chimera | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

27-09-2024 13:49

240927-q45laaxgne 10

27-09-2024 13:46

240927-q3bltaxfqc 9

27-09-2024 11:49

240927-ny4qpa1dkm 10

27-09-2024 11:43

240927-nvsh9a1bnk 10

Analysis

max time kernel
316s
max time network
322s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

10^/10

chimera discovery ransomware

Malware Config

Signatures

Chimera 64 IoCs

Ransomware which infects local and network files, often distributed via Dropbox links.

ransomware chimera

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Games\Purble Place\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Games\Mahjong\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Games\FreeCell\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jre7\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jre7\lib\deploy\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Games\Solitaire\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe

Chimera Ransomware Loader DLL 1 IoCs

Drops/unpacks executable file which resembles Chimera's Loader.dll.

ransomware

resource	yara_rule
behavioral1/memory/1260-945-0x0000000010000000-0x0000000010010000-memory.dmp	chimera_loader_dll

Renames multiple (2003) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 37 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Recorded TV\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	HawkEye.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
106	bot.whatismyipaddress.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre7\lib\ext\sunec.jar	HawkEye.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif	HawkEye.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar	HawkEye.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DissolveAnother.png	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png	HawkEye.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml	HawkEye.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImages.jpg	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif	HawkEye.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer	HawkEye.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_LightSpirit.gif	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml	HawkEye.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html	HawkEye.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js	HawkEye.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer	HawkEye.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	HawkEye.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	HawkEye.exe
File opened for modification	C:\Program Files\Java\jre7\lib\plugin.jar	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\InformationIconMask.bmp	HawkEye.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	HawkEye.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar	HawkEye.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HawkEye.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BE930A1-7CC6-11EF-A444-523A95B0E536} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2068	chrome.exe
2068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 840	2068	chrome.exe	30
PID 2068 wrote to memory of 840	2068	chrome.exe	30
PID 2068 wrote to memory of 840	2068	chrome.exe	30
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2852	2068	chrome.exe	32
PID 2068 wrote to memory of 2848	2068	chrome.exe	33
PID 2068 wrote to memory of 2848	2068	chrome.exe	33
PID 2068 wrote to memory of 2848	2068	chrome.exe	33
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34
PID 2068 wrote to memory of 2740	2068	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef78d9758,0x7fef78d9768,0x7fef78d9778
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3856 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2428 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2400 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4196 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4440 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3308 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1692 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=800 --field-trial-handle=1096,i,6063112367494102813,3526340110544778136,131072 /prefetch:8
  2⤵
  PID:3028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2344

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x430
1⤵
PID:2464

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2680

C:\Users\Admin\Desktop\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\HawkEye.exe
"C:\Users\Admin\Desktop\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\HawkEye.exe"
1⤵
- Chimera
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1260
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Desktop\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\YOUR_FILES_ARE_ENCRYPTED.HTML"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2088
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.7.0_80\jre\YOUR_FILES_ARE_ENCRYPTED.HTML

Filesize
4KB

MD5
39fa459c49ead9f6bd997fbd80ae6783

SHA1
a0a5d52e2cf1120bdf09df965f693d2536002348

SHA256
03ee48a15c39a5018d575fde560462b9bcae03c21a2ffb1e0373d52a729fa711

SHA512
f907a795b30fbeccead1bb0a031a5b66efe545d98b8606d107c577e8ed7736ab4ba3cc38c5a11fb9861388f7d14dbf978beec9b1de4741e976bcfd91637102e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64a963b2d717e2cae2fec48dcc4aebdb

SHA1
22c999f54697560cbbba12eaf9fdab0c2b322f7a

SHA256
1b068105acbdf04b928897151a512f41d3145e821885fccc91598f8ff0dca5cc

SHA512
1a192bbce67d6d4c7e2aa4e90beaef5a562371d97f516991fa4539f6c355fe5adadcf0c34481f6a6c095c60a050237d9dd492957af71c04fbe27511e25d573b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
886981653d56e19b66c8078ba6d17173

SHA1
d6f149e8cef973ffb13e2443224d2e19851e93b0

SHA256
27701fd3e12aac6f16c82a30df30be804973f2326a18f0a70247655c6c47eab8

SHA512
419c509b17c80c768a2e5443c59b54b65c9b1e60c47b49c992a37fc51445f05b845d8c5a508e0fe4985b3238cf8f07a05402a1bd31b57f4b4a94b7f36669f0c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71ec4bf632840669d1f3a6db683aa470

SHA1
85cb9d0c35b0a268db51d458dfdfb626fb2029dc

SHA256
275048ea115fbb897617937a50c5d37137fc2e0ab19bcfc71ffffd5265b26be0

SHA512
6a54199167f8f5ecd780bf2bb7ac16d01b938e758ee0a316a48325a09639d3a3307f42dd8fd3ab234eb6f1ec579ba49b682b27bb33bdf347333fcf8ed629fe2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de16977044225aec40245fe1bfd17a58

SHA1
e371ec2eb48f625f83611b800ae08f44551cae40

SHA256
76ec4029f88ce937ca6cb4b6e205256fd4a2a5c8315e0b6ea4aea84a6dc74a8a

SHA512
3e450e9caa8816a931a08bee1c8775eaa1c4c47453b8b3d7ef2390040ff55031afa16c6cf8a08431af8973946213bb122f71f176581dc5c0433d309da80ea6e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0927cb9bcbe1da9d3593f15dc6f1a76c

