186fe6d26c001a789362741268ca9462a3e181f5e275d3eb362774d9c84d538d

Analysis

max time kernel
38s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2024 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stub.exe
Size

20KB
MD5

44fb7491e2715f43bf695d7525c35154
SHA1

4a1984f6c0e4de45f6bc54f8687e60963de64579
SHA256

186fe6d26c001a789362741268ca9462a3e181f5e275d3eb362774d9c84d538d
SHA512

28747cb40a700612f018083e355cb32907f899328f20a380b210b692da7eaabeb3620fcbdc6bf85320d994097eab32599efe596fe39cde4356eba4e47012722a
SSDEEP

384:Z18/6GAHwiKQJTpoXBBiwtjWaXLBmouFdc0//34LAZSTD5HDtX:ZW/6GAfoRsQPLBmoudHqvN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Stub.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
2636	msedge.exe
2636	msedge.exe
2672	msedge.exe
2672	msedge.exe
4424	msedge.exe
4424	msedge.exe
3396	msedge.exe
3396	msedge.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeDebugPrivilege	1656	taskmgr.exe
Token: SeSystemProfilePrivilege	1656	taskmgr.exe
Token: SeCreateGlobalPrivilege	1656	taskmgr.exe
Token: 33	1656	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1656	taskmgr.exe
Token: SeDebugPrivilege	1176	Stub.exe
Token: 33	1176	Stub.exe
Token: SeIncBasePriorityPrivilege	1176	Stub.exe
Token: 33	1176	Stub.exe
Token: SeIncBasePriorityPrivilege	1176	Stub.exe
Token: 33	1176	Stub.exe
Token: SeIncBasePriorityPrivilege	1176	Stub.exe
Token: SeDebugPrivilege	1700	taskmgr.exe
Token: SeSystemProfilePrivilege	1700	taskmgr.exe
Token: SeCreateGlobalPrivilege	1700	taskmgr.exe
Token: 33	1176	Stub.exe
Token: SeIncBasePriorityPrivilege	1176	Stub.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 4824	2672	msedge.exe	95
PID 2672 wrote to memory of 4824	2672	msedge.exe	95
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 3596	2672	msedge.exe	96
PID 2672 wrote to memory of 2636	2672	msedge.exe	97
PID 2672 wrote to memory of 2636	2672	msedge.exe	97
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98
PID 2672 wrote to memory of 1280	2672	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\Stub.exe
"C:\Users\Admin\AppData\Local\Temp\Stub.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1176

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffa7ac846f8,0x7ffa7ac84708,0x7ffa7ac84718
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9697390806565538225,2695926808477574355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9697390806565538225,2695926808477574355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9697390806565538225,2695926808477574355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9697390806565538225,2695926808477574355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9697390806565538225,2695926808477574355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ac846f8,0x7ffa7ac84708,0x7ffa7ac84718
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16227307616087269395,1516929600664554908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16227307616087269395,1516929600664554908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16227307616087269395,1516929600664554908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16227307616087269395,1516929600664554908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16227307616087269395,1516929600664554908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
689a60eb756045b24bb556f6fa8e5e6d

SHA1
c243433a8ebb7d1a9c781994c0eccb0a481584f2

SHA256
4a30b7905215e1a2355fd06726210315285f09b3aee5d79a6e69bff3d88b92a5

SHA512
6f3bd66e82f2ca3ce2a49e26ccf75653211b8407282853596d3ba963747bc9b753ab2a1065a4c83190060b332f75c3e5d5494b1e36bcaeddfdb4ac90bf9351a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bb727a898733405bfcc3bbb6fe131dbe

SHA1
4c3a952340460eb3148debc09141fa308a37f610

SHA256
8cdb9c548be6eac74262a0443f2925866ea124a6d14b3384acf754df57d0bd57

SHA512
4b34a88208987c00d4186c2df960917aad3f64218a3e32f20821a6da19b23401cb31589a4ff26233c82685483f8d6ae4fa0b35c328330c7f01d7f6044ae8053d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
6628330a142cdf75c9e7090e4a765c5c

