4b9e4bbd675a45f1a99d54bff55576ba3c6d79ab76ea30e143d89fc1543e8580

Analysis

max time kernel
150s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Files/Apps/git.bat
Size

634B
MD5

b038cfe94c61d0c4fafd3980c02b7ee5
SHA1

51a5a125614a2aab749db78d1c1541a496b2d146
SHA256

0c3002057247aaf88ae0d16f34021f5e9dc78a6da49f26e3e163089f7e912f85
SHA512

02ee574a0bc3a36798a3a1729a16cfaaccec3c65fe54317680b2553b83ec316a927baeb4447d308366da49168dcbd44043ee6195424ac50feed546d995b83c67

Score

8^/10

discovery execution

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

6 116 powershell.exe
10 116 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exe

pid process

116 powershell.exe
836 powershell.exe
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

Git-2.41.0-64-bit.exeGit-2.41.0-64-bit.tmp

pid process

3968 Git-2.41.0-64-bit.exe
3464 Git-2.41.0-64-bit.tmp

flow	pid	process
6	116	powershell.exe
10	116	powershell.exe

pid	process
116	powershell.exe
836	powershell.exe

pid	process
3968	Git-2.41.0-64-bit.exe
3464	Git-2.41.0-64-bit.tmp

Drops file in Program Files directory 64 IoCs

Processes:

Git-2.41.0-64-bit.tmp

description	ioc	process
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Mexico\is-H4FOK.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\git-doc\howto\is-HMRS6.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tk8.6\demos\is-U547D.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\bin\is-1M0PE.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\git-lfs\is-8Q0GC.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\lib\gawk\is-TK9C4.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\lib\perl5\vendor_perl\auto\Net\SSLeay\is-GO70S.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\File\is-MR0DJ.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\vendor_perl\Convert\is-TM8AH.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Europe\is-3BRFQ.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\licenses\libiconv\is-IS7FO.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\bin\is-N2PD4.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\is-P4VK7.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\bin\is-5LP9G.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Pacific\is-T7QHB.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\bin\is-5G9SU.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\is-ES5RR.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tk8.6\demos\is-FNTC8.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\libexec\git-core\is-07QK9.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\IO\Compress\Adapter\is-EHPNV.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\vendor_perl\URI\file\is-M2AI3.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Asia\is-0VIV5.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Math\is-M6964.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\vendor_perl\Mail\is-11GCG.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\bin\is-5SS1S.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\licenses\libksba\is-RJANK.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\is-69P91.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-QECBJ.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\git-doc\is-L832A.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\xz\api\is-IIF1I.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\bin\is-UOOJJ.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\libexec\git-core\mergetools\is-OSA5E.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\vendor_perl\HTTP\is-OJPVH.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\libexec\git-core\is-63CRS.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\git-doc\is-LTJTV.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\bin\is-KRQMV.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\xz\is-SHRGD.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\bin\is-J4BHK.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\is-G0CMK.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-JTQER.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\vendor_perl\Mail\Field\is-OMH3O.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\is-OQSP4.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tk8.6\msgs\is-48DG1.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\git-doc\is-91K3K.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\xz\api\is-V98BD.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\America\Argentina\is-T5HA9.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Indian\is-4SVGV.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\libexec\git-core\mergetools\is-LN8VS.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tk8.6\msgs\is-STS2S.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\libexec\git-core\is-7PVPJ.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\share\doc\xz\is-S7E1M.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\is-9KM06.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\encoding\is-EM4S4.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Africa\is-5BBCM.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Pacific\is-7ANKI.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Africa\is-N5KH4.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Etc\is-BLG12.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Europe\is-S62O2.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-8I3R1.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\encoding\is-0ES1T.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\nano\extra\is-4G6RL.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\is-NKO2Q.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\America\is-CGCGM.tmp	Git-2.41.0-64-bit.tmp
File created	C:\Program Files\Git\usr\lib\perl5\core_perl\is-85GBD.tmp	Git-2.41.0-64-bit.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Git-2.41.0-64-bit.tmpGit-2.41.0-64-bit.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Git-2.41.0-64-bit.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Git-2.41.0-64-bit.exe

