Overview

overview

10

Static

static

10

ss.scr

windows10-2004-x64

10

Analysis

  • max time kernel
    62s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2024, 16:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ss.scr

  • Size

    659KB

  • MD5

    d45a90802125b3d7f9c852b84e2f4258

  • SHA1

    1904b4fc3212e30a991997622dfb25dcddcbbc9d

  • SHA256

    23b4f8c7077f5f9f6fbf62307543c12ba1fec9fdf5fa9e1d001c778e5ea4bc61

  • SHA512

    ade5b23ce6653f060a993e238a221f7f3637fd06556d4cfd0d61efb48e006f0a1e3159f6dbf42843483f965d292f75d57571ff20816f937929d6360f654d63b0

  • SSDEEP

    12288:O9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hf:aZ1xuVVjfFoynPaVBUR8f+kN10EBp

Score
10/10
darkcometguest1f63242mdiscoveryevasionpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest1f63242m

C2

rose324-64643.portmap.host:64643

Mutex

DC_MUTEX-X7EDN2P

Attributes
  • InstallPath

    MSDCSC\msdcsjc.exe

  • gencode

    TiHYA7QjFfAD

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    reahltekaudio

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies firewall policy service 3 TTPs 3 IoCs
    evasion
  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 2 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 59 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\ss.scr
    "C:\Users\Admin\AppData\Local\Temp\ss.scr" /S
    1⤵
    • Modifies WinLogon for persistence
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\ss.scr" +s +h
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4408
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp\ss.scr" +s +h
        3⤵
        • Sets file to hidden
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:3324
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3592
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
        3⤵
        • Sets file to hidden
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:644
    • C:\Windows\SysWOW64\notepad.exe
      notepad
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:828
    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC\msdcsjc.exe
      "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC\msdcsjc.exe"
      2⤵
      • Modifies firewall policy service
      • Modifies security service
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:3244
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
          PID:2856
        • C:\Windows\explorer.exe
          "C:\Windows\explorer.exe"
          3⤵
            PID:3640
          • C:\Windows\SysWOW64\notepad.exe
            notepad
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2064

      Network

            MITRE ATT&CK Enterprise v15

            Reconnaissance

            Resource Development

            Initial Access

            Execution

            Persistence

            Boot or Logon Autostart Execution

            2
            T1547

            Registry Run Keys / Startup Folder

            1
            T1547.001

            Winlogon Helper DLL

            1
            T1547.004

            Create or Modify System Process

            2
            T1543

            Windows Service

            2
            T1543.003

            Privilege Escalation

            Boot or Logon Autostart Execution

            2
            T1547

            Registry Run Keys / Startup Folder

            1
            T1547.001

            Winlogon Helper DLL

            1
            T1547.004

            Create or Modify System Process

            2
            T1543

            Windows Service

            2
            T1543.003

            Defense Evasion

            Hide Artifacts

            2
            T1564

            Hidden Files and Directories

            2
            T1564.001

            Impair Defenses

            3
            T1562

            Disable or Modify System Firewall

            1
            T1562.004

            Disable or Modify Tools

            2
            T1562.001

            Modify Registry

            7
            T1112

            Credential Access

            Discovery

            Query Registry

            1
            T1012

            System Information Discovery

            2
            T1082

            System Location Discovery

            1
            T1614

            System Language Discovery

            1
            T1614.001

            Lateral Movement

            Collection

            Command and Control

            Exfiltration

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC\msdcsjc.exe
              Filesize

              659KB

              MD5

              d45a90802125b3d7f9c852b84e2f4258

              SHA1

              1904b4fc3212e30a991997622dfb25dcddcbbc9d

              SHA256

              23b4f8c7077f5f9f6fbf62307543c12ba1fec9fdf5fa9e1d001c778e5ea4bc61

              SHA512

              ade5b23ce6653f060a993e238a221f7f3637fd06556d4cfd0d61efb48e006f0a1e3159f6dbf42843483f965d292f75d57571ff20816f937929d6360f654d63b0

