orcus | 7ecd8b3a96f79a437837466c772cb384ae4fe1e9ab52b673611dbe55c2fe67a6

Analysis

max time kernel
49s
max time network
50s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19-02-2025 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

m56v9hcw.exe
Size

7.5MB
MD5

2b05de0510522c7ad36572eabc93c268
SHA1

3ecdf3df398138156d82b3706efdfb4318710fe4
SHA256

7ecd8b3a96f79a437837466c772cb384ae4fe1e9ab52b673611dbe55c2fe67a6
SHA512

e26d33bf757ac23427209aba85c2176faa218e43c6882551c6e3001f75424ab68adf6e54acb32e242b321a0ede5e28bf365ab50e4b9873f31c4dd7a6be590050
SSDEEP

196608:pn683kdQkXMCHGLLc54i1wN+DrRRu7NtbFRKnZMZDYhmh1wlxN8:16/TXMCHWUj7rRQ7XbFsn6ZUEWN

Score

10^/10

orcus discovery rat spyware stealer

Malware Config

Extracted

Family

orcus

dandev.us.to:10134

Mutex

fb6a52b489b9487e813d904c53c3e426

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Signatures

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus
Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000a000000027dd2-17.dat	family_orcus

Orcurs Rat Executable 2 IoCs

resource	yara_rule
behavioral1/files/0x000a000000027dd2-17.dat	orcus
behavioral1/memory/4288-33-0x0000000000050000-0x0000000000138000-memory.dmp	orcus

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\law.exe	m56v9hcw.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\law.exe	m56v9hcw.exe

Executes dropped EXE 1 IoCs

pid	Process
4288	law.exe

Loads dropped DLL 6 IoCs

pid	Process
4320	m56v9hcw.exe
4320	m56v9hcw.exe
4320	m56v9hcw.exe
4320	m56v9hcw.exe
4288	law.exe
4288	law.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	law.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4288	law.exe
Token: 33	3096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3096	AUDIODG.EXE

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4320	1432	m56v9hcw.exe	79
PID 1432 wrote to memory of 4320	1432	m56v9hcw.exe	79
PID 4320 wrote to memory of 4288	4320	m56v9hcw.exe	80
PID 4320 wrote to memory of 4288	4320	m56v9hcw.exe	80
PID 4320 wrote to memory of 4288	4320	m56v9hcw.exe	80

C:\Users\Admin\AppData\Local\Temp\m56v9hcw.exe
"C:\Users\Admin\AppData\Local\Temp\m56v9hcw.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Users\Admin\AppData\Local\Temp\m56v9hcw.exe
  "C:\Users\Admin\AppData\Local\Temp\m56v9hcw.exe"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Users\Admin\AppData\Local\Temp\_MEI14322\law.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI14322\law.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:4288

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14322\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\_bz2.pyd

Filesize
83KB

MD5
c17dcb7fc227601471a641ec90e6237f

SHA1
c93a8c2430e844f40f1d9c880aa74612409ffbb9

SHA256
55894b2b98d01f37b9a8cf4daf926d0161ff23c2fb31c56f9dbbac3a61932712

SHA512
38851cbd234a51394673a7514110eb43037b4e19d2a6fb79471cc7d01dbcf2695e70df4ba2727c69f1fed56fc7980e3ca37fddff73cc3294a2ea44facdeb0fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\_decimal.pyd

Filesize
274KB

MD5
ad4324e5cc794d626ffccda544a5a833

SHA1
ef925e000383b6cad9361430fc38264540d434a5

SHA256
040f361f63204b55c17a100c260c7ddfadd00866cc055fbd641b83a6747547d5

SHA512
0a002b79418242112600b9246da66a5c04651aecb2e245f0220b2544d7b7df67a20139f45ddf2d4e7759ce8cc3d6b4be7f98b0a221c756449eb1b6d7af602325

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\_hashlib.pyd

Filesize
63KB

MD5
422e214ca76421e794b99f99a374b077

SHA1
58b24448ab889948303cdefe28a7c697687b7ebc

SHA256
78223aef72777efc93c739f5308a3fc5de28b7d10e6975b8947552a62592772b

SHA512
03fcccc5a300cc029bef06c601915fa38604d955995b127b5b121cb55fb81752a8a1eec4b1b263ba12c51538080335dabaef9e2b8259b4bf02af84a680552fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\_lzma.pyd

