98bdb29ae92581661381aa89069df2a53189aabcb8c8c704d1cc4c94e2718467

Analysis

max time kernel
136s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 16:39

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

i2.py
Size

6KB
MD5

4286f0bcd36f3abd51e208df24271f00
SHA1

16df81eb48503f53cfccca5b45d0ebaf89e5c9b8
SHA256

98bdb29ae92581661381aa89069df2a53189aabcb8c8c704d1cc4c94e2718467
SHA512

939aadaef762703cd005d340bf6a28987d3e8428d42f3623b4c10797711ec01a1b2da2c63fe5fdfc4f1c8cc218ccb3cea75c8f590646fd1194115e418a5e6c5b
SSDEEP

192:y5zmEEcUytwzCDHaJ5frEg1zzvTXu3TufeMy:y5zmEEcUytiKarXTkufY

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\$RECYCLE.BIN\S-1-5-18\desktop.ini	LogonUI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies data under HKEY_USERS 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\shell32.dll,-50176 = "File Operation"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000805f77e767cdda01	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{8a2a71c9-0000-0000-0000-d01200000000}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "6"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{8a2a71c9-0000-0000-0000-d01200000000}\MaxCapacity = "14116"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "233"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{8a2a71c9-0000-0000-0000-d01200000000}\NukeOnDelete = "0"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4952	firefox.exe
Token: SeDebugPrivilege	4952	firefox.exe
Token: SeDebugPrivilege	3824	firefox.exe
Token: SeDebugPrivilege	3824	firefox.exe
Token: SeShutdownPrivilege	5744	LogonUI.exe
Token: SeCreatePagefilePrivilege	5744	LogonUI.exe
Token: SeShutdownPrivilege	5744	LogonUI.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
3824	firefox.exe
3824	firefox.exe
3824	firefox.exe
3824	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
3824	firefox.exe
3824	firefox.exe
3824	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4380	OpenWith.exe
4952	firefox.exe
3824	firefox.exe
5744	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4504 wrote to memory of 4952	4504	firefox.exe	86
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 2180	4952	firefox.exe	87
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88
PID 4952 wrote to memory of 4756	4952	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\i2.py
1⤵
- Modifies registry class
PID:4796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.0.634935250\807874734" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abfc63f2-f459-4aa4-ae09-3cf069ec0ac9} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 1868 18b77a2ea58 gpu
    3⤵
    PID:2180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.1.1006499048\1652302803" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aebf09f-f202-42b0-9388-dfa4450b43d5} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 2436 18b6ac89958 socket
    3⤵
    - Checks processor information in registry
    PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.2.1752445776\1076582368" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3012 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90d62d6a-3ad5-4a74-80e0-5e09334a39a0} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 2852 18b7a1f6458 tab
    3⤵
    PID:2100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.3.1255242127\330778106" -childID 2 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d170eba-ce5c-467f-9f94-c06b3b21c59b} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 4204 18b7ae94f58 tab
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.4.804307948\203616346" -childID 3 -isForBrowser -prefsHandle 5076 -prefMapHandle 5068 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bfe5c59-94c0-45b1-9969-25f6eb5bc0dc} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5020 18b7eb49958 tab
    3⤵
    PID:4548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.5.1542763538\528410592" -childID 4 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5ce1953-3de9-4d96-8936-5957fd3516a4} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5208 18b7eb48a58 tab
    3⤵
    PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.6.392939133\783649219" -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5492 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaddd775-aa9b-49f5-af4a-05de0d0d4eeb} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5504 18b7eb49358 tab
    3⤵
    PID:2188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1544
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.0.1877590830\65413292" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22244 -prefMapSize 235168 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0ac7e07-01b6-4ddd-b808-5da7156e17f7} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 1900 23b46c22b58 gpu
    3⤵
    PID:1116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.1.1891810548\882317065" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22280 -prefMapSize 235168 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cfcea8b-7c30-4536-9173-a96e46175c5d} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 2468 23b39f89c58 socket
    3⤵
    - Checks processor information in registry
    PID:1744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.2.1536535873\1205335460" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 22318 -prefMapSize 235168 -jsInitHandle 1180 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19128cc7-180e-41a6-ba60-f757e0978003} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 3028 23b45c92558 tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.3.887718275\93630104" -childID 2 -isForBrowser -prefsHandle 4108 -prefMapHandle 4104 -prefsLen 27692 -prefMapSize 235168 -jsInitHandle 1180 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec9bb06f-3f95-4b14-ac6a-04fc52328e0f} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 4120 23b39f85658 tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.4.1762323046\924949443" -childID 3 -isForBrowser -prefsHandle 5088 -prefMapHandle 5084 -prefsLen 27692 -prefMapSize 235168 -jsInitHandle 1180 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db041b72-6ca2-4966-94d7-f02182fadbec} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 5076 23b4d94b258 tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.5.2033807584\1074105355" -childID 4 -isForBrowser -prefsHandle 5304 -prefMapHandle 5300 -prefsLen 27692 -prefMapSize 235168 -jsInitHandle 1180 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef2deced-750c-4362-ad11-c25ecedfa87a} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 5312 23b4d949458 tab
    3⤵
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.6.454755724\2059287641" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5464 -prefsLen 27692 -prefMapSize 235168 -jsInitHandle 1180 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b35cb00-08fb-4ef6-9f6e-f0baddf6c04d} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 5448 23b4d94a058 tab
    3⤵
    PID:1444

