hxxps://drive[.]google[.]com/file/d/1xYHew7Ne_p_T2a-7dcWNjUJAeFsf2fTg/view?usp=drive_web

Analysis

max time kernel
537s
max time network
531s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1xYHew7Ne_p_T2a-7dcWNjUJAeFsf2fTg/view?usp=drive_web

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 53 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "3"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4748	msedge.exe
4748	msedge.exe
212	identity_helper.exe
212	identity_helper.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3616	NOTEPAD.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4936	7zG.exe
Token: 35	4936	7zG.exe
Token: SeSecurityPrivilege	4936	7zG.exe
Token: SeSecurityPrivilege	4936	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3616	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 4784	4748	msedge.exe	83
PID 4748 wrote to memory of 4784	4748	msedge.exe	83
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 1088	4748	msedge.exe	84
PID 4748 wrote to memory of 4624	4748	msedge.exe	85
PID 4748 wrote to memory of 4624	4748	msedge.exe	85
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86
PID 4748 wrote to memory of 4424	4748	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1xYHew7Ne_p_T2a-7dcWNjUJAeFsf2fTg/view?usp=drive_web
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3040 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,7454346368163960638,997371804832091541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1460

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DaniQuerido\" -ad -an -ai#7zMap28219:84:7zEvent23866
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
e6d5bcbcea2b2f91fe2cb663d6d1d723

SHA1
c58ad748d4910a40c847432c9e11be81705c0ed4

SHA256
a1e443d178ed124edeb0c129e82ae84f96cc075cce64a70b7af02f5ad04c6153

SHA512
3bdc757f881dfa63924543d91a8997fd7477b0ff15fdba5d2ff2635f8a27bccd92a7e3d249691da70350a2666cce29476e40c7f1376401a69d7d15080853ad78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5a6a57e6ca6429607f547f3449185714

SHA1
a94537788647098697c71b5c9dd1b05fb8871211

SHA256
34a7267c3d139e4d43af8332a7cf67abd79ac930f962afcb64755942286948ce

SHA512
d0df9ef64c215465db9db420f2ff74d93be76c7493df60590703aa73672c339d9c8fdab78a75c966bcacf894125a4b7b8e1ad9368e0b6f63ecca46afb0295d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4ab1d846cf64aff5383f5596b236f320

SHA1
88692f017865455be0ed41769c310567016ebaf5

SHA256
082bb96b0ca2778a93b8eef2c1d1371b00d18b07dbd4c7168c967198ed8feee0

SHA512
2e3b24333125f0ec403b362d51da231bee75668f9046764fb666901c82c58579690ad994cbe898d6d60006aa2da6804e6375661b86c3deba0ce81cbc8f4864e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9c6c9730b2ae8f028c628a6a6002a61f

SHA1
cf8a504b3bf4d734f2e1eb0c3f8451061d203d95

SHA256
e5de2e4d354a4f716d57a4bcb451d6dd61bd44cf7692c9444429cd20476b2f77

SHA512
f0306626b9f05831bdf9682b4212d499649120b493b904d32f3aff6e1c893bfb1846a2462e0e7dab4bd4d0dab68ce9584a293c9096c8b5885e7804cfb61cdba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
27a71041cd6d9c39cb27907529d55308

SHA1
8124a838b9c46c193996d07c7ca854fca68512aa

SHA256
9c0d787e6cd0d97391030834a0bb729b100992fda36488b234725ec3cb510276

SHA512
548f2fd49b23ca0bc2ad6d0e3c00e74f715e5802ae1e59dbce3c1598120bacb32494b526aeec1e59ee73c8fc8892d6b3b2b015f5f1977f41ea27b514b4495b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac1f67bac75536d86c5ad6488b6a09a8

SHA1
c4a042a321afe7289732d5f99e7b75479b55f157

SHA256
df11d0d4b39671c584f04252e46120a3a5bf6da1e773a40800fc04d1017e9a69

SHA512
b7fd71236fdb1060ff04330891817ec0dd287819d2353916f868f1241318fe3e845c844137df6a9cf5b307f936a6e129d547285c7a06b1fe46d5b8676bd2c13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fea137c981c4becc9873cdd41a2a0828

