84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1

Analysis

max time kernel
118s
max time network
29s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ovisetup.exe
Size

4.4MB
MD5

1692aec61ddcdda471defa199c62d25a
SHA1

484af221468ddb534b74e12970de80d5dfee2b28
SHA256

84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1
SHA512

19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a
SSDEEP

49152:9Hox6U/D1LbDxklrSWZAhizWV4yFK73bBxaaNNG0pHSdtDLboHTBWpHg6UvM98IQ:2x6qaAVpchNG0pHA57HgR

Score

6^/10

discovery evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ovisetup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ovisetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1012	ovisetup.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2836	2824	chrome.exe	30
PID 2824 wrote to memory of 2836	2824	chrome.exe	30
PID 2824 wrote to memory of 2836	2824	chrome.exe	30
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2588	2824	chrome.exe	32
PID 2824 wrote to memory of 2648	2824	chrome.exe	33
PID 2824 wrote to memory of 2648	2824	chrome.exe	33
PID 2824 wrote to memory of 2648	2824	chrome.exe	33
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34
PID 2824 wrote to memory of 1944	2824	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\ovisetup.exe
"C:\Users\Admin\AppData\Local\Temp\ovisetup.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefacd9758,0x7fefacd9768,0x7fefacd9778
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1656 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1444 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3252 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2840 --field-trial-handle=1432,i,9884444622176670022,12140438431486347044,131072 /prefetch:1
  2⤵
  PID:536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
59f88798f1b84e7cde6e5dd74be81d8c

SHA1
1a43195a8d179d8cdc3914afb38419fbeaacf0c0

SHA256
b5487668ff034724ee0503d1748096012a1b9bcf92394f02958365f9025196e4

SHA512
8dff9a3f0636baa841a74546d0028f0ec21fc6b5fcbb71ffe1ecc274b284890a1c1bd0a9fab73e0e7c03766fb02505cda2ec0ca0087d842520f273a5a9645052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a77985dd88f0b5e92b146ffe58b05d3b

SHA1
650ac57c0ff74ac68f33023f78029824344176df

SHA256
503fdfdb0965271d65223fac89092cc69a0a7cd63549f620634a7d0582621297

SHA512
e9fb1920d75e1716f9f0fcafae8bbe7d3938ff8060cb48d4ae83184cb10b16ae1e42513de1d65f7a6672448bec854b63b7d4841af2c43aa3b19d0372d13ac9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
319KB

MD5
7c0ffe154ede14f6cad431eb483bcfa1

SHA1
9c19a538b2e6460b7776de0a3d14727d8b1f647a

SHA256
f327e8c42ee4a70c1339e2f76f79b96177358436654d87c8214bc71ffa3e4d51

SHA512
ae282f6fb4e464f747c8dceecdfade95dfbd86498de69b8bad1678180c6b17588f318496c9b9611de722c45c15b5b34f42587a90891e53ed05508a6c4de2d98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
162KB

MD5
912b7000b60a55cdb3bfeb4ba4ecf0f4

SHA1
6009c22cf16ab2d4f93722f0a106690bce58b111

SHA256
47328bab3fedeba29ae2059da9d69cefb839de30c52856da8a538974d7a45cac

SHA512
653e97a420ae9be7e9888e5dc3e75726f3f5fbfc35c9b40e82ce29ea4594baa214a6ad9408a226530c887ade46709898a82905b302862d56da487c37a8860cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e1c463dc-e8a1-4513-8850-c0b24cd6a55a.tmp

Filesize
319KB

MD5
e7d3e645e37c13e5fe0860bb8780f655

SHA1
df433b3132b473820ce92c9a06763a6b951c6269

SHA256
d9ce083892c7f8b80f911cb0494315b1fb72fbd128185ee51f56313c9afe4fdb

SHA512
821c9cfb088680623e6534af965ac3f59c74889da8c67617ea4e25b4ad11ba3985b823e8f8dacb3f8ca0cc11ef89a56610bbc1900a14c503f30f63ea68c0c53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
4KB

MD5
7b60d73f1a4907004e31274c6249c9a7

SHA1
a05012337acad1d4b4346704115d1b0eb9d9aaaa

SHA256
0c1e5507c3b7ccbf122133ce766d98998a2a9cb21f23d60c79512ad71489bcbe

SHA512
2604bd26fcbff66e10448e8e8e5edc094eaac51cead8a5149a539bd4605c0e80d182cd91db7e86ec23beb10970473474633f3e262c2d0d8e6d338a47e3bb7cfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
637B