              Download Submit

            • C:\Users\Admin\Desktop\ClearConnect.txt
              Filesize

              181KB

              MD5

              ed77c3485f5729cd8025020b723abd57

              SHA1

              6836bee09f326bd7a2833fb36c25ed27afab7be3

              SHA256

              f58d864faabbc3cfaf36e4ba2c4d5b8ab4e0618268ca71b9269a2928921d516b

              SHA512

              d539af71f6330f3d6572296b9953ed91cf0119e4f102220e9fe5335172aad224d8d893511ba5a2d68be9962bc3b0d3979d72e14d6537d06fef389d7424e568ef

              Download Submit

            • C:\Users\Admin\Desktop\CompareWatch.xlsx
              Filesize

              13KB

              MD5

              a2ea306b47b78e4e10bd65044b70b8dd

              SHA1

              ede278fac95c7eafd0deac8678ed8a9f59ee0a5d

              SHA256

              66df0977d0accfc2429ff17a33a2e201d45370552fb60911ffa564c21b221b4d

              SHA512

              179940b04c2624621c42077522f2db8590ed2cc9659a509f5e3e31b016d2f20a2e155f2de910c7fbbd9a08c32132f122269fb1b6ec58df86feb10e8b6ddbe392

              Download Submit

            • C:\Users\Admin\Desktop\ConfirmWait.sql
              Filesize

              191KB

              MD5

              197cc2e60c82b33f55c147fc3797c204

              SHA1

              cbf886fabc79b943ce01edae1241092d88359789

              SHA256

              0221d69729155cd11ab543dd11bf87d12f906c118b013328a075e5b27a4cfd34

              SHA512

              c0d4f06df7acf6af42cade2760c1f363d4bac6f54f3ddddd92345273d000ddc89520e85d0701ebad26cebacc87b9cee256c3fc3add8743c56358e35f655991b5

              Download Submit

            • C:\Users\Admin\Desktop\ConvertFromRegister.wm
              Filesize

              250KB

              MD5

              6bb9782f051930594a73e7866119ff2e

              SHA1

              52f3d675ad6081546129b1f898ec7860fb7da42a

              SHA256

              fc3e1c32d3364c35f1584f3d4ec6f4dac0dcbe212cb675d991e2623e90b074e3

              SHA512

              e41ca452938838081a02689b710bfec859b37788f7d24a308c282e67340700673e0b0215bd6517e11afa04608398e223ad16bd2f67ab04583b1fb1b709aca0f0

              Download Submit

            • C:\Users\Admin\Desktop\EnableLock.pcx
              Filesize

              329KB

              MD5

              e4c6433b372fd860f16c208b0283817c

              SHA1

              aa40b7f2ea59de05d5e7abecdadc12ed9c60cc3d

              SHA256

              3e5c7756ad507e56ebade1730db152dbea813e7881b1d5c13092a7e4805d2333

              SHA512

              315f40f37f5e5e2eaec834390136c63ca1947d2d8c050eff76acb74e288af3997f01cd61eb7ed005012b686db6ebaf604d0c40ab3ae72f9173500fc08ed2619f

              Download Submit

            • C:\Users\Admin\Desktop\ExportBlock.xlsx
              Filesize

              11KB

              MD5

              393bbd746a59c48196d68b77951d5e3d

              SHA1

              831a5461d61f7066b0be62249c309b51909bc198

              SHA256

              5625af798bdfefad12ae25f6f8b8628b39fae430c291426efb1f233dec70069a

              SHA512

              76dc3816de356fd87f59b0171ba208e6ae7bc38c09bba1674e22ca02db5f6a1900e8f5d4711b03b5399a4e6fef5af069a176fef15ba4bb4cf075c1df3f4f51dc

