ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2

max time kernel
1701s
max time network
1447s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-11-2024 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

psr.exe
Size

13.4MB
MD5

33c9518c086d0cca4a636bc86728485e
SHA1

2420ad25e243ab8905b49f60fe7fb96590661f50
SHA256

ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2
SHA512

6c2c470607b88e7cd79411b7a645b395cee3306a23e6ba50b8ac57f7d5529a1b350c34e19da69aeb1ffade44d5187b4a1ef209a53d21a83e9e35add10fc7867d
SSDEEP

49152:W/XzWTJmbjeHLKLpyNpaQ+69tPvGUmskDXs4Awd9CBqcUiInvlT2hPnXiwzYJ33S:W/EmGrKL2pllzP+UNkEARmzY1C

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	psr.exe
File opened (read-only)	\??\V:	psr.exe
File opened (read-only)	\??\Y:	psr.exe
File opened (read-only)	\??\Z:	psr.exe
File opened (read-only)	\??\L:	psr.exe
File opened (read-only)	\??\N:	psr.exe
File opened (read-only)	\??\T:	psr.exe
File opened (read-only)	\??\X:	psr.exe
File opened (read-only)	\??\H:	psr.exe
File opened (read-only)	\??\O:	psr.exe
File opened (read-only)	\??\K:	psr.exe
File opened (read-only)	\??\M:	psr.exe
File opened (read-only)	\??\P:	psr.exe
File opened (read-only)	\??\U:	psr.exe
File opened (read-only)	\??\A:	psr.exe
File opened (read-only)	\??\I:	psr.exe
File opened (read-only)	\??\G:	psr.exe
File opened (read-only)	\??\J:	psr.exe
File opened (read-only)	\??\R:	psr.exe
File opened (read-only)	\??\S:	psr.exe
File opened (read-only)	\??\W:	psr.exe
File opened (read-only)	\??\B:	psr.exe
File opened (read-only)	\??\E:	psr.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	psr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764109804733017"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2452	psr.exe
Token: SeCreatePagefilePrivilege	2452	psr.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2992	2916	chrome.exe	107
PID 2916 wrote to memory of 2992	2916	chrome.exe	107
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 4460	2916	chrome.exe	108
PID 2916 wrote to memory of 1924	2916	chrome.exe	110
PID 2916 wrote to memory of 1924	2916	chrome.exe	110
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111
PID 2916 wrote to memory of 1996	2916	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\psr.exe
"C:\Users\Admin\AppData\Local\Temp\psr.exe"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff93432cc40,0x7ff93432cc4c,0x7ff93432cc58
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,7781358930276855287,17580592940056111579,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:4816

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2f65bda665232d22ed12eb5c9b26bf2f

SHA1
678899cd78bca94f8b05914ad73b60112aae7b9f

SHA256
76b7a4c0060405ab949cc3203960de0e20597018c1cec8f53251bccd83ab04f4

SHA512
694fab78b8509e744960633555fd217ee8779f578a0df39c610f2b65b7ba846b6852ac1704fe1b2abd1d3f65a7bb2668bc09e68508d852ce33bfe592d8c507f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5ab6dd1741096167d7140686967ed7f6

SHA1
84c7173572a5e4cd88520b4ed8a21cca81466a23

SHA256
282d36891b789a3cdcc007ff7702f6b6767769867ca0dc3728e41bbf91fd7a31

SHA512
eab5d14e16383f5325521a0ba66a88edb148f58e1579b9fd750a2f427d8c0e8a3a33dfdb6cd1af39c2dd4f9efbb2171b883f099eca9e0cd4e94c1371213ec98a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
3154490ee64dd9334d04b15a202587da

SHA1
514abf737bcd56f3a48aec9cb0a42d8de19f4b71

SHA256
5a252d2a38a770d0cec486f82c7ca3b108bbe96027c107e3e5cd015bb0f1ac5e

SHA512
7b8ab6cf9bd626363805bdae35313a88ee9a175ec98c9c8f63c6f64301dce975fda8d908bd97d44b6c528eef5024698be2a6a61e18545867d8d68449205e7014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b06460bfe0411d26b0c19ed18244e18

