cerber | 64fe939bdf7ce6702759b7ece2482a365ec06cd742e46f2b5ee87e766c9a1168

Resubmissions

28-09-2024 23:25

240928-3edsgstdle 10

28-09-2024 23:20

240928-3bjvbstcjf 7

Analysis

max time kernel
436s
max time network
490s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
28-09-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Free-Fortnite-Hwid-Spoofer-main.zip
Size

13.9MB
MD5

916d25b0917489ce049397f885b07f75
SHA1

ac48f086cc3b769d6b5f9e194329dfa9946e1f24
SHA256

64fe939bdf7ce6702759b7ece2482a365ec06cd742e46f2b5ee87e766c9a1168
SHA512

f9eceff977635260659ac24e825a0f971fcb2f216c039da54c2350b021a0cd1e25f9eff75470b2aa90aa90063d1361c8efd18a26ef60a6e2ee81e67d5050928a
SSDEEP

196608:Y4t4b2VYuO9EjW+gZ9Lu7XD2jbgMleIJS9tGbDkkxmTsmYm0HKdbFrQzTV2bN9V1:Y4tVH2ExgZA7XaQMl1JSabQAKdbF9JJ

Score

10^/10

cerber defense_evasion discovery evasion persistence privilege_escalation ransomware themida trojan

Malware Config

Signatures

Cerber 4 IoCs

Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

ransomware cerber

description	ioc	pid	Process
		5076	taskkill.exe
		2736	taskkill.exe
		1700	taskkill.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		AMIDEWINx64.EXE

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	applecleaner_2.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	applecleaner_2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	applecleaner_2.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 6 IoCs

pid	Process
424	7z2408-x64.exe
4980	7zG.exe
3576	freeSpoofer.exe
4924	freeSpoofer.exe
4164	applecleaner_2.exe
1076	AMIDEWINx64.EXE

Loads dropped DLL 1 IoCs

pid	Process
4980	7zG.exe

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/4164-595-0x00007FF624850000-0x00007FF6251F2000-memory.dmp	themida
behavioral1/memory/4164-598-0x00007FF624850000-0x00007FF6251F2000-memory.dmp	themida
behavioral1/memory/4164-596-0x00007FF624850000-0x00007FF6251F2000-memory.dmp	themida
behavioral1/memory/4164-597-0x00007FF624850000-0x00007FF6251F2000-memory.dmp	themida
behavioral1/memory/4164-599-0x00007FF624850000-0x00007FF6251F2000-memory.dmp	themida
behavioral1/memory/4164-601-0x00007FF624850000-0x00007FF6251F2000-memory.dmp	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	applecleaner_2.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4164	applecleaner_2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4284	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
5076	taskkill.exe
2736	taskkill.exe
1700	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133720396665762615"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
4924	freeSpoofer.exe
4924	freeSpoofer.exe
4924	freeSpoofer.exe
4924	freeSpoofer.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeRestorePrivilege	4980	7zG.exe
Token: 35	4980	7zG.exe
Token: SeSecurityPrivilege	4980	7zG.exe
Token: SeSecurityPrivilege	4980	7zG.exe
Token: SeDebugPrivilege	5076	taskkill.exe
Token: SeDebugPrivilege	2736	taskkill.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
4980	7zG.exe
3576	freeSpoofer.exe
4924	freeSpoofer.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
3576	freeSpoofer.exe
4924	freeSpoofer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
424	7z2408-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1244	1180	chrome.exe	88
PID 1180 wrote to memory of 1244	1180	chrome.exe	88
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 5044	1180	chrome.exe	89
PID 1180 wrote to memory of 3960	1180	chrome.exe	90
PID 1180 wrote to memory of 3960	1180	chrome.exe	90
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91
PID 1180 wrote to memory of 1580	1180	chrome.exe	91

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Free-Fortnite-Hwid-Spoofer-main.zip
1⤵
PID:1700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff96b09cc40,0x7ff96b09cc4c,0x7ff96b09cc58
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1964 /prefetch:3
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4348,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3084,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4396,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4928,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3080 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4272,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5272,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5320,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5288,i,11942120052892708365,4431914875690862893,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3552
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:424

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4004

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\freeSpoofer\" -spe -an -ai#7zMap2532:80:7zEvent23466
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4980

C:\Users\Admin\Desktop\freeSpoofer.exe
"C:\Users\Admin\Desktop\freeSpoofer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3576
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c start C:\Users\Admin\Desktop\tools\applecleaner_2.exe
  2⤵
  PID:696

C:\freeSpoofer.exe
"C:\freeSpoofer.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4924
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c start C:\tools\applecleaner_2.exe
  2⤵
  PID:2264
- - C:\tools\applecleaner_2.exe
    C:\tools\applecleaner_2.exe
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:4164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
      4⤵
      PID:2524
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im EpicGamesLauncher.exe
        5⤵
        Cerber
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:5076
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4284
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im FortniteClient-Win64-Shipping.exe
        5⤵
        Cerber
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2736
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im Battle.net.exe >nul 2>&1
      4⤵
      PID:4820
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im Battle.net.exe
        5⤵
        Cerber
        Kills process with taskkill
        
        PID:1700
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c net user administrator /active:yes |start C:\tools\AMIDEWINx64.EXE /ALL C:\tools\alt.txt
  2⤵
  PID:2412
- - C:\Windows\system32\net.exe
    net user administrator /active:yes
    3⤵
    PID:2168
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user administrator /active:yes
      4⤵
      PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" start C:\tools\AMIDEWINx64.EXE /ALL C:\tools\alt.txt"
    3⤵
    PID:904
  - - C:\tools\AMIDEWINx64.EXE
      C:\tools\AMIDEWINx64.EXE /ALL C:\tools\alt.txt
      4⤵
      Cerber
      Executes dropped EXE
      PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
32b184f7a83ba2dd7cb21204038a3cea