              Download Submit

            • C:\Users\Admin\Desktop\GrantOut.wma
              Filesize

              348KB

              MD5

              2365926931a9bb2796f412ba7eb4ea9f

              SHA1

              043ceed3ccec9fb915fd794201b9db478ebfa2e2

              SHA256

              9a29d635ac2071b28e015d99daa0ed32613892c2cd185efac293e5dbfc69e45a

              SHA512

              984e0f88cf5d782ac16f335885391ae10d9fc7351d3632db5595a30a91526dc3dc91cd51bd052c69dfb4ea46a3ac46fbd1959b58d9799332f7bf3320d7d5115b

              Download Submit

            • C:\Users\Admin\Desktop\InitializeRestore.odt
              Filesize

              152KB

              MD5

              dfbb6662f6ac591c5a88f06d8687e6f1

              SHA1

              9c42bd010473aaa059340f854d3c0ed7cff8f889

              SHA256

              34c19994045975194c41f0aa49b2ef358be5a4c1e29a11591faf98908470479e

              SHA512

              7c411a0e349e67dc1e2e9d7c481bb6ad4c3dc3e66bb68d7765afb39359dc03ad6a6c56223bf8bae21c0ed6171b0354ee7a164d36331a08b2e41c4ae337ea07ad

              Download Submit

            • C:\Users\Admin\Desktop\InitializeSearch.wps
              Filesize

              339KB

              MD5

              0135523c123ce892184a717d888f0859

              SHA1

              bca797aefb5bbfd263d6f1a08686748e8239ffe5

              SHA256

              1aac4d739121e19a36e6b7e5bd1d0d0acd870f6c98ca1ae58c2ba82b436d35ae

              SHA512

              1a789d26e8d4851fd653c544d985ce975ededde082047092fa1fcadd47dfc4a71ba85ba994936b0fc2fe1303ffc9fa0b3597f08bd789ab070811046d7fd3dc97

              Download Submit

            • C:\Users\Admin\Desktop\LimitNew.ppt
              Filesize

              280KB

              MD5

              099b5696a5919761a10ebbe4b0b3bc1f

              SHA1

              147c7a497d15548be52f16901195f36ae75f52ce

              SHA256

              e1605c51ed215ede2b282fd3ca914dfeeb94e2adadf3f8f745226d43899a8b08

              SHA512

              690b2c9e32a84cc4daf0e9076fdb6890794758c3b6089a242b82e3a34a88bd050b5a7885366d8e19a5745bfb5f65061bcd9628e37c27300df641507c67db77bb

              Download Submit

            • C:\Users\Admin\Desktop\MeasureExport.vb
              Filesize

              221KB

              MD5

              d397855f83cddd7ade442f193406661d

              SHA1

              e9e84749c759c067b168ec625cb1750c23291f97

              SHA256

              f07d82e6d8187edbbb97fd6f1e4d6cfce35aee75b11e59a241001c95a805dbeb

              SHA512

              749d085ed99a949de398cf2c7692089b818ee5f39e87649cbf20ba54e62520184d365ffb9c5c94699714c573b1495af1eac50b476d96a90a45c0e6fe01cce5fb

              Download Submit

            • C:\Users\Admin\Desktop\Microsoft Edge.lnk
              Filesize

              2KB

              MD5

              3b4f6c30f6ab1a0e24d0d92ad489d9d6

              SHA1

              c29f74d22e747a8b752a5117b68317972764efa6

              SHA256

              f7f56acc2d4e975dc4bc4c9eb93ee490366d590a038c3f398d355905b9e1acbb

              SHA512

              549185e788621292657e7855f42342e37f88946669a6f8ad5f2f79494b9869a839fa9d78a80bf966c5d8381f5f6e95f66d39941777b8569a8127ebde3ede110a

