xworm | 8dc951e63096ed828b6ca4dceca2be6b640ed9d22be9cd1cce0f3c9a3a6ac899

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
07/03/2025, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45274.exe
Size

55KB
MD5

076f9e877b6b14ac5c2b1b6ac29811f1
SHA1

efe0a06e24c13a17d96a07c17de476698518b9fc
SHA256

8dc951e63096ed828b6ca4dceca2be6b640ed9d22be9cd1cce0f3c9a3a6ac899
SHA512

55bb7cf094464ee9de854620eb47615c09019a0ad001cc38a0a9de88e0e8701e31db9824a1fd1659c4f0702e5f9e3aa8c525100663876ae3d0c2a7104c8949da
SSDEEP

768:Uz2AQ7vDyb7YoBBlschSX9CioNIdxbyCdG5g9VrV/WthgOUhZZ5xBy:bLO7uchS8io2xbyCd2uQDgOU1By

Score

10^/10

xworm discovery ransomware rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

orders-ic.gl.at.ply.gg:45999

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/544-1-0x0000000000340000-0x0000000000354000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Links\\image.png"	45274.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857849052885001"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	544	45274.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 348	3544	chrome.exe	85
PID 3544 wrote to memory of 348	3544	chrome.exe	85
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 1840	3544	chrome.exe	86
PID 3544 wrote to memory of 124	3544	chrome.exe	87
PID 3544 wrote to memory of 124	3544	chrome.exe	87
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88
PID 3544 wrote to memory of 660	3544	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\45274.exe
"C:\Users\Admin\AppData\Local\Temp\45274.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8214cc40,0x7ffc8214cc4c,0x7ffc8214cc58
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1708,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5364,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5284,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3416,i,16641494936520668375,91847379085799092,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5b9d9311b4c7479b809603179618c853

SHA1
59a65bff627e047a11d4c0d48fe74ff7b7e9460c

SHA256
d611cd35e1a8500d3bed4b5d73bcf3efb3f5e4f8c909b28877e3fa287ce5d8df

SHA512
e007340490a6fb1c6e2ecfdc5dc0893354f031bcc81962fdd16750b631fec314e3230babd676e76d51ec88708382316758403ac1e301d703246877a0961f9d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
947bd2a8956b968782b44c9c63a4113b

SHA1
b357080f244a526d55eac82d05e314ad2d1365af

SHA256
9069dd518c6825b82d732979937850b057cf1b1cf012ed7cafb02edcec2212b0

SHA512
224ce50239b3dbbe960dc19f2e7473903b4ec3ad24a43da37fa6f7d7eb97769a8f5bad9378c5e34dd48c380f17736d5201a40b532ba37c76aea1fcbc11cf2813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
87c9bc961232a1f5d4b5dc7e2e767296

SHA1
8351f70948cc9161c4ed4833bd7a8c824bc64284

SHA256
5081508b9ee6a8f77b6d8fa3256c3eb675d3e49783e32b848b1390c59547b4db

SHA512
c873d689725167f557fb8410a70acf96fa4b4ac492a22875c42b363d169244786b8194ee9e4e7a93679928e895871fa2b49d4b6b63f83d1ab95543eecff74eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ffabeb12fc3247260f13052ebb0689fe

SHA1
5718028d1e701a5844174919af42b90720568800

SHA256
f6f470c0fe7d002cb1b2f9dca5a6143673d146fa6ac9513868f254330f4cb4bc

SHA512
2ebe0546d7dfb0f4befafadc70c4ed05c385ed2a3ed65eef82f6266b9aaffcd81cc0039b13666533b5d9b6f6fa73e16ca8a962cb51d69a728d89b47e1f7708e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3090fb610a7cb07f3570c27806361c7a

SHA1
756649d880396214645307dad927d089573097bb

SHA256
c9dd5267e23586d6e67b175b6bdb520d19b722c2362fd8a9190ed66023cad5da

SHA512
6760b913ae90e5b2114c578f5a9952effd37b6ba87c7d1b356429b480ffdc87af61695b702c8f4aacb1e1a23541cb05bcdd87f738b1cbd854e80df2779dad651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f03645e782a469360d1a37671e5077c