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3946855 /state1:0x41c64e6d
1⤵
- Drops desktop.ini file(s)
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-1337824034-2731376981-3755436523-1000\ReadOnly\LockScreen_O\LockScreen___1280_0720_notdimmed.jpg

Filesize
181KB

MD5
365e6ddb80adbda1106ea371ff6283d4

SHA1
bf3abb139e4f653d6ff735440d9f7cc7586a156d

SHA256
8572c861efdcca046671be581e230e80b70a5ae53a34958076ed7c495e468766

SHA512
2d3cf6f1335bda90e93bc7af170294798f1353cc3d206d6821a12e6c1d04fb6e4a9c87b70d06810d8bcfcb10f3e2ba81193db64ac6a135c57c7761526411c2ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
e36499ae479d77b551960b4bcdb25d01

SHA1
e006bc4b1dc7ed6c4e271524a979742cd4930eb6

SHA256
8f05f654795c878c0c5d45bb312b9357236691f170c27031721c1d85aa58070f

SHA512
cf3206a574398f718c87aa83e8e7bcc5c89dea3f8a60e068384c15e4d8248d0f254f950918c512d918d56db914cc8c8a402f65e34efb529f9efe2b5032998d61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2

Filesize
15KB

MD5
32c7c3c30c7375e56d59ad5957ced59a

SHA1
479aee74e32a4599aabb763b349ba4c73aed7861

SHA256
376c2bf8fdb62d110ac53ddc903d9c30b66ddfcc9c6e19d88df3b499fa2f77d0

SHA512
0f4ca287b9681f3ca7fb51e0e6f1f847b518cdb1172aa8d2e8a7cbd1a9ce809e288ffc9fd3fce7a5389bed303cd5e62feb4d913aba3570705e944a85aad31d24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
babde7f7412246bcc4b42170bcc4fc6d

SHA1
978611d89c53f741d09ee42373a6b4a8e11b81c5

SHA256
54f2e8bf901675cce26761a03c3c5f65d2f097cf09c0b2b0c8f289bf372564d5

SHA512
39964c45b1363b0d452cbfae4e9934c0ea3ff74200890dec7873b4d7aa91316b6680e2edcff3ce76537faeeea931308a961a22d52d4974156052c94e911adc06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
4ff8e395b23043e8522d622a6f1821a6