Runs net.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

powershell.exepowershell.exe

pid process

116 powershell.exe
116 powershell.exe
836 powershell.exe
836 powershell.exe
836 powershell.exe
836 powershell.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 116 powershell.exe
Token: SeDebugPrivilege 836 powershell.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Git-2.41.0-64-bit.tmp

pid process

3464 Git-2.41.0-64-bit.tmp

pid	process
116	powershell.exe
116	powershell.exe
836	powershell.exe
836	powershell.exe
836	powershell.exe
836	powershell.exe

description	pid	process
Token: SeDebugPrivilege	116	powershell.exe
Token: SeDebugPrivilege	836	powershell.exe

pid	process
3464	Git-2.41.0-64-bit.tmp

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

cmd.execmd.exepowershell.exeGit-2.41.0-64-bit.exeGit-2.41.0-64-bit.tmpcmd.exenet.exe

description	pid	process	target process
PID 3692 wrote to memory of 3604	3692	cmd.exe	cmd.exe
PID 3692 wrote to memory of 3604	3692	cmd.exe	cmd.exe
PID 3692 wrote to memory of 3544	3692	cmd.exe	cmd.exe
PID 3692 wrote to memory of 3544	3692	cmd.exe	cmd.exe
PID 3544 wrote to memory of 4256	3544	cmd.exe	chcp.com
PID 3544 wrote to memory of 4256	3544	cmd.exe	chcp.com
PID 3692 wrote to memory of 4604	3692	cmd.exe	chcp.com
PID 3692 wrote to memory of 4604	3692	cmd.exe	chcp.com
PID 3692 wrote to memory of 3956	3692	cmd.exe	chcp.com
PID 3692 wrote to memory of 3956	3692	cmd.exe	chcp.com
PID 3692 wrote to memory of 3096	3692	cmd.exe	fltMC.exe
PID 3692 wrote to memory of 3096	3692	cmd.exe	fltMC.exe
PID 3692 wrote to memory of 116	3692	cmd.exe	powershell.exe
PID 3692 wrote to memory of 116	3692	cmd.exe	powershell.exe
PID 3692 wrote to memory of 836	3692	cmd.exe	powershell.exe
PID 3692 wrote to memory of 836	3692	cmd.exe	powershell.exe
PID 836 wrote to memory of 3968	836	powershell.exe	Git-2.41.0-64-bit.exe
PID 836 wrote to memory of 3968	836	powershell.exe	Git-2.41.0-64-bit.exe
PID 836 wrote to memory of 3968	836	powershell.exe	Git-2.41.0-64-bit.exe
PID 3968 wrote to memory of 3464	3968	Git-2.41.0-64-bit.exe	Git-2.41.0-64-bit.tmp
PID 3968 wrote to memory of 3464	3968	Git-2.41.0-64-bit.exe	Git-2.41.0-64-bit.tmp
PID 3968 wrote to memory of 3464	3968	Git-2.41.0-64-bit.exe	Git-2.41.0-64-bit.tmp
PID 3464 wrote to memory of 4892	3464	Git-2.41.0-64-bit.tmp	cmd.exe
PID 3464 wrote to memory of 4892	3464	Git-2.41.0-64-bit.tmp	cmd.exe
PID 4892 wrote to memory of 448	4892	cmd.exe	net.exe
PID 4892 wrote to memory of 448	4892	cmd.exe	net.exe
PID 448 wrote to memory of 5112	448	net.exe	net1.exe
PID 448 wrote to memory of 5112	448	net.exe	net1.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Files\Apps\git.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ver
  2⤵
  PID:3604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c chcp
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:4256
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:4604
- C:\Windows\system32\chcp.com
  chcp 437
  2⤵
  PID:3956
- C:\Windows\system32\fltMC.exe
  fltmc
  2⤵
  PID:3096
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell Invoke-WebRequest -Uri https://github.com/git-for-windows/git/releases/download/v2.41.0.windows.1/Git-2.41.0-64-bit.exe -OutFile $env:USERPROFILE\Downloads\Git-2.41.0-64-bit.exe
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:116
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell Start-Process -FilePath "$env:USERPROFILE\Downloads\Git-2.41.0-64-bit.exe" -ArgumentList "/SILENT" -NoNewWindow -Wait
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Users\Admin\Downloads\Git-2.41.0-64-bit.exe
    "C:\Users\Admin\Downloads\Git-2.41.0-64-bit.exe" /SILENT
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\is-SBC40.tmp\Git-2.41.0-64-bit.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SBC40.tmp\Git-2.41.0-64-bit.tmp" /SL5="$B0042,59455050,867328,C:\Users\Admin\Downloads\Git-2.41.0-64-bit.exe" /SILENT
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:3464
    - - C:\Windows\system32\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /d /c net session >"C:\Users\Admin\AppData\Local\Temp\is-C8VLQ.tmp\net-session.txt"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4892
      - C:\Windows\system32\net.exe
        
