quasar | hxxps://limewire[.]com/d/e6bad726-e49d-4d55-9edb-00fbb2ac69fd#VG7hKLIChJetcStjRmEB5gTxe3NqWhB-kKzEe0Ou5cY

Analysis

max time kernel
400s
max time network
437s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01-02-2025 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://limewire.com/d/e6bad726-e49d-4d55-9edb-00fbb2ac69fd#VG7hKLIChJetcStjRmEB5gTxe3NqWhB-kKzEe0Ou5cY

Score

10^/10

quasar discovery spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/4476-658-0x0000024306650000-0x0000024306788000-memory.dmp	family_quasar
behavioral1/memory/4476-659-0x0000024306C00000-0x0000024306C16000-memory.dmp	family_quasar

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3688	PING.EXE
5072	PING.EXE
2928	PING.EXE
3916	PING.EXE
2840	PING.EXE
1696	PING.EXE
2524	PING.EXE
1224	PING.EXE
3708	PING.EXE
3316	PING.EXE
4924	PING.EXE
4100	PING.EXE
4576	PING.EXE
3176	PING.EXE
3944	PING.EXE
1196	cmd.exe
4912	PING.EXE
2892	PING.EXE
4956	PING.EXE
560	PING.EXE
1060	PING.EXE
2404	PING.EXE
5100	PING.EXE
4556	PING.EXE
3108	PING.EXE
3076	PING.EXE
4612	PING.EXE
340	PING.EXE
4268	PING.EXE
2672	PING.EXE
5096	PING.EXE
4808	PING.EXE
1404	PING.EXE
5040	PING.EXE
4572	PING.EXE
2952	PING.EXE
2404	PING.EXE
920	PING.EXE
1792	PING.EXE
4520	PING.EXE
4920	PING.EXE
1280	PING.EXE
3864	PING.EXE
4856	PING.EXE
608	PING.EXE
2468	PING.EXE
240	PING.EXE
1356	PING.EXE
3488	PING.EXE
744	PING.EXE
4640	PING.EXE
1644	PING.EXE
2124	PING.EXE
1824	PING.EXE
1420	PING.EXE
3076	PING.EXE
2292	PING.EXE
128	PING.EXE
4728	PING.EXE
1064	PING.EXE
2448	PING.EXE
2776	PING.EXE
1400	PING.EXE
4648	PING.EXE

Delays execution with timeout.exe 15 IoCs

defense_evasion

pid	Process
4544	timeout.exe
3516	timeout.exe
5084	timeout.exe
4000	timeout.exe
3252	timeout.exe
908	timeout.exe
3120	timeout.exe
792	timeout.exe
2756	timeout.exe
1996	timeout.exe
408	timeout.exe
1208	timeout.exe
4772	timeout.exe
2024	timeout.exe
892	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs

defense_evasion

pid	Process
1940	taskkill.exe
4744	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133828793881532457"	chrome.exe

Modifies registry class 52 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0 = 5a00310000000000415a4c54100053657474696e67730000420009000400efbe415ac253415a4c542e000000f5ab020000002a00000000000000000000000000000072ea2b01530065007400740069006e0067007300000018000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\NodeSlot = "5"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 780031000000000047594b601100557365727300640009000400efbec5522d60415ab5532e0000006c0500000000010000000000000000003a0000000000ef34220055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e00310000000000415ad85311004465736b746f7000680009000400efbe47594b60415ad8532e0000003d5702000000010000000000000000003e0000000000247d0a004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 = 6200310000000000415ac25310004d59435245417e3100004a0009000400efbe415ac253415ac2532e000000e7aa020000001d000000000000000000000000000000141765004d00790020004300720065006100740069006f006e007300000018000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000004759db65100041646d696e003c0009000400efbe47594b60415ab5532e0000003357020000000100000000000000000000000000000002dc1101410064006d0069006e00000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\My Creations.zip:Zone.Identifier	chrome.exe

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

pid	Process
4824	PING.EXE
3168	PING.EXE
2668	PING.EXE
2256	PING.EXE
2124	PING.EXE
1544	PING.EXE
2284	PING.EXE
2276	PING.EXE
2928	PING.EXE
2896	PING.EXE
1096	PING.EXE
4876	PING.EXE
4388	PING.EXE
4252	PING.EXE
2288	PING.EXE
1560	PING.EXE
4956	PING.EXE
3144	PING.EXE
4728	PING.EXE
4660	PING.EXE
1956	PING.EXE
4384	PING.EXE
3928	PING.EXE
2720	PING.EXE
4308	PING.EXE
2528	PING.EXE
2792	PING.EXE
3808	PING.EXE
3864	PING.EXE
1032	PING.EXE
4856	PING.EXE
4692	PING.EXE
3708	PING.EXE
240	PING.EXE
3844	PING.EXE
3108	PING.EXE
1060	PING.EXE
4640	PING.EXE
4512	PING.EXE
3768	PING.EXE
4316	PING.EXE
2020	PING.EXE
3252	PING.EXE
3820	PING.EXE
4892	PING.EXE
1792	PING.EXE
1448	PING.EXE
1436	PING.EXE
4328	PING.EXE
1904	PING.EXE
1696	PING.EXE
2840	PING.EXE
3156	PING.EXE
3544	PING.EXE
832	PING.EXE
2468	PING.EXE
3768	PING.EXE
2776	PING.EXE
3676	PING.EXE
4956	PING.EXE
340	PING.EXE
1956	PING.EXE
1084	PING.EXE
2672	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1644	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4672	explorer.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
3844	powershell.exe
3844	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4476	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeDebugPrivilege	1940	taskkill.exe
Token: SeDebugPrivilege	4744	taskkill.exe
Token: SeDebugPrivilege	3844	powershell.exe
Token: SeDebugPrivilege	4476	Quasar.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4476	Quasar.exe
4476	Quasar.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4476	Quasar.exe
4476	Quasar.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4672	explorer.exe
4672	explorer.exe
4672	explorer.exe
4672	explorer.exe
4672	explorer.exe
4672	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 3912	4220	chrome.exe	78
PID 4220 wrote to memory of 3912	4220	chrome.exe	78
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 3300	4220	chrome.exe	79
PID 4220 wrote to memory of 4860	4220	chrome.exe	80
PID 4220 wrote to memory of 4860	4220	chrome.exe	80
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81
PID 4220 wrote to memory of 2928	4220	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://limewire.com/d/e6bad726-e49d-4d55-9edb-00fbb2ac69fd#VG7hKLIChJetcStjRmEB5gTxe3NqWhB-kKzEe0Ou5cY
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1934cc40,0x7ffe1934cc4c,0x7ffe1934cc58
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4416,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4424,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4620,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5248,i,6668452098880328853,915895383977194926,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3332