Filesize
155KB

MD5
66a9028efd1bb12047dafce391fd6198

SHA1
e0b61ce28ea940f1f0d5247d40abe61ae2b91293

SHA256
e44dea262a24df69fd9b50b08d09ae6f8b051137ce0834640c977091a6f9fca8

SHA512
3c2a4e2539933cbeb1d0b3c8ef14f0563675fd53b6ef487c7a5371dfe2ee1932255f91db598a61aaadacd8dc2fe2486a91f586542c52dfc054b22ad843831d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\_socket.pyd

Filesize
82KB

MD5
abf998769f3cba685e90fa06e0ec8326

SHA1
daa66047cf22b6be608127f8824e59b30c9026bf

SHA256
62d0493ced6ca33e2fd8141649dd9889c23b2e9afc5fdf56edb4f888c88fb823

SHA512
08c6b3573c596a15accf4936533567415198a0daab5b6e9824b820fd1f078233bbc3791fde6971489e70155f7c33c1242b0b0a3a17fe2ec95b9fadae555ed483

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\base_library.zip

Filesize
1.3MB

MD5
18c3f8bf07b4764d340df1d612d28fad

SHA1
fc0e09078527c13597c37dbea39551f72bbe9ae8

SHA256
6e30043dfa5faf9c31bd8fb71778e8e0701275b620696d29ad274846676b7175

SHA512
135b97cd0284424a269c964ed95b06d338814e5e7b2271b065e5eabf56a8af4a213d863dd2a1e93c1425fadb1b20e6c63ffa6e8984156928be4a9a2fbbfd5e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\law.exe

Filesize
903KB

MD5
80f316e9b42b99821182226e2b32887b

SHA1
92ae7497e977530dd697573772af62530ac54c1d

SHA256
63edaa4ba283705b25a0a22a2108e52a148d3978dec033da520320a096e02d7e

SHA512
23815b396a5a8f5fb9db7c497186311d3b365e66fb47bcf90c3b6dae4e5c87b3f50e46d6fa1a75204200f75b9707a84d809a05a19154ac5667b487153bc0b708

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\python313.dll

Filesize
5.8MB

MD5
3aad23292404a7038eb07ce5a6348256

SHA1
35cac5479699b28549ebe36c1d064bfb703f0857

SHA256
78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

SHA512
f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\select.pyd

Filesize
31KB

MD5
62fe3761d24b53d98cc9b0cbbd0feb7c

SHA1
317344c9edf2fcfa2b9bc248a18f6e6acedafffb

SHA256
81f124b01a85882e362a42e94a13c0eff2f4ccd72d461821dc5457a789554413

SHA512
a1d3da17937087af4e5980d908ed645d4ea1b5f3ebfab5c572417df064707cae1372b331c7096cc8e2e041db9315172806d3bc4bb425c6bb4d2fa55e00524881

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14322\unicodedata.pyd

Filesize
695KB

MD5
43b8b61debbc6dd93124a00ddd922d8c

SHA1
5dee63d250ac6233aac7e462eee65c5326224f01

SHA256
3f462ee6e7743a87e5791181936539642e3761c55de3de980a125f91fe21f123

SHA512
dd4791045cf887e6722feae4442c38e641f19ec994a8eaf7667e9df9ea84378d6d718caf3390f92443f6bbf39840c150121bb6fa896c4badd3f78f1ffe4de19d

Download Submit
C:\Users\Admin\AppData\Roaming\Orcus\stp_fb6a52b489b9487e813d904c53c3e426\7ce4f34f51e44339bc3a6345c191729e

Filesize
1.5MB

MD5
d49bbcf52fe93e9123ca4db9456ea3c5

SHA1
0dc2169eb1ee61315abe432d465c4028ec58d199

SHA256
8b245e0499064d33e7797b88246ad7ade7382f1700b550c8cdf2cf146b2e0b57

SHA512
1ec9116369357886522b07ed587be44cf0f4a2899fddd676d3223567fe07fd40f74bfcd84f656c558b188d3c09ad8054aa2461e4b4e236eb0e551a245539249c