        net session
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:448
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        7⤵
        
        PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Git\bin\sh.exe

Filesize
44KB

MD5
5784227f8d3be335dad99300edb005f7

SHA1
4e0c4cc55ea5b35e9f7e07b98a374bc224331ad6

SHA256
df6a373881f4ce81f2be4f108f997ac8c2ce3effb05efe2005e954f0a84c8033

SHA512
175e979657bd7b47e69ae8860f0082781576aae4d5034c49ea8f035894595acbe0106d36768cb42e148fdab681334b35983ee6ea36ef0a2259ad6c6c5e6b227a

Download Submit
C:\Program Files\Git\cmd\git.exe

Filesize
43KB

MD5
9aeab77ac3aa9c31acf28bb3126dd73b

SHA1
679ed95724f186819449e7d75c2d621cd38a29af

SHA256
5ecc74f73bcb2ed9ca3c35e7fa287018147fa53c5f8f402517af675a14afbb1a

SHA512
7047e089f111edd1764ff18c57386c6b28b3eb9b2b8aa7a5fdaeb31f7698e196ce8938e08c5d6207261f98dbccc1da0e2c896048a430889ed9bef63866331d35

Download Submit
C:\Program Files\Git\mingw64\bin\is-0VF0G.tmp

Filesize
1KB

MD5
7625a39f4fdb2f2c836aa1c1ae6c151d

SHA1
b6b80b1df12c8dff6dc775938979aaf0e21495e5

SHA256
a754318c603324a256d68e5f9767634fe795066a28d6a3a0f4b67ef1bd2aae73

SHA512
bafca3c60a51536b66098162e99b0f3f7521e0fd3614605b7bd4217b01218b095da7be40cdfcad6e244d3b20666e950b25899628c13407a706baea386f34a3aa

Download Submit
C:\Program Files\Git\mingw64\bin\is-2OUQH.tmp

Filesize
44KB

MD5
70c359e56e601a838512eb4254fcde48

SHA1
94b3741cf355ea8d2758a387bc1238ae5f91b299

SHA256
f19355f7e30a201ab0f15945aa2bdc22cd86b3255985b897bbe266fd56f12fd3

SHA512
0c0d993f9e9091f078ae33d9c7e5d48b5bd37b76a649333f50901acaf58feb8550c19f7f5aba538d1363e4ba6f3a68548d934c702b86be9854b1692a8dfdf8c8

Download Submit
C:\Program Files\Git\mingw64\bin\is-DRR1V.tmp

Filesize
85KB

MD5
fa5fb932217fc2e1a5829fe58a0e8695

SHA1
6cb315dd459ad9881ef1b85d65a73ad387ae60ea

SHA256
1e2ce91d2892fd17b6ad16065b1e391922cf4c34f645348b64f789dc0c9d269c

SHA512
8dd31c82b8bd714a0170180fdc104a45435b25c343fc90c2e5ebf05292284b1606d8d099876680ce777fc210c28bb4060d5973e1d17dc96471799eddddc10f1e