              Download Submit

            • C:\Users\Admin\Desktop\MoveSend.m1v
              Filesize

              172KB

              MD5

              b7dbd3512474a55e8de6c2faffd211d4

              SHA1

              7c3ed0133c70b9b069bba496e4be7b474b41b197

              SHA256

              a73a24d5612501e74d23f6a43ef0dfb520d5db8f52c9133858bb77ee1389dd9a

              SHA512

              7cc2ef7f8321fc6c96254c57ad33d429f0cdc69c27edc7f49f76b6b6f3ed83a3f278ffd4b3096b4afc5bc84de5e9ce36cf2e8062b37999611e05d5d5fe02e24f

              Download Submit

            • C:\Users\Admin\Desktop\PopUse.temp
              Filesize

              319KB

              MD5

              db795f7aebf2440b452706b0cf7734a1

              SHA1

              66bdfcdaeaf96a9d1787f886bf6b91beec2dc865

              SHA256

              a66f90e3a46d4abb8bb39005f2611e8fa38868676feff311b7d02fb613890723

              SHA512

              96d6fb75b1b109a377a619550bad9cef10414d80c4177a18b4d50d694b7aaea99018253e2dcd9d7a3e1c30ee1fb48689120758f9ff6a24621ce81805d7737e4b

              Download Submit

            • C:\Users\Admin\Desktop\PushConvertFrom.wmx
              Filesize

              142KB

              MD5

              c7c0083cad303fd5097f4c62e35495fc

              SHA1

              5324a6d8b0cea4bf624d9a282f2f0f4dbbb02454

              SHA256

              89a383061af60f6a6d33b8114e7a66fb8e130d9b8bb928ae974287f4dfc5f296

              SHA512

              0b73a3f53159cb524bbd23ab6d6a9ac47aab7495495911f6f8855da26dba01062892111d65290b269d3d1af571daf8b50ce20d136989cc67308347d01010ad9f

              Download Submit

            • C:\Users\Admin\Desktop\PushWrite.xlsx
              Filesize

              10KB

              MD5

              37bac20a8e05c703ce37385238ca0730

              SHA1

              f00435930f76784bb7679b72236acccafbcf7976

              SHA256

              847e9df844481e1367be94ef5b028bf1cbf7fcb01df749989ec8e9d9c251c7b8

              SHA512

              b1c5c7a4c6b0333f30c252c756ff9af18c0b1964ad3600c2ac83ec08cd7816b25f1f96085898e4b57e2b6b59ff9929743823c996417aed63d7c854b650d692fc

              Download Submit

            • C:\Users\Admin\Desktop\RemoveApprove.3gpp
              Filesize

              270KB

              MD5

              adaed32a13d146aa21b148e8c7bbfde9

              SHA1

              83a76c46390111b55d6300d208031793efea6519

              SHA256

              adbc2509f413779e4c127a248e78d856229b02078f7b09fb2c53de0a3c96e9ef

              SHA512

              89f48f4844963376f15e72ac5d04f2bd3bd7ae00126150692ca5a3514fbd591c3ec315f1a4018d01d4f857f699037cb671b202acb92196cbe8199a023bdcf539

              Download Submit

            • C:\Users\Admin\Desktop\RepairExit.otf
              Filesize

              481KB

              MD5

              da67f86c193318f9eee62ced2c7b0705

              SHA1

              58a7f9efdf6d735b5157e54cb8c743ccba2dbc12

              SHA256

              db362553cf69bf7eea935bc05ebcf3a36efb3e50382701863bc48e0f49938b3c

              SHA512

              b4b89a1d2834d70e23c979b15e9c81321bbde71b8cb359976821049b4b9c9c298e569897b3fdcc3d611a446f336455551fc1bf49263d93a41c5d0aad96ece9f1

              Download Submit

            • C:\Users\Admin\Desktop\RequestInstall.mhtml
              Filesize

              299KB

              MD5

              11476bf145bf8148d2f17f1dc1d3770b

              SHA1

              45415a6ac580faa7b0e044f28b74befa40f24b98

              SHA256

              596b49342caae34fae0a3928b3d4f1ea3f55eea4e305c0ef1ce17178cf3bd005

              SHA512

              a8286fae09ed42ab89a27df49e087c6a86196e668feac89259030037ce9b7b55cfef9f728aec9abdcc93417be24779aab690f7f569d76bbb5effe2ab7dc42254

