sectoprat | hxxps://www[.]mediafire[.]com/file/8luh427dyvker95/HVNC_Beta1[.]rar/file

Resubmissions

13-01-2025 10:44

250113-ms248s1qdj 7

13-01-2025 10:31

250113-mkl32s1mhq 10

Analysis

max time kernel
115s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/8luh427dyvker95/HVNC_Beta1.rar/file

Score

10^/10

sectoprat discovery rat trojan

Malware Config

Signatures

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

resource	yara_rule
behavioral1/memory/5580-940-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp	family_sectoprat
behavioral1/memory/5580-941-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp	family_sectoprat
behavioral1/memory/5580-1009-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp	family_sectoprat

Sectoprat family
sectoprat

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	HVNC Beta1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	HVNC Beta1.exe

Executes dropped EXE 1 IoCs

pid	Process
5580	HVNC Beta1.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Control Panel 26 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\IBeam	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Appearance\Current	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\Help = "C:\\Windows\\cursors\\aero_helpsel.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\Hand = "C:\\Windows\\cursors\\aero_link.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Appearance\NewCurrent	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\NWPen = "C:\\Windows\\cursors\\aero_pen.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\SizeNESW = "C:\\Windows\\cursors\\aero_nesw.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\Wait = "C:\\Windows\\cursors\\aero_busy.ani"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\SizeNS = "C:\\Windows\\cursors\\aero_ns.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\SizeWE = "C:\\Windows\\cursors\\aero_ew.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\Crosshair	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Appearance	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Accessibility\HighContrast\Flags = "126"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\UserPreferencesMask = 9e1e078012000000	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\cursors\\aero_arrow.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\SizeNWSE = "C:\\Windows\\cursors\\aero_nwse.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\SizeAll = "C:\\Windows\\cursors\\aero_move.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\ = "Windows Default"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\Scheme Source = "2"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\No = "C:\\Windows\\cursors\\aero_unavail.cur"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\UpArrow = "C:\\Windows\\cursors\\aero_up.cur"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Accessibility\HighContrast	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Accessibility\HighContrast\High Contrast Scheme	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Accessibility\HighContrast\Previous High Contrast Scheme MUI Value	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\cursors\\aero_working.ani"	rundll32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133812379120001534"	chrome.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
5452	7zG.exe
5580	HVNC Beta1.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe
5048	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 4336	4080	chrome.exe	82
PID 4080 wrote to memory of 4336	4080	chrome.exe	82
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4312	4080	chrome.exe	83
PID 4080 wrote to memory of 4264	4080	chrome.exe	84
PID 4080 wrote to memory of 4264	4080	chrome.exe	84
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85
PID 4080 wrote to memory of 1992	4080	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/8luh427dyvker95/HVNC_Beta1.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff5756cc40,0x7fff5756cc4c,0x7fff5756cc58
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4768,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4980,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5332,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4572,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3196,i,640892518705908203,10791275608338937292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:2612

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4208

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\themecpl.dll,OpenThemeAction C:\Windows\WinSxS\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_10.0.19041.1_none_2fe4331ee906f14a\aero.theme
1⤵
- Modifies Control Panel
PID:4292

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap10032:78:7zEvent26113
1⤵
- Suspicious use of FindShellTrayWindow
PID:5452

C:\Users\Admin\Desktop\HVNC Beta1.exe
"C:\Users\Admin\Desktop\HVNC Beta1.exe"
1⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:5580

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ArechViewer\HVNC_Beta1.exe_Url_cjrd5x1i2qpxesx0wf4fzni2qaodqq4o\1.0.0.1\eye4cg0f.newcfg

Filesize
1KB

MD5
0d9dd02b29b308ec7cf6629a24f06b18

SHA1
5cebe87db6a01c40e5a41cb51739148c35bf8a4a

SHA256
a7c8f50475a977b43b8521a74504a10bfacb178c5f895e20d8be85286908abac

SHA512
14997e675f7163d45d2c09ea8c0c1e7fff23e5febf434090f117a4a7d4870a267c8d657911886822508e4c44d06e0afa3ab7e460e4912c1e9f16338301625b6c

Download Submit
C:\Users\Admin\AppData\Local\ArechViewer\HVNC_Beta1.exe_Url_cjrd5x1i2qpxesx0wf4fzni2qaodqq4o\1.0.0.1\user.config

Filesize
1KB

MD5
e27fe6ab4e0432f51a89430d482e0595

SHA1
38ed384317e23511dd90c17362d3419c597dcc78

SHA256
a5b685eb6b84a206eb7b79363d0928ad9b7bdcf04b445fffec5c68ac4c09fa8d

SHA512
5a3a8f946941d37adbcda05b32c7be012f8f3970cdc5a46bacfaedfb5e3922bcc2537e99dde75b206b6951f1e497725e947f8046990c65f4be622d016a47cd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9f7b5233-f3bc-4f44-a6c4-78668a9f12d8.tmp