SHA1
a333d6649e53754dcfef3165ea04a7b83830ea55

SHA256
09c1d0e61928c85806c3d475223bbd8bacb450731787cfb77c8a9a5fb0912d62

SHA512
49b9ebff6bc4d3219bfcb652e33d7b6d2e90efc7fb4513e8a9dd919cf272956d31e6ed8c4a1f4bd01c312936125196040dd84cc8681c1d71d77166c731293f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
371a81200221de52f1a994279ef6e8bc

SHA1
9fa9d560e9e6d66aa5dd3743aba569025e2182ae

SHA256
585892eb34aa3937a23a11c2bf71ae11c2d3be791007dcec4908ba499542d9ee

SHA512
fa5245cca22d60268258e7d2ae8650a809ffcbe75db2fb3b0430fd78bd0473408c8630f8ddb931254a0cfc55f1645829a668cff92dc69766217bd767b2ce90f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
33ce2381a75d2c6105b5eff2852164d3

SHA1
cd06fcae1e9172c6d05e0258aceab0a5fa7526b4

SHA256
7b521edb5d64e95d9ef69caec67d02f35299de803cbe01b25a42ded0cacc769f

SHA512
b16c73b18f2af24f71a4823ec6e405e4980109a6a6d38d1653a599dc49bc3bfdbfb229c9e866590e1ea788e003f93a3b22daab889dc69ea72c60ca22fee889fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
61bb6dd01a023eaf314a066622a47c83

SHA1
6e4bc8a8f7a6e0d7f2e96dada0dce3bedd0cfd74

SHA256
77b7aa4386149dbe680695ec662ccd29dd9bbd6fdb9961cea67a3fd9962e7787

SHA512
2d233b19102c43323d836129a1a42afd9c30e8f4e6f904eb7a5ad585025b52e6f8f77b4cc08efa80ff77cc696d501d8977fbfceb37c791ac27b51441c0e03d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
49020dbe53c8c43633a8f7d8308a251b

SHA1
6ebd7c57c8c7359ccabaf41b2ed31fefe54f2f44

SHA256
52a9d9c2d4950d2eb4134f819e862b9e6bee576924a65be364a8bc2d353b1e83

SHA512
6cd87297edf35cb1e00be684a8a71631b04e96c2ef7efbb27d52bdf3db1e8151f0337f7afa1995d818ca76b86693e285cb2bdffd9da07badc95aa4ffd930d6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
077f30960d9e4ee83fff7d6734fd4756

SHA1
88d4bfc40e94bfd1c60f8142d69ab2adfa00cddf

SHA256
9999209b6d22ce028595e36c06490222dc9e56489d3595539e762c609dea5ac0

SHA512
285dc9ca635cee97b1d64efcdf03a700ca5cf7b77bca7a77c1d29f5509b98b6c904b9cbcd8eb73112029ba562da731a2e4ba88eed8e08922e4f75c9a48728b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\LogoAnimation.gif

Filesize
327KB

MD5
93bd7bf04d77912d98aaed6decad1b8e

SHA1
885cd97fe084cc15c339aa9131dbaa98bdec38fe

SHA256
a90c6244e2202b30a83db9eff60c06ba73c27307c357358f76679477782453c5

SHA512
6d5c070459af13f9564514f975b0ed623518a9277d4bf359be8035dd3e15e81356017baa944042af9b8c61c78b659192aff624a262f41cffe2c282b67afe2eb4

Download Submit
C:\Users\Admin\Desktop\BackupSearch.mpg

Filesize
384KB

MD5
0299b05e70e7c0ac0aa90e7120c7e9f2

SHA1
e9a6975f1c81ece8d67a556b7f2c6af14540b895

SHA256
083cd57bf7913f12590279b24efdaba24619c28ac95a2f72a7c0d00a3a2ddc7b

SHA512
71e234cf958d364cf690631a6eb036cf9379d6abb5591649cc71e2ad7065b03661ac485bb4e2f28d24e7c9d2fdeb62efb913eb01d68520c956e586f811b76c05