SHA1
bfcc9c10beaa7dd33a7f41bb35bcb707552b54ba

SHA256
d3bf45b0938fb5aedbb45058509050951e31b4b5e2ec9780eedbe9b8dae74149

SHA512
a0d70fda5226c834393b4543a0328ef4bd8494eb62f0b0096c3be204889aef46ab4358f3464a4679571ae07f16ee972d9c8f01a92ada08363079ba45ad7ed34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
fe0c4729123774a547a312ba31e792f7

SHA1
e6d11b790f1dfb304c7ddc4076b245fa7e1ef998

SHA256
b96d999c49719acb2dc72a90ca60eaa018e526038c78152aeb291934e6c258a1

SHA512
3b65e99d01ccdd069e7d2424e50d54c5b9ff16418090a9257f15457999f44746326d4f402597d70aa6df7f2553ef118305d4a472dbfcfbb39f4b8cdbad744527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
22d1d32db7cfaae122ee03dda9c39d2b

SHA1
eb9090437e985e1ead8fb88806e4495e39d11a45

SHA256
01be02b293af127c7e074f322e0b5b69262a78a2cae4ad86710e6dd3b1e1ee1d

SHA512
299b7505098fb3d3adf5ac83e8feeb26ecbbfb703a248eeabf74fd22f0f01b61d0190554713e6153466d99b98520a2e2b2b7203f4e0e0f7d8594b9ef459c8943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
360dfde23a26fa46206fda74ed0ba13c

SHA1
a103bf85f532115bd0648b30c4460a53332842a3

SHA256
7bcfbd8b39e544a7d2945b87eaa1e2553c5714514bbbb1b94b60523b434dbf52

SHA512
18b241b80cda0a9430dfda88b9700c1f206219d85090ad0f19605b959deeac829f32462278fd47a06ef912db9bd8a3cc6d9eea673185c875dbff8c9f7f73a136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f22dd05d6539ba053daa08bd1423b58

SHA1
70749bf44a67cc75ff789d26134e1d18033c2c07

SHA256
489131f82c0fcaf3e446fe3e3f932d266fadb9b430874de7ebfc6ad71c84b7b6

SHA512
f534946aaac17418ac42a4fd1d09b2f5a2303936e0d83616d289081176670a7176a1ed77d8a6db3bd407bc69574b1a7ae92aa2c99795378b64b394d0b4417d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bcc020bddd4b422a5b9268b2bb8ff46b

SHA1
f9030370f9f202be8dbf9239796167413b469c96

SHA256
17e976f5aca328f7208853c91180fa0bcd9bdc10dea1e2d5af73cb4460338b44

SHA512
2cf828dc0f31b00c43074d1f8983166efdd31ceaf06a089ea97ef1e606f6a315d08e474383c9a0441c55dceb3b32738b473a2ef293077a1110f8e15f817f4e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
beda3eceec91c4d3259752d50c2cf3b2

SHA1
68d19d7ba86907432f2688927b39b1b9bacc9067

SHA256
7bb7bc01ab3a16cd668f6a774c35c63335046c2609dc00df01525ea93dfd9112

SHA512
0e77ff376c31cde1ddfb27f4200ce486a393be5af85837c80f01f0f6d231dce33ed0d413e8edda23d57c5f35d81e6bea14fc01d57ecae359a380b6ad703d05d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0e54f527f544c8455f7bdf68baef783

SHA1
833f0760b5ebe46c7b4e345d984367d171ba341a

SHA256
7a6fee29cd18900ad71ae408f49a55f0c05c72fff7686137363febd62f795890

SHA512
95ad08726f5b6827b1fdcdb73bc8aed14fd7309af232dd9d88bc8ac3454ba00c08aadeeb764ff58f62d0b0f8df7ae148cebd2dbd7d1201dd878f4565ba3321e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b513fc57bfb12144a33fe0330b27452e