SHA1
26ee2fab6333f12222ff7406fed4c20a42603442

SHA256
b37eeb992c0e324951c89fb1fe6716581df777c65648b27d3ab89667c086920e

SHA512
895d0d2e0cbb639c9ae0757661c521877bebdd6ed9cf28d267f7331969c550488a9dfe4867b5642973f60771fee15686a8fe9ab710f19cd5922e895cc7adfe78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
e7fe37da1fe935c1f74fa2f5c040e168

SHA1
2a136266d5267fe52bc6d2e4b1e4bcaac934136e

SHA256
caf6c3fc397b4ba06ea6cdc280da2436c83fed92c10394233e61bf3b5254de12

SHA512
83aeff7d3fc63512623eb126c4974da0d16cf24d91895a881c1e7cfc5a893f67951e8d6a1d9ab72c48ed16dad1a6933a2cd892e55af52f68c9896aec867f04ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
acf12b420b62058cda720481e49e2ec6

SHA1
7a10b076d8eff9c6c058a8cf5a91af4e3ad3ee5d

SHA256
0f6b702c0f7c03d556ec52be9bdcf3e831d63279d9456e1c43eea874b8f376be

SHA512
2bf0efdfe7bd8aa341b4f67eec7b8e3ff4de784cd3e8ed95631ac33ef72e9c019976367d84b160bdafbd254bcf5212907053e8d3e866dac2ff07325bb303e92c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\AlternateServices.txt

Filesize
317B

MD5
75712ba940f5e141ccf2917bae40cff5

SHA1
0b4e9122c1273998c27b4eabebf86b97a9d97202

SHA256
402ac514b1d2d7d351ceeb3fbfaf0ed6f1068a7bea3156e8def05ddb600178c8

SHA512
c764a24561aad5cf8d4c22518e7d02151f87aa27b1673145c93946782c24761bbd84bde3ad1d71d6fd4ecb887de10b8c5208257e42db634d028d38175a24de7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\formhistory.sqlite

Filesize
256KB

MD5
a3803d72283e3f66db63d2635568e1cd

SHA1
01ac5e7cde79fa550fd4fc2d08b1982bebbfb19c

SHA256
4dd1972d91c06d1890471c6b49d5d252b1a8ed3baa0a6cf9790dc27d5359d0f8

SHA512
35bd952817b2aa47f858105d2600f990bc6c2944e5acc7aad85479df24cc49899a96b7e79f7f682e10b55f0375b6b832578fe14b8d38daab7d1932757a43d2cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

Filesize
7KB

MD5
74be1b0fbe62e7aae2cf9bfbe0e6bac8

SHA1
77b9c77890aae5458a330dc113b376fb7f8265b0

SHA256
1876ed72537da1ecb0cebb51cb191331a9aa9924eb8aef78691680b9b100ac8b

SHA512
0d6d548879e911af552055ae4ca05d904b8ab651784376e43b3b46a39f3677c384a166367b834fd340d12d79ff1d878c0c9245976b2e17eb2ad84c0a5587902e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

Filesize
7KB

MD5
9e6a52cbdd61c0a67003119f180c6eac

SHA1
8b5b84584971bf02ffe29ce7de36e0853facbb30

SHA256
33db18c21124c0ab40c06c42e96d561a7618238ef6282a11113a896bc08a479f

SHA512
7e01aff1bf15d6d5a0529ac3864f4e185100dccc45a2067008910762f57b1e3f4352643f14eef68b9678b0192de9647fd6a5dcfc66eb1235db02577b825a7843

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
7KB

MD5
31f2b1f35d52f2f23fbd712ff9d6cb83

SHA1
b7fdbb176453e0a5bb5a38fc7d5ee20c3cae7bd5

SHA256
f03481c7ccf8a3255bc7b537879b25ea0960323948048e3c13dbe84e2673bb4c

SHA512
4d909c610fe5931bb80f8fc236fb363517b505c06e1123b66a0ec0d80f61f32715d16a86e85383bcb621d59b4713672a01cba708ad8ed4c5cb965ea6abf6b4db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore.jsonlz4

