nitro | 3648148140b969d6ff9c51898844311a7572815b1168a320eb924a3ebea6fc22

Analysis

max time kernel
254s
max time network
256s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-10-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NitroRansomware.exe
Size

61KB
MD5

07e743c285d7f93f6eade3ef06f254af
SHA1

0041dac01ef16644d29bfa52bbc07bb8650d1ab0
SHA256

3648148140b969d6ff9c51898844311a7572815b1168a320eb924a3ebea6fc22
SHA512

77ca7c4a5fca4b7e3e30e27fee2025d7fc4a6a0036633fff82ffde981a0bd04238134038a7b0615911f60614b44bbde3ecca32a4b767c8a420ab2e91317a12b6
SSDEEP

768:0KsMqCXfVcWlzM9ZkiANIUndYLDwUzc80gmq3oP/oDF:0Kse1M9ZkiAPyr/0O8/oh

Score

10^/10

nitro discovery persistence ransomware spyware stealer

Malware Config

Signatures

Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
ransomware nitro
Nitro family
nitro
Renames multiple (112) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

NitroRansomware.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NR = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\NitroRansomware.exe\""	NitroRansomware.exe

Drops desktop.ini file(s) 10 IoCs

Processes:

NitroRansomware.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	NitroRansomware.exe
File created	C:\Users\Admin\Pictures\desktop.ini	NitroRansomware.exe
File created	C:\Users\Admin\Desktop\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	NitroRansomware.exe
File created	C:\Users\Admin\Documents\desktop.ini	NitroRansomware.exe
File created	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	NitroRansomware.exe
File created	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	NitroRansomware.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service
T1102

Processes:

flow ioc

18 discord.com
21 discord.com
28 discord.com
30 discord.com
54 discord.com
78 discord.com
17 discord.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

9 api.ipify.org
8 api.ipify.org

flow	ioc
18	discord.com
21	discord.com
28	discord.com
30	discord.com
54	discord.com
78	discord.com
17	discord.com

flow	ioc
9	api.ipify.org
8	api.ipify.org

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

NitroRansomware.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\wallpaper.png"	NitroRansomware.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

NitroRansomware.execmd.exeWMIC.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NitroRansomware.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

4972 WINWORD.EXE
4972 WINWORD.EXE

pid	process
4972	WINWORD.EXE
4972	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

NitroRansomware.exetaskmgr.exe

pid	process
3496	NitroRansomware.exe
3496	NitroRansomware.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

NitroRansomware.exeWMIC.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	3496	NitroRansomware.exe
Token: SeIncreaseQuotaPrivilege	3200	WMIC.exe
Token: SeSecurityPrivilege	3200	WMIC.exe
Token: SeTakeOwnershipPrivilege	3200	WMIC.exe
Token: SeLoadDriverPrivilege	3200	WMIC.exe
Token: SeSystemProfilePrivilege	3200	WMIC.exe
Token: SeSystemtimePrivilege	3200	WMIC.exe
Token: SeProfSingleProcessPrivilege	3200	WMIC.exe
Token: SeIncBasePriorityPrivilege	3200	WMIC.exe
Token: SeCreatePagefilePrivilege	3200	WMIC.exe
Token: SeBackupPrivilege	3200	WMIC.exe
Token: SeRestorePrivilege	3200	WMIC.exe
Token: SeShutdownPrivilege	3200	WMIC.exe
Token: SeDebugPrivilege	3200	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3200	WMIC.exe
Token: SeRemoteShutdownPrivilege	3200	WMIC.exe
Token: SeUndockPrivilege	3200	WMIC.exe
Token: SeManageVolumePrivilege	3200	WMIC.exe
Token: 33	3200	WMIC.exe
Token: 34	3200	WMIC.exe
Token: 35	3200	WMIC.exe
Token: 36	3200	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3200	WMIC.exe
Token: SeSecurityPrivilege	3200	WMIC.exe
Token: SeTakeOwnershipPrivilege	3200	WMIC.exe
Token: SeLoadDriverPrivilege	3200	WMIC.exe
Token: SeSystemProfilePrivilege	3200	WMIC.exe
Token: SeSystemtimePrivilege	3200	WMIC.exe
Token: SeProfSingleProcessPrivilege	3200	WMIC.exe
Token: SeIncBasePriorityPrivilege	3200	WMIC.exe
Token: SeCreatePagefilePrivilege	3200	WMIC.exe
Token: SeBackupPrivilege	3200	WMIC.exe
Token: SeRestorePrivilege	3200	WMIC.exe
Token: SeShutdownPrivilege	3200	WMIC.exe
Token: SeDebugPrivilege	3200	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3200	WMIC.exe
Token: SeRemoteShutdownPrivilege	3200	WMIC.exe
Token: SeUndockPrivilege	3200	WMIC.exe
Token: SeManageVolumePrivilege	3200	WMIC.exe
Token: 33	3200	WMIC.exe
Token: 34	3200	WMIC.exe
Token: 35	3200	WMIC.exe
Token: 36	3200	WMIC.exe
Token: SeDebugPrivilege	1680	taskmgr.exe
Token: SeSystemProfilePrivilege	1680	taskmgr.exe
Token: SeCreateGlobalPrivilege	1680	taskmgr.exe
Token: 33	1680	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1680	taskmgr.exe

Suspicious use of FindShellTrayWindow 46 IoCs

Processes:

taskmgr.exe

pid	process
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious use of SendNotifyMessage 46 IoCs