SHA1
138fb70be4a6d3c343e371cbaf913d8d7ae29570

SHA256
05e8a1e8e78fee2e5af5ef7fbe73b227dcd586f0da82c03c33d96f3e179f9b6b

SHA512
82992a355ee4ed02a554875b85c5b228937a8c5e7a9e5fe54821d851fbdba1095dcce3bd2baa20117a645b52280154b6f22e2b3fce62819dabaf0007510b6362

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b591dc654caf020c137d3b7c99c47227

SHA1
105cefef910cd0f6518dd6e759495404cfdfca05

SHA256
917cc130719fee100f5f950b5cf56879588ce08a82bfb28ab9fff9f596c22194

SHA512
ad7d43b38691bde386a63532556ac0494dc314a955ed36568c6d4145e2dbd05fcc60521bf91a7fdcb8acb089d019098e5365881ed51f8e600931f9d4782fd3f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cdc203cb2ae960c13e13263defff4be

SHA1
d8936b8529557f6d1243b644b18236476fe5ec07

SHA256
302a17aa4be7bd9b4e58640a333fbd544be9343bcabeaf862abcb6416f849a7e

SHA512
8bb5e0e904aacac3fe41bac9ad54235f1dbc9d7f8f0d2c69b9073e5d4ca29f0f4be29a4434b66b66bfa91f776fa07346beb6cca68c9fe510a72a0bf0cd73ad0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afca93cc7b67e68b493ab0b2d2464d7f

SHA1
2c3f5097487c2e9a9bb626e61ce8da0dbeb01ac5

SHA256
e975eef64cab95f43377993e9b8323537c1c8276c919f16d1935233ff8408c74

SHA512
388b4d6d33aeea24e194be38d3ad6082bbed867a426c461f13ea0e21d6fb672b4721e719b29e866d9e39241d011d52ca3d88c27fb446a78912a89653451fbeeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d1b1493dde81283ba3e2ece7610eccb

SHA1
e2492835fdec7ded8b74e67cd6b7b34c6cf82d6a

SHA256
343d5df7913616581a5501eb78279cb98e45fc1fcb9d6fe8dab5949f04ae74e0

SHA512
a8dd33e94e630b36a3a65c86c3f864abaacb69649c8c743fd37da31527dba653d80138862f9487ea105905897a39fb1a943eb98455485a30ae356db8b3d48f9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
091da391ac15b2f5ab9b57973c7460d2

SHA1
5e705081243b157faee2a2eb8cdd4947d874a9dd

SHA256
6d1ce84b0da082a09640c02b4f496f352a1cce69cb2beaa1565a1b9469530f8e

SHA512
81e56d5636ea1f938525501e0fae88dba14f9fb6f948928dff9a7806b676a91b89b118350fc56246a7c0d71facc8bd59763bf4ee34e5a260799c4c8d1842d725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7743853f1e1b304d2d78328eaf03a1b

SHA1
5ba36dddf6fc48615b2f5aa18873fad10927ac4a

SHA256
000ac9675fc8eb7ce61c55d67abf09261d086d93b87becc8268d01aad5d2c0e4

SHA512
8eb4c8f7f8078b9b3f81a91ba561fe1294ac00fc5a44f2deedbbf4bf42a28dd5060dcdf44292ac28da543e4203d20c77dd50606aa5be0eb896eac90089b91c38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce7d2bc2da716875ad5a013442f07cc1

SHA1
e184e275beb659a8987a830802a6c52ca3c47832

SHA256
85d692d4a1e7450a21569fb7942c97b5f907460e8412fc25ec30db70431dbf91

SHA512
2cb3913e13d03f7423c547f4913dee7456802cd57206d4dcf2d7681195990052774cf8f3df8df1722aab9f8a45a4cd817b22114ecf3fa71bfa30443bf4ed1a89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0507beb87395e93c1c30a9f840894918

SHA1
25521e4ae8b710d75cd05214f8fdcd422cdcd9de

SHA256
cc4ab674756d6df24960a89dc4fe3a0fd6626c6d4d887cd74a281a56b0e0bec1

SHA512
1a9e29278d4406436839e8b09a347af44f96194c4756b8bc70180da717b15459a7243d7a176ebd12214a9f17070e47348b07ac4fe7d41899fdb73ba7443bc4af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e961060522243e22a8927da14699f165

SHA1
066f30f89e40fc973c2e68f8b5c8dbc700abbed9

SHA256
70516f19fa7a325f369291e4604c461ddbe7a75f9fb4c1fd37c135e46e991fcd

SHA512
eda298c7865bee4e8270ec1306c7da105b6aaca0adc8b3f7100a6957069bcc5150c381aaca7773feaee445f3f334d1cc67f634c8318702ff9d305120b183d532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02cf7ed88d57afeb6164ef02c134b08f

SHA1
e92edf324941f5601a2d57d0dbb26cfe4183b2ed

SHA256
2ab6989bf002d38bf6922b45a26e586333364554d09b53e298f8df7ced8eb098

SHA512
90b440015c04f9e60620f63b8b7dc4ea9e7bb8320205a43c8e6a15d85c454fc6c4ef9c934bacb78873a1c7acb293285e7d650e9eae81624f83aefab5b334ae05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5e4affe2-951b-4033-8196-c3280744a1b7.tmp