Filesize
996B

MD5
64833266385d8158174adac3d9c53860

SHA1
db6d64fb5edb6e7a55dc44f3f6e665df57d3d88e

SHA256
bb1d3ff4f63557fde0c93b88161f90222a8e3508241cbd931bfd8db01e948116

SHA512
b1a38d1ed6922197419b94012f6aa502a033b56e33bad0ccf467bd84ed6ce3d7798c0e6449765f1d9d7b24d27ede88c18569be6d3f2c4c08a42efb8770f94969

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore.jsonlz4

Filesize
1002B

MD5
3c1b817d8f6077e5b101bce0f89b5f5e

SHA1
6a94325057932ff81b7a6952165fee36a4b4a117

SHA256
e9c0c6f176a54d3fefb3709c8fa205e4d99811e44e28a9797ff4b5722502d68f

SHA512
d32694b0e8a3631ec904a3774c5b2dda6a9e105abe44b0a35453099624f39d0c66da38cec1dd59f2d7700094008dffa385ecf85ca682bd31f1a541644ab145f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
cd3528528d8b140f5a15ed24cf1be7a7

SHA1
281096eee05684cae22e9245e31add26833ccc0a

SHA256
acec3c8ea214c28ff266b7a2a4e4e0b54d57564aa49e1793b54c304089781015

SHA512
cb38240fd17d1135bddf06614d32aa825a1cce60f5dfb1dc2647ded70b1674635e3bc5a3365df1e419167aaf386d613268199760d750b40dea564de11ff9e013

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\Desktop\ClearGet.tif

Filesize
283KB

MD5
ce09ca21f3136d8e485800fce8e234b2

SHA1
8f5722836a48a65bc4142a4c97450c433ac07e3a

SHA256
2ee60aab189427890770fb24edb2bdb2064305e6d3a2875a887f4075f9aa327d

SHA512
522df89cef0bede51cab65275e66c7477b24ef69dec9d7642fcff0a645e2f9d9c69a55bd7003274904969105e9deb37a4f26afa1dafd71e667944437d26dbe96

Download Submit
C:\Users\Admin\Desktop\ClearRedo.mp3

Filesize
319KB

MD5
8f4e13ac68d3d254adcef600b5e95e01

SHA1
d0db5cb9af279246bcf25d7590dd49521eb30ee7

SHA256
cab76aacdfa1580ad459c8ac7d4ea43ebe6ed0f4fdb75d72d3c27c0a771ccf56

SHA512
cdcd88eeed73403545d79f47de4d31e9d15f9aade08fa7a8f2f399aa259ce794ea25d62b9580c5d5220f9235098f8dc477333267261d60d747ec175b8fa31857

Download Submit
C:\Users\Admin\Desktop\CompressConvert.midi

Filesize
483KB

MD5
69a5b16528d32bbd50fe6e58c29da1c4

SHA1
66b3aa69b17238b1a07894638078a65dac2941c1

SHA256
c2855af558e8cd3124304c79ee51ba1f70454ed2f6dc9ebc6a15b3b9b012a0cc

SHA512
335e73513edd1bbc72d2772df04bfb8fff610c2a82b9cb91765ce1dd99348290f358c633b400c7e731147224315102ffc74fd76723088f3bd39b609b8e843ad2

Download Submit
C:\Users\Admin\Desktop\ConfirmSend.ttf

Filesize
447KB

MD5
41945c7c37e5b811b3e800d696c54173

SHA1
1bf73ceebbea60533fe56934d5d6b99a953e970b

SHA256
1c30941fc7ffd8ea08e99c3b850d477de5c1e85f2f91ad319dc64aeef8c831be

SHA512
729abd537d0f5ab3246d0023bfbec32c1e84097c2f6b67dcb7cba001b1ec2a5196e4cf6f939da9e9ceef385feafef0c3abf198adbd4afa73fc62ed9e86f754bd