Filesize
116KB

MD5
df892f8124660d22f58578eda61dccd7

SHA1
04b2e1ab233d3cbb893638005353c3504b9dfb51

SHA256
b1696e1f86d3a7559826245587bd2f6010ceb2035fcbee23e3853b75c6720171

SHA512
64bef40109e11717dcebaa360e3332cc91005350d9c5800093e7e9dd68fe840937c5fe89749d2f53fdb72aeaec67e9720953c673a0aa53a4273337f84c91c6de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b65d667045a646269e3eb65f457698f1

SHA1
a263ce582c0157238655530107dbec05a3475c54

SHA256
23848757826358c47263fa65d53bb5ec49286b717f7f2c9c8e83192a39e35bb6

SHA512
87f10412feee145f16f790fbbcf0353db1b0097bda352c2cd147028db69a1e98779be880e133fed17af6ed73eb615a51e5616966c8a7b7de364ec75f37c67567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
1ebb5d87e0c01073a0d91b7550cecd69

SHA1
157f2b23e6157ff0062b10271e04650a165b2625

SHA256
0ab13cb86fc6817e2a7d276b2ff95aa5b6fcc7c6c5b99f809f952e24a9dc365a

SHA512
157b0c45967a4a18211d4767c73b5dd1ef841d16d8f757c6dddd158b2114559a2412c511594ed5d202390bd57d6edca8e7aa213b49a28623f8638406d55c1170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
6f857c9501f12973d5e18ad76dec252c

SHA1
d478e508a6c2d28954bc31795237b50e4b91f05d

SHA256
649cc0b6aed7fb433dba0bd69d9f7a8e9283ad59dae1d335a95bb98cb917efb8

SHA512
5c2de24a9383dd9286913661aa5796af3a15b743aefe415a36c4c13fef78781b57ac1a3c503913815d6fdad049525bee4d172a25176e844269f9e68e9fca187e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
b61ebb9f16ac73f9559bc708795c96cb

SHA1
83a60adaec94eddbae2467cf106f7dd6d696a4eb

SHA256
78198da571bd1fd07410e534d679763295ee2e0694f3e78dbb10c9dbbf925d55

SHA512
f61c6c65d4340a1b6e0b4892842bc1136687d59b1c833dcf22429f938818a879d1bdced609e9c3d02863acc42ae4aef7585306a0aeb28ec4229a52afc9d42178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
d973df46e40a636ba553dd149e5ad095

SHA1
8ab4995fb0f8e5f5a1f62ef6d0afdcaf091c4c22

SHA256
59c1c52e569ee1c656bc3d63cf8234d631318026c34f721aaaa2bcd1b5c70267

SHA512
122649768e21a3ce1dfe132bf92e972b14aeffe9c91b66f677eab221acd466f208b229ca825f871556d69be7a29ff99dd5f27b23117dcad46a8042377b6303b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d752c94b4ab1c37e2899b360dfba0d63

SHA1
950196228e22771928b6499504042f9bbebeca54

SHA256
ee0c7b67a2c5abf37072d989e3d8b7e4a30a08b3e9d5956e9133202ae3a32b9a

SHA512
6be345e1e375feb8c54065bc41149fc43be412ea161729c35a2585c1fa29c6347d65128496d19958fc0d18c11fcc97ecb3fd40827551249944dab76f77ff7b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c93570769b269653b1bc9bf21e2d9074

SHA1
e3c151e8e94bea23b423dfd60fd0c99fdbbebc23

SHA256
a74fdadfe4ec8ed03690c6c6c703cbac338651b2a601c8b608e940a8c8118c60

SHA512
213da05c5e093caa5c14c24d4a725b915f95c3b1d2fd9d90f1f4ff067e659b1537891d844d191fe6ebf009b2a57eefeb65beae59c636f24977d4a0c885a0dabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
908f5d42b93429051be546211bb7e647

SHA1
49f1df022d61089288472c60fae6d607bc53ebaa

SHA256
980a441422200de4ad86fff2a4e575a200416496cffd63954c5c78ee64ee4eaf

SHA512
25082d9b854ab0a7470d11311c60b21679caeb00363910a56af2b9e6fbc937093238a1b1ea6c94d8700a2b3a08b7f7b31b31515932e67ef7f2e56286d37b1205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
817498beb2b2f8be5de2fa3619918ed7

SHA1
bde88da02d99a197d993f0b42eccd37e3537fe3c

SHA256
679e735b52b1cf7fe4e94829bf2ac182f23925467db0d3f84e11e3fd7aaac313

SHA512
2882d730639bd7bcb55c36db30706092ab2994d1c4e0496864f34c828aa7d7c5d2acc00e5503763cc81043c0c0188d93396274664e3714340ea24906973c5943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d899681ddca19a5aa0a267c5f419a30