MD5
4fe239f52fd820bff724b5767c36c545

SHA1
2dadc292a1588e50cc732b04fef16251d9f92f5a

SHA256
6545ba6a53a392db6464bb2ecfa3c2b7cb0fac3d47299f2c6eeccaf31b70d79b

SHA512
b81f10078fa6a4b4126b58c7c47f9bb2aade46a477e9130fa639bf3fe91e4c26fc1073257f86a92ad9e61ea8ec58ffbddd6828be2fc3df5bf1fd08d6a3e3bbc7

Download Submit
C:\Users\Admin\Desktop\CloseDisable.au3

Filesize
355KB

MD5
80ec024521e808296b7b093ab76bdd44

SHA1
0c858ed04250d1e757e805fe67c0c3cfa5ed8046

SHA256
ee5ffdc893e8c4d8d3943bb66d17b065dd14a59efc088795ee931bf8671a31fd

SHA512
b6b577e77f48004001c8a27905e4923a7f0576d52b4b229d2bff6f5a18676e4c551ea094d01d29475e453837b89c266fe101654849056d432863b5a22e4833d6

Download Submit
C:\Users\Admin\Desktop\CompressUnregister.nfo

Filesize
412KB

MD5
d6797787a287db36e3e108e2f835e8e7

SHA1
5e3f41b23999d01dce55d94a6e3748ed2f9c8f3d

SHA256
df8c4b6667a26f30dcf410e1e343813769c686befac04e698acdc2e3f808f4de

SHA512
338196c1257305c74eff9a8ff241108fb8516494ab59d8853ed88d97e977a13fa879f6aa0e070dbe75c155a0fee9168e3dcf3ad7f8828b3e1b45b89a060d5ce7

Download Submit
C:\Users\Admin\Desktop\ConfirmClear.wdp

Filesize
440KB

MD5
b1831a0396557c4a73229e52d5e9ffce

SHA1
fd501a0f0224d2478aceac8ca77105bbc037ab5d

SHA256
6eb80146bfda4c30e0c14179bc4fea42647f882fb3ffa53fa592e7dbda26d566

SHA512
573d84eee87feae3b681d9bca0579f4cfac91a0a5c73f1f6e86018ed6765fc92228a45815338abec952e67d0bef9424e54f6335a8df16e6225899d93c9996f07

Download Submit
C:\Users\Admin\Desktop\DisconnectDebug.DVR-MS

Filesize
483KB

MD5
b354eb19dab05d492eea2ea77fb0977b

SHA1
80d81d1251ffc405fed681313f3d74511a6624a2

SHA256
e843b37a6deea1c1e6192ee3e2d68e0f027bd2181e4406ab7b7064eb9065c514

SHA512
d89bf5303389b740f29c10e77a80d22d6060eb61e211579a4612555a16d4ef1066724fd3eb57b09c35a4af3a4aefd69b355492da3b2806be81ede183b95cad03

Download Submit
C:\Users\Admin\Desktop\DisconnectSave - Copy.vstx

Filesize
455KB

MD5
c24123975fb55359632fe08b35b90d82

SHA1
db3da7bd86d4ebd4aad89cfa5c19cb02eefe9cbc

SHA256
a0385992c1cca851d5948fa6134b6940e1dfef2f8492e36331fb05264fc5ca1a

SHA512
20d1ab9359fa5477e1f6babeafac08af35ceaaa4343bdb175948ee23d049fea581a0a4d8f37d2d50dc7ee4522aa310122205c13703f8717100e4fdae8efe2bcb

Download Submit
C:\Users\Admin\Desktop\EnableOpen.xlsx

Filesize
10KB

MD5
aea3d638ad3a5986b094620f8e7f848a

SHA1
14d5cecb89b49188b8c8a7ba7d95de2024ab7c16

SHA256
c2602dbd13d8b665dfdc9db25c5f269da737062777252c107da6d4d91c11d597

SHA512
1a401c203aea6c7ff1c3010af4dca29c530f0ea0aaa58a18fc55710c079b11f641eebfb8465fa15ab9d174a5b74b526a812234e157cd7a2e7248852f4f31a1fb