Download Submit
C:\Users\Admin\Desktop\ConvertToJoin.xlsx

Filesize
337KB

MD5
06b76c49a1f7ee5c8e0126a989954593

SHA1
e57f793951c244eb338e6708773a2188e0400744

SHA256
5ea3fd59fbc7bcb16ff84fe190df1c8f2c275ba6e354725fe0ff036213352e1a

SHA512
ed05ce987ccb2c08388cd5a1bdb1a4884bd054ae0b7aeec4da32db6b855310d8d0ec9b62af7a18c1ed8ecd0bf4f2eef1d1bfb2ec048537434b75e4d4e24ce541

Download Submit
C:\Users\Admin\Desktop\DebugGrant.m4v

Filesize
465KB

MD5
a8e535788fbea6a69b441a67b69c82cb

SHA1
016234e24669e708555bfc105d428f644be8dfd5

SHA256
a8ec5f6be63ed38f3e36e84ad21c822bd259ff71c30e038f520a77282711f144

SHA512
2cb2b96f25fea70f9c2ec470b9d0df8e3344b7dd40d9eba018cd265db1bf4a972034dae305546b94317b85219f06d6cc4d8ff41d6e448fd198787e6f33c2b46a

Download Submit
C:\Users\Admin\Desktop\DisconnectImport.mp3

Filesize
374KB

MD5
9c41c09e713c579f2803091dca2d1e1e

SHA1
2b494471d9b8e364a7f8f47355deba6264a00637

SHA256
761c9a2e95b483d8d81654afe2801d8d42da7a9c775fe68b184f1ee9b489def8

SHA512
71539bcc6dbc52532cdd790116dc0892cbcae3faf345133869188e00a762776e8760349c86560a6e5e418304098a7b3640cf4b0634723a559d471726000f84a9

Download Submit
C:\Users\Admin\Desktop\EnterImport.odt

Filesize
392KB

MD5
4f36a6c0a7924f5d5124b89aa1248f74

SHA1
309d47dbda93311af0b9bcbe7a0ecb820dd795c1

SHA256
9baa39e38084525a02f25bf7d7ce903c0d5c59518cd87e122f1c726ed81b59d6

SHA512
0d11c3e4ca415dd39f7bb3a731ca6bdadc0d37b359f26e5533d686b74b1976c310c4350637e32c3235a69970dbd98c4e3673663df7f1595d9e37e689f51ba8a0

Download Submit
C:\Users\Admin\Desktop\ExportSwitch.mp2v

Filesize
429KB

MD5
035933f4e3698a747ccf1edd9cf3c1b7

SHA1
8f67fb718693724c8ed0e1be5049012f875c3a8a

SHA256
1e4bad0a4e4cab83e93c05200cbf5c585dbd5faa97beb24d9a351bd1cc2f69ad

SHA512
a784d1178dabcc43bd2db0d955b565a59a23b19510507dd8e71037aa69305c66718f3f56b0ab6e9440ae8cc536e6567dd675a2f83e8b34739e1e93b1e621aff8

Download Submit
C:\Users\Admin\Desktop\GroupOptimize.MTS

Filesize
703KB

MD5
c3cae543e374b9c45a600c3fe8f2d237

SHA1
8ff15f8c52d4f8bd9120f9757577f081ddee8584

SHA256
eed762b4821b0c1cfdb6e30b6c549f2218a56110927e6166a591b10b676fafe7

SHA512
ed78d6e86b7928a7c6d801c19f538aa2a7d8ad31b59adc416531192aed16486b26e11f6a8e1b9c489b54eb42505090641147bf5ee8c8225cffba8e4e469ede10

Download Submit
C:\Users\Admin\Desktop\InitializePush.vdw

Filesize
611KB

MD5
8735d8f1cc6616c640a7d070171983cf

SHA1
6a144aa075e65e92454e0f4cf28d27ee5e8dfac6

SHA256
1958bbc0d1f3558ad29a7191dc4ae3e2184be5e57df6709f5df7d38b949c046f

SHA512
23beb9826d5e77421cc7837d99fb8e8bd028cfa5fe9d6eaf786d88fc05175b2d4d42d54ac7e6b025d9be5412155679737def8b50fd2e1f9166cd6771ce97f1f6