Download Submit
C:\Users\Admin\Desktop\BlockUnblock.svgz

Filesize
336KB

MD5
d72733a99cc192b4bf5e6a094dbaf25f

SHA1
21d2428ed6fe6e6d2816400817e7a8f7d5c1a120

SHA256
2ac3964ac29245c01691e15ab2026e51c84ab62aba2ed6d90832530d24847c2d

SHA512
51585b70b77228e0be85ae549bb3ab2f21a44e3af0b5fe1c000706c04bdde372a391f6c10a73b84b08c8a85aee2d0778006c01f570b90fbc20a6af3689c2c8fb

Download Submit
C:\Users\Admin\Desktop\CheckpointRepair.ppt

Filesize
404KB

MD5
33335cdaf23a7dd97b5a2c1b50950674

SHA1
eb53a053406479e8fc64664624c3a554a07a4696

SHA256
6248ae658ad8c5a18a4e8f0362cf1bd419b8db4e5dcc0e8c7d3dcf526eed804f

SHA512
87dc867ef00e854443a0c4366f4a9e38e294bf660be6c9158c66bd8fa11fca998e0b557fdd59528193cb2df6368355de30c35c74dd20430fb1e7797de1e700ac

Download Submit
C:\Users\Admin\Desktop\CompressExport.mp2v

Filesize
355KB

MD5
f9559b5fff52bac49e6275d8a3282e3b

SHA1
ed1fe176b01999a8accb09aaebf81b89d5915583

SHA256
fe5b76403d8aae8a5d61d85030a91790c076eeeba0cf040f70171996e43c52b1

SHA512
4c5e3fd2d6a0872d53a1cff7548742912ce8d62d1e282109d57f10196521a9393016dd546ea3e80a893c872bc4a48ddf02f7dd6385d0f9e0c48aabba925835e9

Download Submit
C:\Users\Admin\Desktop\ConnectOut.easmx

Filesize
267KB

MD5
986f45d54cdc0f12a291043d35170735

SHA1
b71653fcb08dcd89f7d71914b4b4e1a7ada7fd45

SHA256
0a3fae393677ddb73876b632708fa2511ed460a6d9c91bbcbabd0a0e33990f6c

SHA512
ea3bdf0bb906e8a6e1d6ea4a209ed047d2622a18af19ab52886fd72c93831755914ad9f75a0090e6aac3bba3425bf4032713922126ef93532849a1c1da42e99e

Download Submit
C:\Users\Admin\Desktop\ConvertStart.jpeg

Filesize
209KB

MD5
811ac9fad7005fa3f7fe101a096d6c4a

SHA1
e434e08bd6be296ee163b74a5919ba5b3769559a

SHA256
51f2174130ceb3578e46b4deb6adb6d82691d7beee3e51864092bff3794b66e6

SHA512
2d2f2cb3e7e12ef0d47fe2699a00adecd474a673e1ae772f633390cc01285771d89349cabd33e84326a01774fc6e5e319e6d57b39c2d4545db68c73b8c290d35

Download Submit
C:\Users\Admin\Desktop\ConvertToNew.m4a

Filesize
306KB

MD5
52b9c989fea62b0d69f190e00ddf5fc5

SHA1
070417720c38479b84c9898454aa85e15440fe1c

SHA256
7b622724ec215fdc2d7bf5e86632e35b36653445073f47d9536ef4bb20050f6f

SHA512
3b900bbc4b8b0082de3d86d60ddf3bfaa9fb8326131b5fd65dc3b017df7c6491eecaf624062b5d600f2434bf470d26193de5a67dbdeabe8faa07d28612178015

Download Submit
C:\Users\Admin\Desktop\DisconnectResume.pcx

Filesize
297KB

MD5
45bc003cb0434ac502e98691050af6d2

SHA1
c13645de71198fe7a20f4de2551c9a7a6736ccfa

SHA256
576005b74af276d90726bdb7f8a36934d4567ecfd3d7dd60ec4770ae5d71f509

SHA512
1fa192771ea5b705e5442d42b300548acc4d3c0e34eb9e0a9bbd6e7dfeebf506237f8ada9d97d68cb48b2774903b107c1209822757b486709e08fc74f4b0ec20

