002f33fee7b8a159058368b7e93e492931c4ca72e90660bdb2691bcd62fedd3c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2024 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battle.net-Setup.exe
Size

4.7MB
MD5

f7fe24cebbc4b0332c77bce563e11b1d
SHA1

744968c9193e5a1b96941695600d3770e61a6ffa
SHA256

002f33fee7b8a159058368b7e93e492931c4ca72e90660bdb2691bcd62fedd3c
SHA512

a3f1e0d1a2c20dd1c40b5039085abf47a17a313590f40785181a4559c6b53a6622ab23a540fa9d56604ce4d008861558636acf798232de2d6b493e4ac4c71ef4
SSDEEP

98304:F84BwyMWieDN4+F/8njOyiiqTrAGlucx:FAEwnjOy5q9luc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Battle.net-Setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeBackupPrivilege	2392	vssvc.exe
Token: SeRestorePrivilege	2392	vssvc.exe
Token: SeAuditPrivilege	2392	vssvc.exe
Token: SeTcbPrivilege	4576	svchost.exe
Token: SeRestorePrivilege	4576	svchost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 3560	1176	msedge.exe	100
PID 1176 wrote to memory of 3560	1176	msedge.exe	100
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 4784	1176	msedge.exe	101
PID 1176 wrote to memory of 2864	1176	msedge.exe	102
PID 1176 wrote to memory of 2864	1176	msedge.exe	102
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103
PID 1176 wrote to memory of 3556	1176	msedge.exe	103

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Battle.net-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Battle.net-Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:60

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault09b6586bh5646h46dbhb782h0621fb530ff4
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb062046f8,0x7ffb06204708,0x7ffb06204718
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3211960676194732841,14967328110082502958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3211960676194732841,14967328110082502958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3211960676194732841,14967328110082502958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4576
- C:\Windows\system32\dashost.exe
  dashost.exe {80faeec2-d22a-487d-89f36250e00f15de}
  2⤵
  PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0bebc03efadb1422a253914f592972be

SHA1
ba950077886e51db25e15876a00185d345c5a990

SHA256
5a6439e4fc453a35836e205adfe8ed58e24cf6a0abaffc1f239dfbab52c2f9a9

SHA512
14f095c30cf67a0185ab81317b9a0c901887b35924c53caebac73bcf61d91ad69196752af2c73b065630107c2f947fc1f49fdb11d2d44182cb0c712bf1e47507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a55eeee41ee5c7f7baeb45af7a27bdbc

SHA1
6322420c600ab372cf96f506e83bbe7f494375e4

SHA256
08b9c384a422ecaecb8ed20cfb439040c9695f9247d6cf93ab3b4f2d716207c1

SHA512
9dfef6cd683554cdb5432bf64071ba7bda721037a28c70b438f057e392490f5a172ddae0f4a7366529c54bc7251cf21adeed6d147c5e9b532f5b383ca9acd76a

Download Submit
C:\Users\Admin\Desktop\BlockCopy.potm

Filesize
357KB

MD5
2581aa5cab923169bca67d2c5d481b08

SHA1
0dd5c95bb5547c8dfbaa16513d0a5cae3c74aa67

SHA256
1939caa9824a8f402a961e49e9f16197a14ab7d676a813ca2f6e02e6935ca51e

SHA512
2d74b5411b4f398b82a836273486fdb1f89f3f01cdded64a02d2ef83ace386a3b565959bbc23e44dac19b4bc33f94ff929abb054da8752e66e4bfa65e6b22fd4

Download Submit
C:\Users\Admin\Desktop\CheckpointMount.xlsx

Filesize
328KB

MD5
d095ca46bf34a80b495a7085eb20d3b4

SHA1
27265d0cecba99120e732708c1923ab62917023f

SHA256
4348b6602ba5bb88eb615d1b6efc23a4085dede2fe6d0d622acc493b16dbc67b

SHA512
a4f53aee6f33b1f7912c6345bc8ac73618bcd210fb7530595fc12a4bc33113ed5a4bde341cb2bbe1b9fafba1fcd38ff220deaec2f357cc0082d19e950cd47900