SHA1
ea29eb29cdc07b750a9a99389a7cb268258625bc

SHA256
df276e17ac81652b178cee8a9e78094c4f628c106b39bd19aed9a63eb30d5721

SHA512
46409f060651a8ffd9040f575f1814ed6fb017c47a8ccb9399400f20e708472491c54a1b2eef81a1c424e1c5053129a3e238dd67b9499fe8505165c4fd2f714b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f250240b807c2a957196563a69c37f4b

SHA1
7c6cda13db027cf6ff94db0cc680c510b1450c6b

SHA256
7524ae945feb6277ff01298d60bd7f14c1ce9f049efa16122b5ef6f183ab76cd

SHA512
9c910ce1645bec2293a549eef697974512cfca033e8d93cdc43b7eb72950b8826c81f4fb2ecb2205bf4eb64a069c5d260d0add95febb58642eba7754ad6e0dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
216d47aebe7ee87324a5eb15f31792f0

SHA1
41a2e2e5968a647a4afba316967dbc4797037478

SHA256
a5bdd1acea5f6e76d9271593469aa6bedcf04419271d77c22072e39cf3466b9f

SHA512
6bf3496acefe938cb1a7a75c1038ff6ab25abbcc434ed306ab0b4196b6c196fa9157dbea239e4e4bcdc6cde4e677f9871068a547a9b423e565b6261a6a535721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
73457279666199346e260e406efc54ee

SHA1
99b87f0f8a3174fdd7241135f30b3ef50dcd87ea

SHA256
c2579ff343a83653576b0ebb76303f0e1003c223439099cb38bf4309ac99f099

SHA512
132dd0198d24a8a1cb61a798f075ac97108e3040e7ff41ad982dfe5ba55a925122b0437be9530f2189b373007e7841c56fee5fed533c704ddeaddec24faff99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ede441f64c1bcb7ad82c7e72af0e9483

SHA1
bc1432fe4fccd1499bafb1bb085c6ee20601cb1c

SHA256
1a84dd51ca1ae0f64c612b8343cbed45befb576f8fae1e5e687075a45fc8b5f6

SHA512
a7abe2a83eb39d2aac9ff724b89c6b885cca141ea2e18773a511d023729ccf23a54ead4fc83e4b81526f678b4ddafe1bc8ed95860e07fffe7ba5865fe14923e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dfdc6df6-1069-4bae-b055-f8a167c61eee.tmp

Filesize
649B

MD5
ee96c70564fdf1a1d88693f1d29e4658

SHA1
b3ea2a849988b1fccd29e0488c460a5f8fe0be92

SHA256
ac5dbec04f924bf108c8acd823533884f7858d6431877461d12fe9ca4b0f58bd

SHA512
3e4dfb2d59e4cab94011304a28491b0ae6685f7a26c3aa1e94616d72892d7c5ac48e7995221e319cb7c02c922f122cbf748d136c4a7834ecdee8ab3c2df06a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
149120c080e03ddd1202c57908300d8d

SHA1
911f3c50d13575b57d1df424ba2353c4e1b2172c

SHA256
6bff1caf2dd8607574f4ce84d9aff13b2c6f3c2bd116470314440de87b56c2af

SHA512
8566ccbbf88f2126af0f23ba1cdfee4acbb1905510b38503ec82d014c1c239104fdc876d7ba78eb4f23955dbd20647148171057830142173f723037f4cb0e520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ffac070df7779629804396939930eff3

SHA1
9f654a922d598aae9e242356aab579e2b1b62732

SHA256
f2e26d7490a6df614b47471a3df8aa9e57faabc6a84670fa85276e9c2b629a2d

SHA512
d7286f1ed905aeb85ac6639edfb18c219ac5ca3a37ee17d94efd8fc93f8241bf2bddc84f9b54d704f771b993bdf7ef527beb75d7529b34403934e64fe6fa5cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
a2d5c41311177bf18a795638cc4e2777

SHA1
40625aa169f3bceb6b96060b8a0634bf8cf5eac1

SHA256
63b9d5b599c016878ea7fa9de88fd0a6e89b09210475f4869b0d8e5a71946c23

SHA512
e5c5cacd31a05a67449ea44fd403f4585960ff3a45104bc1044d2cac2acdc1a3e309241092a327df4f186367cde75355c7622d213925efbbd813cdb22fdc7ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
ef6d9816dbb86d4440065f8e3eded725

SHA1
5efcf1df5b828b3f0b7370054bc32e1a6466ae19

SHA256
dc60734beccff11f8eed561c041c3fc698f58637571fc9ac2756b34d016915cd

SHA512
12b470d020679294a08747a099f5184c7d013eefbe8f975d5d18f53bc806f3370924f17798e6426abc1ae81608ef9e9f1b72c72356e15d44e8339720e7787efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
9daf85e1aaffea39d3c0b45cdf6e7894