Download Submit
C:\Users\Admin\Desktop\AddCompress.vstm

Filesize
607KB

MD5
70d56f29c6dc5659bb32556e2a549209

SHA1
456c7f53198c8904f0fc07d234377eaa33e9fc0f

SHA256
1f066177c91f8706cff339ea59ef3e23dd818abdb2642f8210bf7e6a8295eb79

SHA512
f2a3ee47c34f0e83ad60b6aad7c22f33429d6b424028ac7b3c2042aff76f10110833b0f93262446d32b3d795632eef5d239e4df4df84894e33d8e67f2d40843f

Download Submit
C:\Users\Admin\Desktop\AddLimit.mpeg3

Filesize
561KB

MD5
0659afd0f066c71e269575330caaad79

SHA1
8daee90b9eef1c0d91500e4f8f1ca4699f712fe9

SHA256
195600bd4e594bc7d6c159bb8813ee9f294224caac12f2a190910f4155a540ea

SHA512
bb40d9a1347a6affa87ea163a4ef62a5c8a8b4f8c292d90788dc313a23483cdfd224498b2cc7f403695b6d041bd9b5613591cfb05925b1105d5b9692fc344ac1

Download Submit
C:\Users\Admin\Desktop\AddPush.wmx

Filesize
814KB

MD5
c7449894970ca0bc9240653674fe7ac0

SHA1
de4461c2fb05a2f9bcc3134c450b287a4fc23b1f

SHA256
31a785b8917a9b355b9186841b73bdefe9edbc6e9fb5ed1f190b46ffa0bb2d25

SHA512
e9a15f4a411c2daa8eaa8e5125240e043bbb1ccf1f79ed87538d718c5625f92c3ab80ad06080e808380552fb825ac20eedf08a7a54499f8023bf0424037fc9f5

Download Submit
C:\Users\Admin\Desktop\ConfirmUse.pcx

Filesize
1.1MB

MD5
2536a30c359b133c3cbe9e2ca11d8775

SHA1
1ec3dfd530d556535740cccc83fe9af2687a8cac

SHA256
71bcf88006cee04c315adbfee39f68be36ec0353862b3f2f52fb7282fd567a83

SHA512
a720e77a793f8bbe6d49fe325242a0d807cff6d36e635d26d597cde6f5b5a5ce4f93156b9528c1232ae430de3880444ca7475a4ab40b71a59004467708185c93

Download Submit
C:\Users\Admin\Desktop\ConvertFromSkip.mov

Filesize
424KB

MD5
7d4ec260b33223092e463b2104482dd9

SHA1
25b5211253f667a50d2853a3abf29f12e8e9a8cf

SHA256
e0f5f1aaf665f1a14081e0d707354d98b783e937519799ca8263434188584704

SHA512
16f30fbdf37bb5c8418caaf7aa3783de1480e3b988ed6ee694f13150a257a53c97ddb0441da49fa4f5eb92c7318334e0cf92185e0f58380cfe09bad2c5954b29

Download Submit
C:\Users\Admin\Desktop\ConvertImport.html

Filesize
470KB

MD5
3e0b4622a1e702ba97733409460673cf

SHA1
0d9e670b1085380b47401c4f0c12580523bbc00c

SHA256
ec23bd2c977b1417dd725cc968bef88dc79800f0b4a6efc133327cf40f361d89

SHA512
4d9d39827e1c98ba6630bf7de9cfcbc2d08f0faf42680dec86733f2e798c54646a6bf9a8ba430ed459692771f2352de991cba9297a02ccf451eb208ca3c92e27

Download Submit
C:\Users\Admin\Desktop\DisableGet.tiff

Filesize
539KB

MD5
6d010f88a5c57c30c00d17e23f6e35c1

SHA1
f7efb95f756121d95b8010117dd8679558834479

SHA256
a274e6aeb0df87a12e0f01153399a0acae5eaa20f662729bc564f046973933d0

SHA512
c3f74f4f5d857840a222a6e5a133d078ca62cf2ac026774e54e505ecb5d14be5387369b6188d10c2a213538662cd90eb5e807cc25fa82d948fba69c3d1afc997