SHA1
4d0587bd1302dfaa7fe3c70272daf8de89fdcb80

SHA256
91f3000165c24c7eccaa3cec1bf81eaa09a5a86ef96913d65bf4e0e373a80ce4

SHA512
d343de19441edb675cb0e0d7cd8a52bebd61083763ec14ff4a57c73da07a9654edb61cb36e9aac1017ade812d6f9fb0553c5118a88e40acaf98cb22d9302eb9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
99e870a75368b0def866c4e801c32dc0

SHA1
bbad3a86a642d2c8dde8db6d656b5fccbfdac0e3

SHA256
4be391213602033e4f35505c98c3fce899d1719e2e726e0880c5dd651d64c06b

SHA512
0c667485a7a8a5fd6c3c630bea841e4210b0f4baced6981eddfea65158011aadf9a0279ea15872e78a5cd9abf3c4e070c698ef8d2fee4d1d1c28257e14a2e66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
26b088c692b3b35357e554e8c103b7cf

SHA1
ebd513af6d4fff179fe249dcfb7defac29cb57bd

SHA256
80c5c851d2a3bcb0373b4ec3ccc08abe6960d7791d959caef8723e26cd3f3fef

SHA512
91f584db37b2c4200129eabcb0d577deeb031508af007a874837496f6a70854d58a06563ab692b72967e0c3ef3451095bb09ce118a16a2acd82238ad7f6f50a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b6ef69e8a13d24a845dd0b357bc50ffd

SHA1
1cd9b7ed28076bb0068e8d25875f017dc0a4ad49

SHA256
cc1f41a6a548b3e484db6e0787730e2062c36744f13eb4d371d49646e2452b5e

SHA512
db37c20872f31d329b8827399092e041aa34c170e5676f2a34ae4c29825f5ab26d1511e5696f190ff65e912e1a2353052e508a3496f774889f527bbe94574020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a2b0e19390ba92d134b4fe2db3cf35e6

SHA1
c8cba0e8d4cbcf32e0a9ddb312b2c0deb3d92189

SHA256
f9103b840d6ef0ae1a2ebc4cf70b5b237166d35066208bae5728c8e1d489f64e

SHA512
e3fad24920f8403a5f8314f8b94aed24d84dd5925f06aae92a1ec964be21e851f42959b60c7ade98f732b4f23ab6191cad54a28ac227178dbf00075a99f02e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ede51dc301885d4edc100819297afb0b

SHA1
736fd746357b350a99ebb12165f24e8129dd0905

SHA256
d0b2d339d9f9ff251e80982d12d4c8ecc1092497045154ef454eed15f78498a6

SHA512
00731df5a7345b897585ec13ae50c2bf6e8427e100c86f5e63c74a399a3f6952c13bcf78a780ad74b9095390e823abd3ad6cc3ec94a458865a7b1daab14949bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d292c7a56eb60ba91da8d7b11bc2d9e

SHA1
95842f7b3da9966cd393886461e75180c43e43a8

SHA256
bc12abefe83f7095f55ff256750187d3829ea1de8ba76ad44d0e2d6a85467024

SHA512
f05071fdd0714552b1e4654524acf936cedd1396e39674a12212fb04ae3d45a95b9e488eed32b57caf0dca287d00eba81886f1bb918536ae65bb599906596927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38fbd127696c713d26ff79be91543914

SHA1
498141cb9cfd4dc38646dda1884cb1dc1ded40cd

SHA256
0dd5212a548e75cf9e61649db86dda67e970e77c4a10f87f31682fbca5cc7ba0

SHA512
3ee07629cf585b0c7c66653d6c8f1d86c539fd4b71b6dd054f3fc71a7d5541d5d3204f2160cbb924aab7382698163798f53cebc0db8ffcf388c78bd5ed746c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
57882bc316c10bec69dbaca231a20d0d

SHA1
3526610a0f4db83b236f1d2dd91e2261cd8dde71

SHA256
0400d140df2a7bee3f4c00c1f3252920ea175048282235e50410dfeaae43b3bc

SHA512
2a55329f49ebc0e8d07d20edf46309393cefc7beea763427d8d8e8699d032ffa7ac1c64491869c8a2198be0ec4eaf8b2eeaf0e76144a66998bdc8066b021780b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
81d433a4754a103d65c72989bbb35379

SHA1
6e2c58f199ea6dc63df37492404f0e917e754ece

SHA256
a90afd3ba65e5efa840055a6791fe6ab961396006ec23fca5bdb51060935f65c

SHA512
0d64e764fc7ced7742f88bf6a0ccd7f194c7eb3dd1a15ca89ec3264816973aa12fbe4c603d59d238d5328eca07cc9aff809fd181c4afea709cc80631a70495a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
2245e855f4305bd7956f8a760ff997a2

SHA1
36134ae440493243635cb84b5652f1e22bf2e554

SHA256
f4763fb0404f6f962e0d9861b983e7ec935ea750dddb21014b1432d3a3935ff7

SHA512
283c4cf8cfc024699d8182343f82345b1bf7eaac302350e233e71298609fab1f994c27a0790a0cbeac0763c71f00b6eacb8c9c15af03fdb0e629900f7d0af7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
2326f832d2a71da26af132249579a7da

SHA1
03f00e7d984eed466318680da51a8b67e4ed8392

SHA256
c611edc15170ba1d9999747a09f45154854154ed44d988dcfd3a17c04440d4ef

SHA512
688bbeaeab671b877c1bafd6495ca68e8a2493d93a911d77b0462b1d73f260ae845cf9c568781f83f7dbf4bcf97a7f1dbf33e22bd5990fff46697fc7f26be33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
13KB