Download Submit
C:\Program Files\Git\mingw64\bin\is-FJNEP.tmp

Filesize
2KB

MD5
3edb2e00504ce044aa1bdb71e8a6c32f

SHA1
9804181215d0dbbe5df59981e21437f7ff4eff34

SHA256
a8e368a31766c7862b8d0feeffe274c3bb43b969e3ccb4f9e77d13bfa447a5c9

SHA512
475bbd71a9224e54d5ca69d81c55f95b3f5b5b4fbe169cdc9521ffc040689663bfe21b3075ab41920cf16179ee76b19e76511c827a5b094f57cf644560d3e70c

Download Submit
C:\Program Files\Git\mingw64\bin\is-G3SMV.tmp

Filesize
10KB

MD5
b485e9151c5b0125e63d86c751ef86c8

SHA1
dd425d6b6e9915125f46be5a1834113c566c8f0c

SHA256
0b7b4bfc9245e589e19b6a1508543f384d2d5c35194921195a1b2422e6b73ac4

SHA512
b1f8377837f723432d40dfff560f46f7610b7f658e10cc3ec414bcfa075fc00c73cbbaecde0f3d81e9cd7ae5979af1d6cf3893b4a890a7292c3f600c436ef982

Download Submit
C:\Program Files\Git\mingw64\bin\is-OL3VS.tmp

Filesize
66KB

MD5
5466b1d249b1e6ee167bad7621fb0369

SHA1
c8a37affc07467ed90f143301ea676ab1ef06604

SHA256
f078a78be891c08ef2a678308a1e574f0f0fedb697399c7ef9795cd5e662f6b2

SHA512
0ef27019e49edf92f958f806cc44a657262852e7250dce3bdb55c23997c243eafddd24f1234f4a5a2e7d7307806ed6cda1f7994e4b01cd0fbb59cb8a6b0e300e

Download Submit
C:\Program Files\Git\mingw64\etc\ssl\certs\is-06ST4.tmp

Filesize
255KB

MD5
d93ab65350e31db2cfb58897d5c06859

SHA1
2b8dbb1038eba7c20b40e8a8ffa918a0edfe1a40

SHA256
1e77499780a0fe74d541e0d64fa3d70c1d4d6235cc9e16b5208aec2ca2f8a829

SHA512
5399dfbcf97a0dd71381e2bed9bf0b7175c1ea145e8071c1a4533585dab764cb6e2576919c07aebb56121d9abf931556c40887bddee127c8c32f7ac5bba52cdd

Download Submit
C:\Program Files\Git\mingw64\etc\ssl\is-FVF8C.tmp

Filesize
212KB

MD5
207da462f2d9ca0c205be2ca90aee56a

SHA1
3223fad61577e357bd5af7e724de43d2e368e4dd

SHA256
f159e5f4bc21d821b34e28bcf1acfcd0a3950a68d2b512dcca7e756b6a477ff7

SHA512
592e40e11ce3476c65afe760b7e1b6cf0a835ec374c9a8b684bbdcddc4b62ea6e38bafc800550e168d21aa5f88de55ad0c853ac7fbafb8f007bef26050108440

Download Submit
C:\Program Files\Git\mingw64\libexec\git-core\is-O9H22.tmp

Filesize
2.2MB

MD5
b13e8dc27a00ba33af234e9a42d2a813

SHA1
bc9ed55d9850c8cab046af5949c96acd951f5589

SHA256
7d1a255f5b249a1429592c97b2d2d9880c775c8356abb1aadbba857966441ee2

SHA512
d503fb748e3e2842ce3c1d714d9fa1f130a036404715eb86fbbf2cb6bfed0729870c4fd44ee7cdec34f385485eb0404db05decf590a4e23c27ab68ea19bca981

Download Submit
C:\Program Files\Git\mingw64\share\licenses\libtasn1\is-6UELU.tmp

Filesize
34KB

MD5
d32239bcb673463ab874e80d47fae504

SHA1
8624bcdae55baeef00cd11d5dfcfa60f68710a02

SHA256
8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903

SHA512
7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c

Download Submit
C:\Program Files\Git\mingw64\share\licenses\libtasn1\is-Q6C2L.tmp