SHA1
072a68b9464334ce387be8388ba092bd0d9a6657

SHA256
05da69a6e8f53eebd85387734ce01e6a49a4ae66c9fb5ad0b911f57573f889ae

SHA512
872a5c6a15bf724d1bee992441ae9c72baeee9bef90c4996b7cd26e26728597e370c77ff49ae50cada70eb14a4ae9e7efddf05542818802f8d4fced7554db361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13371636683112120

Filesize
427B

MD5
140090ad76e58c309f0861c943377ad5

SHA1
eab738d77197549a84f35d12810c67dc0769b3e7

SHA256
7261b09426060533c181fbc67bd20eceaa25c89ba2a85c16d17130ffbb4f3340

SHA512
49ec18706e806d996894ccdc0b515e611fd6d33182c17a464780c912619f28b076c018103d6fc54ef4d61899e5343e6708812232adf10d808f63e29927dee45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13371636683112120

Filesize
933B

MD5
f73643eb4349ef2b4526587fc0981207

SHA1
892998d5b30dc094f117cd1648f0815b4b28496d

SHA256
424f2f99cae8d3ea2d227f75de97201fc9b73d10794ffc3230cd5f7c8569d1cb

SHA512
8c144f3b892ef8dcdfbe95e038cd03463d88bc829d0050c437f50c0a3e88ea4b10b673d9db26cae17538c4ba9b19baa1248721fe310587df534e90aed4a0559a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e032a94e7ca89bdf2a8331aa92854b54

SHA1
510883b06a515df430f7fd2477ddb75ff7aafa68

SHA256
39b683d3ac5b724908d868076639a4adb542aa1fe73f0d25260343ad85e72bc7

SHA512
7dd96e6e2dc7bd72e8dac9f686e808008387e7aae4bb525a862cb2126ca8d4d7e797c3c4564e342b7190d185d8a8b55ab8d9cc8edcb2355390994f50f8b09df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1fcdd8f359424deb7e80b6101099db22

SHA1
6ff24bc6329722f5d9eea11d454375e4537bc274

SHA256
a0d74fc43cd078c5233ec75eb21134d533d81d0cb0829ffdbad485a0a821d3fa

SHA512
f970c10f429b3e94a5bdb4fcbf2e8984d4cb94dd40b7559744bedbd6bfdfc5a69adbed09c60a96b07737da8537f20e8c392ee559b8488b5b2c0b9342f6d0e7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
30df276dc6fbd199b1937d716bc616e6

SHA1
d65dbbf3f96855dd3b6e7314241cad12b9949732

SHA256
8dd9e5283fbbc5040053a3b747485e972c319185074fcdcb66aac3a3429cd3df

SHA512
321bb678479839d6c6df51184064426e6053ca86fac4d0e4e842133b414a48d373b4388a43ba039e6d1a5c42e3a9321b09b107ade59a0595878dac3745472590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
04be03eb892c19059b3d583a0eb9c437

SHA1
83fdebdea694add21423e2b9ca5ab98818692b9a

SHA256
ec72da57da4992ff4982d79fc14daaf163f97ca9fa54f846ea89f7fca2178267

SHA512
8a9d27621684a98fb2df4501eec89e36ffb3e92e1da92a1d659ed8477e52cce112fefb681d63d70934cf69912e63574cf05e0f86b60cc036e7c73a00e88105f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
15baf54dd4776351e34d6f7acf0dc2c2

SHA1
cbe2c4b58e6566e4193a96e8bf9597ac7f3e723a

SHA256
018d142c15f604b0751be6140493e320e9f24cc3e3128aa97b4dc2f399b1e00b

SHA512
95c61e30e1a3e4fd699f9b3aa489cdb9e8d046058a79a26d29d50b337258fef174f7c1afe4ebd2302b90ad10b57f6a5fa65e16c7de84d2d413f0abbc8c668095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
107f1e512b46d21362d15bbd487b93e6