SHA1
a714de60ce25fc0b76d9e7ad3fea67ad1c1a3ff2

SHA256
fa99235a8e7707c341023db52df44c21c2f3276e3eb834ed4cf47e5d2face024

SHA512
ddfe7e38cfe0f19477db58f3b7e50399ea9643a116350ac1ea2b24dc82b83e2b5d58a4ce28c17a6192bee2dbcc8a488e6e5f66afd2e3c2fd928c53fd98b43c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
655f5f1b4d6cf7ced404bc124fc20add

SHA1
04708a29173e559df20960c69a082a3529e63fa1

SHA256
b69c725f50c14af634d1ab1665be19bc970a3c14a83f3b255fc5783e2684ed52

SHA512
2413a895c4b6d090c4016403338c260bc513dd0cdddec5e5bfd79e2b1fdc367651b243b176e7c40798586e17032e30f870c4ef76349c88d59a6f63729706ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
d0b8178350534dfe3432eff1a8838722

SHA1
5a9f14c9cc142187d956f9e45c996bb8e1a8c1d9

SHA256
f894dcd1eab7517a17570f7e899805e9ed5a82d540bf5d55845c00da5d9e2825

SHA512
2423055ef118ccb9ba80c82337e54b5465e679aedd958983867a0e461cb71b4674fe14b0c52b4daf31fad4064c413509f2869e17490cf962b378db7726dd6da3

Download Submit
C:\Users\Admin\Desktop\ApproveWrite.midi

Filesize
574KB

MD5
3d5c7e2d3bc00b27bdbc9b165c97e187

SHA1
874b8da44ecb27b00cf2f3e1f4af76130b5e2ddf

SHA256
f1245e49d40892f4ecaa69dcff6da7123b79e277880851ceade3d5148df2b35f

SHA512
39948b3f99436d0b7dcff2f037de5b9468277675d788f4e4243fe0a0692ce9d0d8a94c4e7bf0c3b69c402d79c0b42235caca6c05772d27afcbeb0327ff3fa786

Download Submit
C:\Users\Admin\Desktop\AssertImport.easmx

Filesize
340KB

MD5
fac832d7056dc40fe17c0990da61c2cf

SHA1
fef8cf66a78dbe697c5af19d82870888f944a0a9

SHA256
6395219e6e8858e12e435f26613f213f8182685d301c38c5c5182aaf93ac8ef9

SHA512
1c5e8a890b569e93599d322c5cf8e96f84afd0a0d9e056c91f70fc351fd8169f5fa876c81f00e6c4dbb9924d889511ac5297340343cb2cbc8759b5e8c3433b49

Download Submit
C:\Users\Admin\Desktop\ClearBlock.ttc

Filesize
457KB

MD5
325fbcb4dc91b56a520f89882200dcfb

SHA1
790ac8973930e393186f292423c506fa29d1765d

SHA256
25415f49fefbf468ce0c4e19bf1d05be472b3d3d6ee0367c15255467ef20bec5

SHA512
f56550f5f10470c03364c0de419c795e1296925fc517f6b55e39c408d21353479662cce49d5a46ba4514808ce1a7a9756c7b1271876e9aac8d5fa62ce2a4db00

Download Submit
C:\Users\Admin\Desktop\CompareWait.eprtx

Filesize
730KB

MD5
1cbfe12a91580997b07bab0ccbaa6f62

SHA1
b835e70a36bc10c9ad2eb2070df12f3eb7302042

SHA256
044c6a617789a5e3c40e2c153c51777595712b3e7356479a5afd135e87ddf9fb

SHA512
ad9c0af3aa4518245a182efa817d4f74f1d2ca6d29320c23a9570c431556f590e622b7d4107ad9a18f73cd65071305fe1523e161a8c85cd7c07b42fa26834f27

Download Submit
C:\Users\Admin\Desktop\CompleteRemove.bin

Filesize
282KB

MD5
a0b3552b5fa87efa22b24225a7d3c590

SHA1
ef3aa9f1237ce580199e3964d7beff5497711718

SHA256
deff6c88819e5a76972a52da740e65c0e5d9f2f0aec51e12a1795b973f80862d

SHA512
53019b3b4d53614e780433096bcaf984dd819a517b3310f4712e707ffe43bf7a23330ba75158cb65eed76a5b38bffa1eaf816938db8d2fe6b4e349f54e999869

Download Submit
C:\Users\Admin\Desktop\ConvertFromUnblock.tiff

Filesize
438KB

MD5
0a3378294d9e4f8611c1e51f3984dc42

SHA1
c274a42f9a1049c9e7c4e5e40e7b4f1f16316189

SHA256
a7ce5afe8930d288e727e1e907ba69520f267d401c9052331ac34c41f8535e50

SHA512
8629b6a7efea8b6460f7f6820d25fca89bf0ba6aa93f468a09feb54940584393762b87a76fd6c4ac27dec2a7483958e38097c7af6db949eb71eaf84887e272b2