MD5
460ef3f5c3c019fffd97c74e5318a02f

SHA1
6a148c3c6d6e27eab003762a832eedca79d72264

SHA256
ea705c6c6956637f8baee3ae310b1e000af39e622a4dd394cbe34111e771c37f

SHA512
781b9f276a9fbf3623bf0c0ca155bdbf5058d6c8a4b7a0b9c17bc9ba4a6c1f224b886491d493d3238d2b16b3c93f4a0c611c7d6cac72afedcebd9558b8872eba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240802_153557124.html

Filesize
93KB

MD5
bd95c40198b1b33f4796c3cee3c1616a

SHA1
53b8f0e329dd2935ecb2284043821e060de9ca75

SHA256
8f66592cf20cc7ee20579c26cbd95ef33bc3f3a96538468ac6975a244ffd6c8b

SHA512
f30030f66002948222a9af396fe8cee50e00d66762a5371cdf75bebdc80c6748458f26970667f48d6f0b997eb7111c44d947bc2a80fe9540c0d41b91fff2d812

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802153623.log

Filesize
15KB

MD5
5b7e74ff2ef036c20977ab41082ceecd

SHA1
15b1148f0b1842a5d8c06d78b64715374af0595b

SHA256
01811276fe2e94703562168d7cbef87d0b1ee136959aa7810223f29e7e4445ad

SHA512
f6a7e4047ad914453e7988e17ce2b22f75425e8c26206ebc1a7821003bc9ff0d4f0f2db66bd6f0fcf82aff25814464576cb94891f4f388a1071b32bd8199f2f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802153623_000_dotnet_runtime_6.0.27_win_x64.msi.log

Filesize
551KB

MD5
0189272356e15e0480782d1a23f81d68

SHA1
87399a42c21537d16e4337c8ccaa335a0f232a94

SHA256
0d369c4dea94d8c0d2b75df75aeb35673605787bc9c0cbb57a15dfad365a2589

SHA512
02f22f9cd3ec4a123c59c3a7833c9e0d195bd9c39859dc14eea88b99076fbef61466fbf3cd512ef9494d0ea39b809f2c87c196078c43f70e90148cfb95ca78ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802153623_001_dotnet_hostfxr_6.0.27_win_x64.msi.log

Filesize
95KB

MD5
4055b1b148110c4a7ea9e2cb8184e568

SHA1
d4278174bed8f2651df9b12b356663b80deadc2a

SHA256
fc6170a82bbae9a05cdbfa55140773499448237cc42b167ef7e082fde546027e

SHA512
cc9247726e6a749e1798a003fa3792751d2c9788f8af5db82b675a3ef6583f81c29449fd4727d2f74d6b7c2eea81e021c5a430cd61d5a64b18e954151b73c78a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802153623_002_dotnet_host_6.0.27_win_x64.msi.log

Filesize
105KB

MD5
fae1c9eb3431a41378bd0c37f6bec8ad

SHA1
ece3b34043dd2f40218644eeda57c22ce0f2c0af

SHA256
0bd5ceaafb23f2ac11d62f45cc09472e3787a2fc094f397db74fa45a5f33d226

SHA512
4a9aa7e178bd407ed770a8f6da424f6fdf2833a6b6e19c993dadc4df2486073139c0ed38fa0ec9563894b17c49e6f0d8b2fbb4fff5101e0b73cc3a4a2222477d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802153623_003_windowsdesktop_runtime_6.0.27_win_x64.msi.log

Filesize
847KB

MD5
b119f0e8a584e0b3b54dfa6f5b991059

SHA1
4e6ba654d505a9339df44bad9ae8eb6b849343a2

SHA256
c032d2bfe8b1a7428416c644eec9994998ff981073e2bc910b075b1bc94f42b1

SHA512
d8fa58001830772ceb8378f06f5849d9c3f69651a76b79a896cd8c7f9cd95b52b754f6a9b74de8d0fbf72fb0530a454dfaa99a4748ab6a3ae3a3bceff3836d20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802153648.log

Filesize
15KB

MD5
d25ee03c3d6e084796cefb5044a4ebf9

SHA1
310e7277092a94d1dca66e5cc0b665611cf7347e

SHA256
c0968a5b63379b2cdb03f069928309d8f566c20bea4bbea6b8453e6f3f64bfd2

SHA512
45b584cbed99508525bbb68b394e24eefef4903c2fda8ca3f483c35ef0cb046a13f3e6358cea41ef405e22869610b69746dce81a815f51158a207f63025ee17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802153648_000_dotnet_runtime_7.0.16_win_x64.msi.log

Filesize
470KB

MD5
fe637d5cd5f7e3a9b03327374aa1c5f1

SHA1
829b48d435361763ed2a5209f9e3dde3e7d7a3b8

SHA256
a71a16ffd1202417a95f82bca86d958fe7c2c9a7e4f8f5d1c50348416f4d3710

SHA512
1aaa8d6f6b327d093ff8776ff7c143e76ae595c968b8ef0aa54f4d391ca94f8309445a985fa74be8e98cd84655f102d87e0a28cefbee596a2667b92acbf08343

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802153648_001_dotnet_hostfxr_7.0.16_win_x64.msi.log

Filesize
95KB

MD5
fc3e10522fdd33f5c3a0dfcbecf3f6d0

SHA1
cf6371236370f767169fcfc65ac531f98136fa8b

SHA256
592e116f303be5b12a37b2428d0a5dfbf226daa43edc6a7b7d5dedccd9ca6e3b

SHA512
c19a78cabfe6110f0bc9dbc517c835ced8105ffa5120c4a41c99359f32331ae03d5724febad0c58f6323bb186629816fe419fb70831f62a85cbf2d5a09184660

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802153648_002_dotnet_host_7.0.16_win_x64.msi.log

Filesize
109KB

MD5
0c294020a805f36c4945711bfcc9457d

SHA1
14e9ade0c6e3a20551781c0b9279f2df8546c7d3

SHA256
5c960249e1405de2e4d74288ffbc7b726f740c95953da8a81b97fe9470bd5ee4

SHA512
1c2773066c9b05573ed837208c61e4e289dfa2b29b03b9413755d7effdc342b441eabc2b548cfa63b068ba8fbd643ca77d2fb0fec3c52d4c8d43ac5fb0522894