Download Submit
C:\Users\Admin\Desktop\DismountResolve.fon

Filesize
219KB

MD5
dcda37758c4286b58d0057862110c6eb

SHA1
6d24ee728018dd5e8549e3f6cbeaa2b63ce8f847

SHA256
21c956083bb08e61d69f07abff01688a912e7189a2f040c73df026535815bf71

SHA512
a2c04c93bbb28bcd96bade234b4258f110775218f1c35014fc9d8b61242ec6c26b0c41c2f3b9dd9be16792d7f6bbbaf343a0f713754bee8d504215ed4e0ea307

Download Submit
C:\Users\Admin\Desktop\EditMeasure.docx

Filesize
13KB

MD5
389a303744b4b597ba46239dc57ce1f0

SHA1
0267652dda17fc614bd1329a228b4925448d6485

SHA256
b27800ecb0bc3cd515e1ddc3c4beee257a9df7a797c4b96a282bf2f3d2c132bd

SHA512
57cf631cd2b1eca15e75d0d8dd110c81e03bcf9630159a7e108b85f2f4de682c31d04b2ad091a0c86180e04dc5f41a7f0c5556030685df6e8bc99c2909b15178

Download Submit
C:\Users\Admin\Desktop\ExitUnpublish.m4v

Filesize
238KB

MD5
a6c887248d074be0c7ad261fdb2dfa20

SHA1
aad053a54b019a877b36556b4bc883daab5ba4c7

SHA256
7dc361f192b94fb94a5059ee1395abd1c9a3c6e74db88c1fd789c34e0af5e57a

SHA512
528c119c3674e96d9128d0b28539b0180ad50ec010116021b8133ea1c7203067773c8ce741f4c516d4572e095fce9331efa6fe53b4d94ce164e42eb685439355

Download Submit
C:\Users\Admin\Desktop\FindMeasure.docx

Filesize
16KB

MD5
0f56a52b09c18f33974de7203f539f9b

SHA1
5635827dc05bdf6bfbcbb39862b55aa16bda11c7

SHA256
c604df87dd874008019adf456ea937bebdbbce519a0e553e750efd3881958df7

SHA512
ac7846d3fcefe7d9f5cfe6eb13f3fc898f54cb659fb619781cbf13df54cd79f9770c56850fc0cb0f2f481eac70873aac50b60b34132d4a6c1cc58ca5924e5634

Download Submit
C:\Users\Admin\Desktop\FormatConvertTo.mp4v

Filesize
199KB

MD5
cf95fecae666a54e10686b277a4b7a2a

SHA1
7a57b9d9afc2e3b0757c4615a31b90cb095b8d2c

SHA256
dcc3182459316f55f997939a9347168f8c67fd4af168d963a77ca09358ac8b18

SHA512
72817b39bfda3ec1cc7d5091bd202c1e2c28798dccad793fb8aaf215920791bc70e54e85bf960a912d6b0830ac4fcdf8df7c593ae4fa809bf65caa15e901119e

Download Submit
C:\Users\Admin\Desktop\FormatRequest.vbs

Filesize
326KB

MD5
e8db40c0b3c5393dc3b3836fc292b59c

SHA1
e53bee7b9ba3fda6c12cb547e48400e980958de5

SHA256
6ed1e2565986bb5114b43f797ebe62241ac2108ddca8a6426c19e662318b9c37

SHA512
5333e232457e45f5ff279df8261b0d998ae55662e3edc848e56f03644727137906d7f2205cadc000cf0aa89be5cb83041c00f03af7b78f357563cfb81103c06a

Download Submit
C:\Users\Admin\Desktop\ImportBackup.DVR-MS

Filesize
287KB

MD5
16a9019ed4823292caf63c11ff3e84c1

SHA1
830acb8288e2eea71897f58e7568f48b6ee5e54b

SHA256
3f5340484829388728ffeeefa92120e56471a498ba1c21c4775351bb7a3b0d10

SHA512
9fdf365f0d9de3bf360294613458cf7afe62e1e5027f5ea40790961bac9b82a4de5bce9933dc82a152248d0cf601083d27d247fca67a64554dc08d7c9b35d95f