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\My Creations\RubiconT.bat" "
1⤵
PID:4212
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:4872
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2744
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:2124
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2756
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3092
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4316
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2476
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2672
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4520
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4216
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "Malwarebytes-Premium-Reset.bat"
  2⤵
  PID:1488
- - C:\Windows\system32\taskkill.exe
    taskkill.exe /f /im mbam.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1940
- - C:\Windows\system32\taskkill.exe
    taskkill.exe /f /im mbamtray.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4744
- - C:\Windows\system32\fltMC.exe
    fltmc
    3⤵
    PID:4560
- - C:\Windows\System32\schtasks.exe
    C:\Windows\System32\schtasks /query /tn "Malwarebytes-Premium-Reset"
    3⤵
    PID:3920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c powershell -c "[guid]::NewGuid().ToString()"
    3⤵
    PID:1904
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -c "[guid]::NewGuid().ToString()"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3844
- - C:\Windows\system32\reg.exe
    reg add "HKLM\SOFTWARE\Microsoft\Cryptography" /v "MachineGuid" /t REG_SZ /d "2e72217a-101d-4ca8-ac0d-e423ada5033a" /f
    3⤵
    PID:3472
- - C:\Windows\System32\schtasks.exe
    C:\Windows\System32\schtasks /create /tn "Malwarebytes-Premium-Reset" /sc weekly /mo 2 /tr "for /f %a in ('powershell -c \"[guid]::NewGuid().ToString()\"'^) do (reg add \"HKLM\SOFTWARE\Microsoft\Cryptography\" /v \"MachineGuid\" /t REG_SZ /d \"%a\" /f)"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1644
- - C:\Windows\system32\timeout.exe
    timeout /t 3
    3⤵
    - Delays execution with timeout.exe
    PID:4772
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:792
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3192
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2924
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:412
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4100
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4696
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1792
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4384
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3932
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2696
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "PasswordGenerator.bat"
  2⤵
  PID:4872
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:5084
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:560
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4760
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4120
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2020
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:2928
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1032
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3108
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3708
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2336
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4576
- C:\Users\Admin\Desktop\My Creations\Settings\Quasar.exe
  "Quasar.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4476
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\My Creations\Settings\quasar.p12"
    3⤵
    PID:2116
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:4000
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1092
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1400
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3524
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4648
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:656
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3844
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3156
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1908
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2352
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "Ip_geolocator.bat"
  2⤵
  PID:1584
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:1980
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python ip_geolocator.py
    3⤵
    PID:756
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:3252
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2068
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4492
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1408
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1228
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1656
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3140
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2952
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3176
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3024
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "Ip_geolocator.bat"
  2⤵
  PID:2208
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:3180
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python ip_geolocator.py
    3⤵
    PID:1700
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:2024
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3944
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3464
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2256
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4556
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2476
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2672
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4520
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1032
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3048
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "pinger.bat"
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1196
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4796
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4516
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:1904
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2428
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:5068
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:4252
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:1084
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4388
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5096
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:1544
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:5116
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3076
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:2288
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2668
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:1000
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:240
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4284
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2164
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:4692
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:644
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4740
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3516
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4900
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:952
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3372
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4476
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2896
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4512
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3952
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:3768
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4808
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2068
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:920
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:1408
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4580
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:128
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3868
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4312
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2952
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3112
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3176
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:1280
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:5104
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1112
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4028
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2528
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1152
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4864
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3960
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4280
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2836
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3164
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2324
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4532
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3092
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:964
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4612
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4760
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4600
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:3908
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:2672
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:456
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2744
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:1032
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:824
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:3168
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3916
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3780
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4728
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2520
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4328
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1356
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:3928
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3476
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2404
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2740
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:396
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2840
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4872
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3544
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:5040
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4912
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3504
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:4856
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1696
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1400
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4340
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4108
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2080
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:5100
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3844
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3472
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:1352
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:892
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3156
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1060
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:640
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2736
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:340
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3540
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2488
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:3076
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1064
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4384
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:1448
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3784
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:240
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:1972
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:1892
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4692
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4820
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4484
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3160
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2892
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1824
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4628
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2896
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:3252
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4512
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:3768
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4492
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1160
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:920
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:1796
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2160
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2448
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:1096
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3140
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2044
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3304
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3492
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4920
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4712
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4268
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4028
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:1584
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2912
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:1212
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:4824
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2300
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4772
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2168
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:712
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1404
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3488
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2972
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:1560
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3164
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1612
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:3820
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3092
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:964
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2376
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4120
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4600
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2284
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:1496
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2928
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2524
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:4892
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1032
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:3168
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3448
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3916
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4728
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:4956
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2088
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2316
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:4308
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1144
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2404
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3316
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2756
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2840
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:1636
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1712
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5040
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:1512
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:3184
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4856
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2732
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1936
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4340
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4572
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:884
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5100
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2352
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4160
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2296
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:3036
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:792
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4248
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1420
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:828
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:340
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:4876
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2940
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3076
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:744
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1000
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4924
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2700
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2164
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:1956
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1224
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1892
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:4820
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:952
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:2224
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2892
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    PID:2752
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:4516
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:2896
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2776
- - C:\Windows\system32\find.exe
    FIND "TTL="
    3⤵
    PID:1944
- - C:\Windows\system32\PING.EXE
    ping -t 1 0 10 127.0.0.1
    3⤵
    PID:3768
- - C:\Windows\system32\PING.EXE
    PING -n 1 1.1.1.1
    3⤵
    - Runs ping.exe
    PID:3144
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:2756
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2840
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3544
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1636
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3504
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1512
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1696
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2732
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3888
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:656
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "nsl.bat"
  2⤵
  PID:920
- - C:\Windows\system32\nslookup.exe
    nslookup google.com
    3⤵
    PID:3332
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:1996
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:956
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2152
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2044
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3304
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1280
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3864
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4268
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:4640
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2528
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3960
- C:\Users\Admin\Desktop\My Creations\Settings\PUTTY.EXE
  "PUTTY.exe"
  2⤵
  PID:548
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:408
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2276
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2792
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4584
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3136
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:832
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3688
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2888
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2124
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3836
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "RegBack.bat"
  2⤵
  PID:3908
- - C:\Windows\system32\reg.exe
    reg export HKEY_CLASSES_ROOT "HKCR_backup.reg" /y
    3⤵
    PID:752
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:908
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1496
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3676
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1120
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3808
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3920
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3552
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4728
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:4956
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2356
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "ImportBackups.bat"
  2⤵
  PID:3316
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:4544
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4660
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3840
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3184
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4488
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3392
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4340
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4108
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3192
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1644
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "zicrack.bat"
  2⤵
  PID:4804
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:892
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4388
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2488
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4696
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2668
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1064
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4284
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3924
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1792
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1956
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:608
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:3516
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1880
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2724
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5072
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4896
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4512
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3952
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3768
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2292
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1196
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4304
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:1208
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1940
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:128
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1100
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2152
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2044
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:3304
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1280
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:3864
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:1584
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "PySilon.bat"
  2⤵
  PID:2528
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python -m venv pysilon
    3⤵
    PID:2160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\chcp.com"
    3⤵
    PID:2836
  - - C:\Windows\System32\chcp.com
      C:\Windows\System32\chcp.com
      4⤵
      PID:2276
- - C:\Windows\System32\chcp.com
    "C:\Windows\System32\chcp.com" 65001
    3⤵
    PID:4836
- - C:\Windows\System32\chcp.com
    "C:\Windows\System32\chcp.com" 437
    3⤵
    PID:4776
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python -m pip install --upgrade pip
    3⤵
    PID:4052
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python builder.py
    3⤵
    PID:4964
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:3120
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:2884
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2256
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1436
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:908
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3708
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4892
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  PID:4092
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:2468
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2720
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4328