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802153648_003_windowsdesktop_runtime_7.0.16_win_x64.msi.log

Filesize
852KB

MD5
396826b9a6484a22e5eb789e0101b68d

SHA1
a3529effe078b33c8456f5a37861e79e143a0e35

SHA256
c6056247a43acf8c13ac7cd97c6cc109c65e881e3a8111f3e91fd712d6354af8

SHA512
1cd9bb371580c42b372093b8501b35a9bd9fb293b90de746bf6e584e562700dfcec9e3a036d87db26391a913341d947390c6a1438c8769834ba030ba4dccf461

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802153711.log

Filesize
15KB

MD5
2a5e136b023a6e7d16a93ce77a2773f6

SHA1
ae439dabbbf9a26455ca54b41fa30207d623aa1f

SHA256
373ab9f1f51a1f132d3b96d51ad82373022924e3f050120b37a6a96e84841cd5

SHA512
307933cdc5a011fce067ddf98eaae20a7550ac3fd90743ca0fa8f45aaa14781dd3231ae1da1e40ea4a6c48a30e96b0e691e242abafc3206f2e7ca009b9036146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802153711_000_dotnet_runtime_8.0.2_win_x64.msi.log

Filesize
469KB

MD5
8030cf3483eabbf465f105bd28f75969

SHA1
5366aa5ef9e0967a051410252c64b30fa8ee0bea

SHA256
8331758e33a75cebc873597dab39a5a92f6be852cd8ee602ee129a060226cf7a

SHA512
97a3d895313b5c775b897caa175b5be82c6e305f8d7f5e3bc2727c0608ab1502612f76b183c9cad8c55a3734bf0cc7cb4a031bdc4070cd60a416bcede5feb14d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802153711_001_dotnet_hostfxr_8.0.2_win_x64.msi.log

Filesize
95KB

MD5
ca6e9290e99e103e678704b30c7ab7e8

SHA1
47d7cfc5255c92e3287af48bb12b449248bdbc4f

SHA256
6418e1a60cd3a2299ba679f51bde26577173812c5024e16b047cc9007cddd160

SHA512
afbcd97b22f0b774bdf741679cbc0f6841a45ab1e0d9739b6a07ae40a73c99377be68952a09cae8870425d87ac64ae8b4c38f9bb75c5219937ecf2254666c88f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802153711_002_dotnet_host_8.0.2_win_x64.msi.log

Filesize
109KB

MD5
a8aefaefaa73753fad31c40e9f023993

SHA1
b934f8eb68a5d163317a6720354caac2d6ef778f

SHA256
9a1c232f76812420ad36cff5e0a0f9017548627a28b787ea392b997f75c601b8

SHA512
9796346e3cf12567f3ce8159316ae5cda26b1e22301734427171a2403c296a7bb47f37d4d57053e632545296f934a438f1e548aad2fac39b0bd51a73a92ef08d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802153711_003_windowsdesktop_runtime_8.0.2_win_x64.msi.log

Filesize
846KB

MD5
b01d377abaa2bb432bff00035435e748

SHA1
03a2519710ef742637711869fa3faa85b7db078d

SHA256
c52b713f4a26af651ede186a65b65008125d5da268ee9ca1dd7f1a4b37f6a961

SHA512
ed3ce1a2e0b1433eb0752bc064e0e39466cfa8c7b445f2b0ccd892fc0e4fdaab452bc02e2591d256e1b18650740700a33a7a54673d1d5f107f38e231dd0c1533

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
019b60b3e8192d85c859682a5c7491d4

SHA1
d929a2cca2453055c51d7c057ef2d1bb76c7b868

SHA256
5b5217f431c75cf6fcded3be5c6fff7c57ab8a14a9cd04b6a89c6b08bb412ec7

SHA512
458b18ad5f7ddc5abd1963c4ad486443695da0bd3d7939a92e7dda5109c6acf5069bad2153a8e00a56fe9ee66c560c8b5842123f05b50a2adaa16781ff59140a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3527.txt

Filesize
427KB

MD5
9db3413a748c3e9d2ff467f610aa8258

SHA1
313096cbab126d1b00857b193e33834a9a7063e2

SHA256
3d3bf9fa9fe5bf466145a33aec9d4d5ebec729d5311453236e6bb67cfe6623ec

SHA512
e7d15d9d50d7860a923bbeb56f5920bfcdb32104bab6f42a416d0eb17f2575d484c4e87a066ffe33dfd647ec0b4dce1d03c1ece93a581f23b26166facb828baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3541.txt

Filesize
413KB

MD5
73eab362d20889349493c22c61214afc

SHA1
e3ec9adbbc029f507482e474c0eaba01f264af47

SHA256
1e15b07fcb162e2456375e0aca19bfc91a01432334a46467ee24c98340ae888d

SHA512
91cb6a0ac5d286cf97da8a183ab36820b4154f1d53f58e5499c52b6b2a51b4d7381a6828b57f155a96acb6ecbbd5c80e29f3f8f56047c69f006eeb3fc86eb5e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI3527.txt

Filesize
11KB

MD5
32940d82f71ebc175f83fe0f62c06b77

SHA1
edae0c30dc396b9fae119e0a7e73c23d1c113b4c

SHA256
b52494f4ee0dc081ead0fc5e41f1f857c3b1e0cfb17386f2e251f9ba748c5438

SHA512
a4960350bf16d7624ef91ff804de26e0d7188415c5fb15d5104d5188739d7cdc047bb2d3a857ae7a915b3bfd043e5d426453d80ceae333e31c00ae75e27a45aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI3541.txt