Download Submit
C:\Users\Admin\Desktop\LimitNew.dll

Filesize
666KB

MD5
e6416e14d722f19ec9f48c9a1636bec3

SHA1
fcadb13ad9bd23ac0c00a7655310ea994b3a7875

SHA256
158a9478f0e017b3e63d89d9e714b83a10a0b3e01d14c652d924b2c81655598f

SHA512
8433f1540fd3b6d94cf028a76c8966b4f5894e57ed883e50888f1a5fb839752deab051c944caea6a5b26dbb4685361f2d3c8086b5a4c849d36221e15c86f29ac

Download Submit
C:\Users\Admin\Desktop\LimitOpen.odt

Filesize
967KB

MD5
ecd1f38adc1fa31cd7e8f55561dd7a22

SHA1
939900a40665cb0ad842bc9742237ba4701104cc

SHA256
6a5a662d71c9f208a33b26b7e6b35c48d602007d2cb4a2e725297b2a398306a6

SHA512
04cc2656fcc0a301d8ac0fc16bcc72d49a1c4d54660e15a03f2efaf4af8a10c6943d8136f3250e446dbf405a75fbd02437d6c4b33aec7837ef2cef367cb5de44

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
5a32eb516e59ab42d2d014aa4a69418b

SHA1
6665d9942a65fb9b168345d00dbf7bac36284220

SHA256
c1dd003e476edcd5bc8bdcd4abe4f458fd4b7ed12a77a314c6b9d745e0de7917

SHA512
48e224685b5f0cf02792b8aaf0c3b2c967e697ffb10238ae9d514eabc9ddc6952238b543a0d8f1ebd39091a3a65af47ff831aa3d71b08e6311de0954d861e0c3

Download Submit
C:\Users\Admin\Desktop\MountRepair.mpp

Filesize
520KB

MD5
b4c48505a8e8bf9f2c1c48338a4530d4

SHA1
1466f04cbf16ea065e2a29803bb865a5bafe7f4e

SHA256
ac94451eea6a7238f298bf671cf3710174f9610adea8f9106a62899bd88b7195

SHA512
8656e4df6d6543303d266b07b457542302d20ee8ffe58543df393204419fc5d1cf698ff971ae035d18f3fd0be24d91348c018ec54766edb24fda92c56430b323

Download Submit
C:\Users\Admin\Desktop\OpenBackup.zip

Filesize
593KB

MD5
38a1e14ebff3083b5455a49e6501cd27

SHA1
e8b51c2339cf747bc31b0302de486e4d29b7bb1c

SHA256
70aa5f4c5fb4b59659bc512f46ee4f50c474cf3a3314ed870a42a9c762c735d5

SHA512
824ffbe0ceefb7a77619f74a895a3b704c8e42ef784192f1ec0d01b16d179ace835fa7cce2eb04f925991d2546db74438cf6e68ce63e47b2741a0c8365395871

Download Submit
C:\Users\Admin\Desktop\ProtectGet.jpeg

Filesize
410KB

MD5
52747259b31434370ee13f8e98b48814

SHA1
54f59883411ccbf034d9fd7fda12ef6eee05053d

SHA256
66d8ded5b4821b81d2a5303d25de1e3a6359f72d502cfeed34749f9cca6bce63

SHA512
bdb82fe851943a008b8534c977718a6abdc240c261860dbd0d6797f10df9cde0cd08d16d8de8a6d40a3145dabcead6505dd80038e9fb899f7b4fff4db1e0588e

Download Submit
C:\Users\Admin\Desktop\RegisterAssert.mpa

Filesize
575KB

MD5
2642c8d822219215ede1b2457fef13e3

SHA1
71b802b2491410b060703f484f0d69fdc87e9fa4

SHA256
5023c96f34f04394178a61d9118b32c7c3c3f615ae7ab8d57fde9297732fbe98

SHA512
a61db7524bdf98b6ef84e859004d14c0787eb5c67d62509c791e39e5541069d3f880e8dbb5fd9d7e1882f3e8a8e8ed29b37d07da33a36acc360c3666f7d0ad6e