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b62d970be1c10518762eea8f968a27d6

SHA1
6ce285f2896bf9f46cbc49769ad286127a98bdae

SHA256
fc2f6ac750dd47c78a02c790e85d23cfe80f41e39b58bec2919f7eabd5b84095

SHA512
cb0182526fb48318e32847d858d65e9cbef2ecb85d69c78423cdf3c24c773beeabb01e956fcef4ad5a80cdf67e8c6b86de161626d7187cc4bda1e8c417643405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5299f9d0421293622f5cd6eb9288ccd1

SHA1
4eddd90db241101d436d7e6eb80f5f27dbba129e

SHA256
098336ae525866cc8a7349584ab1d2c4d2b8183f3fb906603c19205c27569074

SHA512
197c3156ed0932e250ab2f08ca4b6918adbf9b2781295f193314f6ec246401351174acab0cfd7e70c17ea17c998746dad2591d9338c5940faecc003967b85682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
754ea0c53915d391db60ecee2cc3b442

SHA1
04b2577b0074e958e857f3b00dc2fa8a39b6c015

SHA256
c17046b4e8c80d2f7fc0279874495f082c41a3e0480d40e6e42fa376db92373b

SHA512
d87fda0c95aae83409c46665301376eac983914eaafacc58ae523a87c60a4b883239ba7eeb07adcb01554b72075a2be76697c78c120343e3989305ea47fe28ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
71675a47cb4197541a8c02497bbafcc9

SHA1
868f9e0b70990d8a3c0d8a69d76e10ea0f50a601

SHA256
7b8de8ec425d5b0862db83235a7af22c8185759a5c9e6a853c39ac54a7a7de37

SHA512
0e4ae54ab904e2468c423e8d493789d40890bd4cce7cd2b540bf3152071d0ad7347d53a42d164b05c3293ac98046a9cfa0a7433bce32dc5b997a37fa01406e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb9cf286c40bcf457bf1ade21f22da59