Filesize
11KB

MD5
dfc76c903a03187865d219e16873cf1a

SHA1
6ae851e45b9b57460f15616712e3dd0a846b5b35

SHA256
ee44eabff376cebb5243facdc6f83cdb27a1c7c1e10d0147638997600f37215b

SHA512
cf658af5005a5b970eeb618f85c79c1536069b12d024ad030558341a60bd62a7e20953c216556d946abc81ab9abb17b68b68b1c858e7763132b6e8f447bef52b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
163KB

MD5
217eb7b6890865a2263b74b8382d5219

SHA1
55dcc96bb9927bc2b7895e2f3b3b3df80b489b33

SHA256
4c0fc1e4a52069ce014b23709c98353113084d4d9da9186a63b05b83ec8def2d

SHA512
5c212dd12e2ca2d800f1045cf80047ae5644261eb6faf3c93259087341948b51d7a79fa097d4cee88a65e1424627fd6cd765a0d590b6791864c45173324f9c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\msedge_installer.log

Filesize
2KB

MD5
7dcaa96602f5f132784d09da715402ab

SHA1
d70c1aa56120124e44417b65c2e23ee6107e12b2

SHA256
b59ee333ab4fdd6e349145888110220bf00e8c03992cae0ca09d443bae362283

SHA512
cbfa79dd5288fbb3e3d79f40c8ec410d9729d5f825f23af5d1ab4f5cc6b11e8b2adc65e0b6e640c309f7e9b4ede5030091bdefd2604adee2200d9d980faa2727

Download Submit
C:\Users\Admin\AppData\Local\Temp\wct8A6D.tmp

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\Desktop\AssertSearch.aiff

Filesize
258KB

MD5
0a43fa4a91fe6e8b56d6e74b9d173d68

SHA1
1bf763b67267dcb5213e7cac978663524e3b828b

SHA256
055577baa95bcc7fb80798ea4f4db21e7b0eadb1385c544e7a911cb9a579da3d

SHA512
8016b423df6920f524b889c833ec672ff3a0e19743cfa2c1fd394d07f799c4f0a7f59f8d46a023a0a70c5d5c6c82f1ae8d48ced0b3a38f31ba49a9b676d17339

Download Submit
C:\Users\Admin\Desktop\ConvertExit.xml

Filesize
244KB

MD5
2ae325494c89263a0eceba8738103bea

SHA1
30b74b385298801d89181e774abca7e836141887

SHA256
7385e09b845647240e99d0564d870a6f5bb4df6a63523276fda7d61fe0ac318f

SHA512
95e1a371f58df84ee74a4d195beafb82532cf282d79a9e54d62aaf85c0ff65993367b74d3fe7b51dd876425c321c484dab1d0f4b15cd3b59f649c101a3f347fb

Download Submit
C:\Users\Admin\Desktop\DebugOptimize.xsl

Filesize
459KB

MD5
36a63dfe03f091b1773bcc6674a7cb66

SHA1
da36a1225c389054d6197efa2283fddde294b741

SHA256
cd3d5624622cc939ceb1d484e6a796c1289a802ffdf1958ca171f7c5b575da15

SHA512
c85f67bfc7133101369f7655e00d9fc7eb2888517bc353c60d00eb427ea1bdc05ba9ce09ec98cf2d540318b53186ee19de3c27e0adc4a4d93356eee21b381cb3

Download Submit
C:\Users\Admin\Desktop\DebugRepair.sql

Filesize
531KB

MD5
c1a9ce57c523e90eb863d1a36d1a05ac

SHA1
cf83ff14b8735a23aab00217ce37d438d3f15e71

SHA256
1ad2ad92037f0adde48138c914186891ab2f6a7f829e097811a514d3e1cab6af

SHA512
519589453778e0b39152d72a5320f57771984d73b45aea22f6177ad6bcfebf6addf3aa761cead9d3d61384e49c3ba728fdae24a5bd189819b6c72e23fe052d57

Download Submit
C:\Users\Admin\Desktop\DebugSplit.gif

Filesize
488KB

MD5
be5e87a5fad7cb911ff49861ca2effe6

SHA1
b1d2325eb735b6b9be257f83e43e6a2e9086471d

SHA256
943194bd10b67ea9a24d224d725df112c8d7e78741c65cf3c4650da0d57ae7f3

SHA512
fe0455b424e693b1ec42b4be8fd966063343ad3ce17d3a38922fcb6b240d332725c48123d8975b089de3b71c23503ec3c1bdf052f757837a9125c259993f8ada

Download Submit
C:\Users\Admin\Desktop\EnableResize.otf

Filesize
359KB

MD5
f26793424dd5589dc394a01fe75b767f

SHA1
7435c1ff938418536d91530fb0cf2ebb6c215800

SHA256
bcfe745d0855a8697895e3bc40336c860e82cd689b4aea46427bf5e2a71e4038

SHA512
3cb18ec7b663a4714564b2412b85a6ffaa735abb6557ba0db441f0bb49eeefa8bcad2693c1ccf1e4451fc1ed342b2ba2a1950bd43d3484a2afaea90d70c0d05e

Download Submit
C:\Users\Admin\Desktop\EnterResolve.eps

Filesize
272KB

MD5
a6f7ad6126dd032e972a0889049f91ca

SHA1
451ae311eb36cb208acac167a30e15c9d1bbd314

SHA256
32c658e7986026d692bda9e72bb78cb5a648097fc0fb77322834d75b39fc7af1

SHA512
697e06709f13724478887529d5fd72c7363c3605b9ac5f454ad9cb8dd787dbe7ba47797f08e0131387cda2546c79265f40f6ddb71942ae4777cffc15347a2860

Download Submit
C:\Users\Admin\Desktop\FormatUnpublish.docx

Filesize
16KB

MD5
20ea10567951fc1615c3bbbe74416677

SHA1
2b3b50db1c885f4436bd9a5944d0fbb85b1c5298

SHA256
13915cd3d1e8f004cb3a95bed7ede04530e9a443244c8f00d0f71ce155aa2b55

SHA512
c7e6abf61700fef39ab716bc4213baffed122ab1c2a7c49f72276a724c0bb0842eea01b09faaa8b6e24e792f5ee5a8e9ab158a13dacfe2279629c6df64949ff0