SHA1
d1b4a21497c861a3d560ef8b984291a79d745288

SHA256
9c02b7e970d7a2c11c3a29b80bb6aed5ec45432945a8ecc785f12718de083a68

SHA512
f6a51597a6269b478b38c806730f1b761214cee1e3f4542dcaadc8f0bf84a6251a1a799149bd827219c6e9fa30f7fb405853aedb8f489daa85a14ee1e80c3d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6f0ba9757e6f365ad2fbab2c53be88d

SHA1
068a168898f02da60e258e8681837f8005e55bf3

SHA256
7bafd1845cea4aa26feea79370ca34afb93be84998beb1abd571ef0eeb2bc80a

SHA512
21eda989f247891e472c00549561e3aac84aa6d535e767487cdb94e6110192348ed0bac7e837d0910224321eee199d3c53853cde51409f6a46745ee9be454dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa764b368d627b47fc33e88aab9016fe

SHA1
ee32002b2da617be98457f99bc34e1d5da98515f

SHA256
d2648d3f10984cfd2513b7d0df112c963578fbeb6259bd19c7ab83674c16f4d3

SHA512
76075e3c1de0e1c89733dbe3c206196104fb0fc6ae6b1dee1b70a4cbfc1a6885511002a72ef66f82d3b0923770c7d327a37b13c367a9400dd7e1722b1b4948a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5142d2c3f94b83d69d9034bcca0f76cc

SHA1
5ad764d8aba03ed6eef044f6259e368c401af947

SHA256
d897e6a2ce73dcc64e584ec4e0905b14e247a6a8b908e27d5a1b649f65a39a0e

SHA512
b678f2d5731aec083b6bc353d1a17f28175737892f55611d1c8497316bbedb285a351d1039ac8a81ecd8599a905b7d324390eb90f5c9d154427cfaa1af832c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c56a0aff1b605d8438cffdf4b765bc8b

SHA1
1dc3689173d651d5f354b56824d3f1d6f9789ccc

SHA256
ad986f360632d80f7d36d8730cb4392abba38642bcb51f7ce5b59d9d5ae44266

SHA512
c74d40d528628e2d8e4dcb5d9ff74f5e693c8d58d3d6e7e6974a75caa87c59feeb258e115435c91fdd9071d05e08ace8cdeb282e6fdca5d0ce8a4dd5f06a6828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7518219e5cc6c01fac8dc28b829c633

SHA1
02b6df1501e00db69138d91a0ea0fa236967cfc8

SHA256
3a9f0eade94cfab7c38de2c690996b1261e3861b23a4548aa2fbcb62d8b7003c

SHA512
85d403282ea85bddc5942acfd2464e914b1f90a962a6b9ef99a6a3e8ee964deb71d4943ffd99875db2bd898118f9befa75509388fed51252a6211d38e15eddda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5944a260285df20295a54dddc652927

SHA1
6f7801af62538322f69be207db075b25098a5260

SHA256
9c68c47e276b2cd612722de1b66b79ea2a1523f650eea0f387f8cf989c5d798e

SHA512
7bdd1aa543f046e2c6a8fb607ef4bfc6854e41906126086ae5fe760190dabd2cd58dd9f4d190dbcc88a2ef9b3141e8fe024eb8295fc32d25de38a10ceb13ca43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3a34633b11526eaeee99980a09f610b

SHA1
b02e42160aa3f1b552a96721b2f949c8998fba3d

SHA256
d52a0a95846f49f138eb5436888c6656daa1b35cb62c59dd566d148e0e04fd92

SHA512
d622a200bbf2f4548f5f450f7ff2e617055400605483f7878e56f6c74fead0f652e5a4800b557eeb9e4cc333e12a53197d3480b80d25f9514bd78403ee4e4e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
806fd36abfb355437cee09767a5a02bf

SHA1
3330724ff83eab1c3268a1a7475b30178cc57868

SHA256
3b2556f6f59d560e5811b025e1333c32d30c31101d89697bdacb2972417b4fde

SHA512
06d147ce52711540814ecf7903615b7c057a2c8195688e2c15d5a8d358a3d77f9574485ecc8b7a6c3acdd9859ad8bbee33f62965b88ca4fdd1ff680cb7e7dff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4d1ae0792597d6ca5e67dd67c75850f