Download Submit
C:\Users\Admin\Desktop\FormatClose.mpeg

Filesize
378KB

MD5
f6ce8715ce44a9a7de96703e295cfac6

SHA1
d07041bebe3d87496ffdf92a0f935b308ba4bec0

SHA256
6a663aecdddb67128c8b95e6a09cd951150777f5d9d3f1439948649a0a270dff

SHA512
a1665f81381729af25f5913db0a2b6bd1e80c14f2e4d220ee76572021a579f5ed82c05fbfd176db57dd4cee60bf4e313943f42c3900f5f58c79b09062312bc4c

Download Submit
C:\Users\Admin\Desktop\GroupResize.mpeg2

Filesize
768KB

MD5
2b8316fb0ec717b25f528136837cd6ea

SHA1
c49e2d72418afa8b83fc995a82d7ed279ac8453f

SHA256
d2e0aa28175ec5e22032ebdb0ee70e33fd3e61cd073dcaae2de88d4e70de8ba8

SHA512
5d775f033bdbedcec81a7a48dde39115f67743fab62a0e3c2532a1eda3cf3f2f9ccd5a06cc47fea8c387cada60373dac7c6b6198e322a815313d640501e15033

Download Submit
C:\Users\Admin\Desktop\HideUse.xlsx

Filesize
15KB

MD5
740a2a47e69046edefd6cb83e69c9b4b

SHA1
68b7e2bae2e999e3f5a8e71acdd5c33ed722fe23

SHA256
ce2bb2f1a3bf12330a49a338ad2cef50485460140034ef7fee58529545a37d4e

SHA512
6f7e12c8302214bfde226b4f545d558059644e2161ac8ede77acacee752567682a2fe0e0f9b2f2f90094a1016c52a7d4686ce6f98aa2fbac17aee299d5d1de36

Download Submit
C:\Users\Admin\Desktop\LockStep.docx

Filesize
17KB

MD5
ac0a66f99cb028df913e2de3b81bb751

SHA1
451bac6ea2c10444774d5f6e365d8a3ec1f099a3

SHA256
8f2b035fc7655c4b0b3a9bcc711059409bc0087cc6f50c055e72c418c9e97b0a

SHA512
1491aad8783636cf08f421436d60eba0fd114bc6cec86a12ca5940577784a29204aab5a383e0f5c318523cd05830bca1ed5a88cd46bf8ff2ba090f752a3a7e86

Download Submit
C:\Users\Admin\Desktop\MountReset.pub

Filesize
286KB

MD5
e63403500387cf078d13d0b994a38856

SHA1
0aff7104c5605a0d02a17dba451bcf342f31b7f0

SHA256
c54999a0bf3f320a494b4d7cc16728ad1b4747c6a5d6dfeddfc1ba0fd6379469

SHA512
5294da5e0f88b6eacea892aae4e1ea603048be0902f60886afb314013d770d8d9d31afa661d88a355eb85a4e2f68dc14e52e0b48c57aae8557fee272cb8cd8aa

Download Submit
C:\Users\Admin\Desktop\NewInitialize.docx

Filesize
355KB

MD5
468daf564bb7611f79673aaae2df719d

SHA1
b8e2771efec64371e73dcf8fae47bfbbf4b5e44b

SHA256
43203101c13dd9cbf7e45d97702ecb0af198f8bf5f80ac425ad583c24fd04ca6

SHA512
5028090e0194f0a8ea43940a31eca551380f631f43c51c39af2f43f7a6a96054ff26800825fc0c11813bb687aefcf80a3a60c677b4b9bbc1e1d679c04e51c39a

Download Submit
C:\Users\Admin\Desktop\OpenEnable.cfg

Filesize
401KB

MD5
7376821b427b292115f8a8688692328e

SHA1
c8c3b762b0408e358c932f0cd48f0b89b9998cc7

SHA256
539bbdf60c362bb1b0c6a0777b4a9bc747f732edf8574b8a95a12b5f6ccbca6a

SHA512
8981d07b68825a3436479cee875a9300e8d822d012b675ccd135e15df8c30b5a6dad3cef34952e479d304075cad836c9cd290109a16fd7a27e8a267df95f87e7