SHA1
e8c98270b2511b5beea676480b910e919078cf66

SHA256
264d002563ceb567ff57a1d03a88537f1bdcf2edc4302bcea3b356fc8012cebd

SHA512
133910c2af81e75da1e84122e05496de645c2c33fcb2af53bc26bea1fe855fb8fe9ef35905b398a5e795b16cc74519bdeb20ab6d188b298172899c9ddecb70b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c273d8eb519ba90a359461b7d64fc82

SHA1
3daea89ced8d5700fc18665adfe2ea15a08d1a6e

SHA256
84582f9ebaaa5cd218f0cae872cc3b787c3e8ca1953b0469d392007952ecd3e8

SHA512
bdf1c2b6fa762fc62cb46576441d188476ad53c506402762c781b4e176b07155a1e4af6e077be70461ada2df794de36ca8f034ebedf4761d25aec0209e0fdb4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3d8ebe2cf6456a6f17cdb0f392b3e8ba

SHA1
ed4f54f1596cf3c470adabafd283cf1dda4cba2f

SHA256
e9b8451a66a04dfc8ecb35b1bf854bccb349e4eb93b66faa6c714e2199583085

SHA512
4fe956a0f3562bc11c43fb77c10b7ed560aa30aee210ef3f1c6be46b7ffae7deb14293e2160e61e63fdb1c950828339708703a4d28c439c5b3f786154d9afff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72b2d8fc4ed13eb1dd0c415a746cc63f

SHA1
1c1a2192ca4a0a2a9ce048e0bf47126f401e5ce5

SHA256
1e4b1f63d38fc995868e791b612409cea41ad00cedc3f0bfa131b61f543589e7

SHA512
eb3d5dd221bbf37cf5cc8b613c5ba39c305194cc0a45e56ad685b0ea1f423552eeae0910ed211d0eee01c9923f6bb5e0d988ac3e85eaeb8e8ba05754746c4a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c4386cbfa663a3088d33105e44841c5

SHA1
d7b661bb7971a5570b9e197534207448c9addedc

SHA256
2041d5039286676655b2db5a7afcec5c5ab4f3fb4b01b06f8bec9162cc995d7f

SHA512
69b9bd9ae9d1f7d286035d9ff52989afda8dff2a2e6097ad9077aa18c696c17bbeba05e6794d5d5932a2821fae4bac56c9d491644992a3694efe2976e3a7d99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
472f7d10325e4474dfcd403a2711a1a2

SHA1
1956c20a19b48309276a81971ed30e7590a6a941

SHA256
9a059e2977d0e327216711eeb08102fff325c6b4c2a9a3d01851d83f34d296f5

SHA512
fa9c1188a50db11ac6f84846e9e2254c076e2c62ecdad685730ece2645691d12086916397b23bfbae0a188519d8e99b178bb09a921d97fcbe728dfa079191cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
61bcd3d24bbb792078b447db0427656d

SHA1
227091282a2b0ac17ec8a33a3ae964447f5e63e1

SHA256
f624aa35ea2a10620bfd280fa35d3ea8fa5cb2454d6f815cb57a7ceafbc264f5

SHA512
c0faa31d07b124cf39610d598650b1610b930fd437c13e1db8de021fac318aed6207798aeb1bb7d77e319538ded1c766b8f1e8b79b7153f56ae96a6b242dd4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
833f3a77e734ed0b115cb290c3f6fc31

SHA1
8b02fe4b41dc6fca7181c1d6ff9bb6392f7319c6

SHA256
979fbe40ff84afb706843b529fbf66e571dc2b92f900d2f0be02b2736f711bda

SHA512
c25ea81c0a49dd900d03ad92bf2c0589276967c5be7d81470a1684e4a841e550d3442ed458ee726a900b1506fb31fd6f37c9514b345b68e46df3a25b84978b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
f8e4d7d9d86448d37da98dff378eca37

SHA1
3817a8d1a5dc5ababbc7e7ab93436ad83b3665ae

SHA256
0ad342aa585b2ef065a65ca6b0c80a836028b78fe07d97269052f1b8ba532194

SHA512
35413fc0dc8aaf4f7edbdbebc61f0dcfbdcca25607adcbf06c4cf365eaf6dbf0af8f6d510b9ac4f6ff8cb755343d70a62daa80df55afb1e5aece40c81a533afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
044505009941cb50d197d678252cf1dd