SHA1
ce7df7fcbbbb695e11d3e8b5e969e9434034c8d9

SHA256
381e32143f46a5408d39c73a1f912b91253e08228dbd735ade17d83b5db66b96

SHA512
4b563d1bccdd9bae83db82e9bba1e83a5144f033076e1cb596f003f47698307d235e7897145d1c78f77cd53550003a40c88f15b9ae45a3d5d7f32748d6283aaa

Download Submit
C:\Users\Admin\Downloads\BlockOpen.jpg

Filesize
632KB

MD5
cd8be9adf9ff098f23373645add318e4

SHA1
0d9829fb68b91c9e2c514e62b854b550ea5b186e

SHA256
593f39979c78adeac065e0ce1bcca693d7663f0fbca97749c7313eedca297fdc

SHA512
fea0cada43e373517436c295459b996620ee86e6edda811831c584c96d6dcd9fd9736ccff1c1eb6656ccedd131f0920aab4d81c74c12c488ec4e316a25e75fd3

Download Submit
C:\Users\Admin\Downloads\CheckpointStart.exe

Filesize
409KB

MD5
126c630a6e52fd516ff8a05885106a75

SHA1
3d173df94fc840ab88d3fd4b59b2d17e92699cc6

SHA256
db260825aa5af631dabc72da22f9c3bc1611544f83d962bcda6513bb70cf3492

SHA512
49d7f9f817956e70aed7a079a423ecf734070d904670de2caaff5cdd16a6b0287af1fb4864d436a3ec498aa58381744dad6b7f493b6fbadf3ebd0147a3104c4d

Download Submit
C:\Users\Admin\Downloads\CloseMerge.rmi

Filesize
316KB

MD5
c6940bc63b2f62fe10cbb76b3980f181

SHA1
220559758d6451e216e7f1f543c48679bbe9e04b

SHA256
2a3d705327c17b5ce5fe298d261b038f69e99c127af68ae652277a40aa236c4b

SHA512
c6b352216573776a881990acc13e32c740c5e0650f587344c18cdb1bac7a03dcf40f14ab50106a343a92eb0b946884f5e11d08368aa800c55f2c99327d457d7a

Download Submit
C:\Users\Admin\Downloads\CloseStop.midi

Filesize
837KB

MD5
578e5c5aa3654dd217f84bd2c74155be

SHA1
e7e262e5312af4e461ca9588947dea5bccc6d331

SHA256
39fbcecc85e2ec9ff3fa1251a419ce4ec9f8973066b651133d8973dee61e1464

SHA512
c4b6522cb8fb7ef8113fac24b3910ace19117c3acd565d4be3dae1c744733105ff4dafb3d2cfbdb918d620b57bbd05f474465f5549c5fb6b2195bf10dd898ff8

Download Submit
C:\Users\Admin\Downloads\CompareDisconnect.png

Filesize
539KB

MD5
af87e1bf0cc3bb559f5adc2787d47c1f

SHA1
9a77a008b1bf4afeef9c97114c45a862fa40e0c4

SHA256
d2efbe69160146b4fd553e8f6244980048b04b5bc70d5ee731d5b977a9203c88

SHA512
8c7a42b722b69ac3b64c2784c95c3d7222346e4ea93bdc58cf2f5c3124396c34df0dbaa661404b6374c1d30bdf1a7095bd3d6ff1b0ba00bb0e3171cf6220a0fd

Download Submit
C:\Users\Admin\Downloads\CompleteStop.js

Filesize
799KB

MD5
42b35ba11a9bcebb2d6a48361df620cb

SHA1
d2d33bdbcef81132fd62a858b0ff8353bfeb06fa

SHA256
8a985d37acf3dceebb350fc2c0164cfa5fb76c19d668bf4c650436868f618b42

SHA512
44db344882214a415b4c2d48886939d0d9f13cc4fcff6858bd3ab6ae140619ae334d4cf1cc0584b5a539bfdf60bb73b1844b5858737c8370f9b014ddb9d56be9