SHA1
df9877f71bb873b71a0105a34c389b7fbeaed463

SHA256
cc7c5f45c2f59c035a195cf841e0f8c0df3e524b2af138ca88c29560fc856404

SHA512
a81ca5e645cd8ab158e278718445074d55b90c1d07c108a2654847b7eb0a550f1ec479e5a467922d1a33498202b459e301e6829cfb71060f7f22fedb8a65c1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
944b5760b500742589005bba5efc7cad

SHA1
cd87c4b476985099274a4065c8312ab911e9364d

SHA256
bad4dd0a9f6c395bf551dc438800b534f6448a595d454074eb5916b936a3b521

SHA512
78fcb3c096a6ce7e897580f31a12731838f51f8b3097b7f37e1d466eb83beed2c7d958039196fcaf786f4f652ce762936c07f5700458ad574a40ab7312337d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
863545d297d288d09e15f85d31d50718

SHA1
78c2046e11746a63bec4997090671573d91456f9

SHA256
a3b153833effad5b4862470c6e5ab0909056bc7aae657b5725c9365bfbfb709a

SHA512
531a2d4d91ac2c3dc9d6e2b70330d7516e544094f923cf9f8669493e9c35e61dab7a531c7f4c5fb0d66a532b647ded24d859a894a13b401e19a82730273bd2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3cd7dc8c58dcdb998c6816fdb7afe838

SHA1
7f067e75eaef9da1cb99391b010c49dd82c49c89

SHA256
369bb5e4d441156a69c9dedb8ae1e86bd3ba0edc2ee6e47c8b4140b4c6b91156

SHA512
ada8e51a8d00814467014886a60e64a9bcec25bc192bdfddf90eada3e98a639d9d1b562141e593fcce765addcf332457b77fe7f37511c9e70c7bb2583faed9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
98209e85490914db9ac75d9e9195765f

SHA1
4056e8421555cb501837ea6d4ed4ef4027cdd9eb

SHA256
52de2cb681e0825c402fb7ee7faa9b6e5c6b07b3f1f2091c4df61593676e0166

SHA512
344351906562057f766ba0b3ba8cbfd85ea46365b43cf5043612907b22c891789077700216199d8017e72a9f81f72e3ccc49c6326f77c3b0dce1e71cf6f766b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
1f7de3ffabbbb0e4fa163a468541058e

SHA1
6b4fbbd40585eec9a67a4be416826c4637dcfa2a

SHA256
decce661a92cb87a844dc0a6e7f2c3fb9e3fab6d0574df3deb848c225a9fc3a6

SHA512
bcf7eb6cb00c1e2b59ed62907f5ae6a27d8a8d0a77320f7542e3cfacf498f9477788e96d92944a563aec06ee1871a48998d179dd62ffe020f8091dc4fe489c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
382089040e89b79d0a4b9c21b387683d

SHA1
d6d2f52b7dda340213617f6a455cd058a86e8323

SHA256
47107d661824543fd0b9934f658e1fd98519bf38f85ad2c53d473dfe73b7f5ce

SHA512
06b602b98a85422faa880b6306c052c5e979d77dcab20aea8162167d7e21b5449f46121cdba4a96160a6ae88bf3a6f49c16949a9b9be79a913ec84fdaab43732

Download Submit
C:\Users\Admin\Desktop\BlockCompress.docx

Filesize
13KB

MD5
d0dcd1b7576a78f9b0709fe8b82b6d65

SHA1
56ce4af559680f35d4b5142ba6cfdddaf646a8f5

SHA256
5e63240414761b27c87ab1639ffcb4c2961ef63d6f91889716debb05ccfe149b

SHA512
745c5592d1c1d417ded82e568570190aa51c0bb67bb8f93080d7b10316bd0f190c35ccb9a2aa17deb59dc2c7136d19ec23688edc86f2842612964171f053e758