Download Submit
C:\Users\Admin\Desktop\PingAssert.cmd

Filesize
791KB

MD5
65580374b8592027a13da70ad4e8e66c

SHA1
426b7793c665a59db57d3f73fc887e3cbfe1b3f7

SHA256
cfed13377c114e282ae4329796e935ebb47fab6fcc169275b4021351db62de9c

SHA512
716976e4a91d0c95d7757b5a8b8fe9c00f630c9ee73292785f1780db57c2c8408f5727776d500d7c14237bccee2dd688e2ba699c43bcd7239a7cb8e734ab36e3

Download Submit
C:\Users\Admin\Desktop\PublishDebug.mpe

Filesize
447KB

MD5
97fabcad52d517327b77595a348b826c

SHA1
752388c654e0b20e24ba93681583aa0784f905f7

SHA256
f6f06c58839a0ea0e92661ebfd4fbdf80ebb332742428af029c560fce9d6466f

SHA512
1ab9759c8fed4c3649f5aad8d3cef41fb065890bae08bfa6395d7fbab30873a66c17d2715dae1bfd5664c4202e8acc68f60bd521ef1ca81f3f13fa49f578c071

Download Submit
C:\Users\Admin\Desktop\PublishSelect.aif

Filesize
676KB

MD5
5022eb60ad22e6873b49a0fc686b6c91

SHA1
42395d2429b6845b2b89c9fbdc74789b8387b368

SHA256
1356f07f4f6a0cfec2bce23296e4844bdf52ed3f45baeedecee3f72e3b56f1b4

SHA512
3f40f08dd1b6cae16a41895509101cb8a4820e12a1b099196c17152d97d033a7e8aa0850544724cea0b106ccdfe4d14c55089ff7b472dfd590a03e2c2c2bf9df

Download Submit
C:\Users\Admin\Desktop\PushInvoke.7z

Filesize
309KB

MD5
1f4f94aee1328bb3b30af1031d0f37e1

SHA1
9db54c3972424a7502bc3e6b40438ce7f1c751ee

SHA256
dfd3175b25597aa09890179620a0201e03b7f4185ac259bed29143764075c5a1

SHA512
e90e41769a88fb36dd73a4786b73dabffd27203e3e712525ee2b887806c3252130ac41d08266b6447660875f9275dd66e2f7a8c691a1e610de610d8a0bf7fde8

Download Submit
C:\Users\Admin\Desktop\RequestSet.docx

Filesize
16KB

MD5
7a8037cac6ae9b0a80846853f0b6bb3c

SHA1
83ee81d7a29bd010acde2f052ae69bd87195e8a9

SHA256
33470c3d63e31959f3b18150ca772855569bac4bd2951a03c2576db31f8d987e

SHA512
c8901ea0629a6e5cb2adeae8103ce32ad8625e56bfafe9eb38636d0a28585c9b19131a1efb08b0fbfc06c03972a14b4875085f11713ad8cf6d10f0ba85a30539

Download Submit
C:\Users\Admin\Desktop\ResolveSearch.js

Filesize
332KB

MD5
12df3f8ee5e268fbb3b86f632a5be572

SHA1
3790d77986248294b8055270d3dceff7094e83fe

SHA256
894861967a5e0575406e2a299955e013d541cc0eb6dd64740a0a1aed9dec688e

SHA512
3661f518e3e9baa5214f29eb667c5d6fea3466cff08fd4ff78bd0402cef5ea30041e392e557709de80ed4e3c4773dbb03aa1d5cca43032588205a589a7a2e66b

Download Submit
C:\Users\Admin\Desktop\SelectExit.rm

Filesize
493KB

MD5
7eff34a5dce0391c9c646a597fce2424

SHA1
b3c22bc148feb53e758ae6a3813762ecc848d5e2

SHA256
042bf175d88b1862771bbd534d828983faa82fda7749995025adf100a57444d4

SHA512
9dc306aa3b6e6b219fb48f87b08fb53fb1a53bbc8be7d3e5c032d5a0f2c3a10910f0d196c46efa5a27f713d7366f42c7cca0b9227a30b5f8050b06100540068c