Download Submit
C:\Users\Admin\Desktop\DismountRename.docm

Filesize
750KB

MD5
1f7c45f1b3a5f431f7fc0114d72f266f

SHA1
7ecb289cf12fd1dfa388748549f4bfb70d988de4

SHA256
6f7309152b7b205dc42ace06f60f79d7d9c3e411de6efb23884facc56090dad8

SHA512
57d268a371d61265ec21e726ca58c2d990f60ff717df40cb74d785f2de2a4e568e862c09a24c43a62e8f97da0b5ca126e18b94c3778f8b8720cf454a63d9dafa

Download Submit
C:\Users\Admin\Desktop\EnterBackup.mpeg2

Filesize
516KB

MD5
aba548e5258c217fd7ca414edaba349a

SHA1
6caec3df6378d16c4ba9b0048fbc8b6ea4a154f6

SHA256
e1a9cb4b49792d7a08e79142c5c8edcde8f6007cd4aae6fbd04c5b9863002083

SHA512
016be3f540c59c08f349c68529189afa88d4ba80b2009d728def6dcec4b650ced533a4d42d8b6915b290f13291544cdef5469234871f27e1349bf5e4ec6c2f2a

Download Submit
C:\Users\Admin\Desktop\ExitExport.docx

Filesize
19KB

MD5
e8cc3141e4cfca6679406ceaf1b9c93b

SHA1
ed454db2c7caaf2205b376347c7bce564d449d6c

SHA256
aaa1f01d181eac5fc651094536ec41a458c10440553be65fb7e33ad3786d1e46

SHA512
aab51553461dcddeb12320783083c9443b28f7f86391e4e9e95541765839d14c9149fc3163d00b0e67eb55d058b604ccb5dd492b7b5d89a7dfb75e0de010ab5d

Download Submit
C:\Users\Admin\Desktop\ExportAssert.mp2

Filesize
555KB

MD5
cb1df405a2e12f367d0797ce7885bc7b

SHA1
972246b1ab7eea54d8c83eaf651d7514ed2c6291

SHA256
24f1c9efc5c86933cc0b4ce107e98fe82bc931212c709a8f9f25025a6731b4ae

SHA512
cd11169524845fab6b6a1d4215b978b3865e7f89711f8c4626fc88b4b3f764227323d543a997d745ae6009a58dff7e49e9426314ee6f5e4c7a997e77acb83d7b

Download Submit
C:\Users\Admin\Desktop\GetConnect.easmx

Filesize
535KB

MD5
bb411ba6cbfe28d8388e7aa2472a8031

SHA1
96d5d275305374099e5ff9690e5901e8b05f3db3

SHA256
3d2191e596cfd0e29119c9c28d381d8552cc8dd967b2dd0088094e0371021b02

SHA512
9cfeeb02e3731e7a52b3d6346b7458f9e2e9543d9113379b90aa550c0c60883543f2f0c920dc0187c79767536e95034e5e2a246bb7a6c4be36883200815b74f2

Download Submit
C:\Users\Admin\Desktop\GroupOptimize.png

Filesize
399KB

MD5
ec51fdc671fb5e0d034e8c476a56d014

SHA1
652ab54c715de66e5539b103f9909448aef67b4c

SHA256
598004a9e536bb1bcd6f2884bb77740124a19e12d85a4037f339404a4fd88806

SHA512
ffc6f6f302f7466de7407e97240ac38ecdeb7f9c6051e33c21b62f0f1ac29f5650662b195974f886ccb343d041be9452aae603c0b329c8683b51aa3d9b849fc3

Download Submit
C:\Users\Admin\Desktop\HVNC Beta1.exe

Filesize
2.9MB

MD5
ae1bf8a2c353b1a2d0825438a1630da3

SHA1
a1e647a8f9b8e14100987ac368c425da3d21f2a8

SHA256
b6b76b022566babba173c2137e8efbdccacb8472e6c407d4a94751d2834900e4

SHA512
264a6ff9adaeccfc9483f9cc3170c75e093b20224973f306a502dd3b4f3099463eaa91532ef924fa658334ba4ce1d1a1a8f3af62012fa39728c169597fb793a7

Download Submit
C:\Users\Admin\Desktop\HVNC Beta1.rar

Filesize
2.8MB

MD5
6a04bd56dd8b58fe9890cc67f0eecf28

SHA1
89161e0e30f4bcbd9e29a312a1988cabfed8c702

SHA256
70fe8d7025a72d3bf71dc42d9487f0e6ce536241afd06a9c3e3ca9ccc27abcce

SHA512
0a8b4eb044936f8303a1efb37fa696cb0fdfded6196d79ef96db8f8f8c31ebe68d15e53538ca41c5a386502adb674620bf86ea23e96dec401ed553bcc5b718c3