SHA1
0d0c047f50941639d567012c785ad2bd25822c7c

SHA256
0d171d4e4b5ed085217739c7c30233df53b184b782591949a57a39db8be30fda

SHA512
d929df552d5f6641fc9551adf863b017309574b73eb00d3002808081fe194c70b2b077855f045fa44080ea2b89bac9b51d1348f38e0732b309d82c1f0c5d7cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48ca7ad89b57a6517e2f86fcd736d972

SHA1
36bccb67448fe973d5ff670ec9505230e047b2ae

SHA256
263d39f45ceded366a2632870664b60fa89af41f16b1159c973701af58190a14

SHA512
172686bc546c796947f3850e2ecb600cf6ec65bb70859386d2c68db5f49207df49a7ee9d2a97dd3c148c66d7899dab135c8ebbd25c0b4ece4c4d2f09a76fa7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed6a5f5d4d7f38bba7b6a232169388d1

SHA1
0326da45749a67a4118e9c3ea906b8207d7d9592

SHA256
b0d50c49e22af641519085e3912ec48dd61c247afa9a76b61cba55f49202231b

SHA512
0f6ca973ace5d68bd2cb9911d7ee5725effec9b613daba597b787ce332b9f1819d1411761b83d18baaa570af8cc39ba5460e76e4aa7dcf93b29063fdd940fc5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\6f9fa0e7-4cba-4148-8de2-6ac4a3e86d86\index-dir\the-real-index

Filesize
48B

MD5
51f011109e370136acb29521a85b7470

SHA1
f2fac434a793ac3d4fa050165d7389ddada83b1b

SHA256
58b472a1ef875bee1ae2966f4dfae8a2c91d46d986957be2e0851ecfa199f177

SHA512
86ff6cee9b30e343ba488c2138cfba4ae9c9fc8c4949a27f330f7b832380c3210a341caf7aeef7ffc2a5d83f584fab2e2b64417064335195a41fa80b9c9c68f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\6f9fa0e7-4cba-4148-8de2-6ac4a3e86d86\index-dir\the-real-index~RFe57ba67.TMP

Filesize
48B

MD5
af9885b76ff436d3650cfd144f36c65d

SHA1
3d2c5bb654c3d8fb91d47bc455722098d8b387f3

SHA256
6369cbd41ce3d441c19c47849c7dae8272ff4d27d36f0e50a7dc652b2036b5b4

SHA512
22f0552a09806aef24e96a1c8b133d14969d63d5a6924baf69f9c73da9d3cef1120287f22baa5fec7db2a438fc0b13744a98ebf17805f3a4bba01cfe49f371cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt

Filesize
111B

MD5
d7ee4d6b08ca85cd13c4d7195099283d

SHA1
4238d14d0b1b8ef957782cc82cfa633e03451961

SHA256
657f42027e1b6d8f4baf455c07c3c0a1d96af337230f5ff06f9a8d6127d2296b

SHA512
3db39c702c8cb4cb3d4eefd60494ff3d82a219f7c7cc3ff3e4b53e59c9be122874a46d7ed4dbc853df3b74f9d6f5b61853a4f9aaf282d9171a0c276ec1a198a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt~RFe57ba67.TMP

Filesize
118B

MD5
9fedff774aa1e101ea168496c15a59d2

SHA1
e437f7aae8de84692c7a363acabc0b7699c6d921

SHA256
7416f77300dafa73785adfaee5358724b90eff0f9c87f798cfd6220e8403d1bd

SHA512
0f0fff73011d0d3aa39a511608f13160bc437edc3c2b3c7be964bc42be6d1dba72520cd53ab3a1751ed90033c5da7486156c0e33d683d4d878351855bb10b4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
68eec8357d043f90c0e4d9f159dee634

SHA1
51fc183029d15abc647f3f7037b7ec7b0a23eeec

SHA256
1bc2fbca23a295d06d0002be6c855222d6fa7b8751d6e12b3928c19d226b68bc

SHA512
f13e32a5559fd2bd9608ff99d23507b6638f53af810e1f72ce2b59f4c7c63e7852f482159e17024c6a6dedfb0da25b37356d52ff082847e8817859e5139be962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
69e2763991a65ddd691eb03af504faa8

SHA1
2d66b704f8fb5cf52d2ffdb4a80989b7125f8c24

SHA256
6d63fc4d72e15a6e559efd9d37e57a8f5fc16fe8d77c1b83cacc976097a3893d

SHA512
45ee75c7e6601c9d650d96398bd0b642114f4ec35601d59ffa7a56262e4b8c172aeb7fd2aa5b1f42001bf9acae3ba84d1815a02c2bb6669a87c2a7f6e4451ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8c06c2e5e88806c10433e117e643f463

SHA1
2faa842d71594e5633bfb22aa36d15fd99cd26ea

SHA256
f44c1e29290842eecc392da26aa84db4b8cba54282a5c59a87a774d7fa3e5a02

SHA512
c7cf30b5fb00ea21ceb84a95e2207cb64e8bd6d38e0efe362618a7cadbe7f390767412222c533dcd8df205401c49738e73d9d65dc12ac17511278b066b43ca34

