

Filesize
516KB

MD5
cffd14c125f1b2579382dc685664cbbd

SHA1
247d6f5469a60fce4b66040225541227569a35f5

SHA256
a787561c493dd64f3f1984865404e6ac05a358e93607b12a34a5ec2824faf2f1

SHA512
d5b6e136bfcad9494fcb2d128b93921f6c06195a9998e5b383470c95b3b2a1da536ed223a949724a1cb1ddf8acd61b2521a71c7c7b1cdd55cda022108cc52c4a

Download Submit
C:\Users\Admin\Desktop\MeasureGet.midi

Filesize
899KB

MD5
b2db4c45af20a27f192c33af8988d052

SHA1
3a56c950c384c26c7cce2128fd7455c49af608eb

SHA256
f9829353e3778dc1edc1d3f71d19f100cd01352fa85b2a897753ff4f8c50940a

SHA512
4fedbdd555ff1be3a0cd95dee0531fd8b55e82e3c613c5d5229d2415bd56466e67e674c8b1bd566ae7d86fa3eaf024708f7dac35166c63e5cd3f0210e7443a81

Download Submit
C:\Users\Admin\Desktop\MergeResume.xht

Filesize
1.4MB

MD5
549699e494a4a566803acedbe3553fdf

SHA1
7273062dd48ce895552e7aae6b6d57a76faa6b6a

SHA256
bffaffe77526e7febca969ee117e660a8fae89ba2ee524bb565333b676a67695

SHA512
e674433fbdba59e5728722055fc6e8cfa41821ca2d121b44c02ba6576372121a15f7e8f97f894631bb9e3cce635a81b1a4dcc7695f6adcc576e3d555ecfe987d

Download Submit
C:\Users\Admin\Desktop\MoveMeasure.vb

Filesize
781KB

MD5
18ebbf53cc0f1d6180553347065f3a17

SHA1
296f9834c9600e4117d6c53259c6b2c5afc6889d

SHA256
ca0eabeb89f441affb4ad1afa791092a1abe53c6829c495dae8cc98d18d83dae

SHA512
41da82e082a6537021b59215b27e34a2539e36c594eabc5c8b384a179d80724bbaf83c0cf001e2c604db5ca577c9050a86a9d0b7806a301c1f42be917b2cdc42

Download Submit
C:\Users\Admin\Desktop\OutInstall.rtf

Filesize
693KB

MD5
763c6701a76e3a8a5c653ac261fff966

SHA1
7a7a69f4718bd36e7ab16420078f079853fee7a3

SHA256
6cfda49680d785a7465c1027a1c41be1e4f9cb4c32b996d532873c075116e9d1

SHA512
482de733ea3766df5368d1b4bb879fa2a6f9b83bea7dddcbc6887d9b15da19533a4ca69947ed3b40c52140976f9a311584de0a06baa7aad98a6d62be4a34e8e0

Download Submit
C:\Users\Admin\Desktop\PingRename.rar

Filesize
634KB

MD5
c578570b7d08f25f57436641cbd32527

SHA1
24181fb236968dfa8cb7350f0b6fb62a80f757dd

SHA256
80c0f3d2bc2361c1be05281a514d7f1f1c13570891834b793eca7c4fba1e6161

SHA512
fca052089da4bcee3e3f48526135d6275ff7c1236201bb85dd6047ea0396abd1714ea0afcd5e64b5e09195e8821129d2ecedcfc8cff7d0ac10eb943a0a43eea9

Download Submit
C:\Users\Admin\Desktop\PingRestart.3gp2

Filesize
1017KB

MD5
be0555356d954c2de4e319e3be6e1d21

SHA1
f326c5cf93efdf147c46bbd29197aed5c7bcd952

SHA256
228a3dc0357901b2253a6c8aed7107e01c8939940673be7ed262528a1ed754fa

SHA512
8b151bfcda4bece11edb3e4433449c5b9f5b15cd321b1156c3774157fb421b23a015e14e16d0dbc9c12029a7b0054c3412b4c9671902a41ed2579849c51362d2