Download Submit
C:\Users\Admin\Desktop\ImportReset.wdp

Filesize
141KB

MD5
4eed69cd229aa122206f3ff8e1cc40bc

SHA1
31628f06e2cbabd637ca988f8479ba9f279a81f2

SHA256
045cd08aef68299425428109da5f3f487a5e2b3bc5c2ad73eeabfef9110ff7c9

SHA512
9064f3f4e4088a8bffe9a94e519d920e0ef24a4ea63151d1403172dc3b602514fb5a118f41c799d638b7b407a673a9ce39f7dd578d64cb2e4e46d8c61f2ad40f

Download Submit
C:\Users\Admin\Desktop\InstallStep.cab

Filesize
150KB

MD5
f061a9ff10242d3f1030d3f42c4005d1

SHA1
e905a0550e6fbe5b5e902df7a1a93bb2acda4ed0

SHA256
cb29df6cef69b3baf4cd5cb59b24eb563c36257d8f2e216237e4d4c24ce5ba0f

SHA512
d6666c888d79694949293dce382560ba8c4cbe7413f06e99f05fa22a4917621c3dde30162680fbb5a503e42bb16bd87168c46b6a80b0fc1759da79f776f467b8

Download Submit
C:\Users\Admin\Desktop\OutUninstall.html

Filesize
394KB

MD5
fbf8cf63003ad14e36d3f54b459efdff

SHA1
81279d2a7a81c18bf7ba9ef3681e087603361db6

SHA256
7229eb27da76121e256ada2a3fbaab7b393ec56bbde116f7ffcba825b5d7dfb9

SHA512
42a4430c352180b5f612e5a016b856873127dbdf6e693100c096a49446bfbaed1a2eee5c3fe915a4967eb1a598b1918f22bb35003dc95adebc7b91fc7d2a6527

Download Submit
C:\Users\Admin\Desktop\ProtectDeny.wmf

Filesize
365KB

MD5
ebf2eb8f734cc0dd5dcf20584280279d

SHA1
4160833dc971a608a716877e9f275f9b814e2ed9

SHA256
98a70e23dc18dca3dad7d172e48c9f5b69122efbd4ad18d4e0abd65a24a85fd1

SHA512
81a8fe0ed820569baf52593c42720eccc330589282017ddb05f70ffe61bdb342b766f8a5405d37814a1a00893a4ab66ff9c14f2d3e0689987aea32cb6c1d86b9

Download Submit
C:\Users\Admin\Desktop\ReceiveDismount.contact

Filesize
375KB

MD5
b1d96061ba0f56619854c4b6328569bf

SHA1
d2e300be9cf46a9f7fde2866e38b1708373b4663

SHA256
21afca8dd0733a48cd91a971ae2857b4e2ca8010cd828d1f65b0bb765e621841

SHA512
daa438520b168abb8495d748ff88b3b57aa54f34a877f8a69a57fb8727108b4a69f025835cf48dc7f01b143c6d54c031e31ac0b4ca9caed3663d5e68184151d7

Download Submit
C:\Users\Admin\Desktop\RepairCopy.WTV

Filesize
258KB

MD5
e20dd1e6884660043bd7a637bc4add73

SHA1
60b012304dac58fe85d09da051718a60e55af949

SHA256
40bbdd7f1d06401b1e7adb5f8a17ea3c18dcabefe85b7e820fe3ef1c5a7d4f67

SHA512
e0cd7b731e472fb3262bdb457555cca6305faba343a6d8ac52fb7a28cb8430d75bf7ec5327a8fb06d31653fafda7803f4ceec32405e0361529e8250ed5d52b65

Download Submit
C:\Users\Admin\Desktop\RequestWrite.wmf

Filesize
248KB

MD5
069a06d1d60332f50bfe646870f65a3a

SHA1
762c850af1083505eb1fd6fa12222ca431942140

SHA256
0b2be40d107248dbf2a5f23a3f515db134e5fedab58a78ef6e98be16a6a63a03

SHA512
bbd2101504d265bf524636ca0abf1d58ad250a4601a8cd8865d457ccbf6f03a5f739170f995fc940f5258d1d58782c8780bcb6d66d82235b85b5e7718c7c6794