Processes:

taskmgr.exe

pid	process
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

WINWORD.EXE

pid process

4972 WINWORD.EXE
4972 WINWORD.EXE
4972 WINWORD.EXE
4972 WINWORD.EXE
4972 WINWORD.EXE
4972 WINWORD.EXE
4972 WINWORD.EXE

pid	process
4972	WINWORD.EXE
4972	WINWORD.EXE
4972	WINWORD.EXE
4972	WINWORD.EXE
4972	WINWORD.EXE
4972	WINWORD.EXE
4972	WINWORD.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

NitroRansomware.execmd.exe

description	pid	process	target process
PID 3496 wrote to memory of 4780	3496	NitroRansomware.exe	cmd.exe
PID 3496 wrote to memory of 4780	3496	NitroRansomware.exe	cmd.exe
PID 3496 wrote to memory of 4780	3496	NitroRansomware.exe	cmd.exe
PID 4780 wrote to memory of 3200	4780	cmd.exe	WMIC.exe
PID 4780 wrote to memory of 3200	4780	cmd.exe	WMIC.exe
PID 4780 wrote to memory of 3200	4780	cmd.exe	WMIC.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\NitroRansomware.exe
"C:\Users\Admin\AppData\Local\Temp\NitroRansomware.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4780
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic csproduct get uuid
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1444

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\HideConvertTo (2).docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4972

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\CompareClear.dot

Filesize
512KB

MD5
014b63358c411d2011e9b664b8acc511

SHA1
650278f7ebd2e5554b6156158bf38b2d25ac9f02

SHA256
caa347ecdc3267dc417a6d004d9e1147f1a8e04606200fa676e59b47fe250c3f

SHA512
23208b7696926b5ce38cf8be38b32955296658a2ea2d2f3e3dbb29df2d9a7853bed36972d5f6323485ea6496d7cb54a10124a16da8dd555551cc313dd561e260

Download Submit
C:\Users\Admin\Desktop\CompareClear.dot.givemenitro

Filesize
512KB

MD5
5fd1812e044db6312619ec9299ac2b7d

SHA1
3e806602b5008e2ae8f3c9510e03f92833c74404

SHA256
f892aa4c0ec8853a1f37e9ed9059cbf7288def48731785ceee29649b2a377089

SHA512
488ebcc5ceefbe1e924834a314f88e7a834832ec66c30d01dbeca457800af67cad9fc3e95a3220fd051f2cc4513ac7305b186666abc5efb276aa3a6677b589c9

Download Submit
C:\Users\Admin\Desktop\CompleteDismount.xht.givemenitro

Filesize
1.5MB

MD5
99b8301cc4b6fd5bc0e41b8a66f11360

SHA1
22940077c5d4b4fb40b0b817e505aaef736581ee

SHA256
492abd8be47ede6cfe7d9d1adbf583a55d9129223db9189f760914c143077e96

SHA512
0bef710e36934f67611572461a9983ea932bd3e706693e7621f1e80e9f6e685d12d09319844b5dbb6ce3aef1df124c0f53ab43165a8000b7c73f60f212690b6b

Download Submit
C:\Users\Admin\Desktop\ConvertToCompress.xlsm

Filesize
960KB

MD5
7bbeb470426db8535e55819137127407

SHA1
1dbbff5e2ff317470f1a965704f6344238dd9e32

SHA256
7a25314835d3e1de07a34595da18ee14f4e4248c2f1d41bfb37831fd30aef28d

SHA512
702077e47e30c87010eb5cac1ac2978553a06f5869035c5addd670aef94b569ed5109ab08a9c2c7c85c2f0de50652fcda33beb2dd8a5febac0b70369bf22c1b9

Download Submit
C:\Users\Admin\Desktop\ConvertToCompress.xlsm.givemenitro

Filesize
960KB

MD5
a0727fa9574bfa181478671b259ba149

SHA1
8450b7bc59b1dc239a9c5e7f7a2a4a65eacd8a9b

SHA256
043c4e4442e767448974da2a43741d52952e84f5e98e93f5939435dd05dba1a2

SHA512
b7e1dbd56bd337e89e21dde7c9ecbeef480738abf6a8cb397f93cd5151984fe8f2e482da74032e7c111e5b10248a86ba6e08a940f0cbd1ab89a734b2815bc1d0

Download Submit
C:\Users\Admin\Desktop\DisableInvoke.xltx

Filesize
896KB

MD5
838451049c61f897e7bd6817835f1dc7

SHA1
62f42e87d12249f90e9eae6fce9b62a8621fedc2

SHA256
86737dad418c80a3ae4b68c965dc62d446fee905c9b837e6d0fb6e79089cd041

SHA512
eb948a6a5e15bd346c216ad01da703c9abe20bd92337b10d508885652c1059714e2276c94949ebf1bf9f18cf80e116fe84e3b63fe74e19849ecaac9d0e67c574

Download Submit
C:\Users\Admin\Desktop\DisableInvoke.xltx.givemenitro

Filesize
896KB

MD5
75afca035490d68facbc558e2e5158cc

SHA1
d1cc9c722fc60ff06c8db72fd218a88f276f79f9

SHA256
05f5272c3c93f66fe5be4d0adac1a874d689bac12f47fd4f6aa98e81937125a2

SHA512
55206c591399a612fb4fdb06fde969df5a97fdf36da4ac7e3ff4f3e409ada5a2f9eb3eef6eaa53c14cdf5707f8fd609351659f307996b9087f836655cb8434a1