Download Submit
C:\Users\Admin\Desktop\ConfirmOut.txt

Filesize
387KB

MD5
e935bd1e54f4bab9c0db77d8eeed4766

SHA1
53c8280acea87d470d630651c9dc7c3221d767c6

SHA256
4b907cc4d1c84fbedfcf67f10b1ea24b34002b7a418bc48adc11e7e002d2683f

SHA512
a6b9215ac986a63942a4598079845cc20836ce390609362e0be6741ff27d045c5be5b404d241c165320a03412f2c3fc834ef4afd42c4d735a187bbb8618a02f2

Download Submit
C:\Users\Admin\Desktop\ConvertToDismount.search-ms

Filesize
416KB

MD5
4efb0129a11b676d58539dbe85481241

SHA1
e7157545bd139c65cf9b1c3ee04193214881ef5e

SHA256
c5bca510ce141b346b467cbd799ab2e241c183705ff8b4dac997062884f3d690

SHA512
8b8786ad6ba42e1d48c769ce6f290ac24f77e06a1101de942df4b45b4a789f6e652d7342d9298d02d75e3de3cfbb12835fb9c0dc14bd000a449f3ccc675b4cd0

Download Submit
C:\Users\Admin\Desktop\DisconnectShow.xlsx

Filesize
12KB

MD5
8d97e858e74372f9db716af83131368f

SHA1
04a85b01c64b04124663c0d59a3fe47706ccf69f

SHA256
9ed42d83391440914959922ba7b8ab9efa20e8986c6f36b1ecfd57f3a721fb76

SHA512
ee84fb6977d983e4f5051322eee5970dec18594f3cccff16eb7d7215e06ea438bd0728bfa87ab92002d8942863024a4d8cb97011fd114cbd174e9b3bc9fced9c

Download Submit
C:\Users\Admin\Desktop\EditSave.otf

Filesize
547KB

MD5
8c1dbe90a2c6fe41897d972a73f769e4

SHA1
228408494bbf986b8159924249299606d1806d62

SHA256
52a74f73c8f6b48a6958e751de0ff79645e485b2e166ed2825dd98c3316a927d

SHA512
0997be8da8fcd30a0f1ea2a7e0d08253b871dca03607f5b8a92df1e6f4f8cf7fc766509ddb0ce524fbe02f064c7bca4549a2de1d4bfeddced595d86c064ec621

Download Submit
C:\Users\Admin\Desktop\ExitRead.mid

Filesize
343KB

MD5
608d99ffad2cb66738a6cffcdce6cc1f

SHA1
0782bd3e021c7330882cecf26c2dcb3d24ebb70b

SHA256
85b768e6452c6ffa8757a0b7d6e5e0590893e02a8be69828fca7be168cc57b97

SHA512
ca834f4204f65c56bd31ab7f415d6a6c4da20f24cbd64526a99cd10a2f6ebe765a963fcea6016b7f8015607f0dff24f410d005baa796a1ad3c4138ed99cfee34

Download Submit
C:\Users\Admin\Desktop\ExpandConvertTo.jfif

Filesize
489KB

MD5
62cc4633a290fd277b047a460d21540a

SHA1
f01b6aef97b2ee88a5f050cedb33cbf872104638

SHA256
12d4facbcc3208f76560e72e636f991939713aa2463057fac8882d5641ced353

SHA512
8b7882049d11cf8c92e878c51c3fbb9b105602b32a3a89ed195d78a5e18d128c8dd7662c99e7db2c5e5f242c9f3a6b69059026d9da53869fb0d62d0470a3aae3

Download Submit
C:\Users\Admin\Desktop\InvokeCopy.emf

Filesize
401KB

MD5
ae27d86c8c2b5e87800a8cc67f9d8110

SHA1
d9367697067289d908b00da9b00e067d148998a0

SHA256
82893e7b99304084e5b6350fb4049d6804d7987a8f92b4097be9ed7e600ff47d

SHA512
f3075ff225e55ef115751d2139870e719ffd9aa7e7e75ca1081047cbf5b4e3da0f0a8be5fa9c0a38f17d7bd729643cf8e81be319092449bac667df2cd61a4157