Download Submit
C:\Users\Admin\Desktop\ExportShow.ogg

Filesize
284KB

MD5
64130094658d3ba1c7b014f766cb965b

SHA1
2d8d93e104ce8bb972aff389a2cbb86847348edb

SHA256
45f98ee65b695a20f4f8f57046d8b76597c08e4af4e3b6df6879ecfb4627ee38

SHA512
f34e291a26777715bbf8d0e711d309800359f3ec48db2a9ecc280700e0b9302c534d11fc9d7f77352e08a99e78d08026d46246b584ce1b2cf79810393f6bdec1

Download Submit
C:\Users\Admin\Desktop\Firefox - Copy (3).lnk

Filesize
931B

MD5
7a471c16cf5cc6619784dac45f33f217

SHA1
f4e6afd2f87a85a4ddfbcf235e69573c445c511b

SHA256
7b188bdec0f2678e64799b8c10acbaba213173be61a4e514955574a7745d0de5

SHA512
70240dfd3b27dcf9fd70b3093c85b2cbb94531a0b90250479aa93cebbdafe50d7a9e632f2f4dc2790a675204cb19a24e98675ad485ff268093abeca4154b4083

Download Submit
C:\Users\Admin\Desktop\GetPop.cab

Filesize
298KB

MD5
ff8f8ba323dc7b4a2a5095dd5a9e23d6

SHA1
1ec21fea07e11e119fcf0d2aa68633a49f0c57c9

SHA256
5d697ee86dfd1cc1d52ba14e6475e1752ab3851cb2aec2cde3821b1855dec8eb

SHA512
e043013bb398453b45661f1ccabf48b951ee143cbf7ff865c59ab3dfea84258ba134d5535d9ac2cbfe03b6b15a92547d96279d43b2c5df5e77cbbef4bbdc20a5

Download Submit
C:\Users\Admin\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
fb4eecce0ec7895f25f26c0576d42fad

SHA1
0fb2c19d34b8cfe6230f800f75413bb987ccce0e

SHA256
e42264e3f6ecab87bc68d75b1583e629538adaf6fb379a15f9e060311c0e969f

SHA512
f4945d1e6f54238a66e2a08bcc2a84f261fbc2baa14432d1aa6a2598b55be625d9149bb8dbe7be4cdf805574da28ac43bab39e07bee6dbce918ff065a8ed3982

Download Submit
C:\Users\Admin\Desktop\InvokePop - Copy (4).docx

Filesize
19KB

MD5
4dee0c3100238a64891e8b465d088080

SHA1
b114de73a4103f91063bf7c9b76580408cadcc47

SHA256
57290acf4947fd2fa60eb28b6cd1236bbc93a3c9fe196d70aef4fec7500f43d6

SHA512
c014b44e92117a83b8f83cd902e8233e1989a5a866ab9c1ec50e0159564f5b1592db0f19d2e86b63709acc4633f466a9b3f4700096b38cdbbc4bc3f2c7d44461

Download Submit
C:\Users\Admin\Desktop\InvokeResolve - Copy.png

Filesize
341KB

MD5
e55e169105324b3aba623e02484792fe

SHA1
6d4d685241a484fb72d53fba68614378621b3542

SHA256
91c5b9d1482b4126ea0ad09a0c4e340f3478ff86dffa6a0a274dae2060352bcf

SHA512
cff65e15b07ffd99d51fe1be3b02e3ad7fa8d3a3e0a4b3e45f32aee267afd11ac46a3f4cc9c86fbc503cf9d428afac6f349711ef76299ce632c0f23862584c2c

Download Submit
C:\Users\Admin\Desktop\JoinPing - Copy.mp3

Filesize
327KB

MD5
132a45fb3fa8ba162d6fbb02c0d503b2

SHA1
e542624674a1b847a0d66e5e6a158ffe9f73dab4

SHA256
ecc23ffe0ec04ee4fe4e6dae1d7d1a33449b301368e7c57e10cb2ba2aa1b1cdf

SHA512
2966cf416be6f423fdc9f1cb65f997ae47454f70c0c20edefbe0fdd032123f7b1560b216d9f3966e0c100d5cebe8e5305379ae312cef52e567199016c98d7346

Download Submit
C:\Users\Admin\Desktop\JoinRename - Copy (2).xlsx

Filesize
426KB

MD5
473bf71db49bede2b86f2415ec1744f0

SHA1
db37fd76936792fcade849ef06402f60cb984c47

SHA256
fa362ddb9a19b22af5433119ef4d2b9b1a1a0f10ac77293416435a83725b3c2b

SHA512
41986730d51738344a1791830be42e4d0d9f13c8e50b5b6f72fc32ec49cbe0545bf7933ead697c4e88d331c67b85ffb7f332ee8c76307c7a196573cab0107a41