Download Submit
C:\Users\Admin\Desktop\RestartMove.svgz

Filesize
170KB

MD5
b8baed5531aa50af984a3c00dc8e25e7

SHA1
93164c3120c56f61baaa147015147f98e9f437e4

SHA256
f9db4999844196e7ce0a357b5eccaab6f0baa3e994745851cae1f39b0c74c759

SHA512
fce9e971fd45f9a5e959ecd1af9689a1a62ddf13b44435d3145d8d6fbdd6f25d4d681ca3daba1e4e3bccba6a5275873489756356c67b0b1daad7db31a3122b11

Download Submit
C:\Users\Admin\Desktop\RevokeEnter.vdx

Filesize
277KB

MD5
6b5369872bdb06c2b6f59e5f7958e46f

SHA1
0abf4e22c0d414375d067c6db567d543e48d1f6e

SHA256
4d0bfcb5ccacb9f3aec827ee4f86917dfaccb611392b1604cc20a50605c3e826

SHA512
a066a5eb016f39b35cd4f913f39d70e077e386b7523c6250f7a9d4b690f657ec54f38cab2f11b16d5df783a771e145d86814fa386ddbc1e2771aa24398d0e852

Download Submit
C:\Users\Admin\Desktop\ShowClose.jtx

Filesize
554KB

MD5
57241ba4e326880ae078db3fbd49ac2b

SHA1
41d06fb3a25e4364ebb0d04f01c1915b68db6158

SHA256
26c1b201ebf59d3d04a3b0012d6548e4c777210be5bef4e66c9c5a7d1f2b6036

SHA512
c29b348da6b67e3c1778de4f2e12ecaaa7a5166827a90eac9cb10e5417df2df462ea6df3d4ba8dfd06b9f1f2d0cefad9d0297164c11316c1235300488830d7c8

Download Submit
C:\Users\Admin\Desktop\SubmitRedo.DVR-MS

Filesize
180KB

MD5
62135e7117085940c098c2f7bb1e3d16

SHA1
3ceff6472f6be3e3bd448d70cb5ee74914590999

SHA256
f892996294eb6cfac69da8a5af82fe9fe5f9827894b58c81656f742f42b1947b

SHA512
69e5a4e7839ca76b9b0095c09b9c826b9f412a2f6d3a29e590659848fadb5874f58ca19d6202a3cb42ce1fda2f34e40ef8c46b84ba857b10b3a57120b63ff159

Download Submit
C:\Users\Admin\Desktop\SyncUnregister.mpp

Filesize
228KB

MD5
2ae77b6f73f4f33816afebad4ed8caf6

SHA1
076e43fdcd1e156e412e686b7d99c26182e1fcdb

SHA256
55dad8d1b018b9b7e45e3f3a189f11a62748d7d54badeea847556358fd0218b6

SHA512
3ba39fc709550f1d135aac558dec47a992a988ffa31f6f99dd3f190f2a5d816f2fe6fe28637c22551631d57a6638456e8a929714161e08a2b4feaa8127e6f655

Download Submit
C:\Users\Admin\Desktop\TestUnlock.js

Filesize
160KB

MD5
e4614d7d66759aba675885aede03d3f7

SHA1
111debcd83750ea6ed309c7c96d6e78cb8518369

SHA256
9604f8927100e15e9f3d38797c82c18d8ee18b945782ef6efae3af49b987a474

SHA512
feb31144112a0913147abb3a085200553ffc021f269d71decf1e616817b9e1b5071f8d09b91ca55f4ea5ffa60baae8c280a9300110ad514feaef297918fa62fc

Download Submit
C:\Users\Admin\Desktop\UnblockDebug.m3u

Filesize
189KB

MD5
f379bc369f907b3dd0a81eb1506b8862

SHA1
530f99711022ad052ce599707d1cb5f30b773fb5

SHA256
af2570760a55477725bee6ee6f38161f6e0c3ed93010eb8852c795feacb0884e

SHA512
d2cc34a61b269fff27cb70286cbab3aabedd143051cd200b022a31ad6dad1286abbf7918a3c344c247314cf1eb044ea312c5799d066b8f60c3b656d6f546c023