              Download Submit

            • C:\Users\Admin\Desktop\RestartLock.rtf
              Filesize

              122KB

              MD5

              daa01b509cd0d8a75f8138ba1b88c907

              SHA1

              4ee58d1d6f45245654b524fc60613b734b0ca52f

              SHA256

              2e1a253e7eec5e80e11b31e97bfac789b00816cf23e9d7243d8885ce46bc1da1

              SHA512

              9610adf00ec2d18a63ff658a6e7388f6acf9278f5afe42e8eb3fa842df0b2706c19396fd7670a82faf3015b155b0e6fcd6807573bb7064eb3863fbfc7e295b84

              Download Submit

            • C:\Users\Admin\Desktop\RestoreCompress.wps
              Filesize

              289KB

              MD5

              efca902960b20ecb8b5e0faf4a59bbea

              SHA1

              809f2daa9251f56ce2d21dc58d9025d977086e9d

              SHA256

              1bfd570844a5c06fcf87acf7f68353b6563fcfbdf702f889590ed2f1dc45aab4

              SHA512

              79d12e64bf275e34af74b2d621c582cf61ebe1e5ef2d598816023f5ed509f48c70000afbb4c18913f52159ddf1e50cef908a5f26f055018cf4d44746575b6eeb

              Download Submit

            • C:\Users\Admin\Desktop\RevokeTrace.au3
              Filesize

              162KB

              MD5

              782d2419560d7b9f2e976a61fd32e4d8

              SHA1

              42e14cd4e640c87117096662696a689519ba5c5c

              SHA256

              37c88a20787db970e0bb277b51c06706fc8b6e14004bb5c397c99df0144888dc

              SHA512

              ac9c9848df3473d0a640dcbee4bf3dc9d6742d9a085a860bef484939724845ac1fe48713e99cc66503c54d27e52e2e94e0ca11da53566ed949bef561bf029656

              Download Submit

            • C:\Users\Admin\Desktop\SearchSend.html
              Filesize

              201KB

              MD5

              e91fefec60ac9bb12d30475bfc58e8dc

              SHA1

              055cd8f0086b0c994da246b9572523b146d10811

              SHA256

              47874300576e47149cc4605927bef60118e4d26991fb371627a5717176dd2f7c

              SHA512

              1e147d6c092ecf7131bada0f94c269a6f8b7c41d586cb0b58ffd7522dd5b4ba3a9f1726b94ae54192b2e6e238f21bda7e181320dd8634cf711c030105c03bf7f

              Download Submit

            • C:\Users\Admin\Desktop\SelectPush.docx
              Filesize

              14KB

              MD5

              6e5c6e384f6f48beca1818c4f63be466

              SHA1

              a887b3dc40e40989d692d86e3ddd5d25ae1dd343

              SHA256

              3aedce34d31b42a43429c68d51ff65f717ad5b6a0998b40bee3321ed8254e6c6

              SHA512

              56885e8a54ab76112fa237667b707e98cd8620a9a2d8b871347e3c13bcf7d31a8d68e3de458af8637c40790f82119565eac6b6169803cfeeb14fea47a00e6c5a

              Download Submit

            • C:\Users\Admin\Desktop\SendUnblock.crw
              Filesize

              132KB

              MD5

              555f478a2ac102de11b74b13394b100d

              SHA1

              4e28e71ccbed698e1aa70898d4607e5ef79d74de

              SHA256

              07993439ec1bea1e591bebe74d0de9a68babf2676f8edb0af20140d067a1e58d

              SHA512

              ee1c9eae3ce6f21ad3b0e060d33f7e0ac60ee86b64a41ea31830a8a577479ead957f68aa172efcbb54347c8880af692ba01f5d8f50b94f52f0095b5dd45322e1