Download Submit
C:\Users\Admin\Desktop\ImportEnable.dotm

Filesize
416KB

MD5
9c9520a176603370bcb0cf36381c0083

SHA1
350c8abf9f538310f6f368f390b8fe3915fab80b

SHA256
2ec8c010722dff5f6810355706a8255da7355dc13d8e6805b37aca7d5a3f6898

SHA512
7eadaca93ee9d03652e6ee7373d765294058075107d47f8dce1084841d171cdecf5ce6205cdb8c6ee4af0d3fb038d5b6b00c3fb9e834cdb2840c425046400e72

Download Submit
C:\Users\Admin\Desktop\ImportUnblock.cab

Filesize
502KB

MD5
f034400818c20862593bc00cfb4cd6df

SHA1
5a1afa8e13d0d4ef8c0b4c67695761e3076e5bb5

SHA256
dd691bdded888fe5c3f219128d4b3891c4114b609946b5b65c6d829a4fa6644c

SHA512
d2eee15ee506cfeb5f490897cb29b9f1164e8cea16ba4ddb96f1996c28649d81f13cfd30b2697d407f10e392263002fbcab0fbb4c473884df28a3894fadb7c6e

Download Submit
C:\Users\Admin\Desktop\JoinPush.docx

Filesize
12KB

MD5
b429798b5ac7e261a034094b562f5971

SHA1
ab55c3cbb9b36ac56aa8e456cc41ddc328f2277a

SHA256
4bfcf26346afe8a185ad2aedfe8ade30bd8c88a2e74490e0bada5f6d3a5daf18

SHA512
9e7bb1eb16b5097e679dc0974c7cb3b1f7dbdbdd6704babb16646c87f8e9fb6fb8d644ae221d5dec0aa741db030e99962d2e4ece91898dabef04fc8ebd2b3d0b

Download Submit
C:\Users\Admin\Desktop\LimitStep.docx

Filesize
15KB

MD5
15fae9f5a1b717818bf77254412ce2c0

SHA1
5d57b7b81721ebd129e040818a7dfdc10211a7e4

SHA256
90b6fefbcbb498fe1a46e2f77fe5fcc8572ee4dfd96a6db54d775183b4703196

SHA512
0aa1d3036fbe32c4efd30bb8c9838fd8cec9ace6b5cd32a9b652b88ee3965d3c11c2d73655f7ccd1766316f33f319b96e3a6e3402bdcc18d9f5c8029dece6d05

Download Submit
C:\Users\Admin\Desktop\LockImport.bmp

Filesize
201KB

MD5
8970b34b8914346eb2a2ee796b6c89a6

SHA1
0fd388fca9412dbc96cbba116a5dd726adce64e2

SHA256
09be42526e5a524df6ae8072e3bc2bd4a2f22e80c448685981d31ef39464fc91

SHA512
05171f882eefa3497c8e69f7e066d993b54c354dd04b360aa2d4b12879d8c9040ea40cc766f24b06bd26052a4b4661bd879380e9631c5c553b773ea54f295829

Download Submit
C:\Users\Admin\Desktop\MeasureStart.search-ms

Filesize
560KB

MD5
ee950ac631fbf0ad4c5ec03366d0080e

SHA1
22e57c6314733b9af7c73d953aecaa51d837fee6

SHA256
c2dd471f4d5d0f079ede9626c7372401bd34baed34d7bb975ca82b638d77e6c4

SHA512
e8765eb0aa226b7b187a921284fbced106d1fc9a732ff3daf4e3afa3601a311453be0a893b240f20a3aa8ed00cb46693ae31a49ceffd851ffcc538812cef2f20

Download Submit
C:\Users\Admin\Desktop\MergeExport.mpv2

Filesize
387KB

MD5
ff801dba78420fab02f070fc0ba668f1

SHA1
b4e2c3277a2a0376e7a7ec16e90bd641c3a80b4c

SHA256
ecff122f86fccfb3996b1cbaaa42c041d06463d36c0c3ede73a423b30d027280

SHA512
2448881502bd6fe21e583e393ae7bef447ad2f95588c409d52bafead59f547e61b55ba12fbdceff4c2fc0005c025f23a53233772634567d9ee643f536d51305c

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
85d8f9c76dd427b7ea4974664a0405aa

SHA1
8cc65f1c0473721bac06ad0bd1e81bbbb2f75813

SHA256
506b206015d92ed14dc9d179155ec940615633fbda23d0d744de6616cd6a069b

SHA512
b71e8877b3f7cd22f1a10b8e5811db7e7eb5e9a0b7771dc67e83d5c67678c05e12afafc4972bdd61f710be020c9b7f49722d7cfb0a04407f3716715866e7c32a

Download Submit
C:\Users\Admin\Desktop\PingInvoke.xlsm

Filesize
517KB

MD5
9475317655aed6d1818efed2b8e637a2

SHA1
651baf9943f52efb57a91edf89dad2c502b45b1c

SHA256
e61bbdac3e65704873ad871d913c3c17f6bd270e1c335e1227207770826a13ae

SHA512
ec06ab78f4f355fd14d8696005d92b9bf47a17740430771ee63ce5f7487aec7d8e929f8a321614cc545263582711017cb2a975cfd80865179c2820ede52bac0b

Download Submit
C:\Users\Admin\Desktop\PingUnpublish.lnk

Filesize
344KB

MD5
c5c12482e523afa9fc259b6d93734e3a

SHA1
7fffa302edc54b1d0ace070e255892e86cffb252

SHA256
5523f7d2252f9d197989eed6b94eddd42594861b3d953660b4af00aeee730e10

SHA512
5bfbd05cedd51e9d141a752363d6bc2e7ea21abda5ed474c97b97273de65ed35c2f7f8c941d1a33e06548529586b16e3b7220404e68fdd43896ee4fddb585d08