Download Submit
C:\Users\Admin\Desktop\PingUnlock.mp3

Filesize
545KB

MD5
8361c64c82a41ac195ed28ac7415a27c

SHA1
64e99527e4fd64ccec549b4e9cdcc6d2ec0da6c3

SHA256
a863741375931172e96b64b13b3c9741055efbcbe7d492c3af5c0a0f803f1cae

SHA512
0011291de822f8990de14977fed11975c18032258ee1353fc1731291318935e5e2b98fd003d2d799161df67d51cb8911dd0ecbdcccefbd3429661e4c3cdc3035

Download Submit
C:\Users\Admin\Desktop\ProtectLimit.xlsx

Filesize
14KB

MD5
db56a96c773d30de72d7ef29a68e2793

SHA1
3e04fb83d3f46e5029507a5cf4bed7bca747d7b2

SHA256
e5376d1b04a66ce9821a97d0601448539e4cce3cf5d15f5f62b8960e94a86d34

SHA512
8264acf2c65875518e5c14204a79150b1a2330356a704dffda2da2cf22dd869bbb78aecf131aa1a5b28d6b1fa96b368c23654e52670480d7bd6cbcdd52451713

Download Submit
C:\Users\Admin\Desktop\ProtectSearch.vbe

Filesize
604KB

MD5
65fbf48841ba0296540a31bed133b925

SHA1
9ba14ad74a538a79c099da96ef88c8e7b434792c

SHA256
1818cbf4b98d21733b687c88ba3890ced7b14d47a26cf20e7aa5748b89ba1fa5

SHA512
9164ba63f3119ec768feac744a4a08a09a8b191947c70fbe344f7d625abbe74cdd20f4be1c678325b17b5469d374d78ce8d77f58be48c6ecdf061c46fbc0eeb2

Download Submit
C:\Users\Admin\Desktop\ResolveConvertFrom.txt

Filesize
928KB

MD5
afcfcdd5fd85ad75e0352ce8c6d687ec

SHA1
e4324f2923e7ee3bdbe918cfa8d9280d1b7f4b27

SHA256
00d5ff3870300d9074914809715a99e3e400448879c02ec6a03cf6aab55bff83

SHA512
b87057c296e549ca3b4823d7156ff5cb67232ae7367cf6b53fb99f787f9b46807ebf9fa72afc039145c66f4fbde6a9792fc90c9d07dbd3b9db98bc0e3b99b0dd

Download Submit
C:\Users\Admin\Desktop\RestoreReset.sys

Filesize
987KB

MD5
89bf9083491aa1bfeb4d33016baa8a4f

SHA1
0fc799b4fcf5462892226cb6db13c36ca753f509

SHA256
4f5801010aa00d2307c6934b3552e82f907863c32379924daaa9383855c707ba

SHA512
73320c0d6bae75c0d53284e8989ddc2bd7fe870708bee531516cb48abda7dbd4e6b21dd1b94180d974337a4a663669b2f25f8babf6617c4a313a72ee667de5d0

Download Submit
C:\Users\Admin\Desktop\RestoreSet.mpeg

Filesize
958KB

MD5
3ebd8464f6137c0f76c53f547c8e6d0b

SHA1
0616fc09fc24716fd6f7e01246859f580e4424f5

SHA256
18a455c4cb62e20f46a4e079ebe36183882e09f826d6d3df7257bfa175ae0aee

SHA512
9ae7947aca4a1c27ece73fa8921f79659407136b796876ef3e5b118037521e4f3fc3bc502e4af5b3b9f71e73f617d4d06e76edbcd0d3e83867d6632e2599e07a

Download Submit
C:\Users\Admin\Desktop\ShowExpand.ods

Filesize
1.0MB

MD5
9f68b5acf32315382b90db3fd2d1e321

SHA1
207a10f6ce5738e1693bb3f9489715fffa8140a6

SHA256
f14e9b6c64164d70e3c948f76fc0fb510573c3606d1b242d0cc4df2ad3531f36

SHA512
7b6eda7593dbf995cc9c4232c6358ae91dc6709228c58f0d06abdc03e7426a26162894201b1f738768f5206506c9ad93b51c3967ba9cc23cec88d6b17b7c15bf