SHA1
83e0171ef89885505ad4afbf1d916235b03a7c52

SHA256
9b0213fa9f978baaca441a2ee365e970e03a242f2e582e181911ff719fc9ae00

SHA512
f0369a04db11b0a6112c7c41d1ca453e65b0856600a9de39b826cc90925556a749d3de2d76990ec7435b521baa8a34ab9e2e8b1f46aa4bf579dc5ba3fc0fc885

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3544_988584181\0c133969-dc9f-46da-93cb-0760eb827e4b.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3544_988584181\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Desktop\ClearCopy.emf

Filesize
979KB

MD5
6377c8caf71b26468798dc02f0f3c554

SHA1
d3a92ca963999f6d0f028de72686ed8236df2567

SHA256
d225a2247d7529791420106690883458c5d173aea7861f9d69e4a041af909e96

SHA512
913fcda77efbda26d240b2cc6d2312e7e0c904f19813d8adda1188024fb7eb7368f633ce924d1c8c75131783adba5e74312b81ec2d823c7453dbe5ea4800733a

Download Submit
C:\Users\Admin\Desktop\CloseSend.DVR

Filesize
1.6MB

MD5
768e33eb259b33ab85f304da4cbaf801

SHA1
0a6435552d0d3fe4311c404804a380b28a246e68

SHA256
e4f5caace0d3b418af8be2505409458bd36c504a00a4b2d2033b51353df39f4e

SHA512
cffe5d98eb0ff3ef4c95cede53e564ca10e3d90377fbb515d4f44c2e9c6b8ecf135ff91d324bd2215894164f2a2a89bf4337f50b851c4d853502e1bc1cc88682

Download Submit
C:\Users\Admin\Desktop\CompleteOpen.wax

Filesize
405KB

MD5
879d0268289ae59db738e77d6d1d0e23

SHA1
886e883a24846fb54959760dd28ebe78d9bfc527

SHA256
ec50cf4e9cc9e1b1ff201e7cdce8cd356081e00f4491ca7d63c88fa16299c6dc

SHA512
50acbac2e4a8a0ea983285dd1837cf870532159fa5c6386b0738f291151deeb026f6d54aeae3b02acf2afc0f611d28d04211b833ae88333e58c410af384d804d

Download Submit
C:\Users\Admin\Desktop\CompressExit.ADT

Filesize
743KB

MD5
5d8c3e8899d6463bf3a4403672c5be1c

SHA1
0a66fa7b4ffecf42198deddc755ce1a11c96d37d

SHA256
567363608622835d75fdd37651232d3849e8f1840fea979b10084405f4da7158

SHA512
26eaf5a45991a4981abbc8a99fe1364c50966e6e5d10590f0368b819fe37d4dda88ca7b29f4eca3cff40efc538b79b15381b99079f70dcd4ad750ef62879c571

Download Submit
C:\Users\Admin\Desktop\DisconnectRedo.docx

Filesize
17KB

MD5
2b74b05426480a6e3cf676fbcfa8065a

SHA1
bfacb081e4e7aa99e5c0e4e6a901f4f7888bcc73

SHA256
27715aac5da5e451c10ef84aa677e512983ecf539649310d5202f76703ea97ce

SHA512
b831994f1c4fd7fce79f7bf43c0a5fa777441c8d915fc54ee5b8fa2b1f96ca7b6bc92d6277dd28f8956db352461b54065b32710a7c551a79404908d883b15bc4

Download Submit
C:\Users\Admin\Desktop\DismountJoin.inf

Filesize
472KB

MD5
3726fd20f3af75b9c3858abbfae76a94

SHA1
772f360dd12b9f33fc2fd07304afe2ba58c32c44

SHA256
3b3747db59cda85bb332231afebebbce9d145181c7f23abb34a0498af13f82b3

SHA512
7deac9bee6975fc9c921f237c7920b765197f6b6735438a1a8a928d0712e6e3942adb465e65331f35a54ed2744dd4f044a655f54b17c4736b495b693750b3e6e