Download Submit
C:\Users\Admin\Desktop\ConnectExit.vssm

Filesize
245KB

MD5
2d2047172fd1f28534545e2d44c882f8

SHA1
43df71c0d97201811c72d3f03e5b74452afb1fb1

SHA256
be3ffa5f150cf819298fa1ce246a37b050405fdd98452274d105087fbe5d6803

SHA512
ea64cb982eec06be19bf33def5060a5c732359f3d68b3d403e9dec1e2972b060456b69f98d529b3d0e6a3d9227af7c49ea4ed52de16a0f8f1d2165199ccc14da

Download Submit
C:\Users\Admin\Desktop\EnableStep.dib

Filesize
170KB

MD5
549dcb501e9600c40de03faa12f02425

SHA1
288d7fceb322631071a1eff8ad09805d1c2cd02b

SHA256
a8645bb98b3700b765e7b42339db14bd1dd8aabaaae7e45f9e6ba5ba6e18dd88

SHA512
6edbdc41a9888b160aeb1be5e5e58de49baf2e1df225050fb924bda11aedb71e3328cfc7628b225a4c724fb305bd5e31aac9ff8074a9fef45758900f3797eff5

Download Submit
C:\Users\Admin\Desktop\GrantSet.csv

Filesize
309KB

MD5
884ea17d08c5bbe7b41115d4c2272cab

SHA1
106ba801cb73ebec08e9038615acff8c83fa7771

SHA256
33d8dcdff28811930c14183e36af7f72558db84eddc0468ae96150e83d05ee80

SHA512
02ec11db115b8092eb1d7a4f9c0c7b4c48e1020eddca82644d23605f60cbf2a93fd3686936ad1ba9356e370a09a046a779804a8101a157a2a6f39aa5b80d694d

Download Submit
C:\Users\Admin\Desktop\ImportConvert.mp4

Filesize
160KB

MD5
6740bcf8c257c339f6a40e2871dd5c81

SHA1
0dbc1fe19e44bc8104eb1c374827f92c86f69497

SHA256
8bf3eb00ff51d2b143ddf9955fe62afcc3b751adcd88fc8967a0ba16544eb45b

SHA512
1a07185dd7816584ff64745af19528c24525ef17b2e032b59b5d5d3e65bd5ed74595ac150e39fbfe75f8a89a2dcc092fd29596770194ead8d7d904895890e3f9

Download Submit
C:\Users\Admin\Desktop\InvokeMount.dll

Filesize
181KB

MD5
df3931c215d0e9c417f377619feba56c

SHA1
83a3768980b394e441d52a560aa6c48305f9073e

SHA256
e609656bc23b0264d5557caac3ffec3681d1ea8614c4037ae6f70dc97ee38085

SHA512
32b5dabf90fd589e90b1b669173eaa1b3a0ba87b8ecae2d979b5d3f9e4ec300e65020531beaaa03208b8908bdc1dfe0225c6e4e88b5259c58e78d1da06af03a5

Download Submit
C:\Users\Admin\Desktop\MergeSkip.csv

Filesize
224KB

MD5
ed57817682e947b02a51f3149d0c51f3

SHA1
dfd0270c2deb7a863a65f03421fa57996c75ee38

SHA256
57f58ff77e483f710165f62f4e9664e4461236657c0fa81432b60ffa36e8eb14

SHA512
6ef6c172a9a7ec3ca64784dce8131bf3965a7529f2fb5085b2ac72930ecb5830244828fd262c3f9e46af9f6457aa2480d68836030779cea625eaf0ccb4ff9c2d

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
0ccbb40ef52ee8803dc1a055edd980b9

SHA1
cd199b55a61e9ac9298d32bd1861b449139fdb20

SHA256
e96b046042e703ddcddd455651b09af83c0edf117dd3a4f17e292eaab4c40734

SHA512
03c7d405b5af2f450f0743a9b5ea9d0b586c3f152cddbff7d4af925e6505a02c75bc66499947476e615779a23949dc54caa74ba7415c94890107e1a221ac98f5