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
989B

MD5
ba444473d751e18c072d02dc9a16062e

SHA1
6fa2be073a6a6c15f4ef3c0964fb4aca8b86a830

SHA256
668fd59644d6d5f1173cfa48694784cb1c9aab728c21e1ba9563cd1077b166fa

SHA512
ef3719350408a0c6967356223bae8767ce80c591cf1fbe1b389ad53348028c3b1942283fba1f5a3b8265c8ecdd049000013ff603799baed1a8bba24c3b7b9377

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
d2f8c8d851a8f6df52a91eac5154c087

SHA1
d2e56d96a337ec82c14cd13ca728db38a1b1df18

SHA256
455d0b9a720ca02b03af0edc8f4dcbc1ea926bc53f57444f678b6e55acd9ff0c

SHA512
09debbd86f882aa52fc812ce39850974ea5261585449232b457cdb531c1c2d758651505ead748ec67d21772d01ebed8993e169c8f0717769a3e2c6d833f17477

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
63a9d06792dec44db6db66fd018804e4

SHA1
a8e09ef08eeb359cbf4d55b9b1938107b1c137a6

SHA256
b217cd546d087d17993dccd409a8eec22b6f1c7490b5d0845192b07301b39cba

SHA512
e4b4ec71cc5b74aa87dcbd4b29003dc60bd6815e2a4c7bc9b8a09b3a7119df94b74238624eae9e959f7eb20ca46414f788d108b2a868b692ad8d24cc67c67eae

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
176099e9d50ea2ff2a8c6907cbc9e287

SHA1
a850a7926e7ae58f34e9146667617047da367515

SHA256
0302f236044b4fe549a53643a919f3697e75ea01c513b83baba52074e12a3645

SHA512
b7e9c66698dd84bba9a26fad90e00f37d8ff70fcd0aa9fcac13450a34364cdfa0c63bf01756a5530da5e69133319d994976e3ef4af7633801639eba5cf687a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zhvaeu2l.lr2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\BackupSubmit.mpv2

Filesize
636KB

MD5
86be0bff4751f33556853288691e15de

SHA1
10cca2098e6cadfad26f146ea0690ecaceed9e10

SHA256
9422f015b18562a78ed90ece7fd64b9a986e97b50063586244501d463a601e81

SHA512
535c96f4e090337c42e093b9cba4270e6f2d88e1d4cd60a644133fd6d8abf8c54636a42116943b66fb9965195cfd4b5eec1eabd5ff399d4fb42cea39d83a793b

Download Submit
C:\Users\Admin\Desktop\BackupSuspend.ico

Filesize
853KB

MD5
05b6991ab566b55f3acaee800903ab0c

SHA1
e756f3d10fb1c4d802057f0186df410dc85a65b5

SHA256
b4ebb8d155c94810e8d17c243deff8db76528aa50627f5a8589aa872de9391d2

SHA512
380e4301b370cb3c8f0b4114ecc8f1ace1c5acfc34f6d20050f1407f902f853d08de1f77918168f11ea832155ce8096541c75f50a19af104e5c419ae9722940b

Download Submit
C:\Users\Admin\Desktop\CopyOut.lnk

Filesize
663KB

MD5
40db1fa07335213c5b01e692567af226

SHA1
65e532716107587f1b0c235f4c348c9542211095

SHA256
0e45cf4af539a9a33092e94c079269f638b2bc438f4c1577fa53a0cbcb266fa4

SHA512
c637cb300e1916c050c27ffacfe700a3ba3aa9e3600a78e745d2dad73d1e6f8a8a78a84343e1c05b617f81b3f77b983b460dcb0e285be44d6dfac118bbb6b38c

Download Submit
C:\Users\Admin\Desktop\DebugSend.xps

Filesize
772KB

MD5
61bf51ac12db9c02b47b31a7f507c0e9

SHA1
46ca0deec8d83111e3338b7faf2bb64bd944a548

SHA256
7cd3c5daee1580263889c9783605936ff8ed9767e722820eb9cbe70dab9144f4

SHA512
dbd11db56d710cd54b374c68d11cbed138c5f87c2e59fb15463317a762e72ca36cf7a4ed77274e8a5e3c4e9c129e8def41c59c266facffbe2b24a2f04c6df79b

Download Submit
C:\Users\Admin\Desktop\DebugStop.aiff

Filesize
1.2MB

MD5
66f769a9b979cbe931e802ba9e13f0cc

SHA1
54bda762f7e349c999d39de92742ab5293731c74

SHA256
5b2f16669024416877fecd21848f69790537c3ddd648dace793f1cc5c097c030

SHA512
5e3add83175f006453b6fe2e0767cffbad45f1d49de2cbb2ddb55a874659c48398bd28f38d9659a8dc6a40de676e326e76f1f24eee5c4253cf04c458acd7ca4d

Download Submit
C:\Users\Admin\Desktop\EditLock.docx

Filesize
15KB

MD5
a3313fee3b74f870e5c92609e74ae92c

SHA1
a6514908058bc8d833b49cfe5c499ed5d365108f

SHA256
7847ad4feee5c4a0f4b0040d5750d1c0d0e9f441a27dff959f196ee205ce279e

SHA512
85074967ab5eee412ac1559da74a73a06476780970adfac4c6bd58fda7dd8e0a6f35daa435486c972f328a1ab7852a1526e6278edbcf7916a50088e4dd971e9e