Download Submit
C:\Users\Admin\Desktop\EnableOut.au3

Filesize
1.1MB

MD5
f4067db58996ebf99c092fec489e05e0

SHA1
e2692d5b393df635e7c517dfe79ce402bd0a6927

SHA256
217e314454d8e8d282f0a00caf983ad046ac058ad0d7e9eb16d6b73721be9f78

SHA512
ce0c31c4031a935122988fbc0ff7e5f0b148a885a8bb2cfd453a5d32d2222c05dd42b5251774cfc92db420711573832ce268d37d543d8d60ac81d1e10b90bcd9

Download Submit
C:\Users\Admin\Desktop\ExitLock.doc

Filesize
945KB

MD5
820ae7e9baeead7f11ad174ec5023f9d

SHA1
b0ce2da33a4936a8b403afbf3fb742841d8b331f

SHA256
1b4819ecef0abfad2c711c90255a5a8b0fbde1a3d7a36041dcd4bde68c92cf79

SHA512
5a50709118ce91013d7d7d87d510dcd9b275d453c4b29766d2da05ce545e4750e1ceb79ea013e713923535b84a2148bdcd2f4cfa6e260917419cb61e1bcecca8

Download Submit
C:\Users\Admin\Desktop\GrantPing.jtx

Filesize
878KB

MD5
2d9589ff780d8f040d7c70f5561e0656

SHA1
1616f9d112ab9fbbc7af4fc1892f0d88e369e6ab

SHA256
2a3615fa53c4b3570c7da6b89d28ab78f6b07c7e8aa9d97f25f3e732a9814c32

SHA512
011f46dc80d27adb699c7468a28a741921818a0af611ed5335672a922aeb46110fb1525a7bf623a16fe3d18dafedd2f2a06538f376307d3a475ecb2be5b03c06

Download Submit
C:\Users\Admin\Desktop\HideWrite.bin

Filesize
776KB

MD5
a4ca5b90ad1925d7ed78dd8adb14e29a

SHA1
4dbc2c5196e52b2c9a6188d17813d5f00f06c030

SHA256
74896040b846f3103625c0f76c20b4d6b47a55853c14c7b8f51cbd512ccb499c

SHA512
1b9b085afbbb3290d0fffbda11008310c0482efabf850ad2cdb8c03ad01f8048806ac420ea492dedc056d1d3d6fd81e67d9de5cb292ecdf619b847713f500305

Download Submit
C:\Users\Admin\Desktop\InvokeStep.mpeg2

Filesize
1.1MB

MD5
95632b2ce0b300f747464b9b4d0eaa8f

SHA1
3648979b7cc49fd796e842759ecc51e363a756a6

SHA256
854a9930429a48ef7ccc284ade83a360af7e541ea2a48f5db2e620d2e09c6c78

SHA512
181ec6c05aa8182b3441230ee56ef2897cc32ef6184e81d1cf095700bc739b43dac0d0e6e821496cfbf706278a8fd33d26c7f213be386435685dda0beac9a920

Download Submit
C:\Users\Admin\Desktop\JoinAdd.xltx

Filesize
1.1MB

MD5
8a7ca6d31176cfd58b266f9b48698f22

SHA1
f04d4679d22604ef0e5ce2e438cf57dfa6529af5

SHA256
622a8e2ffa1e3742bcbb30d6d3c02f8ffa38cffe27949a72a7cd7f0b9a19d3d9

SHA512
df1cd7b3148bcb7f38ffb9fe8b28db80423debe732dfd4b841f6176d4a88fd30fb5c898f6c09b4e1959552bb2390864a8a7970cf5bd8246c506db916e07646b8

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
a2704cef03301522d457d91b91b6ae71

SHA1
62abaa0b0bed4c6f22b0e21c3421871c75910e38

SHA256
7fcb3161b2a35d07d3aee6bbeb96598a4b2c28e165a9603594e9c1f881f05d33

SHA512
ceff81a4b0911a7ea4e7c0e7321e04c397f0fa7d015010165dbc132323742b67da8f10f54176c1bef77540c7e5b72384a2531eb306a69a8e604f785890d49564