Filesize
168KB

MD5
17e5220d2b4d4c91a8cfe5c858f7dd6b

SHA1
8e349bb4bc31a01830eac22f37918db4cfec5c24

SHA256
d4c2e4f2d9f0a516aa4427dc07f2a1b30fcc78c27943d37af91e0bc8e02a72bd

SHA512
3a0d2eb35b84c0caec00fca222dbb9e0c5548a6019836c3b7d14082ca6465ababce260acd71656d4343c5ea481ed3d1764b4b4a8827cc8c4814e9c758a545231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\235a3d51-6400-4409-9b97-e613869c972b.tmp

Filesize
6KB

MD5
422755c9dbe6309625dfa179e6bafd94

SHA1
51720e80bbededecb9ad12e6af3f49973b6980cb

SHA256
e3564bfdedfc3ac3146fc634dc3d9d95128672a07603effbd962b54b8b4c3f49

SHA512
2c5aeda079ec4429d37ee0691dcebe2406b9367e96193389e2f1a8cc18ef15484f08895c5a58eb7e01af283bb49aaec1bd65c17d77b8c7e113bb12b870b65f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f5d4cee293366bb674e6aaefead47c32

SHA1
4e3c3f192757204b513621adc11ccd48ac4c7a07

SHA256
d39b5d1c68456d814b652d597b10271f6a302af01210e6b13b241577d026edc7

SHA512
deeed69a0f6104d32a9f9b96bf80284e1e65cfeef40341d2250d532d9c7e41e23dbf280c7306b41d3c3a4f8a7044123b7bf08a3a0b10bea437994eacc07cbfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube-nocookie.com_0.indexeddb.leveldb\CURRENT~RFf773c16.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aeb3fedb2c5148ab419fae2d1597cc68

SHA1
b4148e192fb53f2b2db0f6f32d4b524f37683974

SHA256
719e28d57f518419f75cdbd9df9f331f777ae602b16e3d4ef0abd856f31c1f9f

SHA512
9780dc41edcca508c00662f6ad4266166bc93b2227ebafd74221c6006fe3fdfd34878ac482b8e1683627ad2f3fe00f1925fa29f2da7823c2b49428f832faa58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
0f62ff1d47fcfe80a97b5ff80bdfd40c

SHA1
90ecdcf4530c5b85d78fff7a80fddbfb01894d90

SHA256
7241dd1ae9bad397667da43c1eced4ada09b88d48f5aa8586a7b7c4cd8b915b6

SHA512
2355edc48f269910996480c979472eec25f48a5fb436f8f5ed8db6228fb223088baffa7ab6393693e357cfe8fe82bb52689f859da878f07f08a015fec77101e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
b9e92c3bff852e3bc1c3be6998e77b10

SHA1
14cd695a312cd4e51db908a64efce670091b3cd7

SHA256
4fad3d160071c0e152487c800a3cb93579dae6ef5279f6b0545f0fcea2e5d526

SHA512
3e730d74a97e36a78e8496668aa13be46a2b686ba60fb80665d714e45a06cdde6c471b867e947bb74b367933142b23d02610dfae10c4e1f7db141aafc28b509d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d43a4e8349332a4cfba34fc62f536b5

SHA1
33f7d6a2cd089b62e3d7043d7cd56862c3bf5f5e

SHA256
6974f5ffa1251dcaa2757fc824ad61f1d2ea5301f244fb759be893931e3521af

SHA512
fe3d4d1c75aa109a0e0d391b6f1af0b389bab19031243bcfbb59d3ffc971963797d433812a1e76be1ffc3dd3600105113c097ac8518d8a3db1e07a7d990c1819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
706e9544b553d3c6c7eafa7daf8d647d

SHA1
0325671a768e4a1285bcff7140d5ff406e588476

SHA256
9acc57c5dc4c55a186c74b6bad8a67f77231a5ea656bd5b86a7a7e65142bdc42

SHA512
459e76447adcf293014af5711c6468c7d67fecc83ac630603045b03f7929c227185f617712919d6356a2e7957234d8ad9135ab3b67a2bbf6038c4d01a017e376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
3b771bd79c69fc172eec6ec7b93da8e0

SHA1
f5014e6db1da3961aea96c9953001ec9a1e34f1e

SHA256
587c93ccd36d7bc11216994a504cc18a729a6a7a384238fe8ce7f8b962701fb2

SHA512
e473a2ee7fa164f3198af9556481b45458c3b5f43428d9bbff9e3b69da483fcb4ea924a8797a6664426d8223e1881f68691567fb503b4d4ec22201e5252e1791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
4c07bc91b33abe473d7a7b40c3804aa7

SHA1
1cb79e37a4a0930a463781a83eb024ae2bea78eb

SHA256
f7f1efa7f9603c3d97a3239e576bb6769f3c32f5ad1e3812cb606672c4a63244

SHA512
97a77904285d62a521528413021df169c8ee86aa11d4cc526c091cf9b0b2e61506e09aec3d42c8d0cae57eddb4a9ad7a820bdf379eac73cf14a38f9e1f3acd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
05c2ba8910c2607e1f2eea8b6156f811

SHA1
59cd8e76cf2a3dd6eccf4f5deded4c86bdf4b53b

SHA256
6e2494b150ea74b7dbe68a12824a0b195a39265a5719aafb1562ac5ad7ac9bb1

SHA512
1dad3fb1ff87889122c3e15059ead04ec4c41b093cecb28b215d83b86513f742859865bb558614c4b699a48c4128d50c25726681d382d00afdb6f83fda7ce2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
1cf0c9875c47276b15c4cf619dd1c64a