Download Submit
C:\Users\Admin\Desktop\DismountSuspend.ico

Filesize
768KB

MD5
febe94980196bcfbd589916d13602c01

SHA1
162e12636f622a7847c40ea5da8d584311ecc3b6

SHA256
ccd866f9f78d9ce44d251dbe2855664906ba0de64273a1343c6c2a63e59e6c92

SHA512
d2c4796eff02018f999f71a76f8d8b88cc02b63bfac3146401112fd4948ffc2e963c0e6bc841cd1d9e4bf26b8281941f9f142dc9bf939603adb0ec3a76dcaeb2

Download Submit
C:\Users\Admin\Desktop\DismountSuspend.ico.givemenitro

Filesize
768KB

MD5
8b4f89a297ebca2168d8120bec2d19ae

SHA1
72f16f3a62f73d8d98fc01325e13af12e869b9d2

SHA256
7df7d39ab9c6b8ddbe1d275bca2347f8625957d4f2a748e4206d5c9a78d32453

SHA512
852fd66390d0a42e23ec50a83e126390c87872c2b90ca9132f33ea5e1864f14f3d3ff328a7200afd11e55ecb33f242dcbcb75c52f7ca899b551e3073889d66b3

Download Submit
C:\Users\Admin\Desktop\ExportPublish.asf

Filesize
704KB

MD5
9897d1d6f5065f292a70bee124f57dba

SHA1
08be5e076c1be93489d5842c2e9e6f532273d1bd

SHA256
fa1974d50c43a89d635cee3ac5956cf43e804bd9a0f592ab578f71b3631aa4e6

SHA512
427ada882e505c8762dc4dd056e6b503d981f0c522b1635ede07c7b2f979397129531043678d187bb10bb294874e3c81268e93ab944f0fea6dc4d2dcec0f4dd0

Download Submit
C:\Users\Admin\Desktop\ExportPublish.asf.givemenitro

Filesize
704KB

MD5
053ebbbedb6fc994d78ec5bc6ba1ef93

SHA1
e48c9d848bc411722fe2d7a928bb50ad64d3e015

SHA256
5927c5c858181bcd6dba335618b36e22e06c99d241e219436ce79c8e2c65dd79

SHA512
d4d2ba3d977132c7b5b30c7d5d70b2eae0f449b0181eb8ffbf3b2b2c330b578d8a5f6ab2ecef4f1fe8859f04e2ba26d224aaf46719e72b2065e293a87d4b7adb

Download Submit
C:\Users\Admin\Desktop\GrantDisable.ex_

Filesize
672KB

MD5
b59883e79adc33c167ddf0a7eb5ea945

SHA1
6d31a41a4a62cd7bd53ae89ed26f4d1770f69da4

SHA256
2e25601d4763121bf35c2fafc5b8a0d334a06669f068f68131f8ec4406960052

SHA512
ba2106b5718cdcff5c6c23817e75f2d92ad05ef9a3d58f1a09381102bc7e5ae5415841aa4da359822ec0aabdbb12e557bb28afc01cc58e26fe488c2c8e97a587

Download Submit
C:\Users\Admin\Desktop\GrantDisable.ex_.givemenitro

Filesize
672KB

MD5
d8baff725ec107a43a7d01344e44348f

SHA1
5348dff8ace4d5701d2b64418fb658502adc0d7f

SHA256
a39bfdfdd738d20ee78b4262d77ee5d0e9d5fb6a4f3219b18b19385c0e963d59

SHA512
083fff3144274673eeef454cbde57726a5b4a12894a890164b9f67c378b516d156f052af78811dce954e779883519e825d6a43def91b335468e4bd7077088f5b

Download Submit
C:\Users\Admin\Desktop\InvokeEdit.mov

Filesize
1.0MB

MD5
6031234571872614f1376351b4eef9aa

SHA1
15e7cff24bde0bacc66f5aeaaffa9c5b6f049790

SHA256
05e9b0cbced9cede32f1aaedfc28c0b6c214cc924347a2bc1a41094ee7d08dda

SHA512
5f811b9302b5cf51080c0d93a4432a362a8162ebd74cee9ec39460fd7cfd17ac8c499751e9aca245ad140d14366366d39a442139dac4f2d673ac9238b2016578

Download Submit
C:\Users\Admin\Desktop\InvokeEdit.mov.givemenitro

Filesize
1.0MB

MD5
78ea9eacce19ea5fcf44c804417dfe7a

SHA1
f8a642f1250464866a184b246640e09d2714afb6

SHA256
140466adb56437c67a1d0f6fb7b38e18d90d63699da547a4ab2e720e6cd2e7b8

SHA512
5096c089469de099630d8a0147132b24fb5c55342cbd35dbe6062240f1c67af63343ec69a18645b1f7123e6caf6e93be6d876b3dfb50069fa608ba79fdb29094

Download Submit
C:\Users\Admin\Desktop\MergeCompare.ppsx

Filesize
544KB

MD5
7a18314b6953e2a7a51d7489db784257

SHA1
4b1600c94e6e75e70824f2d0b0dc6d87dcadf5e6

SHA256
cd74d4703170d41abd9b9c9078f81f2040b9602413257267dc06a95bbb514028

SHA512
1dbecf5448d9cce1e0f61538baf421ce97a06a078bf47cbbc0bc0f0910fc683d47429d34bc8a778498285c8ec2580148690c414afb9a8be7022de4cfb6e1ccb0

Download Submit
C:\Users\Admin\Desktop\MergeCompare.ppsx.givemenitro

Filesize
544KB

MD5
c13aa814b7bc08431def4a67fe10c890

SHA1
a3c492a312008786115c5330d95e506170d6c83b

SHA256
edda0a8d901a5ef5b6ee4a73e6308d47683a369c3eedcebff71f2dbe52365cbf

SHA512
644598f4129d5e0527d4feb6778433ddf503ce3e010b1dcc32f99237a1fe41bb549e50dba998357cc4163130579a51c536d30397fc9a92997bfc90db5570f830