Download Submit
C:\Users\Admin\Desktop\LimitRename - Copy (2).midi

Filesize
312KB

MD5
736a91753dd7bf3fa2909b41d9ac55a1

SHA1
8ab39fa8948866f97c00dc3b2f06421ec570998c

SHA256
8a73ae990881479d4d7f4e0d997c53c68c809936760dd57a36a6aa41f1d19f60

SHA512
4496b2e231e2267b681cc17fb031ad2d7bf343969624a5df16185409f2d184574479772f6ac6d1d4c414b674beeca6f04bb9a97f3863121c8530ef3c8f05f22c

Download Submit
C:\Users\Admin\Desktop\LockTrace.csv

Filesize
469KB

MD5
276049a99fd7ce864dd1c2627c3a2014

SHA1
309f7fdc2f14fa8c0d3c00369974f404a17d5c59

SHA256
7d3c15c5b3fcac3a0e115caa719a4736a7acf02ff6b07a97af347eea4ee8781b

SHA512
ccbcbd772ab900a2be8f97626390e44f1739a6e659978ea7a1044dd863bd964ee3e2953bbd3bb3a911ed73bc06a598fc4d3ab24c65df5517ec5b4fd1d5a19844

Download Submit
C:\Users\Admin\Desktop\RenameMove.vsdm

Filesize
668KB

MD5
63d6283ce068df24bfbe26caee665a0a

SHA1
8ee74e589456703f61644dc0d8de6c99401ffea3

SHA256
f103866effefb4af7a939752ae6d0418f335b589791d650ace47aea2ed9f99dd

SHA512
8f70a0fdf723801626af9300db37534250fc31078190c04e4de0781d1c0b6f1d231a0c7834bd1db115003be730f38a8a950e51d3fe40baa81e7e4191c0f7e7bf

Download Submit
C:\Users\Admin\Desktop\ResolveExport.vssx

Filesize
398KB

MD5
77c8b415540005589a83fd073bc3baf7

SHA1
8d41e63d3b79c68a64800402e4eb685abff083d6

SHA256
da33a0ad0bcb2e11a66a3141eaf990d5bae6c7afebb6ddc9d6c4371fe889ceb5

SHA512
24a91eb5c35d58a1f729d7a474f190bddc15cb8964aed14f2f772cd0bd0e810e4110f49ddebd3e8839fb19a34e54172eaa369dbf42930f136c83d0e770ad3638

Download Submit
C:\Users\Admin\Desktop\SaveNew.dwg

Filesize
184KB

MD5
1c6ff2e6fc4afb09f1067c79f70f55be

SHA1
d787564031bba38326eb5a0d95ca151910b15a91

SHA256
0ff7ccf47281763c7b762e526d2f679e11a0db93e3eb1511acb12dac132740a0

SHA512
4b8b7159a64eeeffbd4f5bd9aae70229fe53e438ba2759a0b7a3093ccf3d9997e4fa4c5550c453df136bc4a7e7ea082adf7218dccc0db915e111e339d6c096e9

Download Submit
C:\Users\Admin\Desktop\SetDisable - Copy (2).mp2

Filesize
256KB

MD5
3d55688d1a81a063ef23e48d71ffc733

SHA1
632d02e452c34d4fc20fce562041740f4e56ac89

SHA256
86dbcb58a7c8e6b662b0d1fc954310c1b2110bdb2bc2406753e4b6468ab29a29

SHA512
e70f543b817978d7c5b9b961abc583a4f3e8cfa1aa37c0e3509ea0ff5b9095a41f33d3d920240f94e678ef485c7287a6b8fbd60a784b0a4d73b20d883c1cbd53

Download Submit
C:\Users\Admin\Desktop\ShowBackup - Copy (2).mhtml

Filesize
213KB

MD5
a88c70088497ce0dee347aa0c5a8fc2b

SHA1
550ab2761853f9f16f2d91b9d377b28691b7a534

SHA256
5eb66f0bbcda2ac5df3ee0123b548ca22410a8930eb55fd2043c081ad9f919df

SHA512
1ad2afd905ef5e9f7a087bdf3e4cf282d6b6b147f92b345ffd6bca3206b8a3852bcca1a0faf63b06743cf27457acc8620c8a2116e88706794d2283883f8380d7