SHA1
f19bfe1d14dfc644c477c2918fd40da652919d2c

SHA256
f6aa4a3dbb91d7de9d47f31eff91ab71ee76138c89ccd5084bfd8e8ebb89f218

SHA512
53e336d5c0aeecc9fef96c214d91158dc17ff54bbc287f4cee6a601841e6eb5cca1255070907ba93f48011d79e6d6b27e3a4afc7d194f26d6fbdea1877783a9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA6EB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA70E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\AddEnter.clr

Filesize
456KB

MD5
284da4733b65aa6297906c5dbe04b2cd

SHA1
96d25fe11383597605617b1b73dad2cd267f230e

SHA256
ff50b64fb3ffc9c9c5ee86d73f1d28d356497167b504c17ed021a123e543be69

SHA512
fce4f060a4cd98de169939d836781cc02cbe7c367c3d6798e994b1c64eb27b81455a1e987dd914cdfeef19e81e243ab0561c154afea0a2c59dc3a3cd6043aef4

Download Submit
C:\Users\Admin\Desktop\DebugRevoke.zip

Filesize
533KB

MD5
e65f3e194381dddfc807b295d4f134e6

SHA1
a9c8deed9b792730420302b0491968c761b303cb

SHA256
8649ff4edc06854119c328f7d042fae3682d2b27e0d682ec1489bb123360be85

SHA512
a5e73b38ad4c6a9f4e0a59e2d061324c3fac42dc66a68b87811e1af0fc98260747d60809dafcb7b423ba84e18edc69ff228c060c2bbe00cab1438a3ec64233e1

Download Submit
C:\Users\Admin\Desktop\EditDeny.xltm

Filesize
799KB

MD5
b05c3ceb9b9a679d4ababbae2c4fb030

SHA1
043c819e5b794b20e33be12ba4def339e1a39a38

SHA256
48cbf212f981267d3883c3335f172ce80afef4db321455e177b1e00e5ca02cee

SHA512
ee0878b4c5ab92b9ebba3b0d29bbbaec8048aff137e28b0e97b2cde2fdaf0c5f0e82fe227824af01522582a00ea23aa88c2e0fd6a3ab60204fb65c8894644aae

Download Submit
C:\Users\Admin\Desktop\EnableMeasure.mp2

Filesize
1.2MB

MD5
47c9c755484cd20adc93366d13eb989a

SHA1
9374d8b1c5c5652ae33f2ba310063d95bb724c20

SHA256
bf0dc21d8da7c3ae6fd3c03de4774c7df74167b9b48fa77a6cc1dd00c9306572

SHA512
a487256f9e56e7d71ac2b38629606a9f6b32d40de568846b6d46b8163d10068947b1cb52e6ec6a833e9b695d6c6a7aceacdff9d961e530a1cf83d0eb0b3654e9

Download Submit
C:\Users\Admin\Desktop\EnterUnprotect.midi

Filesize
875KB

MD5
3c13dd642bf37b613ed690e8891dcc96

SHA1
3fc823413a6646fffe8a8b9469d11963df5594bb

SHA256
87e16561348dd49c286fd2dc450bbfea92b3dd92d42047b89768f57d5abd6099

SHA512
5a3e21978aca5dfc9df3e0204f8069eeaa04a857f20e58de9d0b92108ede2dcaa548c8b3ff15c9a6b62e7d4bbc4cbada39528fb48f5a9f1a9824886f05bdc37a

Download Submit
C:\Users\Admin\Desktop\EnterWrite.mp4v

Filesize
913KB

MD5
50c094dae8ebc096f61ea65bb2ce6951

SHA1
ea299d63e93ef1d8be0e69387547c8e7d59443d5

SHA256
3a67d06332efeeec3e6bbdf05a1b7c776d4149bbc94c890327ce6329d7df8110

SHA512
604277ccc9ffc2f3e63cb89522c6f9b4a86f0a20274e9ac0c349d7f1300d5b1abb3a962634d2a9094f82cf6c33e812550362588f188c3ccd062231460bb321a2

Download Submit
C:\Users\Admin\Desktop\MeasureFormat.aifc

Filesize
685KB

MD5
5cbe0dca75d11319aae863d033ff4ee1

SHA1
80b3b85d7979db7927011f3956db82b243c1bad6

SHA256
407ea94bf11997838af8f8d5da005fe749f6247294822c70abdb3139f2f2fc6a

SHA512
fe035e76b6a67ece875758beae41315f5f7d4a620f2fda01c307ea96c28b88f71067e8e817faa3049088c6fad559039db28f61b1e6b29d7dedc50cecbee97aba

Download Submit
C:\Users\Admin\Downloads\AddUse.wmv

Filesize
263KB

MD5
31435934d274e5c2d59287c42a8c0504

SHA1
b335e9155371f80a1b1f713a512f5153ea663a9f

SHA256
3681181a8ad0d8db4d50070c09d1fd6c7845f5aae49702a3327fb0f8ad49d971

SHA512
14e22a4caf1dd4c28d33a4cf8add5c7f2113d259d3708a0b3a6cd452f375d2c066d253de6a706081badc8ba4940d9bb806d09531b7be759ae48bc1868b6efd51

Download Submit
C:\Users\Admin\Downloads\CloseDismount.mpeg2

Filesize
380KB

MD5
e295338a3555dbea9dc3afb20f15dcb2

SHA1
0ef66d7fb60eb35df00169b89c0fab009fabb48f

SHA256
9dcd3534a1fd6623eb3fca8fb89eaa9a3cdab6fb11d961916b1c5ed282a95845

SHA512
c09bfd69b6d0cb3d1b2f8c245550a8d1985f53912ae1f2e1ef06daed00b28769655752fdc25cdf1f17d9139640791e7df21350672ded1533577e7917cbd821e9