Download Submit
C:\Users\Admin\Downloads\ConvertSuspend.cfg

Filesize
818KB

MD5
d2762faa096ef2a59e6e52a033c3f434

SHA1
242fcd46c1636a8f1b24b16f051fc3dfca0362b3

SHA256
69e3ac45179a6abf47cbd386bf9b05e3900714a9e799f022e75da2c8b89bba1e

SHA512
e83c2f4c9de0371707c8dce4241fa2eac75bf637d03db3c189bbf1268d105b382e71fe06830790fc2091e746445f49c25955e868fee877720375fb49e10f4a06

Download Submit
C:\Users\Admin\Downloads\DebugComplete.TTS

Filesize
892KB

MD5
e11d5106231c49e0f18d94509c9ef326

SHA1
032ba39103f0518a5edfe15685d0a9eee539f82a

SHA256
9a440492456a1f80100e7bfceb9cca02ce2a7fa503b886534ef931250f0f10e9

SHA512
8798784d844934d64a9e0120912f823dd711282a0bef718f3e36c3dc358d82e0642bd6958525de302d45afd5a52187cd8b20257a23e15ca5fe926c3578dff70e

Download Submit
C:\Users\Admin\Downloads\DebugRepair.ogg

Filesize
427KB

MD5
3ab82919d4396462314b0950f619ed74

SHA1
15f087d451bdaad7bf6cce4cf522ff9c54825c56

SHA256
960d86bff66ae2ce47cba64723978af33066da54e8cee8543b45e9bb673bf2b8

SHA512
67e5bdae422b7dc6a6e3b31e94bf7f744a2d8255d2ca39d3dec0061236ca3286d2eb36dd4f45343bcea59a28710a5e9347e3cc218a36a327c4d75c9e9ef4ebb6

Download Submit
C:\Users\Admin\Downloads\DenyExport.cfg

Filesize
613KB

MD5
002f8d4830af77a54032b6b6d8524007

SHA1
bb7c044d7e513dbb51bb68d2a693e372a71d119b

SHA256
3d2898a787fb7f44c89f150a06ccf6b498e33e775013247d50d0101910c691c0

SHA512
66f44af8b32369ab6329707275202ff4a86a4dd364e9aafe2b8213452d5442fa1647b0e7e1481a11cf153c43be2ed1c15b2a2a13779996e093c9291df6ff5fa6

Download Submit
C:\Users\Admin\Downloads\DisableRepair.ogg

Filesize
372KB

MD5
48acc4171c2d09f74ceae1f440739855

SHA1
4cd44db5dfa1b6d7233599b9510bc3b89c6a151c

SHA256
bfdfc7107314b4c6d06b9b9e66de5ba891e0f5abe0ecc9e03dd6fd47be91411d

SHA512
87fdc0ed91800f5240aee3404d81c967e457bbcd10d99d5d38795c80ecd23f5d9df2320f45f55d65d1fe5ccce8623dbd2461b502eca459240231bf6f2090e01c

Download Submit
C:\Users\Admin\Downloads\EnterPush.ogg

Filesize
502KB

MD5
be54638a0193e073febfaede71b416ac

SHA1
0d32fe1876df0ddc6b0790c58c0ff9d0a3ac6cb0

SHA256
3fa7ed596b8ffdc6fd09a4d1104cabf6e659d33acdfe1e27da2c5b9e9e43b601

SHA512
3d70cddf56c3913092c1303c6c303ab4d22a9f21984a20eadb47ad02f27e89b4fa975dad6002bc3893818ae5b9807c4f6f89b1d027f9f4aafc2d9ea038ce66ea

Download Submit
C:\Users\Admin\Downloads\GetCopy.rmi

Filesize
353KB

MD5
746a4baa2ad3aab0404949a4a6688384

SHA1
7db04edc8b27c4279032bf74017e1523740a51c9

SHA256
280f0727dff8585b41aa82aaaad005c39df0308bc1c09788672efc1a707d21dd

SHA512
71325ce47a088928dd9eeab0b100c681c4ceb83d5e99e9f9eb5ed66d2424d9165f89af23bd6d5e6ec060b8b129565c31687f7700941e3a0fcf133cc0365e153d