Download Submit
C:\Users\Admin\Desktop\LimitDeny.xla

Filesize
372KB

MD5
6fdb94d61d6b074c85eb17dc1cdfd552

SHA1
00a3ba0464a44969d3839fd9873318094e680713

SHA256
810105bbce3994e61f75917703d3662d3e47eb6220c7a81e018157fa99cddd70

SHA512
f7d19be6f72fc019a412c5a495fc71dea33c65d80fe686c89424086408c32a7b6bebac977fb218d2c175274ce59d3273baccfe3b6bc12705160057f383151711

Download Submit
C:\Users\Admin\Desktop\LimitStop.mpe

Filesize
832KB

MD5
53654017bc5c67cf10decce8175b8219

SHA1
2dd86bdbdf8a2addd76de4892691c3c1b2c3a675

SHA256
30b895b83f4657b8f57fe8ca8bc2b0beb8773bf487f4446f02f113710a159cd2

SHA512
810dd4d0bc2f75090f6f12b7d5df1dc5a8ade369a3c0da92bd6be75e86f7992aef566362ad3eb6e041e80b6e43d94135f0691918f9e398c8c55c2ae64567d715

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
e50089fcd65daf5059fb2165ec243ee4

SHA1
4d63bfda09a91080c05b89b5dfeafae6874e9c0c

SHA256
9ca72774839e8dba35226d35454591bbb83d06a3b122b0916ade9ad66cc0686d

SHA512
e131c692d84f8915eaa08751f9f144aca7cdf013b92a734d06a9b1211e0bcc8c7cefec137f5952f87fc38dfb2e87e4e15f3244af3fa2a9aad33db18200fde956

Download Submit
C:\Users\Admin\Desktop\PingOptimize.cab

Filesize
299KB

MD5
2244f3ea654d4f2b4b117315a618d473

SHA1
326f01c641e7c7098e45ce556a5e0f7878b19b4d

SHA256
173ba292211e684278920d319e29e26c61215702e3e05e5e0869f33abb31979d

SHA512
e2a0a02324d70df4f47de8cadfbc7d59f6bedfd47cbf99baa030fc2c085e0bf8bc2bc4092722c091c9c3b2c5b7b3122f89aa10d3821f676f64a35302f0d24e35

Download Submit
C:\Users\Admin\Desktop\PublishLimit.xhtml

Filesize
241KB

MD5
c85da088d0f734133ebeb62ba99f395f

SHA1
5ef5902c05334b719948f76d0f44dde9331e2f1b

SHA256
7a139ebcd28e03493920a558be5726ddd3ceef8a58524930c3397f62be9dc1c1

SHA512
d9a6bac9856a01d1aeab1c33c2191260b2f78c35f8da320162b59ec45d188d861ac2caf0deb58c426011155d65959d6431c65d739239f83f8d8b485e150a2c8b

Download Submit
C:\Users\Admin\Desktop\PublishSplit.wm

Filesize
577KB

MD5
99bb146823cf46cfa8f0f506647174d9

SHA1
227fdd54a8b0b43b79321accf7bdda4820dd9c25

SHA256
c312261b2811087cf06bfe733070f93817c0157eeaba29cd3ea6b9892671876a

SHA512
33e4bf0af72a1f2d21ea143ff1e5dab8c9091c270966a6f661082169fc1d345ee6263ff05a160554b1e829f480c02746bc2b8cb2f4f940f0493fe256671e991a

Download Submit
C:\Users\Admin\Desktop\ReadPop.midi

Filesize
270KB

MD5
b18f9ad481a6c305d8ea0575f5031fe8

SHA1
f6d75e937ec5a7b7e45d6d6e064a81e9d7a55131

SHA256
60dd91480f9e209c0adf8e5a1d2573378a2c6f0137082e24baa335c99dfa071e

SHA512
a6ae4b252b7f0139e2f246325dc0b2f9c84939475c4136c01761d8cb7205e36a68290f2c7aea8bf0e0988b6e4782707aa76271a78a26f622aba5de7aa467aee8