Download Submit
C:\Users\Admin\Downloads\CloseUnlock.xltm

Filesize
448KB

MD5
1a03f73f4d3483c8c2b90df273300ba1

SHA1
a368c699f0d76e7bfb020df0e60fa9e4df6a6e5f

SHA256
bd463181c78b31f2eda273cf393e2ece5f54cfbb032102d41ffeedcf2d2930fa

SHA512
6dfc99eb37eb434b9e4dddb35f775369366a8bea74e8801395f6f0161360da7773be03ada081de042784e618b2bf5fe382b96207ac1d0307c27eed0a6dcaa667

Download Submit
C:\Users\Admin\Downloads\ConvertFromClear.png

Filesize
272KB

MD5
35b8ddc6cd052cc8cff8c0c3e223bb6f

SHA1
b5bacb6e3e675910d9082c980a58e62892475895

SHA256
0a6a6a56ce328e5d8da15663761d7f3b71a4d8ef5fc23fb434a5385c586d1f2c

SHA512
5cb1198842dcc71c5a7099e69f271ceaa572e84247cb15d933bdc6ef87a69475ec001032f5f0216d6557176c22e5ddb5c730bc8aad03770a3c3245bdccfe0eb6

Download Submit
C:\Users\Admin\Downloads\ConvertFromGroup.vb

Filesize
418KB

MD5
bb40224f750dac45bcf7c9786afc7dc9

SHA1
3897bd6c85d428e214384299c748393b92af7cd8

SHA256
313b4d24ef812bcc42e5fc81f0df17d55d9e18e9252f3c83018fe90c9d20138a

SHA512
d6038ef9e7a24a75b6224561b6ab11d9098ec191a9b1012d4c4a44e47f90404fcfc71fae78b1a6ca47b2c81eedd769a488aa3cdffc2e6d1d8b2990c1875065d5

Download Submit
C:\Users\Admin\Downloads\DenyEnable.mov

Filesize
311KB

MD5
37e891b3b69b0f45aba0567af960a4a9

SHA1
2d6b99b03c9fdb34a69e0b8a3d515d0329580f13

SHA256
61cc8c45e46d42d69ed80599001ce7129efa35db6a0e05bffb581765129c1d71

SHA512
97e55dd445fcc1639a5c4fdcedaf372f8febccb971f4f26b4b632f8e2caf336d523f944cd367e1a3e773f02a3a9b954501e3dcc13fc09c6996133583cdbdcc44

Download Submit
C:\Users\Admin\Downloads\EnableExport.gif

Filesize
243KB

MD5
540fedf340a69ca04cc3924c1a8fa785

SHA1
cc04b3e6505200b60536b02578c21d59b3e71806

SHA256
6a8e926a6279f719d943634d2cb130f7e4a7b74c9c779fb734324eb296cf0803

SHA512
a0254972dffa674f63eda9e5603d07a01fcb3733a5b7692bbb59418536ffeefe0a3ca249c77d37a238eda28c23d9cdbadf9b511000ddcdabf7dd05f586262fa3

Download Submit
C:\Users\Admin\Downloads\EnterConfirm.dib

Filesize
360KB

MD5
7d175924f633087e29178456a7c85f05

SHA1
9dedd5996b947be6d7113b1dc0b851c2a230f6f5

SHA256
ea3a380e39a25cbca4e26af6a0cba9a7b7c07f763f8c5ed1cdf57570035f4db3

SHA512
79f5fea41c5a602d6345281889a6873b6bcfc660612bc0f8f552f0ad1413dd6913d52b8d8a25f852348930526cb53f4bb52f50abf3ebf3b4cd6d43f2b46893fc

Download Submit
C:\Users\Admin\Downloads\FormatBlock.wdp

Filesize
331KB

MD5
11ea51ef1b158156f648f75877e94576

SHA1
6083e66201b5bab213256a4c0047567eb8f0a236

SHA256
0adbd03cfe18dc6ee90891da422aabfb0ae3ff62c0c6e189fa0cd5da573db4ed

SHA512
ea583511a4f96b3b1e1fe66ce94dc1b3fec293bb5970aa84c4554515ac0db226e3ecc821ba0e570e1da022e4ad53518582edb498e00bb6453ccc1c63392a4ce0

Download Submit
C:\Users\Admin\Downloads\GetRestart.jpg

Filesize
214KB

MD5
2956fafcad133cbebbe9963a05ee8ea6

SHA1
8e717239d39a517c5403fc7ec43e19b463e221b6

SHA256
d83469eb2ccd31cac2c98f7004b0a79d2be6ea7e943c7402baa1c51620105f82

SHA512
1c37e71e3cd88dc19d08d863892201eb4f0801c34619efb541624c6df39e0a0c8d7a859bd37157c883cb35b84ec826b8795b5912438c2004a58282084992d32c

Download Submit
C:\Users\Admin\Downloads\InitializeResolve.wav

Filesize
292KB

MD5
61fdd58fe185af3012f4b64b3c7137af

SHA1
f896b607e8cb2ff16883c0970328dd41842ce818

SHA256
a5a39af788c5cf5b06928d71c05c7a7ede9979cdc674bd1a712d3cbfcdb3db15

SHA512
35bc1228955567d529a19074cb9b4014d637dda15496af6894559510a739cb28e07c83fe0e5244315de76b11b6b442f8fd73629bff3dc103f8b3e94d59a8b85e