Download Submit
C:\Users\Admin\Downloads\GrantLock.cab

Filesize
390KB

MD5
7689dd37f715625f7214836ccc9472f5

SHA1
993359293d727859aedafcbf6790a5ec4389013b

SHA256
5ee63c934028bdd8ba75c4a71de63cf574962ade0101957c9a704b9be9130c3f

SHA512
9e648d026cd4fbaa68da5049f5380f176be2000c5c4a50af36da68c40f16580cbbcd834cd8bfd2d40a4e6b9380498788ed454dcfb582cabd6cd8d09e3b7101e2

Download Submit
C:\Users\Admin\Downloads\GroupEdit.mpeg

Filesize
706KB

MD5
0ee3bbbe6731421f1b06f18395f882f5

SHA1
78068cc224d1b920f82c58b744b30527ffc67489

SHA256
950da435fa137b42cd3c40d3c54f8cbb492271b4324c6e0f779770274296e456

SHA512
df916a3461a9ad9c2a1efc839a28de58cec07e54228cf72afec5a999ada18cb50d71cbf6c9e654e253c449a7a4fe8a2e03c8b0cd032849d321398d91633ac850

Download Submit
C:\Users\Admin\Downloads\GroupResize.3gpp

Filesize
1.2MB

MD5
7b6db8deb3820a2ae905e5547537fcbb

SHA1
238086faf4b6c32489e9ff29528f1a4bc0e86ab2

SHA256
a2cf1968320fe7ae5eba0f6cfddf4776ebaf01b4e22798f27bba9b4e69068a16

SHA512
86211559931a647daebbe41e1be4c45663f817926cd2edac1d6da7ed330d08e86239cde51c719a23d195c8185e7a4fd53a6388259b56de4f4b28ab688fda9318

Download Submit
C:\Users\Admin\Downloads\InitializeLock.avi

Filesize
334KB

MD5
e6ed95eebd2d4e6e2e800d6655d45eae

SHA1
83f9383c3e686ffd28479ca6f18ccea6ae3f7a84

SHA256
6691b40616b2889594c123c35e9899d154eed4abb02fd6dfeae6f1c3538ffa28

SHA512
7079d2d4706a27fb9f2f23da5f2edcef7c80e90467f6416e97a539e67de2d0b6aabafbbaef1652c59bac13212f3e1bc6c586cc86bcfb5841588ba45a0fcd4b2f

Download Submit
C:\Users\Admin\Downloads\InstallUnregister.au3

Filesize
855KB

MD5
e5bd177dfe349406fa6d3dfa8cbe1c06

SHA1
6df3eeffba3e2c8e301cccf4ef21d246186aae09

SHA256
5e4becb48a25a8b606ec0a4bb8163d3637350adba9ab719f5aa599f494934016

SHA512
cf55314b9828606d509b1d0b297c963d876d2aa78b7d956b62d7f9d981000bfff8e8af050003b97cf5a7f31b48e4bb58a170c5945a7b7ecfba23058d4348c8c1

Download Submit
C:\Users\Admin\Downloads\InvokeResolve.vstx

Filesize
576KB

MD5
810caa6649e8dace596cc9635a4201e3

SHA1
28ca26db9286cab763c1202a3e98a5fbc700c6ec

SHA256
da54241ded5290fe9e8202405a4e1ee51ffda2555869bd17a8dabe553d066851

SHA512
d9425936677d40ded29eb21a15a2aee16c6f012043ec331f0e569ef7e5aa332909987d66cb52f94fc70cc74442611849ebbad794e1de83c902d2a3cd57f78047

Download Submit
C:\Users\Admin\Downloads\MoveWait.mp3

Filesize
874KB

MD5
f7ee4610e88a49d009696306357efd23

SHA1
27da49a2428b124bed2c29b8a186e7201153d990

SHA256
606a301c64c6d692d1ee94955bbc3756ff0c8af289e0001e3ef43bd1bf2f6185

SHA512
e8d60a7d4397b6360e60339f51d947be1e9b05af610297093d22823473fe15d4a34bb1178e0355926ba45e4ab549e673df163869e1b7ad15b5d45843514dce45