Download Submit
C:\Users\Admin\Desktop\FormatWrite.mpeg

Filesize
365KB

MD5
0c4a0a8c7d9b1c9f6f64a80e5c06cdfa

SHA1
822bdd282205826a2208d23751e12c86b0491ba6

SHA256
4b8b99aa838392cc667d3f04ff12eb0a0c47e299001599cb30ef98b63ba8d700

SHA512
bd842d06208eee0cd8af27de83d4ac6de01970211785089defd9b7e6ed895dc8a93200d82b980bef2475f5d11b25e560248c4cb0edc800030c6a34290511f362

Download Submit
C:\Users\Admin\Desktop\GrantBackup.ini

Filesize
799KB

MD5
c579e83cb9faa25b27062fc9f4239bbd

SHA1
9cbe748abd24011338fae9feb56a9bb2f6fb05ed

SHA256
48c30bc779ed8d1e7cb194c3a3dc3cd49fc5a4f7b4dfc69f64982d5ed0f9a9e9

SHA512
7528dae5091a901b5fd65a0df4048493ac7a216b8883ce40334174af9c4839caad3d5faf347823f2524e720d840c93d826f154da2b27e1885d4315329710e7e2

Download Submit
C:\Users\Admin\Desktop\GrantOptimize.avi

Filesize
609KB

MD5
23688e6a1290f534acb996d6217f5eb4

SHA1
25484125da55f3304ac199128be196d591e7ba66

SHA256
ba6ad64082065a22a87f34ec23863d043ad29659756c3602c8a3c1ef04fe9142

SHA512
a212d9a10f11ec85898294e39ca510fee7d4423371e88d20e737f60359a44d3186364edaaa0f27fe412ec6518ae97d19ded71f4843425e8b1595cc0028d5bc2c

Download Submit
C:\Users\Admin\Desktop\InstallBlock.docx

Filesize
14KB

MD5
4f4616afd69d8f67c11c09b58738a477

SHA1
8f9e3a96f6b607a4e2f34a622da67384eac25d9b

SHA256
ee5b4fae40f5ef8b563189cb70d947c9d451df5cb8a1696fe4378dca86d660bc

SHA512
83236e5b4d06742b627e31b7c989ada0ceca8dcc4837380c1c2973c47cd82be35d85d0bdae9c6ed83cb876ba4093094dd1556d32c0c24106fe4681d50d2419f6

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
e57877000c54fe83cc0a283cb5d8fdd7

SHA1
6c6da0b040628cfd7fd076e75fd4ab4fcd688fb5

SHA256
7f91244fd305f1204aebc46475224bf79276106f7364b0e7be6c06cbf6bb4f8e

SHA512
61a3d0a503022751d67b2f9c10ba9c863856c9b1cffa3002675ef0539f20af997e9e754197dda7c3ddfff65c5e0c7cee21ef5e60a05b104f04dc4454729b6b22

Download Submit
C:\Users\Admin\Desktop\My Creations\Settings\quasar.p12

Filesize
4KB

MD5
d3be99357282ad644a44d59dd0cf9813

SHA1
8f7a2d55bd32a891a1690915187e2adedcbb608d

SHA256
bdb5c05945da7eb40dfdc50ab277954b9a4ecf078d60bee07277764612ccae6b

SHA512
819163ad29402a4b64f3f1c9cf50a27e91afedc2094bf0dfe9d64505027563aea75443879fe7c3c0237bddeee039e95676b0d050ca7b4d74b76f33bde6b167f7

Download Submit
C:\Users\Admin\Desktop\NewEnter.pub

Filesize
745KB

MD5
4c2591e5b62b39c4607c881368f0842b

SHA1
e95f0f3e7adc91ea4d602e00d83770a62c30d3e9

SHA256
279a481051b967a58e201bb58426266674aea9e5bab0ea3cb43818b164b0a947

SHA512
f7f3de791d74b6c51589393f8eacd644f94126fc0edb611da74c1e97f70b60fd57b7794546ab0a17ad0985b3e517ce5c0e63405cb6da68fb790950651a077054

Download Submit
C:\Users\Admin\Desktop\NewSubmit.mht

Filesize
880KB

MD5
fcc1e103b636b516f7578c09f71cf9de

SHA1
7adab3d1a5ccf21ff438592468822c5248703001

SHA256
bd6505c1ea9e2dcff2b6dbccc7922645f65f96b435e3e347cc5f3ae0ca884a41

SHA512
945e85b2b6be1ecf93e8826bebcc03271dbba68e40a949e8a97a639af9ae221dc6f81533e19bade2f322f0bfc0b9ffe6e0022cad9ec55058a408bb5ceeca0213

Download Submit
C:\Users\Admin\Desktop\OutRegister.nfo

Filesize
826KB

MD5
64910aa714ba2cd75b3d39599ab9fed4

SHA1
ace0e1a708b53c2d3c49b41aaccf0faa74b952b6

SHA256
88a7f0da3abf7344e4cc670631756b0c985f88b78ea0bc8e68cccfb20b8527f5

SHA512
08d1233381a08affbaf3bb58a4d13f579cfc373361ef2bc5bc02b830e9318833208e259d4d62089d8fe59c63ba002f0e78042e83e27ac4379e1639722a3e1e2c

Download Submit
C:\Users\Admin\Desktop\ReadUninstall.mov

Filesize
420KB

MD5
1c3cae91d026ad5a974e0708b27aac07

SHA1
b1e40606fb9aec81c339e573f8c00dd18c0bcaec

SHA256
cfabaf7866dee14418d50c6c63cdbed64961d76bbcc943da7e97258dabb328ca

SHA512
edbbcd3b7b3cee915ef3af6b06719de3cd85e21d4e88caa1cdaf0fa1e213547472ac507cee83ae5e3733690c6fe1ac5299d154bb476e85e2469495e4eaf3b0e5