Download Submit
C:\Users\Admin\Downloads\ProtectConvert.mht

Filesize
302KB

MD5
f46c49db6b5eb9305fa58ea459be0647

SHA1
bc491bde2c3db41d2ea813556109b9e0b8e63d94

SHA256
fd4c8805a1187d973d64d5e82f1cf3ad27142d4dfc4d1863747412dd49a5668e

SHA512
0e65a8667473d6b7d1fd375360a830d406e9bdad5bf710cc1e9b4eef6f835c183aecab5ee1f7c315ed03fab9963f709c95cc3d14f1ab5648cd7deced6b7b9cb8

Download Submit
C:\Users\Admin\Downloads\PublishAssert.emf

Filesize
282KB

MD5
c7d3380011708d1fcbb4c7344c4967bd

SHA1
01c678745dfdfeaaaeaff27c4272f74491701e6c

SHA256
12fb517421b9ecc6b0559eff37199cdd8ac6d3b43049ab53b6856552d32c34f9

SHA512
b6260d48e7878ad21e506ed20145c8d766a86b3b2be955e62d8b12d0fefc7177d4ed744ec29d09211b280e298428aec3067a391a60cbbe4cf7bb66d6ea6fde9b

Download Submit
C:\Users\Admin\Downloads\ReadFormat.wvx

Filesize
165KB

MD5
696cc334d7f441e9135a9f4578392b8d

SHA1
c9d3f40743cde05180bc5a8fb358473d1b5d3265

SHA256
58be8866c5629c09141f71d5155bad5c90b597cd695354f5f0ee577e1403ef6e

SHA512
0dddd385c78b94ffea4bb490fcf6f284e8fa9b77e649eac12f51d148552067d981a8264195946158ba58c11523bf54197446f7ca21fcaace3ce08caeed023a2d

Download Submit
C:\Users\Admin\Downloads\ReadMeasure.xlsx

Filesize
399KB

MD5
ff089aaf7d4b780087c96a1ef72953ca

SHA1
5d006edcb8addbba28bff2a3008d8539ef477c5b

SHA256
97572fbc3d3ce5f617e8a5dbf86ead3785c5cdf20d292f20ff9a579005f0d943

SHA512
00ef13a7e8188c72cfaffb5769920c49e64ad38488de9bd3d38a26d79eeae8e28bc82db32028b6a567b6fc78337ce65c8f97e21a5258119da429d9210bbcba61

Download Submit
C:\Users\Admin\Downloads\RenameExport.cab

Filesize
253KB

MD5
087b989931e337dc67bb61d60f5e98e3

SHA1
46ae7287978399311be890383c77ad5db331ed2f

SHA256
e516d5e186a707c05fcb7c5d050c3d0047af916787569d29e52ec7b47795f8bd

SHA512
2275b89636190608d6c0bad53dadcb61b979439eba3bcd16a4f0038f6155ab0378b60e07335802a3c0336df4d67de78c34366b63854fc5598078dd18ba764b9c

Download Submit
C:\Users\Admin\Downloads\RepairConvertTo.emf

Filesize
341KB

MD5
353bca21b572fd33f117858552567e86

SHA1
bc5389475f35e0c63780ec06bd87d5c843d9e5d3

SHA256
8b228ce98681e4ced312069f1c9a6ec652a4988efbedb398284c32005b9a89f5

SHA512
86e2b3a446e1c5b28e69d17d7940f76ab915e2969bfdf01cd4b08853750b3c7bd947a3f4c3d2a20ce7c9ed229eaad0390059fe07c05bc67e1f2ab1b23ff9fae2

Download Submit
C:\Users\Admin\Downloads\RequestConvert.M2TS

Filesize
185KB

MD5
2dcb1778b92a00ee0a01b74d134007cb

SHA1
e887c6fa207a6f23246cdd3746c2fe13ef389017

SHA256
31661f9fcf5d7a7966a816ae495f22015420106e5007a386d331f541cdf47de5

SHA512
c1ee4fe37a9b698e06073e2c8664014687b3db3dfd6f9db29e578b963eecbdd262219036278fec1e11af8421ea19d30c986c9cab53be7779f5d188c30245fea7

Download Submit
C:\Users\Admin\Downloads\RequestEnter.odp

Filesize
438KB

MD5
536dbd78de5448998e9412c69a3ef249

SHA1
81c769e97d176e99de300429897acab4aa0e00b2

SHA256
577a75d9089860a3a8d53175ce1ae6ed66c9c1ebca12064578593d39db6fff75

SHA512
6b5a47fd7f97bc043f7c27c1297b9153834138df928a907a445f00ed8d9938545618d9912f2d5f84baa86db35c6b03af5e78fac07e723ff741c5a34706894432

Download Submit
C:\Users\Admin\Downloads\ResolveBlock.eprtx

Filesize
409KB

MD5
05335a0f449d3869c95ad3b3b3fcf216

SHA1
297f5ede74de3ee15815a28806f0fa959f05635f

SHA256
5dff98f56a7e2bbb55b4ff22bcfe6fa37b16f3488b9c519819f2a12e633665f1

SHA512
dbc56beb2baa1931c7fff5f36eb40fd09087cc892ce4bfd30f162fedc4cde0076a52438c5b62a64a98eb8415cbb38d14f657f8cad4499cb0875b83ea7e0ff199