Download Submit
C:\Users\Admin\Desktop\PushClear.xls

Filesize
373KB

MD5
64b3c9d5c38fcd613b268fa3dbb25ac9

SHA1
010896dd441428042d82f726a848264c8d9c3d06

SHA256
bce37c86bed18b3fe074a1b78775d4c91027ba005275c13cd4e4fd9a1072d81f

SHA512
db8aa46f4bab454cf45703a6a3f8f5a6a7d6095daf22f268dfadee93dbd75da6920ca04926d116511e38aa57c40e417a5b4c36582e71e6ae071533354c90fc20

Download Submit
C:\Users\Admin\Desktop\RemoveOut.au

Filesize
445KB

MD5
fdcef9fbec1f1b639dfc976bd6c110d2

SHA1
671590e5e6f15562bd1313a4e8efc4020db4ed14

SHA256
9015d396a483d8e7fba4a79d317dbbb1ba7bc12c718c5bc87e124029cbd5b767

SHA512
4198ef1b55a6e3737b67699cd86686ddabb77322178605426bba2971273ea3659846f1ad2e188141462dbebb0badd790621fd5487a7ee97bcb71897bce755263

Download Submit
C:\Users\Admin\Desktop\RemoveTest.M2TS

Filesize
301KB

MD5
da4ed8dbe4f60598edb4544ab36486ad

SHA1
e82191bd426985f141ae171408adaf4a4c702a55

SHA256
10de57279b85ef94e963baaaae889e9da1143ac988e4635c89042f89494c5e94

SHA512
52a131ef654de60973d7d989aab28387f056ce10b0d2f3bfb22005ef3afb9f7b73c7bd9d88ca34429b95fba66b2bb67364e6dbf1d472eb367241b6ee32d20ce7

Download Submit
C:\Users\Admin\Desktop\RepairEnable.xhtml

Filesize
790KB

MD5
bee0697283592e5bec3f2aa29c3c80d9

SHA1
a2a5e36cfe308a4f98e192e588065cddb5148a7b

SHA256
28b86b2e1dbe1f82ebc8eb20676b65e8f1ff45966022482126b28543020917ef

SHA512
e73db03bd93df8364835bf47f1cdf4bf575fab0fe812a802666e7ed76cfa65063113521694468fd276151f6011b062bec7bf4a9d9fa37a91baed721e10c57261

Download Submit
C:\Users\Admin\Desktop\ResolveRequest.aifc

Filesize
229KB

MD5
e4c598f99a503cb743ea7e075b719026

SHA1
8c00ebff1f70f343a06dc8a1d4b24fca0157fded

SHA256
fe304928184ac14df0fab7c37868f5785a205b5bbbc30f75dd4f47965d4d7e3b

SHA512
9fdb98ae549135f800b32bc14a9914ce1e03b15e84aaa7768d25426ef89df52ba75cb7462d2d75a530173fb7fc2149b56ee0f20f9a46b423c15d8b1361fd31a5

Download Submit
C:\Users\Admin\Desktop\RestartPublish.rmi

Filesize
574KB

MD5
c1209028f7710cc15c956428ee55853b

SHA1
10fe53f2109589f9ccb537f50408fa95672540b1

SHA256
d3f311ef2f4eb5b5cfcbd9351cb160d62c59812dc59e2a7a3e185e1b67b77958

SHA512
f69890508817b0fd9465e2908606cc5c144ae51d958c59240b103f5795fae3a7ca04b67609e818291d0a128b4c7e1c7acf18625f15a41b14ed144daf485189c7

Download Submit
C:\Users\Admin\Desktop\SendCheckpoint.gif

Filesize
316KB

MD5
dd2db0fcfdd53cbbe545b809268c7474

SHA1
e53532b7c4f55493b6594cfcd3574a93fb229383

SHA256
fddde2b772f06b0735f2b26b240999f7e4744e1b6e5e15de7c8800def80a5208

SHA512
a4685b0b9e56ec3f5ad2c03b507f21dcd996dabe53dbf68f276030d295a903bb7e3c2110810c036d4ef61ca562e3f9b6d3dc6a1d2e42d3173b89493e6b93ff77

Download Submit
C:\Users\Admin\Desktop\SplitResize.docx

Filesize
20KB

MD5
a0599fd923ff23c85ee959d82827afa9

SHA1
25d00e0a1176cb1028e250ac4e8d22a1f5fad68a

SHA256
e0fbe4dc418e0084f94864a86c393f2acd511194ae896c860f79ac3557be25fe

SHA512
cacc8fa5ce3e532172dd9409e1a0f8cd29f6f544725efb50f97a3031b2310c336ee24c4780439c982aa039b1c20b1811b1662b3487c88bee0961adc2c6464710

Download Submit
C:\Users\Admin\Desktop\StartEdit.ppt

Filesize
431KB

MD5
50809cbe9d5218786b216aaee4e35196

SHA1
6861b2698589a62228add55289c3baf0efd04cf5

SHA256
2ebc4152f3a0d1b6f017bcac2b29f83f6835d893d7ce9832aafa344551c3f0c8

SHA512
1c3c70a1afc5c401a15d5c3d46c9565e3ee408aeab522222aadaf7ca16b26df3b5530bdb4e2653c3c8189d46c923d199065b99bba5d4cea3f41e6429e2708729

Download Submit
C:\Users\Admin\Desktop\StartSync.mid

Filesize
215KB

MD5
495f12121d0b752c8848cb353bf6e4e4

SHA1
5493fa7a33f55813b8ab2be6c696d77fb34d3db5

SHA256
2cc1e8275952754b3dcc824f5089510e475556e792749a61a0de87f49f45c7a0

SHA512
6ef99ae4ef81519a3f128e3a54fbb0eaf5d59caac07fab81563ef631c6898ee9ddcd74ce8986ac4b64a3204db8752676e0380c3a1540613f00d0d25697fdc093