Download Submit
C:\Users\Admin\Desktop\RegisterPop.zip

Filesize
556KB

MD5
19c61a0d111f772f76cb3779bfc0da71

SHA1
8e5a3466c8637e2a045d079821b7d5cf79dcd7dc

SHA256
469abe03d246a8efaadf8ce5784b70f6350cdb3edf889ad742802581986b6bc2

SHA512
a4ffaa9602d8e7a602f7cd9b28917336adbf6fb56e83d9490c6a0f65bf88b864639b824c381c9fa6d6574ad1346872ba0671d8056d46c7857c6ed28f9a29c07c

Download Submit
C:\Users\Admin\Desktop\RenameRestore.avi

Filesize
629KB

MD5
bbb88a0726e4573284342c5406e3b14e

SHA1
60110b326022cd175c488006bbf0f8a1925a3a13

SHA256
dd75375ef688a72bdae6eadcc1c25d319040dbf73ed6f4fd3e0b1dd54d11c322

SHA512
de20868300d6ac03546c7fe048706728044df75af7c2074c61814051d0bf37b4a5687d5506988b7d6fcfa1cc3e4a152c448ca63f402ea8264b84e296569567fd

Download Submit
C:\Users\Admin\Desktop\ResizeSend.avi

Filesize
502KB

MD5
2cfd04019a2947179d97c3b547a5b57a

SHA1
1bef971cd871d7e77d71548cf27879c1b37667c9

SHA256
54ddacf2830966b969bd6b6728b9a7a7ee65f263fe5d1e34aeab42429497d324

SHA512
149f907fca40c88b5e624b0c6bfb6899bd01dde0644522036b622254909a4f7341214754c05035413025b05e26220f02f323952f4b497d0193cc4a125d6ddd68

Download Submit
C:\Users\Admin\Desktop\ResizeSuspend.docx

Filesize
356KB

MD5
7936cb243c020dd75069e88cdb67c724

SHA1
0491f63dd9b9a43ca6e326c8b5ff0c6002318631

SHA256
e5da588387a3bff17aa467b4f9799027d35988a0f3db69b5ed052e466aad8526

SHA512
fdf314795fde6c817a6da924c3b355025440666a81b0aef29732b3acf15e0c3395d44a935d800d130f518fb97dd737c809aa7c56fc1db938e7eb210190f09628

Download Submit
C:\Users\Admin\Desktop\SaveExpand.wmf

Filesize
264KB

MD5
9b9d3b9703e78148aa90b765594dca12

SHA1
a201a5413caf8754787b0600d1cb10838558d6a6

SHA256
3ff28b5b87b567e8b8ea336ed6c66db8ae8d3b88f0c904542b8aa8559d39f02f

SHA512
e9bf29c37ba408616dab9a7f5b40f5526b3701451983d1cd9c53ba61a86786f6e385850b6bafd7d936685810b8118c9acb25d2c20ccc5a58c56bf76c48574e9b

Download Submit
C:\Users\Admin\Desktop\SplitDebug.au

Filesize
246KB

MD5
c25cd96328067c913dd60ae9c94f062d

SHA1
d5eb92bc804ffe1e645c4c8925bea3e395c4b323

SHA256
6806646aff6717a33c7b480dc172dafafae1eeec3d94b55d8df39f3d7d62ee94

SHA512
cdb5da0cf6823b9e8915522e8bcee9deb857c8d8309ea90848b7219407d989a43be86ff516093582bee44f1808f4ab370c971a9fcae4925c25d94e1dbe2254d6

Download Submit
C:\Users\Admin\Desktop\StepResume.vsx

Filesize
301KB

MD5
5967d221e6ba9b9bc146d4c732bbbc3c

SHA1
f6a3207e0b0d7cce0ad20ec29e83d4e7573df489

SHA256
e0851f18138db6203d35766732419381e5275ba23f1bd64c2a7f662aaed4612c

SHA512
af322d625b1b5450825635d9ae3eb3e750441e8f277e4b471162d6e66785b7758a367468a64b00676e305449cba9d3bb2a401524744ce8818ea9bd8a8def6628