Download Submit
C:\Users\Admin\Desktop\MountWait.mpeg

Filesize
439KB

MD5
f4e68f36ee325392d29ef13ec480d1f5

SHA1
2ac4e378af320058b1b2402da2ab31689a191f9b

SHA256
c9502c1cb043dba2607e247149cd15923bffd81391bb39810cc843d93aadffe2

SHA512
f44bd2db64a6d2c1d78e8dd1da1ea53a543c7e92855abec079e248cd171a0900a146a2f71c16900d543fa131407d9288f74ce858e0d49d8d2170d1be8bcec6a6

Download Submit
C:\Users\Admin\Desktop\MoveExpand.eps

Filesize
506KB

MD5
3f5d2a14f608f3e5f105e3b3009aac47

SHA1
0df2ff13c88ec1b7ad46ff556cfd3b0a25254baf

SHA256
082ab2b047d3b60059f1eb8d662efb67cb792ae75a741d6f3ad17e00848342d4

SHA512
07bb53e71c62374870324deaceca84b4ee566be99d6ebccb6cbe08a6f8613a8d7a8f152de03704d662f6f2eef4b4f8f28b7cece3f37ffca9d217f7e9702681b6

Download Submit
C:\Users\Admin\Desktop\OpenDismount.mht

Filesize
607KB

MD5
212922576be4b25c12dd482aa163b20c

SHA1
575d9db9dd8bdbdd5cc2a8b36d69da92e153a7e6

SHA256
20e499d585d9a4525a59619598f8125e988d8c34e8113b159ed294c4ebff6132

SHA512
4405f97707b1caa2188ada5c77ed25dad55a535405394a31c21f2ecce84566d8d90994d27f55ef6cdb28bafc20b79f71d963c7dc60179e6afee860fb19f4ddf1

Download Submit
C:\Users\Admin\Desktop\RemoveDisconnect.xml

Filesize
641KB

MD5
e8cc5a00cb403d26e58d825411030056

SHA1
606d428fbee4957e2540b6d0704c99dcaf09c800

SHA256
174899c60f9a0bda4266e266eace1a60beecf29d1fe6cad5819d870137689353

SHA512
985ddde74916234ceb0393d4b3d2e0ac09b502983bd8711b825e9c9409904bbe3816626e3eba595dcf0f4711b54a414c92c052ef0e230fbab3564f19874ef400

Download Submit
C:\Users\Admin\Desktop\ResetPublish.docx

Filesize
18KB

MD5
dd53348c69ce5a5475b1d8c08631c578

SHA1
355c4fe1d3323931bf1b1f10854067fa8c23043f

SHA256
514a89a98bbf0f6815120e327165b31f6a44c5922ed154aebfcc5cbd4034a156

SHA512
34f5fa92c372a6b0afb27dd4cefbbea1784e15c3224e853d3a466e62ee8f6a2ba31a82d9f182f6d0460d849b3055ba3605b2011719cf607e1dee00a6eb779a02

Download Submit
C:\Users\Admin\Desktop\RestoreProtect.ex_

Filesize
709KB

MD5
50de3f6283f247d171f81a44a107f873

SHA1
9932041fa90a830d4a4ec9e91a2d27f2f7e38d2c

SHA256
4d6724ec00cad45bb79444194650c1f8fe3beef96e15305a5a7b5ec62cd2e937

SHA512
3a5d99db632b31f1f2ad898d3661e00882b78b07856cb433080626a2d8879a44c52f34dfc1664cb6439efde57543d78e56cf50100266219324b084e896863cde

Download Submit
C:\Users\Admin\Desktop\ResumeClose.docx

Filesize
18KB

MD5
2b647f084c2ae50dc0821690214e2e7a

SHA1
6dd163f5889ea17fe73d9c8734568f6a8e7ad758

SHA256
5c8d192297a27cd662fe5831f6b505a4b338336d9e4773abcf888ccdba7c2b03

SHA512
45fa4404c6980173ec3f32c04367d24646a8263441f1d22fda190fce80086cb9d51d2c6a523ee663fd74e9034ecc53d20b439c0087277e3dd19bc969476836ed