Download Submit
C:\Users\Admin\Desktop\InstallLimit.html

Filesize
379KB

MD5
e7da5a6a1d2643b5475d541b33cc3b6e

SHA1
5a73fb4a94403f0015de70a2d46ce655ae88aaa3

SHA256
72004d5d7fb140f1d907d5d8f47005683d79225d32997e38e3973fbb2d32aa22

SHA512
d3eae9667a457444fec035087066919ba354a2b9343b619b63d279c0c1b5ff1e3825c9e71f5b3a8d00cc44e6f4bde54dd8cd5e0b8d22be20ca1b91d416e918e8

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
e50089fcd65daf5059fb2165ec243ee4

SHA1
4d63bfda09a91080c05b89b5dfeafae6874e9c0c

SHA256
9ca72774839e8dba35226d35454591bbb83d06a3b122b0916ade9ad66cc0686d

SHA512
e131c692d84f8915eaa08751f9f144aca7cdf013b92a734d06a9b1211e0bcc8c7cefec137f5952f87fc38dfb2e87e4e15f3244af3fa2a9aad33db18200fde956

Download Submit
C:\Users\Admin\Desktop\OptimizeExit.vsw

Filesize
321KB

MD5
726d9f1d131541b4bcb174759e69cc7d

SHA1
bb24f9b6f44856e66e8b745cc101bf16d344b08f

SHA256
6f70fb5eadcfad1b2bf90bf0c0d8d320d6e39be873cc257f126e301a87fb758f

SHA512
591c353ca6efc45a297173e8c9bb0a32f889a2c28b8f121c85bf92cbe04543c2d8f00b246056529ce2a932302898f8822e9262e452e7fe48c0b6a5d900850e93

Download Submit
C:\Users\Admin\Desktop\OutConvertFrom.mid

Filesize
613KB

MD5
e1b678bd6c3d0917452ebebea738cdf2

SHA1
d19de7a9372e0d7e4e0692191fdbb440bbde3663

SHA256
03e98bb4bb32e8f63df133952589c729b5ff49be1671348435cd1ce05862121d

SHA512
3ba3e492bb15d7c5e6b1f745572055bfc62a5cb2428ba2f22840f8250eff87382875500ceedab2777082c390fb9ff71111af317e3f9769ad3820f7ab5392f634

Download Submit
C:\Users\Admin\Desktop\PopSelect.vssm

Filesize
418KB

MD5
31c889bd5bba0e22a7b0977eb347cba4

SHA1
070d1dea0538269564a8510a7d286f1cba711ca4

SHA256
7d92d9ec8e9b28206ee859a0bbd8419077771474baa2f169455f94e5464d2b6d

SHA512
7b63a764fac2b615d6195146cc6a7785d4811f6a099ba72a9bba3867eed1217a9e9aeea99acf7ba496cf985f05af1c622e7df6526189b5ccbc4fe0eb6ebb06ff

Download Submit
C:\Users\Admin\Desktop\ReadLock.ps1

Filesize
477KB

MD5
e2287a60f67bb291ca55b61d7f1a609d

SHA1
1b8f7819b832d970a9a62c44f4a76f52c7eb1e63

SHA256
923b6d1cf51ee5fa29407ab28cefc3093bbae34b64180f7b8f761ddfc8a402f7

SHA512
3cbb9d20e154fa8d14d78dcaffd007274ab52cdb44c445e072906e251f5581846c593b15a25f6164a8887281f46c8a1fb441d07c0f36d0b7236d14bd23faa33d

Download Submit
C:\Users\Admin\Desktop\RenameCheckpoint.aifc

Filesize
633KB

MD5
a3ea3627ffe41e869bdfbd75d2222074

SHA1
c3b258626e80295f7d06377fba8ec0a0f1a166f1

SHA256
68845dd112349c73cef4b960fed87bbdb04241c256fa947b9b1b12110640803e

SHA512
5654909ab8468b219d1d3c8c48754bd37aef511f9a5608e99eb08af92c2b8d0f5079d2b4eccb547cd2a993bddd736d3a560261ca245676416eab0f1e6c1f567c

Download Submit
C:\Users\Admin\Desktop\RestoreDisconnect.xht

Filesize
1.1MB

MD5
c69afb79405f41332141ee3f981f1e16

SHA1
48b2a8796c93768e6c4e7a971861ce9d71f8f850

SHA256
f3b507ac6eb25f08afb17f2f52fdf1f90e9a42ef025753436b7a7fbd1592fa9c

SHA512
9ac934f57f568851d7b6209fbe35be32371a696dbe058db430969b3a5932bafff36bd793470afe598652e40b539609aba52462234d055e766389fc94f200ab63