Download Submit
C:\Users\Admin\Desktop\MergeReset.search-ms

Filesize
608KB

MD5
cc20178f29b047901160ec8bc90576f1

SHA1
a0142583f8f1567d182a0735306bae76ebea8999

SHA256
9db2604bb209cded6a08b0e999f098c1e9028f0d4bf064230c07af4fda672ea1

SHA512
c5d0aaa5044dc79e5062d39e8febc5b0fc7b4aafadafe56c361f2fcbaaf95b573cc18640096c49e89c53c0ffc7a97fdcc0cf64a5705ac6431fdd4a22a11e6930

Download Submit
C:\Users\Admin\Desktop\MergeReset.search-ms.givemenitro

Filesize
608KB

MD5
46d23d9c1315cfd74c13e4c673743714

SHA1
d2e6521a9fae1ecc068f396cde4cdf3e9a075afa

SHA256
6a23e08568f59cd43c171b59a8a2a146c2589d2a06ae827f5bdfbc27e4672fc4

SHA512
48dfc89522d8a2bcd685180aa155c8d612d3748a7c3d18a22759816d997fa2b0d9ca0d9d1ac7af19883240d60e63f1f8de38c274a431c755f03119650c8a4f44

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
3b4f6c30f6ab1a0e24d0d92ad489d9d6

SHA1
c29f74d22e747a8b752a5117b68317972764efa6

SHA256
f7f56acc2d4e975dc4bc4c9eb93ee490366d590a038c3f398d355905b9e1acbb

SHA512
549185e788621292657e7855f42342e37f88946669a6f8ad5f2f79494b9869a839fa9d78a80bf966c5d8381f5f6e95f66d39941777b8569a8127ebde3ede110a

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk.givemenitro

Filesize
2KB

MD5
5690f333ad8147936fe43bb00bac8c1c

SHA1
b9afd817778b9cf63740462b4669c77c8067ec0b

SHA256
d2b5b2cbe144d6759fadf625b77400f090a432e3a7d4947b253e880d8813a17b

SHA512
9702d0cd0ed063a62df8cfe84fabe72dd7cf375bb66db08916d7e4800a99c664461cbbc054ff3ea73304a999a68e204738104fa22604b77dbdc6a186aaa239a5

Download Submit
C:\Users\Admin\Desktop\OptimizeRegister.docm

Filesize
928KB

MD5
94b3c3bb88196cbf1cd63711eb585ab5

SHA1
c2df03e0218e834e0dc56b76eaff8c0a185a9f9e

SHA256
9edf4d04c2ba37295394f9e4322175be3e1286ce0da7f667ca6dadd32793a850

SHA512
96741baa1129451c97a004e1132140fe78650b6bf2b8ea6e5d1552c7945f32899abc636f3542dc4e7dd7b2b8e35d30b8f2e8591947dc15b95748ef3d5210d986

Download Submit
C:\Users\Admin\Desktop\OptimizeRegister.docm.givemenitro

Filesize
928KB

MD5
aff4cb24b61a6fca74cdc695eca4e0c8

SHA1
38428e21ded7f4cebc63c8ae9739cb7d13d94fca

SHA256
a94bf834935bde0e6146df96ca7499c577959101d5f6b11a9f09acd06a89b2de

SHA512
ff6ef5173a741a4076eb5c4f0e01d8666aeef85814322818e9eae58abee48bffc0e22d760b6bcfdd9484e852478f2dc9b4ed1c507a78fd08429b68eb3904a111

Download Submit
C:\Users\Admin\Desktop\OptimizeRestore.M2V

Filesize
992KB

MD5
b472cbaa628dc6ff00b4ff7deb703f18

SHA1
05c99939e9e56050a91e95be632dcf950c3c4400

SHA256
fde223f72012bf4695a5d5a87d0dd298d56f5cf02701b8169ca0f574ac5a8951

SHA512
d5b7f60f5854d142127466d5ee7306c8b0a11c0a4ffbfa42ad8d5525f345dad223135367a3740118c882b1e7f14bf81beb29c86a60c1cfe5e1688ecf8f7447b5

Download Submit
C:\Users\Admin\Desktop\OptimizeRestore.M2V.givemenitro

Filesize
992KB

MD5
184b312586593b4c008c248e308b6c31

SHA1
6293a0f4a546f2afb9b56397db43601bb92a597e

SHA256
b4d702e3c90d982de442cd76efda5c3f7f77374880812615c229268f6a875039

SHA512
5d92f3cec94ef3e0d0dbaef4242b4e3fc318c83c76a2dd41971a12ecedeae21b6262bfa459467bb4e1aed1f98548ef22d7fa0e68a850e8a2967dd2488efc2cfb

Download Submit
C:\Users\Admin\Desktop\PopImport.shtml

Filesize
448KB

MD5
439cacb484a28c26dc4f9d4934e41f3b

SHA1
fe2d385085f948c3aa895e2a2b743712c37f78ae

SHA256
fcf091fcaf57d4bce05e73ba2469f95ce90d52494fb28cae971f930508c11715

SHA512
44284282f66fc023203bc49a421d2886857e91f5f0187dcec6db2416bcb680b4bba167081ae3b48cc2997008dbe08a1800656dbf9f7e8aa99d087c841e62ca10