Download Submit
C:\Users\Admin\Desktop\OpenBackup.rtf

Filesize
149KB

MD5
d4cfdea642bddeee611aba76f39bfe69

SHA1
bfd9d0d811f1bce655db74b353c72535387064f0

SHA256
f84eb0e6a391b857dd7a16cb3f41acd41b3ad622b5c69b38406a9f1d77be93fd

SHA512
f16db7fc55d1d2173a89a9d7ca424c4ab30b0cd3c5e2b52c14f639592e59e5a100d07ca99a77232853945956194541cb79b8a41844d53b66a84e4bf0bff0c3cf

Download Submit
C:\Users\Admin\Desktop\OptimizeExpand.pot

Filesize
202KB

MD5
2c2ce26517e1dff17e0578266da7dc58

SHA1
bdba8b2a39054d0326b552942f9dba0800d77fd3

SHA256
67152658560803228109c5eb305b0123c8d4d91512f995e81b253f4daad25fba

SHA512
aae41cb93ba530b3e5d17ada1d3aa4723bfd8ebffb760af10dcbf157a908da704d3915f9fb6567dd567a73a308b56d97924789236c009288785078bfb1fe9a09

Download Submit
C:\Users\Admin\Desktop\OptimizeInitialize.lnk

Filesize
352KB

MD5
e25fea721f586a8c514c201c1302b258

SHA1
05b6acc6605e287fb088ad5b00ac76deec47c7d6

SHA256
c687bd31ff5310681a7664f8eb919ae741587aa2c2d4ca26b2a4e68f29a02594

SHA512
4ba1c686ba8a915f323a31f4778bbb969826e07808f23382a144fb16ded020440c34649cfd1e7621eb9481ecefd2d10e316834b408d18442c85b2414a1233906

Download Submit
C:\Users\Admin\Desktop\OptimizePing.vsdm

Filesize
128KB

MD5
9bf327cd0d397b65e3257a45f3e48594

SHA1
49e663a0410a0e6457fe3063efdffbcfc6a3838e

SHA256
521ad85eaa3ee781d104dccf33a1f29c12592008dde86c2ae753354b517ac772

SHA512
5d18c25a3745090a7c517b499de0fd5bb19f20e6ac005efe10e9129f8a2b6f357bba392145583f8857f83fd1e13644d0ce468e73a05c4fa466bd6f427ee3dc63

Download Submit
C:\Users\Admin\Desktop\RepairLimit.dxf

Filesize
288KB

MD5
181392dea0acd89713f15f1980a2c5c3

SHA1
a19e8b736543564f671f078baf5eb4ebf19e954b

SHA256
4ba0a5f5eddf0693dc8f8e60070b83454cbaae03ae9e45b4bbf41cc88d1dd8ca

SHA512
0943817133d09ae0b30a3d8465ed8fe99ead8904eb3b593e52f2cc0bef1080b280e008cd7aaf91bf66ccf96ad67f47e18b157f0ef845d8b0e1918ccf23d5d9f2

Download Submit
C:\Users\Admin\Desktop\RestoreRead.dxf

Filesize
277KB

MD5
243576a7b1969a2053bef1dfab65aadb

SHA1
246234ca276ae83a148a836dda922a76aae2ef2d

SHA256
6de8e0c1f2e788b8b0ecb4e195c8cf9303f53aa578a1bf20f38874a30043de34

SHA512
3c7b7ec1997dd19ca20c0527154dcc7cf4b8b526fcf2653a485db3086c913559c31e048f46d92ee774a7a5706481364810e3e471f4a136b7bc34c5d5358d48d2

Download Submit
C:\Users\Admin\Desktop\SaveBlock.docx

Filesize
16KB

MD5
e0afc263f798c7490fa280f175eedf1e

SHA1
dd304d56a7ea3a8fa1b6da2ce4b5a8e46312b1a0

SHA256
c590e279e02d1efc714d9a73688ab6365937ad1996d8200935d60b3dbfd3b655

SHA512
bb4c9a1f32aa34be218d13a412cccd6b7567a123ea8cb0207536031a4b717e6426b8c756372db223a9492157c4a7e5c5342fab2357165b94167b5f75838f6baa