Filesize
25KB

MD5
4fbd65380cdd255951079008b364516c

SHA1
01a6b4bf79aca9b556822601186afab86e8c4fbf

SHA256
dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551

SHA512
1bca76c9f2f559a7851c278650125cd4f44a7ae4a96ceee6a6ba81d34d28fe7d6125c5ee459fef729b6a2a0eba3075c0841c8a156b3a26f66194f77f7d49151c

Download Submit
C:\Program Files\Git\usr\bin\is-2LJOK.tmp

Filesize
52KB

MD5
b332e2d71fea17011986781c61b4d991

SHA1
c84805e2e79dd120ab1213938bd27e10d22d3c64

SHA256
ac47f48f04799b0291eea1daa7234d62d93c20d4d22d76be7cd618f6ddc41746

SHA512
2be39f1d83da9c1b24f2bf6f647207c7bbe8a2164f576917001fc1258285a85498bd185a5ca6d446ec53562361e179a84131960aa33a25f3cdb698787b019962

Download Submit
C:\Program Files\Git\usr\bin\is-56PEC.tmp

Filesize
1KB

MD5
e243255b6cf3b9403df53cb9cd6176e1

SHA1
c90132a93c5cb1196e6cb10be1d6171c8f1b1472

SHA256
0e7ca63849eebc9ea476ea1fefab05e60b0ac8066f73c7d58e8ff607c941f212

SHA512
89262742db7bc927e72d55d7ff8ef57468ce9c518d9a284023c05f39373840db5697a314e6fa26c7c1fc920837c9b925759bc905b576359ffe975523eb8e65ab

Download Submit
C:\Program Files\Git\usr\bin\is-J1ID5.tmp

Filesize
52KB

MD5
1c78369148bf55e5f10d95fd09009643

SHA1
ef7b95b3095ef7a75f7ef72334f0c3b34145c099

SHA256
b3704efcddb64240b7c3bf2ee38377a30e53d38293d2fe489218aa4292dab1e3

SHA512
3783d9560de9f744b139c5265ea7ca387dfea7f8483474647f2aa750013bb84877a5ddfe1492005002ca1b1191ba7d52580a514827f12ea4a148721bf1221808

Download Submit
C:\Program Files\Git\usr\bin\is-KLTQQ.tmp

Filesize
2KB

MD5
e786fc0d18a8c8679897afec7dc20f81

SHA1
b53283980b78efb04ba9f0b0ff38d055bd3d751c

SHA256
1c1f96193cdf14b85ea65f140a7557a07ece8783a53ec5ba6b5c30644a9d3012

SHA512
c5421c591c25a0e7858e20d3211293898ec9eb77a766ece887b173dd1b5dc5ba331942006ee546fa98430a3f73e00ccff7b8332065988d86a7145f4ecd24065e

Download Submit
C:\Program Files\Git\usr\bin\is-UU5I8.tmp

Filesize
612KB

MD5
850a4dee8799bc92fc454aa7eb75b926

SHA1
611f5640295cda4c03b989ac315c9fda83d735d0

SHA256
6dad72258006dc40a68c8c4b3841387198071cb833e843e01bcfa7fed72a0766

SHA512
6175e7afcdf3824a24f724884f7dc0f8f4250ec20e712d91c7c8c742ee5e8b230131ce6d4c30e024accdde9e04bcf369c984fb91095a540f2168c51329e5c9cd

Download Submit
C:\Program Files\Git\usr\bin\is-VH6TD.tmp

Filesize
90KB

MD5
8d87dcdd2ac38ce037afd0aba6d80259

SHA1
5313a2fd333a05fa471776bc2df1b159b922ea06

SHA256
ac027e648f7d4bb8172d13a1bc27ac71784d193109aa48e76eff703aeb0f520d

SHA512
981476177942a7afe194407bfc57196d7a42a648975b7ea63e40fc2d6164e4c81416cad9625285185c304d392c9958dc412dd2b303bdd15ab18cb90159524d39