Download Submit
C:\Users\Admin\Desktop\UnlockRepair.svgz

Filesize
316KB

MD5
cabaa67cd3646304aee5b2ba0aaec087

SHA1
38ab9c88c2217080248165b2ca27488698cf8f04

SHA256
1d4fe6bb2d3a36b42273418207e2102682ec122dbdb6515163624bbaddd604bd

SHA512
7e76aba2e3c5f708cd39da05c45e56f3e9dfb55a298330c1ed9178bb29666e400ec679e628dfe4ba4dfa98d2969cf5d0c28a5f8abc4104c04d288b5c2fe6ba90

Download Submit
C:\Users\Admin\Desktop\UnregisterSync.nfo

Filesize
345KB

MD5
5b9d7384b94c307beff49f861fd27354

SHA1
831362ac7f13620176831acf460e77a7905aeed6

SHA256
f131ce8f5fb2369deedab1911c818258d48fb6bd7a3cf5c6a65195eb4496a7b7

SHA512
f55a2edf0e0fe78857d7e67d9ed135c71ece7ae7750f1ada4f116b410ef6409f0c18c2dbc799a40fc74e2bcf3c47af3067180345822e24dbec5497f5c0831636

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
93227dabb5ff55c00bef6ad6c9cfa468

SHA1
40c651bd4328640fb6e0cdccdd485aae5fa09138

SHA256
eb3b803ca81d725d7e512ae55b5d43165741aff21805ca9c02b71d4f3281f203

SHA512
2aff3113a6a9e64a20c18991910611b9beb44a10a84fadf5e38b777ca855ec69286499b18217a0bc565a410abb36225bca763c37af1396f703813be2531b4116

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
3fb42940e4b173a3971a152acf78708a

SHA1
e20b7f56fd3c78ff6b017c38d96c7e736280b446

SHA256
892ec2cc88c3a7b8280dbcc872fb1cb0fa1c0babcfb7250a27707dfd0624b0dd

SHA512
bfa954d7bc7c08eebffcee0cf712fdafe529104a7fdf721b33d73e0d2e6692cea67c0f5eb724f65851824b3fa64d88b3897d6d11fa72eb11633e47743212b8bb

Download Submit
memory/2452-0-0x000000007454E000-0x000000007454F000-memory.dmp

Filesize
4KB

Download
memory/2452-17-0x000000000BBD0000-0x000000000BC08000-memory.dmp

Filesize
224KB

Download
memory/2452-49-0x000000007454E000-0x000000007454F000-memory.dmp

Filesize
4KB

Download
memory/2452-50-0x0000000074540000-0x0000000074CF1000-memory.dmp

Filesize
7.7MB

Download
memory/2452-52-0x0000000074540000-0x0000000074CF1000-memory.dmp

Filesize
7.7MB

Download
memory/2452-33-0x0000000017050000-0x0000000017072000-memory.dmp

Filesize
136KB

Download
memory/2452-18-0x000000000A720000-0x000000000A72E000-memory.dmp

Filesize
56KB

Download
memory/2452-34-0x000000000BCA0000-0x000000000BCA8000-memory.dmp

Filesize
32KB

Download
memory/2452-16-0x0000000074540000-0x0000000074CF1000-memory.dmp

Filesize
7.7MB

Download
memory/2452-6-0x0000000074540000-0x0000000074CF1000-memory.dmp

Filesize
7.7MB

Download
memory/2452-5-0x0000000006220000-0x000000000622A000-memory.dmp

Filesize
40KB

Download
memory/2452-4-0x0000000006210000-0x0000000006218000-memory.dmp

Filesize
32KB

Download
memory/2452-3-0x0000000006240000-0x0000000006266000-memory.dmp

Filesize
152KB

Download
memory/2452-2-0x0000000074540000-0x0000000074CF1000-memory.dmp

Filesize
7.7MB

Download
memory/2452-1-0x00000000006D0000-0x000000000143A000-memory.dmp

Filesize
13.4MB

Download