Download Submit
C:\Users\Admin\Desktop\SearchFind.emf

Filesize
844KB

MD5
f0b271385304b2cf7e8f97255d4528a5

SHA1
fb454f79095901f884e7bf37d73e043a0e4dae96

SHA256
730f3b5170c1436a1ea42a1aa907300a3201ded9f60c3c792e8cdee2ed0def88

SHA512
a6d3f640511997e7749861d5274a8ae8490e69774a62c19e358fb5984cd2b3e4efe3e8c2fe44f718df3e61a48186c8e047d04860f772c674eeba93630fd7a57c

Download Submit
C:\Users\Admin\Desktop\SelectUse.rle

Filesize
1013KB

MD5
76d31b54fc17901aad8435e467578853

SHA1
2f1f7cab4cbdd62d327780ad1c258502c5f4f502

SHA256
48f9f60eb45e2128365e0990240355f3b167cdccaae602b62dd340e204989534

SHA512
32c23ec4b0dc72ad2c5fb960a2a5652f3f673c6a01341bf074a7a7a59d8a34de4ac10e89520f50f7b4570d31a5f266a0687d27f582bf6ed05d64b671dacfd22d

Download Submit
C:\Users\Admin\Desktop\SendStop.pdf

Filesize
574KB

MD5
cdc0d52d89564ad40f786d8d577d2b26

SHA1
bd2abe2ed52e66bf65aec1f4c3737d9722005f0f

SHA256
380a46e2eefe243e90644741cfbf521407349fabe883ca093a6b8d0e51d87a2b

SHA512
8b696e7f3e9b4aef7be840e903105e6f16def63a4abd022662aff47fa08331047a4e252ff4fae395c2b4b5a765b109f0c1444a7bbae118758f6e36ce78827cf0

Download Submit
C:\Users\Admin\Desktop\SubmitSuspend.easmx

Filesize
911KB

MD5
2ba1a0790daa7460d0a8544b56b671d9

SHA1
d90c11b850eff1fc15e62b45084f0783f84b769c

SHA256
ff5c4733cf8ce7d25beca3600b1d2f65d6018e721329a5e84ce5d792565dd229

SHA512
454398a220f571123dd09dfcd2b885e9b0984794ef37b43021310f7958fc7b1b42039107573e8b2da067a75d395319ba54e9dc0f7692b1815e51d42f79cb5fda

Download Submit
C:\Users\Admin\Desktop\SwitchExport.xsl

Filesize
1.0MB

MD5
08b9f7915470e6a3379018a8da637baa

SHA1
ac818a0a15bdc897155929342eba6c11f72aabcc

SHA256
6057d440bed54ccf73f9142b8f220e2e4654a314da87c20fb7afcc1cbceddc50

SHA512
93dac935554802b3397aab5c5abee93a64d935148124662afd6c393bfd988721944e93f48b0c33b8d8ae5ecfd6aab3ddf2a2fdab0858bbdc1757c1cc2d0181ae

Download Submit
C:\Users\Admin\Desktop\TestReceive.wmv

Filesize
810KB

MD5
22e2ea1d6dff4bd69625cdcf31ef7b14

SHA1
76d86cdf25a2e60df49f95736778b1a7bfa4f798

SHA256
398cba593d0a1a15a5db9467aa8c1cc07b0bd41c2b679236aca2324a6a6d7151

SHA512
adda7aa5c8d9074d1b4d61c1e6c4b60bf2be5e8fa6717b3117723764fbb82909ae8b74f1cb853cb8d364070f6bfbc06b43f2c9ddcda31c18f11ea17ba94c6342

Download Submit
C:\Users\Admin\Desktop\WaitUnblock.doc

Filesize
540KB

MD5
1dc4f3646cc670b1f46c54ed4e7ce706

SHA1
38c1dff597c507a2801085262d6994d7dec8d8d9

SHA256
7b33647b0c3f183c10a40024b87347366f4a335f2d070a37121d9f78dc74aa26

SHA512
02e4c0b29e4ea961b2d0bb2ae3b27dfda72df005ca18b169f9ba75100c27ea30eec0497f774d45a81b5f43914b2e91f8f629a9b9cec065f8c4d7f73a1376a82c