Download Submit
C:\Users\Admin\Desktop\PopImport.shtml.givemenitro

Filesize
448KB

MD5
6cd63e6e26547327271088ba3ec3068e

SHA1
f34f3d1839f520ebbe1c936417e1c0bcfae3b8b0

SHA256
062653902252962cf0684d55c15f4a0729d1629435442a7b4006ef86e289ad0e

SHA512
cb0542a520a33299688204f3c2bf67ed20a4deab5918931e5cccf6b754f3ceb69d510e6ee2af27f69838aabd76219cdaf82cb088e52259b7d528a32184c3d883

Download Submit
C:\Users\Admin\Desktop\PushCheckpoint.mpv2

Filesize
416KB

MD5
aa7f5346f8b07786c2402485c016ce22

SHA1
df79feb45915e883ab71f63e152a762a6c2755f6

SHA256
86a74435b1d65ee132bc31d9a053fd56038f8cc89d616b2d0d3deef568b32755

SHA512
d91f11f22cca63451a21e2a0144b67f0ccc1156790a4c9b97b385c77e4f4710a70d9a9d9bb8d217c92ba742853d0c9a7fc008d84381fc4b41598124ddecf0a26

Download Submit
C:\Users\Admin\Desktop\PushCheckpoint.mpv2.givemenitro

Filesize
416KB

MD5
7e37ad1abd40806d6a03233010146a31

SHA1
98672b5a16dcc8053816510fc21b3108fa6e6fc8

SHA256
bed7ff4ac9c49c1312a3f6c98f663d0a0c5bb9d27c91e48a8f62a7a3d3f0f134

SHA512
6d8ef5b21f4b93b5d5b9fb9f056101011b60270621337dccf1bc04e21e7cb02092d710522fb93b3494807eefec4c555ff3bd808d930423b15a317f4678592bbe

Download Submit
C:\Users\Admin\Desktop\ReceiveSuspend.au3

Filesize
384KB

MD5
76d0c0f5da1f274a14197c63d0679d53

SHA1
9d385d8f9bcba14b1fe3015efcbb7a43c3ed08b1

SHA256
2c8d2e58f1a2de60c9c292ed14630f3deb66335ebf7c708ee507381559a30184

SHA512
00624e9bc59f3baf52840033678735fe22a57bd8b3b696afdca2011cd17cc173f1699adba70b33882d303130a001627084e92c54384d54d2ee93135d6bf6fb54

Download Submit
C:\Users\Admin\Desktop\ReceiveSuspend.au3.givemenitro

Filesize
384KB

MD5
b4e1bfa065ac093905bbbf299309c2dd

SHA1
cf9d8f09ddcf4f48c59cb3eaf9cc062985f7542b

SHA256
ec59e320706649dd3c180789835b1d469c22ffb7c9c2fd7624b845cf2cd834b5

SHA512
960cdd6c71377ddb5a26049e0e3fe70ed96c877b349adb4ded5264c80d1126f0f7b75a1fe9dcdc3d120cfb9caa97e0eaf6560a90835788a67298216a02c76f00

Download Submit
C:\Users\Admin\Desktop\RenameUninstall.asx

Filesize
864KB

MD5
f565375620560204f77f1f826c033802

SHA1
49dfd71c9a639656f024612bc58919f1cdc06cd7

SHA256
6dc6cc0742fba9f35ee3ef633bbdc851aa76baf900333796badf70111b815400

SHA512
9250a1340ed5afabf4581ad18b1554344b7f8c20aa99f585c3fcf033bb62edd1294da7bb9ddb688eb7896d663bdd6175524fe6097b2a9a4ea3455e59c8180af4

Download Submit
C:\Users\Admin\Desktop\RenameUninstall.asx.givemenitro

Filesize
864KB

MD5
544b34c6d5962fd0fa706257dc92a684

SHA1
c6e58c617472fbfbd85dd0205f9c48f3d3107e03

SHA256
2455b2ce2c43d83f426c900417b23379b5b8abbafd07f6d2de0436443459e4a8

SHA512
e917a4e4c5cceebf0045656deb773b6d9ac026a482459cbc65b927acf1a804d3e5a722418a2a7186fc7e1b067a5e8c2dc1cfe91db764bd021dcbf3f428480ebe

Download Submit
C:\Users\Admin\Desktop\RepairBlock.xml

Filesize
576KB

MD5
34c854a737578e64373837693cadb38c

SHA1
842949cbcbeda4f7581cfa3da4e563347c16a44a

SHA256
030cbad31e4069c161b9f59e3b20f731e3ee0ed7d033ea267c9972773f858cb9

SHA512
c02a64ce0f3b1145bcda8d96c7219264a787f32cf4542831013051e0df44e59325acd75762acb9526fe9a2268934502d9ea3cce4f1fb1358c464c2d22bc82b9c

Download Submit
C:\Users\Admin\Desktop\RepairBlock.xml.givemenitro

Filesize
576KB

MD5
9ce777039f69dbff7cf5ef1da1c6fd61

SHA1
fabb8ed7d6535ddf1da00583b2c0f140f7bd3418

SHA256
a0f892fd88737f2fedf5d7a2a97839d4e283a0bbc165da61317fb6de2ca38eec

SHA512
2300899f00ffb514b0f34e3f865e9e39acc2d095095e9da0a8d4c04a402993e65bcba04830a4df3abeaf347c29669dd6b0145c28aa854a417d906a6138b9f20e