Download Submit
C:\Users\Admin\Desktop\TestWait.jpeg

Filesize
840KB

MD5
354ccad06173d3282278e5c770d955ad

SHA1
8380668dbca0dbece25ca5e3f4b40c930222a4e4

SHA256
5e89bbe9cfbadb75af9c75d97ad442ee519e0f94e5997896a0b1e4ee0400e366

SHA512
630e4e957b2ce1ffafa8ac473f045136604b85f3ac541b6003e67abb4a3b42c81261c1613e2d2e7050c331509adc7bbe2938db74e38ef193362a051d85caf044

Download Submit
C:\Users\Admin\Desktop\UnlockShow.bmp

Filesize
811KB

MD5
e9deacd598656422c6be955d0d927a99

SHA1
8c87cf255c7f0ff404a24d728891d770fae57b5c

SHA256
9912cfad4c9f4e17eba92ddd8695cf249c93cedd0ecbf5418653a3abd0207df6

SHA512
baf0e7819491f952149edb67284f64e467d86da21c72a9c1d4e33b326ea1ece55b25f1c7519bf6b267f481ce724b897b7a0b253c5320799688cc0561b5525c2d

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
a311751a3815f2e021fdd8e427886d9f

SHA1
a32e2896c3ea288bf05e227f56e30674bb502c8a

SHA256
141a61e656be79ea28dd3de62bde3c07eaf76d409c857f24ddc8d19b3c093b78

SHA512
d87712e87602f6e3eacb5ed7f27565509090da8010ce727bb3dc42f49957e14844545c8119d161f4fdebf93ebb1f6ec84bf29b5515902ce7b9e707e2edef62e0

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
5d6cb28edc9fd5ebe52517bea3ccd7b0

SHA1
70b96a5cdbf212b15114965bd7c33ae159b93c26

SHA256
0545a4132ae2a9c0fb6950a59a33511cc5673e1a89a250e51df89f8130b380bf

SHA512
940495b644ddad0cdc9c9a7e7851a6d07fabd1fcd1e4f86b98b56ae0ac885a810c6b521e90cb07bd78d56e09055eb3322636db0a4e76d9aeec149b61ca3d0b9f

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
a07e506b2b524ff34025889d0dd56389

SHA1
642bcc78b0e1e7c13ca78fa1c96568ac861d3e21

SHA256
a3b0154c525bca29a06a0fa706fc70e844614a6d1e4f3eb2f96e31b00265f004

SHA512
1d2d4ad7a16d2803b27e6394617ac90809bc8f8bcb80df75cf3c1beed3aca4af5a97ad9e550a3c5c889471724673d2c22e2f50042b4af889f9292d974206bc2b

Download Submit
C:\Users\Public\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
c71989ca081f79ca6503f101e15a87cb

SHA1
129f26e3c50727afbc871ee99019cea4535c8a07

SHA256
924ecde7155fb1f5d83ee081316ff0fcc27091dfaa7675eb9171648554c49b90

SHA512
a64c61c0995cd2d0e9bc65cb3789e592ee742d7f93ad68b2d2c1057b6f15c69b491c717c3ba2814f81f5e19af4a24d883e56fa8147899c51d74b49b878fb03e8

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
40a924555fa1183aad1540619b066fab

SHA1
9e95c1f274983e9d75da18a8e1def3862f900a90

SHA256
34704fc5c835fe0958cc24cb2dbcc110ad41194de9b8d0d27e27b9213a6f8c2c

SHA512
b5418908e50af73bb95ac3c6a9f8d18ba8c4558637d1f39b98047778e417f8d9e01de8e717e1b7b63f50ea1fa9d82ca75830a34e92781393c0bb20a199be86f7

Download Submit