Download Submit
C:\Users\Admin\Desktop\ReceiveAdd.xsl

Filesize
431KB

MD5
96d8acf75cc3c5a46018d96a20fdeddc

SHA1
9dc4e74ede35e46e9ee7213597f1d38b0758f7b7

SHA256
0f3ccc46c8747576c280cac059a807eee185be6ea73892e79a2ee29e6823ef83

SHA512
32968e767a36e2d9b33446143ae4cbf3479c8dccdf713e0d7579083dae9e07d99a1fc62adf9d8c06b185d609609e3e907b3f05ff6129e8a252f90486e305471f

Download Submit
C:\Users\Admin\Desktop\RepairConvertFrom.fon

Filesize
226KB

MD5
d38d7e656a7c7ca76b57d4d0de070dfb

SHA1
cac18f0f19882eda6bd1a24104fb5c9201575b90

SHA256
0c0a54a85a9e7f6017683d46902ce0af5d2a42a103676e2b67cf882ec6f35b80

SHA512
64fa4b4b59779731c98d2a2a5500ee0e024cedf6aca49c1a2204c916e753475a9ebf8b0dd0a59c96bbdcfa2193aae44d9deea6078907bd4025025835dc03840c

Download Submit
C:\Users\Admin\Desktop\ResizeMeasure.ram

Filesize
474KB

MD5
83a256245c0500c85d8785b638581fb6

SHA1
968c1e49571130955df84847a68a834c1e09e03e

SHA256
1ee143b7e327c3b92491a037032c16bdc376a0962ec53995139160f76c2ad0f7

SHA512
76837532e5d9b62c5121879cc13235cb8042e61af92dc38394a54033cd90bc68db696b54a9c4cc27c161a619ec06ef86d838998f3025513675917ed0f5b0a6e9

Download Submit
C:\Users\Admin\Desktop\RestartReceive.search-ms

Filesize
518KB

MD5
10ab6184c51765aa4307a6d2c5edc21c

SHA1
2cd51a96c02bdd9a18410634e2f1aaf5515174f8

SHA256
a915e57a30decc72f0e65e970a9aa86ba6f54435810bd026b77e8d7bcf24870f

SHA512
61958b080a488731a73f6e628c1e9ffec35c9f7db5f70829a3f2c4d05c95890df4f6d52390b7c9925dfcb02bc5b8bd4057bd4c863ff4cce5157e3cb73d949000

Download Submit
C:\Users\Admin\Desktop\RestoreMeasure.rar

Filesize
562KB

MD5
2fee4e75213c1f7e160f1b53ddd97310

SHA1
38d40da24aea6acd9fa86271bddb7ae9aa958c92

SHA256
f5e150c0d9b22b07b994dced71794902d408b8347dadf7383ed37d2445b54e34

SHA512
a8a0a5b7bc2edb3dee1a80655c74619f98a6292ffdc6feddc22cff21a87c20c1b9ea99fb693db9ea1edbc9abe9b86c8dd0c50adc3f4e8a9041e1620b66f9ea3d

Download Submit
C:\Users\Admin\Desktop\ResumeSave.m4a

Filesize
211KB

MD5
f20bc918f13064d07cc5cd2bf9cf2f25

SHA1
6460ad35933ca2471261aa03ddef8491d5c7514e

SHA256
a1f500b30dcd23db24e0d573dfa33ff329ea0ea92ab43abe831d4ea86de349a5

SHA512
aa010151e116e3200cbee5888b3b3b2f1e62c914615ab0866dfa6e7e11f2160c6d9bec15087e009a31d71ac0a3db3f78aeaddf99d601bdd23b8317b2438853a3