Download Submit
C:\Users\Admin\Desktop\WatchOptimize.wmf

Filesize
675KB

MD5
7df453ef6c0b0cd95804193f4263e23a

SHA1
9b1d772b13805c2260b37c650ba1724fd689c7f8

SHA256
89c3c64a0e902db8e1f598a46b7fb91f13b7c2e48a613ad1c5b8c3799c9df648

SHA512
aca0f5eb2b7104d734e280f762338028ca976db08bbd7116d5a57956ba628282b8e9ecaede1be3896307df2794f07036c6f1b5646bd287fd86a3eb40f6c8c252

Download Submit
C:\Users\Admin\Links\image.png

Filesize
170KB

MD5
e162f3c3e59ed38ab14feff3f9d0b244

SHA1
33640b30761e8e6b7f1419fd2334fcd83800897e

SHA256
3cae8f9eb2996ca209d4ee13f1080fc85505f611f523f100088b201bb458323c

SHA512
a23b316898712c744e480eb5a2937393a89ed84c40751587b87058435565807369c598a6e0b3765b95e47684e6801eefc0d9acf0126912d9a1ead4d896345271

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
f0d4ca90ebcd96a459b3b3ce9a700d5e

SHA1
4b8b856cc492df091050c634224f175906f077dc

SHA256
5c656961e326fae355d7ee78d14af4a475c2d1d15aed8b79d7dc525899003396

SHA512
52465b2d005ae1b2c999ce27d3fb7080e2900b635f1aebcc48f331bf993bc280a32036e211f26e6ebb3882daabcbf719e45e6db05232d7f097034dc0945ba19d

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
897c8697ca54d6f5fdce41851e58d0f8

SHA1
cbc8ee496be748027e753d23ec117999e4c3e343

SHA256
2a6e5832ac7601f36e1273790ca472225e50a1bd382ca8b047796a9026f70fc4

SHA512
fc77cf4f50d3d4534c04f2c7e303777d536e54604d2367aa1d085a5e34c74f6e154d6dd1382de8ac58badf2bf6b6dfb1fa9b44399eda3aae249d3690483c2e37

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
5b8637160f2832eb315bc6677e885d57

SHA1
6fa166d5eba1284ac11e78db76c7fd16d1bbc527

SHA256
5dbcb4ee24e0ad42f4f83bee0c0386f1ba93b1635f2508229fbe79e99aaa9369

SHA512
95e7816cf78673b223475b0def424ef612ebc5c41ede9f03423de49896ab95998d8d428bc962ed055beaee235772b8020a13b9f6e39d0961b226e5fd0de56e8e

Download Submit
C:\Users\Public\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
55e532ea20059fe6e98d5a8d50a385b3

SHA1
09911ee0291b1483fd0bb09a64b2b7b29e333385

SHA256
7b11dc761e628ab08a5791967f24c94476c05e21759226a6571ce99f2fd853bc

SHA512
9a9465241582973013018a6f96db852e2be1030af1aa36bc17ac96992ba827856d8ebf66aac5a839380a36e90c5fe81305c39e4548241a2765646b2d12a1b7b2

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
539719803d3debfeb12fe744a462add8

SHA1
315593911f6f65314f9f3306f2f865ed98759896

SHA256
1dd73f2b3b67201ad848a80b1cb6fe0dcd363674509a538bd766d4dfbb534de8

SHA512
f34c0590f2cc70c03faa4e2aeed214e2eae212d2b283e25191541bdab243bd7936b82027759b71e92054cf6c8bcf505087dafbcc8b0633c5ca348d7c219f7f22

Download Submit
memory/544-0-0x00007FFC85B93000-0x00007FFC85B95000-memory.dmp

Filesize
8KB

Download
memory/544-528-0x000000001C2C0000-0x000000001C7E8000-memory.dmp

Filesize
5.2MB

Download
memory/544-36-0x00007FFC85B90000-0x00007FFC86652000-memory.dmp

Filesize
10.8MB

Download
memory/544-527-0x00000000009F0000-0x00000000009FE000-memory.dmp

Filesize
56KB

Download
memory/544-3-0x00007FFC85B93000-0x00007FFC85B95000-memory.dmp

Filesize
8KB

Download
memory/544-2-0x00007FFC85B90000-0x00007FFC86652000-memory.dmp

Filesize
10.8MB

Download
memory/544-1-0x0000000000340000-0x0000000000354000-memory.dmp

Filesize
80KB

Download