Download Submit
C:\Users\Admin\Desktop\ReceiveInvoke.scf

Filesize
582KB

MD5
25e172c12aadcf15763ec32cd4df28c3

SHA1
7179ca7d1956b468bc47e5a36ede68d93731d113

SHA256
7ff8094ec7181f5233f842b7b6d7351cf9c097f0ef51edd6ca8f45434a8f46e1

SHA512
ffcd037728b40977ce1c7510cf7b2026d04c60be3429f4d16b838f592b67f07acb555293081645cfd9f4ef8cd5b73f2fe1cf28e361e2e2122bc8303510d4fd77

Download Submit
C:\Users\Admin\Desktop\RegisterFind.xltx

Filesize
338KB

MD5
b16d0487337d74bfb90bde83eb727a92

SHA1
6b66878444024eec5eb5e8d63d3c0a0d95104405

SHA256
9f8df69a7332b94fd31d88ef573cd78e84c23167f9cc954b248d2756a141352c

SHA512
ee2671efd10415f44dfa48862a29060b6427334fb8289d59db69b7a58a0d0c2a5ec4b38cb1d0aa2727decbd7a1018e5e73f5732b6b8729c92fa1176cf68cc8da

Download Submit
C:\Users\Admin\Desktop\RestoreReset.odp

Filesize
392KB

MD5
35a0e6738c7048798e827b002d562584

SHA1
1f283dbbc1733e652310d528d47dd0b9937ce488

SHA256
0c6aad4642647093777d1b1cb9b62e2528158ae30a6d9a041d5d2316d9faa83b

SHA512
830fe51d18acf6504ddd90463978465d3ab2db8fb46ecc0ee1003f295e65239a5b2cdffd40f3696a9bf5fc563d6ad07d3d396fa618c98770f332762df17b5788

Download Submit
C:\Users\Admin\Desktop\SetUnblock.docx

Filesize
13KB

MD5
80cf4c6c4d35ab259a54e3d094b304f8

SHA1
ca781485aef0842d48c73bb1aff6b32dca64b02b

SHA256
8b1e0122586f3ce621814eef99358ee93092e5afda89b42a360e27de4472f300

SHA512
1992cec799b83f527a1a4c23b91b2c2efdfa0d7233228650f46551a66ac7e1fb86558023e891b574f79f54bdbcbe911367033358484f6bf7c68a8057e9ba4ae1

Download Submit
C:\Users\Admin\Desktop\ShowEdit.mp4

Filesize
474KB

MD5
d24d450979cddc1feace1a0132583b61

SHA1
130e0d0fcd9b3d8802381aa97556c92d84df953e

SHA256
7ebaa9b9f9c524e48712fa142462c0fd04bd227792f5b5c91dc50f14299ee270

SHA512
68fc3b9433eeb16382c5b47de4661495a10215007a6960427a0438384555ee8a004fda788575c7e133612b36d7b04bb0b9457def7ae6139ff210bb7e52860f1d

Download Submit
C:\Users\Admin\Desktop\StopTest.vdx

Filesize
555KB

MD5
43b62f6c2d09d74376299fb86378d2eb

SHA1
025698452114e8fa536c274b3614e53cf0783d63

SHA256
b3774da96c5dffd7fba9cf1a9a57d93f6cc45d0d4e31808d26cd047d723853e4

SHA512
63d3f377b007a6f7788c142e05850e3e7c83a3303091ae9fb453db6a93ff2ade0df39ea2a5706fcf6a04ab652a8579116a2af7d6224fd7056bb462d257177064

Download Submit
C:\Users\Admin\Desktop\SwitchRepair.dib

Filesize
311KB

MD5
e2272d861c8274e7d28a4c33e63abd59

SHA1
79a8baa8ceb44b67c208a65f6d520a504ca1c6bc

SHA256
a463b191a267c0a5d230a2ff62216bc0ab9e40f65038f5970ae918a31bf93fee

SHA512
c8e6d9add76ebfcd6acdbb4569eafcaf6b08d80800646eb133dce36f91314aa7b8bc1a2e89df38b6553755f38c0bfbea47be91b4822de597ed5ccd14ec5401ef

Download Submit
C:\Users\Admin\Desktop\UninstallOpen.docx

Filesize
13KB

MD5
9f6be6217ddafc44c1e52b8dd93822cc

SHA1
fe7e2ad371c97c6a0774f5132fe2dd64e1fc18d1

SHA256
097f6c472ae63ae894ce478853c420e49831386329583da93cac44c9eedf4529

SHA512
369d85117fae0d1825309fe9811e40387311349a3c7e66da4e44d05a5483d06b7866f53e15b52b7897f4bbc756c56d181a23775568ba9f2f86e05d6a0dd29609

Download Submit
C:\Users\Admin\Desktop\UnprotectAdd.dotm

Filesize
691KB

MD5
d6f1bff860100d5477a714d339fdda1d

SHA1
17fadb8848d4507ba73fdc2a4f6633a239d0c485

SHA256
6a8d5c34f0d157b4fdd4ef620626346a7c50aeca36582560b44b6b41e53b67d4

SHA512
d5b2a2f327fd102c8c55fa0a1d71e6295a53b4423fcf4e1bc0d3920bd36b155cf186d7841f3ece8ce123b3bd41ee9fa40b85d09c729283af59170901ea7657f5