Download Submit
C:\Users\Admin\Desktop\StopRestart.snd

Filesize
504KB

MD5
243f8b132845842a83219a63cebcdb29

SHA1
964c276422a195693d5794d6aa3891ef90ab3e92

SHA256
b6422d7935d1398b0c077ed8791e6b135729e0fed0a67814e7513a1c34f93377

SHA512
5069c026a30f8ab70c33a45f9ab7e4e01afc5cdb63b279077ad02806fec810801f4b2b07f9fb55c2a553058b8a4de5c2a9bea5b0b356a43369e91e6c976a8b80

Download Submit
C:\Users\Admin\Desktop\SwitchTest.odt

Filesize
255KB

MD5
2cf56a158ea88def6358b4df3cb8689a

SHA1
81c60fe896bf4502830561ec4fdb81eba36c6056

SHA256
49aa6dcfdc3481b35dc8935935413262d993053965e5dc9f0b2ec7f0b0285ef2

SHA512
11194fe56db2378ecd198b8c75da5d3b0a846e11819b5f9c13b1b3bf93afdba6c2a447ad02318f765917e8a04b9ffd080a6f86c9d54c14738bc475e31f4e740f

Download Submit
C:\Users\Admin\Desktop\TraceWatch.mp4

Filesize
591KB

MD5
2b8d2e78a0188c59f171eb63ae512521

SHA1
015046d931d5737756b9dc09df981db17f92be05

SHA256
e1ea4499a5738990b4c340e62c5bfdfa3e4803dcd67321cc4d7edea3cbe09bd5

SHA512
ab73d9b9f0111653220d0c2ac30873cdd86f6ed2729ed7546d3e69fb3e1b5e68e419f9cb294eaa131123986bc2980af8b04aba2204861c114b46e187b343a88d

Download Submit
C:\Users\Admin\Desktop\UnlockSelect.m4a

Filesize
606KB

MD5
ab3316863a636009c5a6cc7bc688a81c

SHA1
36ee93f3553b0f63c8460dbe30d571c918445174

SHA256
094f1853cc769052281abb629ddaaacfec64b3150f7eb5f5d85146d2411bf9c4

SHA512
b8db3d0872217143b6cd2249390e7e0a54d753d996a80b1872c74dc2fc16705bbb9b8bd603374508c3f2d2c96f6f62aaf2294c9a09237b2708563fd46dc94512

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
891ad53615b8c312479d8d5ac94d6b3e

SHA1
23f22087d2cbc79fde5a541b77b644a0001af1f5

SHA256
64a544910c64648e57ce48ba5e2f7b756f49597f8acee2140d1eff6f31d59d60

SHA512
f898a64cfdbb776b54334806046f1b5550a988a6d2c21455ffb79eaa2a5998fce7780ed5bbcd19fdafb07e0d1a9275f1be95a994bd050ceecac86f7ef0a5398b

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
401fc16cdd7f23488027878888d4608a

SHA1
c2c7a705e6c3642ec2394b1d3e6d791d322a37c5

SHA256
72128803df67f2234e267f368f09c1d472eb9cf7c48337eabad1741cd9129c6a

SHA512
9ec478eb75da33ee91eb8bfdf24213ee313870e4b38664a941555832fbbb821d8a69918d5271acebb0c4ecf8ac51a3c1b1ff333d4bc5ec9be87f346f03617670

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
cd04aa291f04c722d454ca3b76d90752

SHA1
c08d1b308e2e4be368923a079096899fc1bef01a

SHA256
90a2077b1bf8be747322cadcc844e87bad1487cb2ac4b5f02efe79663aaa3adb

SHA512
2122ac3e77c203d6c3e70eb5e589d37a2b897d6ed69523f924bad8ca648071959434b89af155d42ee24da6e4a2b6b9596625ed9f948c3b7047162ca93826411b

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
fd7f591dc33bf297c74b8ac409f41725

SHA1
c759a6716bc00df0fe9cce5579d1b33b7b4da8a0

SHA256
d7b1d3b2d8410dbd71b5a60c6e014d589e7ac97fe60385bc18abec0ca2aebea3

SHA512
1d1bc1b19f793ceeea9fc075b09e2eddbabeb7658a31b601459f4a246e115ab422968d8c4a20f56a9268d758264797e562303105272c022407b966d070cf9bc8

Download Submit