Download Submit
C:\Users\Admin\Downloads\RestartRename.3g2

Filesize
204KB

MD5
98272e5e95641c576014296b23cbefdd

SHA1
4846f9e756085e40f50eddefcfed7aca965e4e72

SHA256
e5af3fd09305ad9481db47405a177cfe0948c4ae193f51f9e55920fb226e7083

SHA512
c7af019d669b207017837d1e2e5232dcaed46bd5fa7723ae724aec91d52302e81faa0c3c97c5f128fdd074504421eccbaafd4ebb5184eb752747a0aa2c5bb682

Download Submit
C:\Users\Admin\Downloads\RevokeExpand.3g2

Filesize
321KB

MD5
397c38eedfba717c2e1929cb213b78be

SHA1
a865287f749a9e86d5931b080362d2cc14611864

SHA256
bc1dc0c840137947026860015733152c2e2131ec46b206a29741f99f4570972c

SHA512
af432f6f93c6b50b3987bdb2f1154444d0889799ca70f167c08531517c7cd44e021634912061c4779520dbec5b9756ad4e4a2f359befa4815c777d3ceab0e47e

Download Submit
C:\Users\Admin\Downloads\SaveEnable.wmf

Filesize
457KB

MD5
8dca70b4d4a77357b228b722c1ccd8d9

SHA1
9f6f8049225c48c9ae81d9c96470321b7cd7e101

SHA256
57f57fa836d48b4ba18cb385ba54635ee6eec3e28c8ff758fca936074af1a034

SHA512
e5e6fa8d8ec07d1717c669b4537adce01822c64810febbbddb6d65468d80f9d90a5f17bd5307e84c2d33b4c3b51c5ea35c74556227e1bb0e057e53f68e3458fc

Download Submit
C:\Users\Admin\Downloads\SearchWatch.ico

Filesize
428KB

MD5
426fcfda8d662c2f7630e313017b0ab7

SHA1
cd8cde9d12261c33ef4d54183c5f1cb14d0a7a57

SHA256
7c508768702d303620bc0dbde9c5803a5eb3fa48e4d0ca7923575260a75aaac0

SHA512
69842f1466f77306d1fcf07ab2c579662951cec82d6cc9ce704c525a383cd58b90c6cc36e76e42e169d36932dd1af99c178eb662a1d9468459f5268747b5908c

Download Submit
C:\Users\Admin\Downloads\SendBackup.3gpp

Filesize
467KB

MD5
59ec6e521eba02085c693bad636dd42c

SHA1
5229d75535ac06083d558b78055e7b584e0c958d

SHA256
f6d77f30e0d16766acf157e616bf92d797dcd9023c3bd74c2bda17b9a853b405

SHA512
223ee0898d54f7adc1c32648f2cadf1c5a894604b96d070c6788c67ec55c37db374d694c040a94fcd5427b28ecb451b9f0616121f5eec9d4ada12544d94589c4

Download Submit
C:\Users\Admin\Downloads\SplitSet.sql

Filesize
194KB

MD5
48067637c78d8bddbec05b2e7c047228

SHA1
923d646d5574665bfa9321b1c3f3c748a5cffd21

SHA256
0a2cf438782386c2a520c54efade8521baef69351ccf0fe49d624f14a5344707

SHA512
8708ecdfa614387312876f35ca4fa0bdba247dd183833692f664c3c308241a85377fde482ce474845b56c32be5caa7031fc6d79a124dfb0036a51becc235a21a

Download Submit
C:\Users\Admin\Downloads\TraceWrite.ps1xml

Filesize
224KB

MD5
f5d0e6b7fc83a464f7e938b4f56c078b

SHA1
048801326933e34c10ea07e30af69624d0163378

SHA256
ae9410a07703adfdb9f869a8061ff62976db7b3b9d1706244e65a9516d53b28b

SHA512
6ebe2d897bb9f6e107a062cf96f8fba9d2f9ae7d5fe0ac744738bccdd0e0f56b0a8003668584a7e21863734f63b4502f6963809a09fbdef0bc996e53b0f6c9c0

Download Submit
C:\Users\Admin\Downloads\UnblockAssert.ppsm

Filesize
652KB

MD5
771b4fd5031c9775bab792fa53932e3a

SHA1
818d0ebc5c5cfe5b178def1b1f9d9ab7999bee7a

SHA256
eaf45dcf63c357ee27f7a3d6b8dad4b8810ef3fead410cf32135943f2696d157

SHA512
2b11d513d9a46c4e460b3361547069c4c4a752f3372a407840fbb73ad0fa44e6469de6244db7efd3f4469da031957f4d5b14f036d682493c1e415381a0023ed7

Download Submit
C:\Users\Admin\Downloads\UnlockUninstall.midi

Filesize
233KB

MD5
4e2946374fbb2d7dfbfb53d3eae1e83c

SHA1
cfe221eeb653fae7a0361fb7cc7a1ee9c6c247ad

SHA256
b17d29bd42951c266efc185ecde7e21da2770828620ed3d8c1b2831b38c45555

SHA512
88958f8b3cfede9474d16df5d52bf8446d9699f3da1e07ca0bb023a92f970185943694a312a3587d237711dbf454db10309e8b6caca45f45ddbcc5e79ee3fc90