Download Submit
C:\Users\Admin\Desktop\RevokeUnprotect.mp4

Filesize
496KB

MD5
8e71bddec84481df434f236d8bad551f

SHA1
3470ccd050c3ca26aeb7d53ddc3659254e293d88

SHA256
5e003e64dc4b064e6d3249d723884203b89e1fb0d2f1324e517f62fa73f7da34

SHA512
435017f07a6515eb164dd9c46ad5c1f2987ebf0585f6d83a27c8313f355dd94be8309c56c84955dcbe8fe2572b72e8ee5f02773c7105d36b2416d41bc655bef3

Download Submit
C:\Users\Admin\Desktop\SetConnect.html

Filesize
769KB

MD5
a4f36ff8424ab2de00923fbf15b63853

SHA1
3cb375721fe987d97c3b158fde44939f54e8c1a7

SHA256
0f83be1404a8117fcff5a1e26f3854bd737fd502d05b7e3906bfd14563c2b8a5

SHA512
a2bf744b669e32733f42883155b2d01db36b2379cdfb88106b0d7c581c41c0b78c86b5fd277efa1d0679fd79b1f3ca42bb6031ad70b425d2daf374319f5b75d8

Download Submit
C:\Users\Admin\Desktop\SkipUnblock.pot

Filesize
788KB

MD5
45321bc5ccbd748c8306e9fb531b6725

SHA1
55af9305f95d870e2f0c21e4c832a6b235aee597

SHA256
f59894a4f7d1a07bf729b400e9a3cb921c0b9a2fb0719d16da1b67d5e02d5b0c

SHA512
1622ae7c22f5314f09b788a57877dfff1429162b70439adc3edc6ee183a13d9baf0d081678bbe3a7ea8776f7f2aa9a78b955e09d348c889ccc4c67d0162a30ca

Download Submit
C:\Users\Admin\Desktop\StartAdd.mhtml

Filesize
594KB

MD5
2de3bec1101e530f104c28ebccdac8cb

SHA1
3c6fc8058a65b93a5c62086b17e4604db2d1adff

SHA256
36091ea973548985287ba43ad9678dcfa9159ed3c7b2ddd82a599d8a7e79d061

SHA512
235057fff517a478da80be32e9f8224960286cb199bdef6c6e6e05878b14f909d24b1ea148f4e6262d455aaca4cb795e39143ed519897e2d9894ae555a9e4c2c

Download Submit
C:\Users\Admin\Desktop\StepUpdate.docm

Filesize
711KB

MD5
37dc7b8c9a05da3495237a9f82ead5a2

SHA1
0f0422f35543dd56baf1f05f011d341e0180695c

SHA256
ccc60fd79919143fb205fffcdfdf49cddebd0259d8b88bdbf41a372893160934

SHA512
3503ba2bd140e7a4424d5d894c3b3b850fc7efea5d6e18935fd2a43ed4436980d3ce12117ee5a469cf0393a4e0197f41b751fa29cf03b4c3b5f9e51359cdacd7

Download Submit
C:\Users\Admin\Desktop\SubmitEdit.ico

Filesize
672KB

MD5
4a55d495d33f1d867d12761b16dbb934

SHA1
4a32189657eb54d434e0d8628033121cb30bc509

SHA256
29fbb4476edeea0353b9446682ea28ecbec6301c0ea1f537fb8be6ecca37ee98

SHA512
2e8e91b0b4f2ec66860902088e957134aaf73e74d0e084fa3d172ed5f7ba901e1094f7d9a7284c7d7e975b593d14b8249586e19f10b6df96aa27f5350719b143

Download Submit
C:\Users\Admin\Desktop\SubmitRead.mov

Filesize
360KB

MD5
9cb5a7279c957bbf55d71e417c0659ba

SHA1
b94174108a6241e2f62798131f262844d562111f

SHA256
b6745873152475b92bbba8cae10407d6ba4493b0489d47681e06be60352d5f89

SHA512
f5975e8c687c57fed0934089bc4d6cdb93d59ee08bdaf1a53ccbef3f7e578013bbd3aecd872f6ef097862ccf1be063e3a2fe2b4b7debd606ce6caea0a5765d24

Download Submit
C:\Users\Admin\Desktop\SuspendInstall.rmi

Filesize
301KB

MD5
8861120be946daff1f59919b73c46e42

SHA1
a6326e33c94659cec761aaf2e3e1c998238dc213

SHA256
5feff25709d387dc98d6fab7d8aa099426d032297345321e8a72ca28e1b6d068

SHA512
fb9cac55ef7624ee4aac72b348d99b1ea0670255f88d37318bd7e2ab47072966c12b3dea141d7ff55247fff5f67d27afc283849c2196a81b79d64322e94cfb7f