Download Submit
C:\Users\Admin\Downloads\PublishSubmit.pptx

Filesize
781KB

MD5
5272cfcba0d072e97f146f61850f9c1b

SHA1
af7e10fafd1648aac9528161e56c0344d693f71e

SHA256
594803985d6b166c8312f9e72ad9b96d7ba232c87bd55b347fc7e27d3a690759

SHA512
baacbaf8d1bc4d7eccd98c6240ada014d694bc65049f0425a15ce2c7de176133cc55f191518d5b18c8b57068207efa4e83dd9e8ac66e097e0511c377ecce741d

Download Submit
C:\Users\Admin\Downloads\ReadSet.ps1xml

Filesize
465KB

MD5
7eddf4fef9c1d2ae8d3f0c6a85c44ab2

SHA1
9226998ca2fe3712651f32134ed3692fe6c0e81e

SHA256
5f10bf5be26a76238edf9a9da5123687921e754cb6fb0e7ad0d3f100f1f49232

SHA512
26b844bc8b3ca26c2d3fd202916f5e433ac5d1afa90a86edfac16c942660db23100120ea63d37f3f394a81b4ab201e68bc87448f0717c94274b833cec5e66eb2

Download Submit
C:\Users\Admin\Downloads\RegisterInstall.bmp

Filesize
558KB

MD5
07959c80e7cd5d9062b840e6bad5e2a7

SHA1
bdb404ced837e3c476e9a8067db3578848441ced

SHA256
17fd0b6e41226b1c2660feab842130564e0fe16572a257fd2e69273725b2477b

SHA512
06e8aee65b99800ccae0985a4c8a3d94566b5f831165aeb2b940bbed605e3a7e7fbe174ffdcc7f0adbe5d181ff945902be79a7b75d7145618737b3c8fd2f0b4f

Download Submit
C:\Users\Admin\Downloads\RepairWrite.mp2v

Filesize
725KB

MD5
c4540542cd9be715970bb8a0343684bd

SHA1
3d2ca6072df72a47bbc6f24f7c7847823bdba30e

SHA256
3b5de151bcc2857eccccbd77d6a860f9fa464db189b4900e78efbef9353e9d98

SHA512
00c23cc53d442c2b4f80c75fed21185027aa06d13a7f97fc2b4ad100a016fc522c459e8f5d03619a3a2419aa13528100b724b1ce0f85145a39f323f23db9571e

Download Submit
C:\Users\Admin\Downloads\SplitLimit.au3

Filesize
595KB

MD5
f86071981625d7891dc8324af4e978a9

SHA1
e0324cc27638069649084518e6d5e798a424ad6c

SHA256
d0492444f8b0a16afea81cb1893848f57613d688824e8730d78d8d4aa3e49f82

SHA512
5b994d6b882ced61af7e3e85a1b3ec0b5dac687b267df486c491ec7c1ff69630edc82aefd627ab3e43b0aafea2b065a5b28c03d20d245427c9aec8e723ba4f03

Download Submit
C:\Users\Admin\Downloads\SubmitClear.wmf

Filesize
911KB

MD5
661fd32c58c9f08ce47f74e507d44d24

SHA1
7c854ab52b01a039827a7d542997ac5d3700cb01

SHA256
ff13b6632d147170a8f29c4a804c189b871970cfb7a23a33f438d3b10a68b72f

SHA512
e222e57a5c86a39bfb5aead92cedf7a2993445888632f046dfb156ac4648aec39bec70f78bdaf4ab670b3aba785f331d5fec15fa3aaaf15765329579907173b7

Download Submit
C:\Users\Admin\Downloads\SwitchDeny.rtf

Filesize
651KB

MD5
b29a8ef7b9b6e32f426a4374ce99d662

SHA1
24549ea232b77bccb4ddab55b0daa8f5b11b3ce0

SHA256
e1c2a3dc1af87e376add0c1693c05960f50a983fb77aebcb40ee1d865084e2c9

SHA512
a5b3aa43c4f5b420df37df771af869d0e4400db7219c4fe1a1b8e3baabe9b12fc25b7d2da2905f9052d392412ba6c71c20fbe9743c99fdaa854e503c0d7468d4