Download Submit
C:\Users\Admin\Desktop\StartImport.vdw

Filesize
722KB

MD5
c1ffbee89d45df17ff3ea93945dd3cf3

SHA1
4dddafbf3a24ebaaeb200a5a2e6c60649fc1431b

SHA256
d0094e576b96890705badb1ba5446cc3ec4999b14c19589b0e8c28c410348d05

SHA512
f88ae98108671082cb0cf645dc6eefd811ba96583dc4d46aa9144c7de5aa384f6e80b7b8343354622f5d26e188e28e4eb0162cb5372bc1deb0f101d65677380d

Download Submit
C:\Users\Admin\Desktop\StopSkip.sql

Filesize
653KB

MD5
14bee17781d59603f35472b384e1233c

SHA1
5aaf8fc03cd7941b0e7666ec384f038deeb8d0b5

SHA256
f7272828b30cd54a0196c50ad5bbbaffd65f6d45235c4f6fc392e420d64691d5

SHA512
a5cfbe6f52d6f697d9764152e2497708181683b6a3f32210ae2bc66ff52f0dd78edf5a62244d345dc92c307344a004fff7d09bb868e80ce02baf038d99d8eeb2

Download Submit
C:\Users\Admin\Desktop\UninstallNew.dxf

Filesize
745KB

MD5
e3cc74b3684f87eee5a0fc1e58264bd3

SHA1
6d202cb05cd857a761d699a3bac4ac11485c4b28

SHA256
fd14f71bb4e5d6351fdc3957c37fb6ca7d0d0c994f15cf89ede1300dc718d708

SHA512
2c2ed516a1cb1108df1091ba14f898b3f82697deef47edcb886acde7e24781b5e5d57c55d53aa1348ad5386385efc4e3439c6e20faf5be159775679c45a721d7

Download Submit
C:\Users\Admin\Desktop\UnlockDisable.i64

Filesize
630KB

MD5
453b9fd24684138057f899c37bbbbe9c

SHA1
25b12ce3ff396c81e191323653f5f5b1b86fa63b

SHA256
46d5be86712ae024772a01f96eee517a408f724a03937f011f00c92846f418fe

SHA512
8723e32f21cb26e61d73a47edc4d30be733bed624af24bb0e3fee3fa5966cfb7c23498acaf76a635d7922dd5b66e3d6c347a74bb479bfbad26f073b003844e66

Download Submit
C:\Users\Admin\Desktop\UpdateComplete.xsl

Filesize
699KB

MD5
cedb01b0fc1528bdf446f9514be59587

SHA1
d9b79af56dc255fbaec8fceb3a7377638adfa3e2

SHA256
c304af095e23aecd66eabd99e189d28dadfbe9e427c1f7be53bb5612b52bff09

SHA512
727ef72ca9b6b094f52116634d70164d8620cb764a251f48bba47045bd6d361c0b6bcbaf7581c5649c0dd43fae78c51d56a54809a67c3849451749af65a19361

Download Submit
C:\Users\Admin\Desktop\UpdateInitialize.xml

Filesize
584KB

MD5
168ae30ccf1142d32b00c1b5f34c1712

SHA1
c114436d18c442f0002d489085c7b6e173a25b90

SHA256
85853aaacb043f667ae6f221da998ff181b336b740d5de61095a9b8bb401d621

SHA512
6cb1b78fdd3b8c847904bc9df1f0eb3d8ace361829fb739318ad2af17f2cbc4a6c3864ac5d82f291b16337538e1520e05d08bc938645afbf2416493cdd25683b

Download Submit
C:\Users\Admin\Desktop\WaitTrace.3gpp

Filesize
516KB

MD5
5fe4a0ea590b24ed6f7f331bb7236d12

SHA1
a352e734b3f6d3285556cfff44bd483c35741d15

SHA256
16b87c1592a592ca701df14f4c4fccc3184ac86358134587ab4f7cd2ed3f2dcd

SHA512
128ffe3b61c39ff899c863676eaefacb8b673a7a0848831acb48509d6ef021ab6fde1dc5de9443653f24ca6fc5992abc3213fbe91740936a27f9809a833183b5

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
208e7d9b6fb1896aef286bb02e7152f4