Download Submit
C:\Users\Admin\Downloads\UnpublishBackup.MOD

Filesize
370KB

MD5
7f1b2e39ddd72f64bcd66725ab5a4cdc

SHA1
6aa2f9844dbdbb0077b3df25ed1f7f2a52c1b63c

SHA256
a84d9c055381263f02692a32e5075c13cc470a468d60b0ed902d3fc35083405b

SHA512
fd20585dddf4481c49832918283bcaf04be5b58ea17b30786cb1344dd8d8f2a14d470c9a120430f523cb6587e546d8f25a398d672ec19b67396e662c34185d0f

Download Submit
C:\Users\Admin\Downloads\UnpublishGrant.cab

Filesize
350KB

MD5
fcb02582608068ad85c021a51e3a7ba4

SHA1
cd81c739e013ad4fb712f3973f03024a4c3b3395

SHA256
c8713e7878c278f54f48f25ec380977524569441a4b3d6890c2cc0ed4a39bfb5

SHA512
89f65a7ae949f025c113d569a5deea73058f0e44bb94ccc1c483fdcf8fd6e83e41a8a183e3bd547ba57c371827793b4d5b2da41a083b5cf05d2abb1ce144f3d0

Download Submit
C:\Users\Admin\Downloads\UpdateExit.vdw

Filesize
477KB

MD5
03d7c6c65ac608eb12cfaee11618da9a

SHA1
9d69089aacd04cd6aae7be8256bd82471d27308a

SHA256
4dd03f49f190f07dbd9eb2193b51a4fd348705df8dc8b2d44565197256b3f00e

SHA512
21a65d50c46d4b63c53ce5fd02daaaef5e57861ff05a564c84125ca0b54378c8f8fe3b44eb4e8c93d7d45e6a9a33b32cafbc87da56e42aed104e181f54b53a56

Download Submit
C:\Users\Admin\Downloads\WaitRestore.rmi

Filesize
175KB

MD5
bb4b28094a00941667ef1a6a57589785

SHA1
2dd2e838a78d930e15cfac337593e9206df54135

SHA256
83c9f5364bb8811a2bb29a03792734d93849a50f811d6f20f9492722c5634f47

SHA512
7417e75fbd1e4589c8cca19a69fc6d27d5b454d85a185ff0363c9bd800fd4cfc4cb4882df0a361e8554a152f551c4f2887a05d5bf6c892e137d9b194e1900db0

Download Submit
C:\Users\Admin\Downloads\WatchMeasure.WTV

Filesize
389KB

MD5
a17d43bdd0417fff23b13c1358a71a7b

SHA1
986ef6cc9a9ab9fc8230b13fcbcc866d2c39e572

SHA256
98769b543f9e1b5d501d1ceecf5ea9546d85c03043eff4f09fc729aa05cd003e

SHA512
0d9a2cf79a88e5b54bbb92c09a5c410eecad1e4170f528159e3fd05be1f65749e041163d07d61187ca7a28c9cda17b1434ed4e69a26281d091632b04e3329716

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
a3efc649bf4c9bfd98889ed7c328e82e

SHA1
3263154741ceae19ee61e14a98b604a788324548

SHA256
4a7e7ddf10f9c52b801dbc59da70d94621240e1683c146027de84cfebee600cf

SHA512
3cf8951eaf9905a059bd58c086945421a4de58f83e2fd3278f79bada94aa2792d00c152b215a61caa04037a23c22ee6e553c71102b1a637befa0867df013fc01

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
46e2243e580363b59e17adc20bcd5131

SHA1
fdc3668da11eea8e25746328e4ce6a5a13f99f5a

SHA256
f18c9b06a579f8963c8a6aa7e37adb96549d0f7779012727beef88c49e8a67e0

SHA512
a4abbbfc0d95ac18313ec321bc0808e779e481ec5ef8c58d5a98709e518a1c9f5bc4885e7dbf455fc505c15e619d29d53764a0bc76d13e35bba339f44d05f06e

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
f1fd4309d15b4a161aa7b157d475a8e2

SHA1
82c8dfaf0673d0c445df02cebcf6fd5a37d42ac7

SHA256
f119ec8ea05a236f764507200feeba85fc5856d200e5003d3fbf9d84f01b7212

SHA512
ec16e8ed87fd47ee678c271b3081d9c4403ed5a929496872cb79275ef0e34aae3e407ed6211d9a66bcbc2c5d2d1a6cf501b1107f212bdeca59292b3b639a8dee

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
d1467c397dece625f7790d42caccca84

SHA1
917eb33df5cd8e7478da7ac889667215edc83ce2

SHA256
03329f0ef173d09c0aa27d28234dd3cb368b1e141a0ab926b6be8c48896e2130

SHA512
0c16fd1bfcc99aaef50bfd30f114bf49f8aab992321422dcde521c7311a9d22569c4b107b1bde4bb5291507516bb7906c799b1faf8c37fe7b248ff87aec3ec87

Download Submit
memory/1260-1666-0x0000000074C60000-0x000000007520B000-memory.dmp

Filesize
5.7MB

Download
memory/1260-951-0x00000000003C0000-0x00000000003DA000-memory.dmp

Filesize
104KB

Download
memory/1260-950-0x0000000074C60000-0x000000007520B000-memory.dmp

Filesize
5.7MB

Download
memory/1260-945-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/1260-944-0x0000000074C60000-0x000000007520B000-memory.dmp

Filesize
5.7MB

Download
memory/1260-943-0x0000000074C60000-0x000000007520B000-memory.dmp

Filesize
5.7MB

Download
memory/1260-942-0x0000000074C61000-0x0000000074C62000-memory.dmp

Filesize
4KB

Download