Download Submit
C:\Users\Admin\Downloads\SyncExit.mpa

Filesize
744KB

MD5
7adf5fbde504b730eb94adbd50d80313

SHA1
adf5e1ac787a6bff2807296649610bfd3e1115f2

SHA256
10557d4ae3c74fb73c0e032a2e73121e68af38a4c23a3e5603e0adea76fc97ad

SHA512
9b83683b565f248ecd53469f2603cc7dee652618d19b20a14057290dd0b1aa90bc12b71c9f3d9b762c5148ad276eca323a8391e07c46dbc14ac4aed29b6895df

Download Submit
C:\Users\Admin\Downloads\TestBlock.hta

Filesize
520KB

MD5
1d83504f71338088d79de074fd62f3ae

SHA1
497dca41a9e388a256b25f8d89d9ca9353c2f2fe

SHA256
d0aae47fd727b3565888621fa04c125cf90ea6b067398670d56c6ae89990df5b

SHA512
88c2ff98f53086c9dd17df8b7044fc2db349e1d25f7abf3f96b8f423ff1c2873706cfb26eb83601a2a84e6b6d7f43d019bb302aa9094e36d5301cba2dce8eec1

Download Submit
C:\Users\Admin\Downloads\TraceRevoke.xltm

Filesize
688KB

MD5
938be6ff74557fd0897df42ab8c9e208

SHA1
e44ab571245e31477b95a1ebc58caa083077b1bb

SHA256
1473b2669ddea04cd6c06feb1f553965f608455ce243e95292bc94baf38fbda5

SHA512
17b163a187efb6fe391c992b6aadc9c7e09db5158f077933ca5bc970d8c2983c49064503565736176cdf8e2908ed981b046ca4bfb5a49f5213fa46dfab868e80

Download Submit
C:\Users\Admin\Downloads\UnprotectUse.docx

Filesize
483KB

MD5
2f46b2b39db3e10792febde3885cd1f4

SHA1
2216aee5243eb67e68b10f5346066e9005576f73

SHA256
cda95b2f25c93508fa0333405d19a1f715bab30898273b3cf894bd4561de75c4

SHA512
9a3c9e9ad6437ea790e4e4f6cd5870cc47e6ace8db2881392d10b16e3722a5443c6c9883266d4a77f2d817fb3ea8e165ffbb72198133ce0ef68750699c092858

Download Submit
C:\Users\Admin\Downloads\UpdatePublish.lnk

Filesize
669KB

MD5
5dac982e26bc92d7609733f98634dbc2

SHA1
b16afeee466bc77b5a2ae65c57409e817c04164f

SHA256
3b8b577e8bfd3627dd31bedfc0963406253dfc9e86dc45cd77ec61a45744268a

SHA512
53d29558899a106db9da92e55314c6019fbc864bcdec0ec25cf33223db06787fab97f51a72a8357fa03d8d9d334fff2f6a52f19e10164b64af0ebda507942d62

Download Submit
C:\Users\Admin\Downloads\UseNew.m4v

Filesize
762KB

MD5
d6057ba9841c6bacbf226ae189cf157c

SHA1
8f66cb0de07d21562f9f0577b1d70b17f707c472

SHA256
479639f047dfa88abe90a05066159f7f9c85518a588800f076c20070ad82a59c

SHA512
e2a6d785207cebf10392e9d095e57c142d5716a2b1bbb44f723bfb623d9b900e960f4914b5bb68ac673a7f2acb7da60707d13700de919963790268d7ad6b3b95

Download Submit
C:\Users\Admin\Downloads\WatchPush.dwg

Filesize
446KB

MD5
8b24f0f15347c6c13a1278d414b9cb17

SHA1
6ebd1eabf31ae5531d6d136325953ee0661a16f5

SHA256
b4227662879261b5120e3b4bf82bd79448028c93d927c0e35e76318c8e80ed82

SHA512
46c3a4e82884e279736607229a6b2f0926547cb7d9a1f9616b5de4bd4d2dc1a2d1117135b4f04b3d7cf9559ef281317279c4f53a0d897ce2577fd49325e905c2

Download Submit