Download Submit
C:\Users\Admin\Desktop\ResolveSearch.docx

Filesize
15KB

MD5
16b6dfd44ae1b7625893fb7001510a25

SHA1
ebbe197328ea31d8bd5663e912e2081c4fdea000

SHA256
62ac3f8a04e8f13a7d3a0ab4f6af38c46385ffb7f2304e8dac7c3dd033d61bb1

SHA512
22a00d70cc1248b677ba85c9fc5340d32b5602ce0749eeb4c32f6d3c0f9bdad7aa12fe5262fb0411e9fba3d24dfd0b8d46119070ed7ee19dc33e4a02a893037d

Download Submit
C:\Users\Admin\Desktop\ResolveSearch.docx.givemenitro

Filesize
15KB

MD5
efdfe614f595b41c94b21ad63a9b6c58

SHA1
d356f6a359a2a0e061b02038817b8bb1af873b81

SHA256
5a6ba511d1744e22ec435e0f154abe571064d51cee70667217c5671c6cd34b75

SHA512
e3fccfee38b414d99f008f1e328251ded9f04e01afadce83321036ab062155c75b5ab0fa7deb9ffd3be28fd22f13af9123b98257d768557d2a6f50933dcf52d8

Download Submit
C:\Users\Admin\Desktop\RestoreDebug.xps

Filesize
480KB

MD5
6f301c4f75d25c4b156c8bd5ecd50e3e

SHA1
a2091c79205ffe1af5bac41c82f58069818229f9

SHA256
220ada994e4be9a2a6a2d34a8f6500ed1f4720ca3a06302992ce3bca48d4f192

SHA512
284839c7f2e57836a39ed7aeb100d9771557e1305e54d0f4991ab5404c2ad44d621598b759a456e55391e7ac96ed0fe6f3380e175708e80bc3621c619e2a9604

Download Submit
C:\Users\Admin\Desktop\RestoreDebug.xps.givemenitro

Filesize
480KB

MD5
0635b91f9ab130b8b2619841b6bcbf4a

SHA1
74ab76dfbfc6267531b2c158731fc4d0e4c1f27b

SHA256
a6c8d96219146b636487063b20964968cb12f6f73e7da63c0206f2d454278d95

SHA512
a4d16b936de291ff08c306c3565f569c5a501808e96e102d868c45663bf77dad1ec6509196b86b4a20d67fda0020250fc2757008d092223e86746850d87b79fb

Download Submit
C:\Users\Admin\Desktop\SetComplete.docx

Filesize
13KB

MD5
65f94d16a2765fe8c12c4fbb1fee7e9d

SHA1
5fe6aaa2245c3273da4d3941e7de6e5b75e15921

SHA256
f2d9b59057ee058b229413eec9cb859807c69752c0762e049e008b03b1f4cf97

SHA512
d67e2c3a7c35a50ace855148efcc58a01962b86c1f76ad1da6c133e56378e8b688e6d4a0b5b1f97177d6eea8a06b02f3f46f771e37014073ce996ad562942bd6

Download Submit
C:\Users\Admin\Desktop\SetComplete.docx.givemenitro

Filesize
13KB

MD5
4ca47bc09ed29a97139060680ab022af

SHA1
f60f8722bc0f7221012b2b4e926a19e7ab82ae2f

SHA256
d756ca79d6c5320ce871ff8cdb2a5cd4522a2db0a4474e2a287f99419f96cc0c

SHA512
eecf523c694199d4827830880987b02376fddb3c338b5d5c2ee0f862ac5b827f04d2186fda329215a966f6c9f1f9e12bc5575dd73c21a6e5118aa7794389c3c1

Download Submit
C:\Users\Admin\Desktop\ShowPublish.search-ms

Filesize
736KB

MD5
d415010bd7c71b5ba436789cca9aac25

SHA1
88c38fcd03038ec962f0a92545f536a35853e183

SHA256
0f995a648e28c8a232331b6f4ea0e9102c7b66f777c33b63343f2a16cca367b6

SHA512
791a17b1e78dbd976aa770bb12fdc9c0c1c17c6710a60e43b053497546c79ef9f3047ed167ea6b6f1a49ff2f0941cb58829ab57ec7ca740eabe34b77a3e1bf96

Download Submit
C:\Users\Admin\Desktop\ShowPublish.search-ms.givemenitro

Filesize
736KB

MD5
635558176254dcd2631ecd80a864374c

SHA1
b925bbac72d3dd47ff79144e0e666868e6739041

SHA256
f0e1965d9c5c33839935db7353bf98adf128194300dc738b208d38e50516ad7d

SHA512
a3b8bb843799eab04c2419e8653de6741c2e162ac87002d48a84aeacada0345e51cc75b7d7cda2036e2de8a3915cef2bd7310b8490ac9a8d563ff1bcee41c26d

Download Submit
C:\Users\Admin\Desktop\StopResume.vbs

Filesize
832KB

MD5
daa2dcbaa6a825d9c67446b00bd2f049

SHA1
0482e3b34da5e805bcb504b0089cfdaf91203be1

SHA256
e041c5932ca29bcad09beea4b2a39baf6788c01eb229a77c982c4fd87d8015c6

SHA512
fc729ff0f98d207fd714a275e6f86b41cec51460cbb3fdeea0113c77c7f21951ae491ae0563e8e82e3f69d43e6a1067c6b8c2fad0a50de2301707398887c8d16

Download Submit
C:\Users\Admin\Desktop\StopResume.vbs.givemenitro

Filesize
832KB

MD5
2c4a49b6f3c23e008a4979a5f250429f

SHA1
270b08be4b4d2c6538c537b88086f8f1da718ade

SHA256
3c0aff94e40477816a187c88a76f960400b7e6fad9b3f9e3530141607614ccf4

SHA512
d5a596748aa0964796e79bb6629fd65a79b04bbddd7b26a5fbd7eaf1cf611710b25a71f000c1f6cdd6cd717919ff7c2c2c256cfe19c78437a9024e43db5437ac