Download Submit
C:\Users\Admin\Desktop\SearchAssert.mid

Filesize
192KB

MD5
955268bee8c879f984f8bc1fe66ddd15

SHA1
b75ee0a0f3de4b9adbbffcb5dc38e178e10ed5f3

SHA256
bd05bc3185cc3ea74a7b7ff7d61eb93cc3f02aa6358979d0b457f42aa0373a59

SHA512
36847a7d08609edb9b969b2aa0b15f172576ed68873e8bfb272867d0a77b6260519dd5cbac2d76c96a32a64a1465fa76b4fd67788a89aab46f133f0bf01986ca

Download Submit
C:\Users\Admin\Desktop\SelectExit.tif

Filesize
501KB

MD5
7b42d667c5b949ae1bec966172dcd3a6

SHA1
855649eab724cd7df41e0576b55367952ec2e50a

SHA256
7f5f4dda24e7e6fce5265c3ee36262eaff0b4205f4df7c0da62a7a40126e4527

SHA512
635c71b055a6316ee856d1dc6beeba26c8199d266103b4d6f8fd4ee10f4e92d7be4b63de6614e5154ff4299aed26d1f55c037aa7e9b12b1d80948ba60b972eb4

Download Submit
C:\Users\Admin\Desktop\SkipSend.tif

Filesize
298KB

MD5
25321ce5e804dfd7bd307ef432cb1f76

SHA1
17e9e439d7c25e8f2ad19131253cab5ffba8b02a

SHA256
6f84c861967d3a76c539edde5d89b30dea71e2a5abe24dc01f1185aa0704fbbe

SHA512
6308eb08673b54cfc3aa52787bfaaa45b33a28fef0f0d8a681332cf9fdc7706af3f825658bf1c934be5cb4984dada2d5d274ba93b7b7bbd017b59f7f6e9b910d

Download Submit
C:\Users\Admin\Desktop\SyncFormat.ppsx

Filesize
266KB

MD5
b501e1b7c7be16ee37b42e559a5c141e

SHA1
c2f3d8a8268cfa208d7268e791ae6c11b5513e41

SHA256
3e4338e3d767d396775550ce5805115b48aa73be51e6b94181833147a85c3fca

SHA512
baf7c71c53ec3fdaa0ffd63eec45eecac83d7a41aedd23748cf799a092506ff79ec2f77a4f13863ba7e4579edf6ea801aaa33318c629249669713426bb00d92e

Download Submit
C:\Users\Admin\Desktop\UnblockAssert.mov

Filesize
234KB

MD5
96257d8b7413fd94e2bec5bf7f84afec

SHA1
76b22828d7846414dc30952699bfcb8f6a5f430c

SHA256
a375b3fd82e7bc3453ab30f23f66003287e842bdc27afab9af35992b1c281684

SHA512
0e66a2e9cb1c46a261ceaf9cdf4a7e64704b9216620dd696c538b1079b51b6f0d23c95171e5c477ace6964f11cc52c19080dbb7e17f0ade5a9be44ba5f176bf3

Download Submit
C:\Users\Admin\Desktop\UnlockSend.css

Filesize
256KB

MD5
199f9c770db0d6fe51a1c98bd0d8beaf

SHA1
df6f5ffaa7d165471c2e53223a15b0e021bea47e

SHA256
ecee203bb18924d92f5e58476c9086cf504126de7bf780f85c2e621832293665

SHA512
bd1a5823183c65a8e1db7bc96f50d3adb4979d65b985edcdbf52cec1dab6e14f69931d7ad15c623e540daaa5c6e3b08da38cac7a5df0e42986f50cb95f107cd9

Download Submit
C:\Users\Admin\Desktop\UnprotectStop.xml

Filesize
320KB

MD5
973add1fbce1b94cd0c7e8c93d0981af

SHA1
1e74cb6934a2534a0ccfda3e9394bd37da2311eb

SHA256
e9114b2b39682a00f6bd2a2861e78fd032f46eff3a9be45d7533fabd48c670ac

SHA512
7582a9e335eb21ef3b7a1724774d027806fc57cd82b470e621f45dfca7c5a48aed136f6266e19ef4e180441d3f24211499cdf19cabef6825550ae7241cf117ce