Download Submit
C:\Users\Admin\Desktop\SuspendResume.pptm

Filesize
402KB

MD5
1ed24244abb7458d0fcd4e0f0a4ec3ed

SHA1
f29169c1dd43a5a74f68511333f9ddfb17bef9e4

SHA256
13b7e4e5613b685b2c39bf98db9820ec6dc84738d2a0ed991be7244d9dd61797

SHA512
7691558d0072235182e83328a6650d532eb88d9d8a28af02ed9c4f3dce3ea37f46194bf6dbea7024668dbea4658839b0455263138eee66d6fd02fbaf8d0631de

Download Submit
C:\Users\Admin\Desktop\UndoGet.vssm

Filesize
474KB

MD5
61f17b513aa0728a826c503f0f74ba80

SHA1
3687b982aaf84837d11de66944896779d05007e7

SHA256
798cf9a5cf37b389b0abc225a2b4b28a0df8fdf89b77646a6ca55a4ae6c211f1

SHA512
31c8890e6756e940f5901c83dfbe5afdb91388ab5957a8b488e7480493ef882f179e976d17097a442606cb51d533c17e2147a163064b5cebd28bda9d62dddca3

Download Submit
C:\Users\Admin\Desktop\UnlockComplete.mp3

Filesize
545KB

MD5
c70603982a277262b420a14d54b8d3c3

SHA1
e473c43e573d97443cd72ecf07505c4628a13eef

SHA256
d1e3120ed8e6ce906a7f3e737c580b1a943e98ab197d1c5d68d126142a968c7e

SHA512
032ae69dd97cb79a5bcd0305bfca55439f069c7bc669a4518a1632097c4c7c0b2ab1c3c6d858ce21322c4af072b1602670389bbbac4fc8e893c4a45be03a6900

Download Submit
C:\Users\Admin\Desktop\UpdateUninstall.mp2

Filesize
330KB

MD5
d976a8a3713b14af938c69c02d529a39

SHA1
4646006de75357d82e98578a119fbce16d007eef

SHA256
fe96f6de4e64396f00c3da2768b8cc79f4767e92f3e05f3853387d28ecbd3510

SHA512
1d84ca1047bead8278f46c4e76019ac1eda2b480fb9644be1bc2f495be7e9c6c8b15cf439e0fadf630ea762a4ef2728de2b59a27330fafb5e26eca69a241c1a3

Download Submit
C:\Users\Admin\Desktop\UseRemove.iso

Filesize
287KB

MD5
ed28b288f2068bb25c49b2062ed105a9

SHA1
b45b619fa39a3b79bcf23abda1d15dbdd95d2c6e

SHA256
f5decf9442d5cc133f30149f26af4bf697c7686d3e6a23b54ec72b6059d2ca1f

SHA512
c2c0089eac76f9711648830019c875a59a9201d2bc28d7cd8073487a149e248c80b293e88ac13e5836604dbe454a4a943d33d2daa3f827755c71e0166dc0b453

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 217025.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
eaa6b27453afc4ff5407ffe5fa2df094

SHA1
d73e712c176f8338e43ed4b1824578984c8bb557

SHA256
03cee92669158e94d88fe26081da8e37b4e58d35f848907d05a28e27aedb7cad

SHA512
0ad13845322854f2e6c33f878b89bc6249d136c06dc20cf78f60c52abaf3799a338c932aeeba98ebd066d3c9258ff93229ddd9eb5935354078355e2636580e49

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
b91a9f8fb02f9508970cde77c2fff396

SHA1
d64eb2b9fd73e829535e6f6dfd053a508bef3f83

SHA256
355155d10935c53bb9d9d1cdf37db3989f4808dc9a0ccfb968fcefa7c103a795

SHA512
9b3dc5174607f99a261294737bb913803a2a6c99e0d3980d03b894837cf62fee0427f52818eaf724eaa27e9abdaa06a7447537b45903e66bca475c73709b8e66

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
54c1b355fb5bd8f80c84d2ad18b0fd55

SHA1
c70779bcfbb27dfadb52923a693a4be3d209a453

SHA256
793b8fe6c1b8103e79a3e691c0c624263ffaae0109992d519a1d769777f5d1df

SHA512
1377be145c51febc5cee1b6fa465ab212731e7ffb22ba1a9a17957934a9d2146378791ec1903505c8aebfe377d92e3ccaeb685b40641169abd7c96e179a0ec0b

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
5a135b3bbe90cca39efbead09b765781

SHA1
52d0bc633c9eaf86d760fb254bc74d72003984f4

SHA256
a1bb7d3794d4a816a67e6aa5bd6fb59ebb7b1c59e1a4a92e0690ac3e265d0a71

SHA512
4dc6a8eeb09c712f9e355a5c7d69adc3c707d96323ec1214165b554c6c36b816e9ff81d9e0e68eb41f0decb7374b9d14be413bfa5d9e57e12e9ad012e3171ece

Download Submit
memory/4164-595-0x00007FF624850000-0x00007FF6251F2000-memory.dmp

Filesize
9.6MB

Download
memory/4164-598-0x00007FF624850000-0x00007FF6251F2000-memory.dmp

Filesize
9.6MB

Download
memory/4164-596-0x00007FF624850000-0x00007FF6251F2000-memory.dmp

Filesize
9.6MB

Download
memory/4164-597-0x00007FF624850000-0x00007FF6251F2000-memory.dmp

Filesize
9.6MB

Download
memory/4164-599-0x00007FF624850000-0x00007FF6251F2000-memory.dmp

Filesize
9.6MB

Download
memory/4164-601-0x00007FF624850000-0x00007FF6251F2000-memory.dmp

Filesize
9.6MB

Download