Download Submit
C:\Users\Admin\Desktop\SubmitSend.docx

Filesize
13KB

MD5
1b41eb2577a881c7d7a67b86c39b10af

SHA1
f22379f71fba988c9adf23da717bdbe025cf3a73

SHA256
8435abf8dbba49aebdce38826a1394e9d44af90e49bc68f2673d9d3c3c13e416

SHA512
597ae312a3ad2ebe0c49dc25737f9249efac9ab26da7618eaf1d72ecf652dde1dcc7744b8e05b41eb3166a40e3302fa85ce71a275023abb4cfad3dfa850e358e

Download Submit
C:\Users\Admin\Desktop\SubmitSend.docx.givemenitro

Filesize
13KB

MD5
8e6435387bbfac8d8e7902dc9d4451f6

SHA1
6816c45d9db3ebbd1e5aac72a61471eb4a60e362

SHA256
d7ce43c6b6225d46fc4b2731694371173af1e21f951e21b6b2ab2aa3370e60e3

SHA512
09cf269f9a0e9277dbed0bce44b7c02a2106b86d6ac56c2177e23c53b5752e11e64f5e5d2b9ed150c78a7310717ea6a90364cb4de9f2f3e3fa830dd5f0932ad0

Download Submit
C:\Users\Admin\Desktop\SyncCompare.reg

Filesize
800KB

MD5
f49b05c62990277668ca5c57a2fac746

SHA1
3634d56f225059e8462023fa36ce06fd2635aa1a

SHA256
afd502284cf501abb04f93220155dde3cc859485cabca4e79e1af74b4ba744cb

SHA512
9ec9d1ab2980ed5a2b3ecc4202d3ddd040cbb37dcfcdbd4dbfc8d231c322c6a9165968d2d4177e6e66c42031c02d57072d259477db38202c372711711c932092

Download Submit
C:\Users\Admin\Desktop\SyncCompare.reg.givemenitro

Filesize
800KB

MD5
622409e3820c35485c44b1702c164d09

SHA1
0d38aaf4cbe1ae450f2b38228a2d1c4dd8166e14

SHA256
c146c81ab5262e22fb2f0bb86af1f0e2a5e3d9735238a5e0d50594cd5a85997f

SHA512
ab0a7df555a228f944f9f1535038b0c58e1e4ae286ee328b3f616e152f769acf38dbae84dcf832b2552a8a254977a194873c1d997382b5bfe5967dd9b20f403a

Download Submit
C:\Users\Admin\Desktop\TraceClose.mov

Filesize
1.1MB

MD5
a59222062c866fe0dc47495e99577a34

SHA1
bb8622557e02fa403e1da0c957be90dda94c161c

SHA256
be3d8b4f586641a637523d82cbc0859c0677a8970667a64248f27f937e1250af

SHA512
2ab0d1d26d7e7787bfa06a3c48ec644e6a5aca0fd7a64186049262253f970553f5aa0de6df57ea11e2669857080e4ab83830a948e0373b57a26f703129774e83

Download Submit
C:\Users\Admin\Desktop\TraceClose.mov.givemenitro

Filesize
1.1MB

MD5
71730d9f723dd47d821a4e3f99b51637

SHA1
5d63f17c4fcb580941dde115be40a38d77a093eb

SHA256
ae0a33e136fb4fd546a0a63682db071e172574b44de5dc2c17798535c73d312a

SHA512
412c20f7545e9b57dcf07e06a20f6e9e35dd6d3f2a1265a23eb1a3bafc1f359b4b2686810a4608265a1cdded58d1162849d8cb5bc5fb305e3109a538d5f9c2cc

Download Submit
C:\Users\Admin\Desktop\TraceLimit.wax

Filesize
1024KB

MD5
d55c56966b73c6dc4b4c4930090b07f7

SHA1
f688690dd8d1f0588441a473746eb64b8ae6aa4d

SHA256
6cae38a68fc0228ea09a32ac4b598bf0b87bc4631627d743be28f3c38f34d921

SHA512
8b40dbb6f0131e67b8a268ec0952ece7ecc2c9905064944d1119bd5cf3b152f093cee3b55a573aced6390f32b12eeb46cbe045b601e430c7130ccdce4432268a

Download Submit
C:\Users\Admin\Desktop\TraceLimit.wax.givemenitro

Filesize
1.0MB

MD5
1aa9e0390853eabaa9114abd57fe657e

SHA1
336923a0a942f87b1b353d205b863de439e8b283

SHA256
37954ea7ddd18d733d0e078ae49a47e5af312ab4d0125413fb8b0da7cb1d61d1

SHA512
2559a0ed6ca1a144e3f389779445ae5c3510efa1d73a443aab929cdbcb36d6aa7d361e13b6e263187057fac2f6d715ea6fade53e9e5abb7c215161a76d8d4643

Download Submit
C:\Users\Admin\Desktop\UnlockWait.wmf

Filesize
640KB

MD5
eceb21f379997fcc64d1f8775bbf486f

SHA1
57d1041a789a97597b21f56971d9ec1bbf1183fc

SHA256
e10e91eea7cc0a5b6c11b78529e496c0f71ad1a4a07b991778883692a4e652a0

SHA512
91abbbe19a9277699ad82ecb490a8055ed6e6b9ee84190dfbedc23e079b5100b856a70ed0501edaebbabc4bbf30c65e8a86362cfcf261ea041b8a047daf48cad