Download Submit
C:\Users\Admin\Desktop\UpdateConvert.mp2

Filesize
341KB

MD5
cb441e7267f6ff533a9819311c8bd58a

SHA1
f87417390a13cade2842c57d9d0b905dd4b71298

SHA256
1f4d0bae1f0af6f7f6d619bc8a96ea27c22f7438c840eea06d7d02a3fccc9771

SHA512
36a10cfe4c03a8136dc1cdf095ab9403d7fec87e0780038723b5b62a27fbc29a93a696cc45d488c04e627225657283088e469e72c0943bc691bad7d8ca5f2fef

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
ae485a0c908c558628074d51b224bd91

SHA1
a888e13336f478253fced25ed1d4229882894dad

SHA256
2b61991af8f3286bbc1be0a16c9d275ecf5c8836219aefa45f68ca47eeea9584

SHA512
1fb62cc064b433d305c849308a4a605f861b90fab328fa265ece96a8e5660a5c3e0157cc80e5c360d57511afdf289134363b2267573f56a917bdf9ab17380557

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
5c19b7b6d7dd6f360fd6d9df3eb56ca6

SHA1
630d228bdb5cd5877c6de5e7f881af9d70c131c9

SHA256
3ea9fe829e3dec6384dfc46a9c58200c4838b9d78283f78c1f355a44070dae56

SHA512
54d0ac6ef2659a2ddc9c312a3a216f208b3de0ea40ab4c89273d292e71c5cf2892bb289fce1f9f7858e6522fae6b95c867788afb60ab64187e1e62a49ad03d67

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
c11e590e8e5d1c9198526a96c292cd73

SHA1
76655a4018703bb3b494024b792dd301cbe8743c

SHA256
6314c24575f7fc9c50ee6a75f07d9b6101561096611a28c8fb7c4778f4cf5ffd

SHA512
c208ae38eae429a6987a7249ba07b4cc79ee2924ffd5df33a292929428eb7c8c4d57a2a86ff3d4a5a7e8260bc8567680f4743a63bb43f001f0171dc8efa17082

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
39f81555b29b590aab9d31684b0eb3a5

SHA1
1e5f5491fdca65708f6254c38c6ca2037f7b5ccd

SHA256
2d2d629aaab3caa201d8dc1104bb3fedf82d90755f5beafe6591dc4982e067b7

SHA512
413c2416c35ebf539c4989785f6f97c7472918554b3771483aa949f41a56d3166b0cf20a250c51b9b68ac0180d01ad8d8e4b9bcb2362018ec2693ede64ff4146

Download Submit
memory/1176-0-0x0000000074FA2000-0x0000000074FA3000-memory.dmp

Filesize
4KB

Download
memory/1176-18-0x0000000074FA0000-0x0000000075551000-memory.dmp

Filesize
5.7MB

Download
memory/1176-17-0x0000000074FA0000-0x0000000075551000-memory.dmp

Filesize
5.7MB

Download
memory/1176-2-0x0000000074FA0000-0x0000000075551000-memory.dmp

Filesize
5.7MB

Download
memory/1176-16-0x0000000074FA2000-0x0000000074FA3000-memory.dmp

Filesize
4KB

Download
memory/1176-1-0x0000000074FA0000-0x0000000075551000-memory.dmp

Filesize
5.7MB

Download
memory/1656-5-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-3-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-11-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-13-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-12-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-14-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-15-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-9-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-4-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1656-10-0x00000210D86C0000-0x00000210D86C1000-memory.dmp

Filesize
4KB

Download
memory/1700-254-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-253-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-252-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-256-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-261-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-260-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-259-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-258-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download
memory/1700-257-0x000002185E860000-0x000002185E861000-memory.dmp

Filesize
4KB

Download