SHA1
ef174fd2d4bf05ddf9c014a81b84d201956a1f01

SHA256
ea8377d0c53f0ca510938f8ae7cf345b7e8956f6f65731962459822aaebfbe07

SHA512
bc2c0affb43584358e0d0d1aa5988cf635ccd6be7b1c6c7edb7ca6edf62ea5d452a0f18db6afac2bc96068f31c0a3a0b2103b5278423c604123ced2ecf2646c4

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
2cc8db656babff711bedb7f0148414ab

SHA1
8375c5eb95444907b641b94be02d6d5aaa5dc782

SHA256
f08b64d7fe8040d32185e4e6c7a855b09e101443c735ab048d3e980a40ed338f

SHA512
3c2f87160a11b6b5d2f30030bf7fe1708b20254fd1e9500a9dc8e50b8617b5dd4faaac9c93b2a3216f6a3c8a5c11bcd614c75e4a0e733f8cec1ddf0a4d890bc8

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
177c6a1fd37693c0e36c340d4c3eeb4a

SHA1
cf100526e0d4a1089485d3caab62716175529650

SHA256
e927cf22c8a2e71b58193b56e37c4c3a5209607d5f828470a095e95a1a2a937d

SHA512
64037ca38cfeaf1635bac89a8dcab5be02fba85b4523258bb5d720b497655be8ae74013709c2ad015fc970ee84bc743db5411bf18ea02e52ee48ea19f14217bc

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
3d49ee16291e4d87448d3ae81811c504

SHA1
583345ef2e840fbb59a099e22d3bc849ca241639

SHA256
fff956723e1c9d615ea1dc10408efd3cb25f9c432a3a0fdd6e40ca0a5a905dd3

SHA512
d2af1a9fe0e66fa3d16e9535ea2d3f020d5e78fbcd4cc1f94214ad6d5d7aec7e282602cede84610409848e3ce28af3f700411c482a497f58ba8811d36f34167e

Download Submit
memory/4288-38-0x0000000004C50000-0x0000000004CE2000-memory.dmp

Filesize
584KB

Download
memory/4288-36-0x0000000004AC0000-0x0000000004B1C000-memory.dmp

Filesize
368KB

Download
memory/4288-39-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/4288-44-0x0000000006A10000-0x0000000007028000-memory.dmp

Filesize
6.1MB

Download
memory/4288-45-0x0000000006410000-0x0000000006422000-memory.dmp

Filesize
72KB

Download
memory/4288-46-0x0000000006470000-0x00000000064AC000-memory.dmp

Filesize
240KB

Download
memory/4288-47-0x00000000064C0000-0x000000000650C000-memory.dmp

Filesize
304KB

Download
memory/4288-48-0x0000000006640000-0x000000000674A000-memory.dmp

Filesize
1.0MB

Download
memory/4288-49-0x0000000007030000-0x00000000071F2000-memory.dmp

Filesize
1.8MB

Download
memory/4288-50-0x000000007448E000-0x000000007448F000-memory.dmp

Filesize
4KB

Download
memory/4288-37-0x0000000005200000-0x00000000057A6000-memory.dmp

Filesize
5.6MB

Download
memory/4288-40-0x0000000005150000-0x0000000005168000-memory.dmp

Filesize
96KB

Download
memory/4288-35-0x0000000074480000-0x0000000074C31000-memory.dmp

Filesize
7.7MB

Download
memory/4288-34-0x0000000002410000-0x000000000241E000-memory.dmp

Filesize
56KB

Download
memory/4288-51-0x0000000074480000-0x0000000074C31000-memory.dmp

Filesize
7.7MB

Download
memory/4288-41-0x00000000051F0000-0x0000000005200000-memory.dmp

Filesize
64KB

Download
memory/4288-42-0x0000000005A20000-0x0000000005A2A000-memory.dmp

Filesize
40KB

Download
memory/4288-43-0x0000000006380000-0x00000000063E6000-memory.dmp

Filesize
408KB

Download
memory/4288-33-0x0000000000050000-0x0000000000138000-memory.dmp

Filesize
928KB

Download
memory/4288-32-0x000000007448E000-0x000000007448F000-memory.dmp

Filesize
4KB

Download
memory/4288-89-0x0000000007780000-0x00000000078FA000-memory.dmp

Filesize
1.5MB

Download
memory/4288-95-0x0000000074480000-0x0000000074C31000-memory.dmp

Filesize
7.7MB

Download