Download Submit
C:\Users\Admin\Desktop\TestUpdate.cab

Filesize
684KB

MD5
37b5ee3307fce27dd1e798b4ba6e8305

SHA1
58889db9ae25c36767dda9afae23a7299bc5ffc9

SHA256
d93a845618f82f5c85b962df10180370f57b9ce22da57a420f5b3c2492b9c555

SHA512
4ce9c946dd9b60f473d5f8d9a5096f456808381fdb4d06ac8e612e30fe834b9320c6c12c243297508efd5c15c3403ee499f6b79aad92ce64d841dc7fa9714423

Download Submit
C:\Users\Admin\Desktop\UnlockOptimize.css

Filesize
538KB

MD5
82d017e75805aeccb16e3f82d06a3f8a

SHA1
74910b4d873b7235b5f516f744fd5e0a4ee76785

SHA256
75549c0be7f5f36b94daac7c761891a327195c679eac25b7254490005a31d335

SHA512
1d6d4b9eb9ef87365399f5fa8f6cc361cdf8c18f6dd2a7eb8e24ec31acbd275d1addcd59417d9ffb57dcf4ca42d1f019288500d2fbc16c7cd598338da5aeb0ae

Download Submit
C:\Users\Admin\Desktop\WatchDeny.pcx

Filesize
648KB

MD5
030378105b4247b9524a2e0f3b35ca8b

SHA1
1e07a2f74299624f863b08f698c41882d58de543

SHA256
4a2f731ff5d12b1c26b7b2f1c598ae8f4d0ed926da2f5d50fc33924d747f9823

SHA512
92ce1ca683ef22391d254621af645d38d85095ca923027c52711afed96a99c1e93a92baea5955713331cbd513a6e685bc81af75ef012cc486318b31e2d5c73df

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
a62f85ded507d9e3b6201ce2026832d2

SHA1
e56e290431ab577db73c9d92da8463c765ed274c

SHA256
97cf7e3b3e9ba6f2606cea6f879576497b96224eebbc9506906f6507f91650e0

SHA512
387b648828c1619ec2063ba14df67b3197b382e9139b75cf05919301f1a3742c84c72cb39679f3cf41f604811ee87947f3c18ece47230b01fa41e3bd82b96987

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
5f1a76469bee19a9bb1104ae60bf2754

SHA1
6c18f54f99771b7210c6c6fcdab1fd7ac2db1cc2

SHA256
293beef9b87f853dce2cbb18136b323e5b48f858b0dd572941b1d69b1ead27a5

SHA512
24644267ad772b0fbfb79fca07bd1deab976fb99358c1ed44ee4854c559fe4b7e6a8907cf1e319217c343cb2783b0c542e2a4a3d02d4f27ebe8c1db14f2a60c9

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
f56cf980a91e2452042aa10e2ac5c6c3

SHA1
e5d009b4454f1ef8c0752e42b52e8b667c6ea775

SHA256
cd9bd53dba03846a5575673fd79633a0903997e84d30beabe416cbb32ac627d1

SHA512
65e0de31770f03f0b5716d25864fe4bdb3d762a3460912ee49611db30e4818c573daf6c9ba5a37b23511f28da8a2da208de82c2c7ef798f4dec26b50c2c23e4b

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
6f7965131b5e962a9635819f96160aa1

SHA1
aa2a5ec1bb2339db835982980aaa5373be687359

SHA256
e7f9942bdf76a6e7c4c4b1b5ad49ab1b8f597a2a00dbd0661cf1f87facecbea4

SHA512
7b9f49699eb98382256c6585ab8a00faa567c5d9abdd1f9c7869716a5081a6ef7c49b527451be05f1c05586a861cfb983b869d055341b780d5890b7389dcace2

Download Submit