              Download Submit

            • C:\Users\Admin\Desktop\StepRevoke.vsd
              Filesize

              211KB

              MD5

              8fc830b4e37160b8a513d2fd985ca5e6

              SHA1

              4ae0dbab526881497cce0bb7e9ba173d64faf48b

              SHA256

              36ef49528f1d090923a72f75d3d09605f90ce0b6cbe32e28cd77805873228d01

              SHA512

              6a4abea87682928f3d7808d76c9031c9e5bde0a8596235eb015df293ae476d1748aaecb4908d3592a04e98844487985d621d6b0a5a1f610771c975ef4660aadc

              Download Submit

            • C:\Users\Admin\Desktop\SubmitExit.xlsb
              Filesize

              231KB

              MD5

              21b971bb01418d8810954d95a3c91c10

              SHA1

              f1f011ac1abcf5e9bd9a4fec5cad9ee99315699f

              SHA256

              708766c0944f3eba99db3a9bd32148055a7156b3943df8f09acc5fd334275fd6

              SHA512

              850f2f77755008af5a793a1b92b7d141dac2176d2d895ad04c09e3670974ebfdccc1c289a236170476a276bd9339f0c72568aa3305ce67a813ffe0cac0c0f90b

              Download Submit

            • C:\Users\Admin\Desktop\TestConnect.rar
              Filesize

              260KB

              MD5

              a464011128dbdea6f0a854fe4416c207

              SHA1

              7e8bed05ef867aedc49ef09e06ea9e006cbda24b

              SHA256

              9cbf6339f039c8d4e965f03853f6c6ebad0befdf9c657f3a99c325bdffab5e57

              SHA512

              b931dc777be125fea5d36012273d70b2ab8eeefa8664e14a88dbba892f9570c6425ad2a7dbd8ef4faecab7561057acb294304da03c4f854e674453b70bb3e885

              Download Submit

            • C:\Users\Admin\Desktop\UnblockRepair.docx
              Filesize

              15KB

              MD5

              1421c9b3bdcdc6fca36edb500310694f

              SHA1

              3ae7b1442eec4dc805a121a5c886c5dfe67da222

              SHA256

              e85a63f7f3c59dae1985c3f25badf7a01a1f4a19ee8d6b00c3d8f8c9aea1e21e

              SHA512

              aa2d9b868cfc151253e35cd89a78a38f89e03cf88c381541c0d761f1ed056ce8aab0edac356673b3d720f02531a19cb4f450f801141811ea29bbbbd69923a1f0

              Download Submit

            • C:\Users\Admin\Desktop\UnlockRevoke.vbe
              Filesize

              309KB

              MD5

              d9fb8a346a647a3bd68c88df6fe62279

              SHA1

              b6edefa1ccc48e6282872a35a2373612e5830929

              SHA256

              1e0134834b2258346faf97ca3101397a7cb0ea660aed7445e69597fb60716927

              SHA512

              8e58f62147639241f61ce161ce709fdfc331fd1b36cd0a25a5e486997f83d514de7c5d8ffacef6e44a1ab7f93fb5eb238a34ec0d19059897037ed825763aae39

              Download Submit

            • C:\Users\Admin\Desktop\UpdateInitialize.dll
              Filesize

              240KB

              MD5

              777ce58814742b870eb5da943ab06974

              SHA1

              8a534597ac6447bfe37fe9e408d269f234f8a68d

              SHA256

              a9a71a967b7672b2eeb0ec25b061c4b43ac3e0266ea3918b8ef5ac23ee6400ae

              SHA512

              7cda637e22706dd63e4b3fba51561a2fb9531b8dc1fe124e5aec9225c9e19ef7cabee2a6923ab3d808d7862fa30ad0de1dab7b80db4926816a8106b886907b70