Download Submit
C:\Program Files\Git\usr\lib\terminfo\73\is-SJN9J.tmp

Filesize
1KB

MD5
d61e0247845f1340f61c2b20ca9577d1

SHA1
712d0420d53174d9df9e4f032f3c63a78bbe7472

SHA256
4ae4f1c39f9d159347192ef24f021459e30ca7d45f22e47b9bf850842b69c566

SHA512
928aff88cfe4d713cac70f947af59e1e8ec015dbd0aa0d3a321ccc6b16d56f3ab7f94ce01445e82591b43a98f160e8a954c6a29f61f6b31249b53a901ec554a5

Download Submit
C:\Program Files\Git\usr\share\gnupg\is-T5LC9.tmp

Filesize
9KB

MD5
14a267cde4ab3ba9bf15d6bac9eddff5

SHA1
6acaa6d2d24416aa079ee3d87ac87ddb1d6744a6

SHA256
05cdf5a33891882a1b96e007c0ac8dc9f99592f3667f79d83904a38e38e8bbe2

SHA512
4a41044d63b7d1eded892b3f0bd1c60b6b2c6cf2c4fdee273149b9790c21e08dd829b5ff8be8731b029cc6a4cf4d15a4d531cff4033d5fdc545a10d6233df11e

Download Submit
C:\Program Files\Git\usr\share\licenses\libxml2\is-FSBS9.tmp

Filesize
1KB

MD5
2044417e2e5006b65a8b9067b683fcf1

SHA1
3c21506a45e8d0171fc92fd4ff6903c13adde660

SHA256
c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd

SHA512
08955e4168147a848ef90a9793f2ebe32c8318a5c38fefc3680a00f5d92646ca0619067c8d55fa7d33f96e887467823590fb55ac0803c49b4bef31b3ed8c2b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
08f9f3eb63ff567d1ee2a25e9bbf18f0

SHA1
6bf06056d1bb14c183490caf950e29ac9d73643a

SHA256
82147660dc8d3259f87906470e055ae572c1681201f74989b08789298511e5f0

SHA512
425a4a8babbc11664d9bac3232b42c45ce8430b3f0b2ae3d9c8e12ad665cd4b4cbae98280084ee77cf463b852309d02ca43e5742a46c842c6b00431fc047d512

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_51z3jgxb.htp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SBC40.tmp\Git-2.41.0-64-bit.tmp

Filesize
3.1MB

MD5
fca451816569348d0241395945dd75d1

SHA1
28a3788de615282d423b822446b576b6d9d86c98

SHA256
f2993476a9756bdcf3aff252867f5e741cf90bdb6ad64c7cc9e99863aa318205

SHA512
ad2feb8e4adef03feb5156ffa74948c5c2d9ef4b18c3d4ccc8c615a6d9b2d9ebb846a7292ba9f4af63056f8adbab0ddf54c4a380e69f9c8a6ce190c128920c54

Download Submit
memory/116-0-0x00007FFA38143000-0x00007FFA38145000-memory.dmp

Filesize
8KB

Download
memory/116-12-0x00007FFA38140000-0x00007FFA38C01000-memory.dmp

Filesize
10.8MB

Download
memory/116-13-0x00007FFA38143000-0x00007FFA38145000-memory.dmp

Filesize
8KB

Download
memory/116-11-0x00007FFA38140000-0x00007FFA38C01000-memory.dmp

Filesize
10.8MB

Download
memory/116-1-0x000002BB58BB0000-0x000002BB58BD2000-memory.dmp

Filesize
136KB

Download
memory/116-14-0x00007FFA38140000-0x00007FFA38C01000-memory.dmp

Filesize
10.8MB

Download
memory/116-15-0x00007FFA38140000-0x00007FFA38C01000-memory.dmp

Filesize
10.8MB

Download
memory/116-19-0x00007FFA38140000-0x00007FFA38C01000-memory.dmp

Filesize
10.8MB

Download
memory/3464-3924-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/3464-7842-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/3968-3557-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/3968-34-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download