Download Submit
C:\Users\Admin\Desktop\SyncBlock.vst

Filesize
199KB

MD5
bf51cb40df528b181c5bbe6d80ffa235

SHA1
8db0233530665f2f325c42c9f7384b023f871da2

SHA256
84358df7f12bd4f5235507de4fe47c82ed1cd2fc04050ea3af9eca577bc3eb1c

SHA512
1d017fd5d8783b7941f861c7823c7923531bdfbf62c51525b2997d5a418acccf493b165ba1dca4e3d58c83f8dbcec2376160537e6153189ae15090b47affe0af

Download Submit
C:\Users\Admin\Desktop\SyncImport.mp3

Filesize
384KB

MD5
2dc42e3657026e5e26541c3ac985c42d

SHA1
35314c1ced3e18bb86f6c23f547d83021bb57157

SHA256
3d3391e615d3db86ffac3ad2e54a8ab9f9408cc0de8bf847e703e61c07769ef2

SHA512
32f92bcc882137094efd020f201c173f982599046bf40719bf7be67902c738a1abb4e096554cdb4392e39a3b53a52e146c565388880ded9b3f88d17956527dc0

Download Submit
C:\Users\Admin\Desktop\TestShow - Copy (4).vsw

Filesize
270KB

MD5
883c09511f12bd2c333a15865ea80b7e

SHA1
62a4df705b19968b70a939bf7d2572de9e77670c

SHA256
52ceb228e7fb933c5347e6cfd48353f451153ddae98a5bf36a333293ff869214

SHA512
c1c73f3aa8a57e3f13b3603f1fa8d2d927033e46eb6aad557b388588347420f1bdf2ad39f4a6cafe29b93a20d488ae59e810b4844ffe61b29aa43e5c63281908

Download Submit
C:\Users\Admin\Desktop\UnprotectDismount - Copy (4).ini

Filesize
170KB

MD5
986ec6fa2f7990faf2d456b7efec1f9e

SHA1
d861a776cc3063996a7110db4bbe29cf3ffb7eed

SHA256
e1d4369e2e3f53a18bccc69bd65f8fac75b61faf203eb916671b581ce4f23633

SHA512
93c7a09bc234eb9c30786cd8057739ffb563e99fd2dc7565c7e9a256114b7e334294c9558e99002db17309cb15d59f14dbf7399c44f97750e1bb26b196136b02

Download Submit
C:\Users\Admin\Desktop\UnpublishPublish - Copy (4).mhtml

Filesize
369KB

MD5
702abca4e657728183c696711e284f0a

SHA1
0fce1d96acd9ba2d76b5e51790aa9eac3fd6aa9d

SHA256
423c76233d135026dbd401fc2e91ccc9f263cfbe5c84914adee1be180435838e

SHA512
c202412347c09e949c0207bd5d0a44c5b82c3cd8c8f0e8a0065e2383fca7c94ca32d1e788f0626adafc1cf078f22e2b253417fd73d55f832d05f0a3f399b3f27

Download Submit
C:\Users\Admin\Desktop\VLC media player.lnk

Filesize
878B

MD5
e8dd9067140a10b5d5a2e111bad03dbf

SHA1
b47ddc09f771c9740a7601243f4b9ff0d69c090c

SHA256
27b2537568ffb3b3bd7125cbc8ff19ee85fee7320670dc380727366030321d47

SHA512
aae928362c4cd42db29b5569b3b7ba3c46c9349bf592eb39f30540780a66bbc1e63a6935dddbb85abd179aace33a5fe10c263505749bef920a782e2e8ba139e5

Download Submit
C:\Users\Admin\Desktop\WaitMove - Copy (4).ico

Filesize
241KB

MD5
51ccc6bdcd9854924ece2af08d4e2afe

SHA1
84722f6c30eb32e13418c53f09ac630cc3ad9970

SHA256
f33b70eeeeeb91bfb43b46de337d48be24d523f02c251009ae2fa9e4a828ffb3

SHA512
659c20a00fb20f370159cc7ed79117d655c19985fb1542e7bf5ba523e7fb38560a5fd716dcefdd58234c0026701a8fcbb0b7eeaaf299cf09f2ea52c1dabb4188

Download Submit
memory/1012-264-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/1012-116-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/1012-95-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/1012-1-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/1012-0-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/1012-3-0x0000000000401000-0x00000000007A1000-memory.dmp

Filesize
3.6MB

Download