              Download Submit

            • C:\Users\Admin\Desktop\WriteExpand.xlsx
              Filesize

              10KB

              MD5

              c6ce01509560b2b2ab5abfb47cf44325

              SHA1

              aa99b046b1dc66b8d5123e0182e4c2d7f1605359

              SHA256

              f8d1a1a07147a7d4439b7c65a9802b2af2444748146fab3a94f6d49dc2e60b1b

              SHA512

              a3fa625cb31abb9b3c228d92b01858ad9a2eab18d261b7a4e0c14c3af298982ed813c08e549d58b279a9bb1a416f1aabbce93110e6a365d4a5b6b25b6a1f6d75

              Download Submit

            • C:\Users\Public\Desktop\Acrobat Reader DC.lnk
              Filesize

              2KB

              MD5

              4d67e89e7c5f405b36ed6594ee36bb8e

              SHA1

              66f2def44a4dd4c1d5403c01901450e11f57003c

              SHA256

              042a6a22563e661442b2e3b0f3d5484a8cec101341e0ae2f6a3d1886faa6269c

              SHA512

              47492a40d93301491ac6befe80af91527b0fa16443e5387830415815fc8df2cea6728e254ea8c4291d370c2afaf298d8446accc5aa3f38440f5128a33cc5706d

              Download Submit

            • C:\Users\Public\Desktop\Firefox.lnk
              Filesize

              1000B

              MD5

              f9354eca4e950d15127561f485e0d88b

              SHA1

              eadf157e7111508060ab31638c5bed55da62816d

              SHA256

              528837aa4937874f056f57caef4e496dc168b987cdf84876a601c27cea94d32f

              SHA512

              d93afa1603e71272eab80d7adf5a82323c52e5b15251c138c3bf5e1ed64d6ac85480acd864bcabb91594e7044415f97386e72e9dfef542ba79c6e359be69dfd2

              Download Submit

            • C:\Users\Public\Desktop\Google Chrome.lnk
              Filesize

              2KB

              MD5

              bc82f1bc10efbfdc6c989e661acb29cb

              SHA1

              52bd265170a8ca917a639d3e633b2adbb757ff99

              SHA256

              d18343cc15d2f8e16185523f106c7fb6a512507763a839c5a5afda75df25d34c

              SHA512

              baa474c70dfb88127243231820831222a0bf385d84d1c79288db2a18dc5054e841f37c925c5c4c7a47ba727c13ead310672244cd388b9142f52f313205be6450

              Download Submit

            • C:\Users\Public\Desktop\VLC media player.lnk
              Filesize

              923B

              MD5

              5afaaae04003ad3650ab6e2ce9de3add

              SHA1

              22809b8f095cafd543111cb8b33df51dfa870027

              SHA256

              95c1e0d807f45e566a01d7d685f056d6273fa3c679edb3831296c044e0cc75d2

              SHA512

              31458bc1f670afe45d288b9608167cffbdf9a2dc54f89935b65fe82187f9b13135a398b12a800f8fb04061ebf550dc2ff5e6e62ae93185a2900906197ee03588

              Download Submit

            • memory/828-4-0x0000000000680000-0x0000000000681000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1180-64-0x0000000000400000-0x00000000004B2000-memory.dmp

              Filesize

              712KB

              Download

            • memory/1180-0-0x00000000022C0000-0x00000000022C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2064-63-0x0000000000830000-0x0000000000831000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3244-66-0x0000000000400000-0x00000000004B2000-memory.dmp

              Filesize

              712KB

              Download

            • memory/3244-70-0x0000000000400000-0x00000000004B2000-memory.dmp

              Filesize

              712KB

              Download

            • memory/3244-83-0x0000000000400000-0x00000000004B2000-memory.dmp

              Filesize

              712KB

              Download

            • memory/3244-108-0x0000000000400000-0x00000000004B2000-memory.dmp

              Filesize

              712KB

              Download