Download Submit
C:\Users\Admin\Desktop\TestCompare.rtf

Filesize
691KB

MD5
092d53154513f338998b4fc61a323a7a

SHA1
d4eb956bb925c7746362fe03c15f33a41a896b8c

SHA256
3d0703e0184af4f6a491f0290fa7b72f3ee09b27bb14e72d35ff04469abe57aa

SHA512
a7a320c3b271caa51a10794522c64e9010fc1dd014259967ca41a46fa990b89e17554dbd879d38ebac6e0512b5f53cb2dda1fc5ef0219c1b5b18bcb9d0871e98

Download Submit
C:\Users\Admin\Desktop\UnblockTest.scf

Filesize
652KB

MD5
63120f48c27a6ae3e4bffe1be4ee62fc

SHA1
255946304d24231f2a4ce921f58d9d62278b6f8e

SHA256
d88e5249824bfc130a77ae6dec853cdacd6af059ffb0cccdb724afde3daa92fa

SHA512
adba025e5fe1ef43c0252c8f0ff8d045a3baadac8e64a7f6318f9d1ce6efddf4859c0faf252890d2039efbe93014a57f15242a79e0eb86181cb906e51aba9342

Download Submit
C:\Users\Admin\Desktop\UndoTest.docx

Filesize
15KB

MD5
bd0f5a1668409719528f991603214418

SHA1
2f8f13163c838a6df23fa472244611279a3b725a

SHA256
c23c54a874c9b71992c7e5977f8c75dc71bf68a09f7cd38a0e13a2eb0e9d4f1f

SHA512
3ad9ed85dcd3e7ccb066bb984cc7e5bd7702f8c6ccaee7e21fc1d03e1c3a377ff05520f1861834bcb2eb6eefd684e87f8b211e9836607e3b5dae3ee6258256e2

Download Submit
C:\Users\Admin\Desktop\UpdateOptimize.docx

Filesize
808KB

MD5
6b3a13faf4d870e75bbb547c265ca201

SHA1
b95f14e2372c463c2e30f606096c89fdc9e8b66f

SHA256
5dcdd7324cc2e3f75b596f5f679abb9f9c247a095dd587d9a89a1207d8dee60b

SHA512
da1c94b0be871b8b0ed28b9cdc4ca83a332ac7e0947639caa9f4ad6e1602d93869f38e51a1b7e10c012aad4b276444b46a4e98cf1194721217609b79541dc79c

Download Submit
C:\Users\Admin\Desktop\WatchUnlock.docx

Filesize
20KB

MD5
a2dd39b668a0df6cf266b7446ff997e3

SHA1
1c7569b967f86a58665342e7d55663eeba4654e1

SHA256
6dfa3dbea1608c561467da0961fc76d4bc0d7dfc1763879b46274f8a80f34bcc

SHA512
9f502b713faf93544453397524ae6404aba66dddadc899855bc52e329afa7958bbd131f02ca708edf46269e6ef34bb8aceb88683a0f4735d81d4d80d4a30a438

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
891ad53615b8c312479d8d5ac94d6b3e

SHA1
23f22087d2cbc79fde5a541b77b644a0001af1f5

SHA256
64a544910c64648e57ce48ba5e2f7b756f49597f8acee2140d1eff6f31d59d60

SHA512
f898a64cfdbb776b54334806046f1b5550a988a6d2c21455ffb79eaa2a5998fce7780ed5bbcd19fdafb07e0d1a9275f1be95a994bd050ceecac86f7ef0a5398b

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
401fc16cdd7f23488027878888d4608a

SHA1
c2c7a705e6c3642ec2394b1d3e6d791d322a37c5

SHA256
72128803df67f2234e267f368f09c1d472eb9cf7c48337eabad1741cd9129c6a

SHA512
9ec478eb75da33ee91eb8bfdf24213ee313870e4b38664a941555832fbbb821d8a69918d5271acebb0c4ecf8ac51a3c1b1ff333d4bc5ec9be87f346f03617670

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
fd7f591dc33bf297c74b8ac409f41725

SHA1
c759a6716bc00df0fe9cce5579d1b33b7b4da8a0

SHA256
d7b1d3b2d8410dbd71b5a60c6e014d589e7ac97fe60385bc18abec0ca2aebea3

SHA512
1d1bc1b19f793ceeea9fc075b09e2eddbabeb7658a31b601459f4a246e115ab422968d8c4a20f56a9268d758264797e562303105272c022407b966d070cf9bc8

Download Submit
memory/5048-1019-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1025-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1028-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1029-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1021-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1020-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1030-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1031-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1026-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5048-1027-0x000002A7E9250000-0x000002A7E9251000-memory.dmp

Filesize
4KB

Download
memory/5580-957-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp

Filesize
11.1MB

Download
memory/5580-940-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp

Filesize
11.1MB

Download
memory/5580-941-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp

Filesize
11.1MB

Download
memory/5580-1009-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp

Filesize
11.1MB

Download
memory/5580-939-0x00007FF6FE650000-0x00007FF6FF168000-memory.dmp

Filesize
11.1MB

Download