Download Submit
C:\Users\Admin\Desktop\UnlockWait.wmf.givemenitro

Filesize
640KB

MD5
d50faadd1a33e5a41b19de509d3e6c29

SHA1
a5eac15e4e8f4d11bb0b1ad29d0213948f1f89e8

SHA256
5a5a527dec2a01a78d47dd88002efa0efc69e857195caa423ff68df0c5055a71

SHA512
73f99b742dee6bd8fcecc35711774a7f56330aaf2bcd7f8ae705bd3f123e0778e08fbc5564ddb11addeeec645f6479ac5fd4f4612f9123b646acccb4b229dfc9

Download Submit
C:\Users\Admin\Desktop\desktop.ini

Filesize
282B

MD5
9e36cc3537ee9ee1e3b10fa4e761045b

SHA1
7726f55012e1e26cc762c9982e7c6c54ca7bb303

SHA256
4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

SHA512
5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

Download Submit
C:\Users\Admin\Desktop\desktop.ini.givemenitro

Filesize
320B

MD5
5ad20cf3add763a1b93e71180174ec54

SHA1
780888735ec3abfd54a088b8b58ee08cf006c3a0

SHA256
657c3355d2e1a0f72ec62bec2a445f86189b3e5f431a38f72ffab0510132867c

SHA512
7c9ca2b5970aec3977b108cc83495e91932215495d92d391096c767389fa80c144a93867b968169afad68d469e8d0f1922fae2a36c5aa783f87cdb9795ae4d1e

Download Submit
C:\Users\Admin\Documents\HideConvertTo (2).docx

Filesize
18KB

MD5
a1b9a388626e183335d8e42f845e1a47

SHA1
210c135d36fa6fe98e72df271cdeed2f26979aee

SHA256
9909e8e6e3dc4028d295ef186ab435658ca89aba291601fcf961c14d8bf08631

SHA512
2531e3cb57264f31584691ba674137a8cd74fbfafb14b4d66ca801b6e2645dafefe2c4ce5d9b5826acc1bafb3ea19078382bf7f7d6d626bf46e17c4164c4d653

Download Submit
C:\Users\Admin\Documents\desktop.ini

Filesize
402B

MD5
ecf88f261853fe08d58e2e903220da14

SHA1
f72807a9e081906654ae196605e681d5938a2e6c

SHA256
cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

SHA512
82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

Download Submit
C:\Users\Admin\Pictures\desktop.ini

Filesize
504B

MD5
29eae335b77f438e05594d86a6ca22ff

SHA1
d62ccc830c249de6b6532381b4c16a5f17f95d89

SHA256
88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

SHA512
5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
4d67e89e7c5f405b36ed6594ee36bb8e

SHA1
66f2def44a4dd4c1d5403c01901450e11f57003c

SHA256
042a6a22563e661442b2e3b0f3d5484a8cec101341e0ae2f6a3d1886faa6269c

SHA512
47492a40d93301491ac6befe80af91527b0fa16443e5387830415815fc8df2cea6728e254ea8c4291d370c2afaf298d8446accc5aa3f38440f5128a33cc5706d

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
f9354eca4e950d15127561f485e0d88b

SHA1
eadf157e7111508060ab31638c5bed55da62816d

SHA256
528837aa4937874f056f57caef4e496dc168b987cdf84876a601c27cea94d32f

SHA512
d93afa1603e71272eab80d7adf5a82323c52e5b15251c138c3bf5e1ed64d6ac85480acd864bcabb91594e7044415f97386e72e9dfef542ba79c6e359be69dfd2

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
bc82f1bc10efbfdc6c989e661acb29cb

SHA1
52bd265170a8ca917a639d3e633b2adbb757ff99

SHA256
d18343cc15d2f8e16185523f106c7fb6a512507763a839c5a5afda75df25d34c

SHA512
baa474c70dfb88127243231820831222a0bf385d84d1c79288db2a18dc5054e841f37c925c5c4c7a47ba727c13ead310672244cd388b9142f52f313205be6450

Download Submit
memory/1680-383-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-384-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-382-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-394-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-393-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-392-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-391-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-390-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-389-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/1680-388-0x0000023B9A660000-0x0000023B9A661000-memory.dmp

Filesize
4KB

Download
memory/3496-21-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-4-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-0-0x000000007442E000-0x000000007442F000-memory.dmp

Filesize
4KB

Download
memory/3496-125-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-124-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-123-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-122-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-121-0x00000000061B0000-0x00000000061BA000-memory.dmp

Filesize
40KB

Download
memory/3496-406-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-17-0x000000007442E000-0x000000007442F000-memory.dmp

Filesize
4KB

Download
memory/3496-1-0x0000000000A50000-0x0000000000A66000-memory.dmp

Filesize
88KB

Download
memory/3496-2-0x0000000005900000-0x0000000005EA4000-memory.dmp

Filesize
5.6MB

Download
memory/3496-3-0x0000000005450000-0x00000000054E2000-memory.dmp

Filesize
584KB

Download
memory/4972-277-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-282-0x00007FFCEFE70000-0x00007FFCEFE80000-memory.dmp

Filesize
64KB

Download
memory/4972-281-0x00007FFCEFE70000-0x00007FFCEFE80000-memory.dmp

Filesize
64KB

Download
memory/4972-354-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-357-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-278-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-273-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-356-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-355-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-272-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download
memory/4972-274-0x00007FFCF27D0000-0x00007FFCF27E0000-memory.dmp

Filesize
64KB

Download