Download Submit
C:\Users\Admin\Desktop\UnprotectResume.nfo

Filesize
501KB

MD5
e2158302320fda2da0f9b5408f851056

SHA1
5d850a00ae020a7ed87f39147ae67b91516ca41d

SHA256
25109b16c5926bbaa650b4a554832f9132381144ac98affba3f44b2e7a09f94e

SHA512
2b7fe9d3dc24b2801b330b908ad07dea9909ea1c9522fc6fd2f5b7356b76836f69505cce6a3329b31272a04f72c6f604eca3f962693bf8f095be3a22dbaf734a

Download Submit
C:\Users\Admin\Desktop\UnpublishWait.aif

Filesize
528KB

MD5
11946dc2704f27d7b96b33451266d66a

SHA1
31ce352c0de2b5ef3b91b336b87f8c13947b8c27

SHA256
0e15d23a738274df4a15b8a4e93f028ebebdc470684b6d6c7bc3cb46d2b4ac8d

SHA512
5deb272433a9e6b641e4f68177948aa28b53a43aec7f2a377aef42d677c32f01d9ed0d31ba3248b516a51179d10e6d64cb5a3c49b8189c0b98a529bec691c0d3

Download Submit
C:\Users\Admin\Desktop\UpdateImport.docx

Filesize
718KB

MD5
cf9032ec5b8164e835ef639dd05d3a43

SHA1
f533929d73faa0e6b8432cf439e29536e12f3e97

SHA256
749e12cc4606dd833b54cd07f8d46fbd3c0c3b1c4ec787b88698ef233faa41d6

SHA512
9c91ebfc0378fb7164de02722a5957c1d324834a33051c64ad5e33199dd303827ddb95d32dc8f6045504e52589a46326728d1e368e8eb5a45e6d9c32fad308b4

Download Submit
C:\Users\Admin\Desktop\UpdateRead.zip

Filesize
447KB

MD5
b6f575bb724c4ee61bb9425b233f2b09

SHA1
d2325728dd9b7efc34e521a28a8c7869b1190a9c

SHA256
a7d18189e3a152052a03f4af4878d1b7f150662d32b713a6dc6784e4c9697146

SHA512
9ebce512c8a88e4cec1faf47f0cbc6ff6b561213d9eda3e73d0cb1188fc8e2bba1559659bb70474601358f738292c5a292ad28551f2acd0f2f5b70e2b313af2f

Download Submit
C:\Users\Admin\Downloads\My Creations.zip

Filesize
20.2MB

MD5
ea5ef16b4ebc4658733514ea98beeac5

SHA1
061d697530442eaf330b176746e2055b315a20d6

SHA256
9e21d09501d6699c324ec26e2d8768929b1bf02b17c906b92a2b876408dee4cb

SHA512
482aa4f1213a865ac604126d12b4a449c9b1f2cf0423cc0bb5a96106baa831712ea6ff8e290e4191a90e7883eda09e551f31c2a98d13b2b7dc8eb424b227936a

Download Submit
C:\Users\Admin\Downloads\My Creations.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
3c538002a198c8e8db07efe6c1be12ed

SHA1
c6e34862bddf4a5cad1d6a853251406e7326376c

SHA256
87a876beead71aff2da2dcd3fb5bda870c239a788218f61a5d02af849cada0dc

SHA512
baef14c52de8e1e47596a55483ccf74826abf5e7b7a31f30caad1464aa806f5a475877a5d28280b86e7839d9ece5b200d7782f1285072ec79701cf57ec0d26c7

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
c3907ad93286b06a125077a9b7377be0

SHA1
60c87ef979bd453140ac06fdf85f8c2f62dc3d89

SHA256
9bb41d69423c79f9a8b2ac4052c8a50246c1ea1439dde8e0cd8d16854b5b47ed

SHA512
2e5a846c4b6dfcc249a575eaad814166093ccafa82c0549854987888a188eadc7aa23d4135c76e31a92579fb9a5490430bbd0c40dd7fe74ce4546ee342f20ce9

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
e4ae560a43ae80891b574cf59c4d4f8d

SHA1
de649788879b6b45693f2094fa57e56913bc7b39

SHA256
ee4cae39a92275a6ff8a4b5d0675dc782129153178dbf04fc5443b41bb8d435b

SHA512
3d5059625e824e3e4449c8a7327daa91391f692f7f239f411a75479c90cc6ab9524b07d4ebbd79218358a79b349adf34428b8459d71428a8eb8845d896990117

Download Submit
memory/3844-655-0x000001E6DA570000-0x000001E6DA592000-memory.dmp

Filesize
136KB

Download
memory/4476-660-0x0000024323640000-0x0000024323902000-memory.dmp

Filesize
2.8MB

Download
memory/4476-683-0x0000024321990000-0x00000243219A8000-memory.dmp

Filesize
96KB

Download
memory/4476-684-0x0000024321A00000-0x0000024321A50000-memory.dmp

Filesize
320KB

Download
memory/4476-685-0x0000024323290000-0x0000024323342000-memory.dmp

Filesize
712KB

Download
memory/4476-686-0x0000024321A50000-0x0000024321A9C000-memory.dmp

Filesize
304KB

Download
memory/4476-659-0x0000024306C00000-0x0000024306C16000-memory.dmp

Filesize
88KB

Download
memory/4476-658-0x0000024306650000-0x0000024306788000-memory.dmp

Filesize
1.2MB

Download