2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
43s
max time network
35s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24-08-2024 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 24 IoCs

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\Registry\User\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\NotificationData	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

1932 explorer.exe

pid	process
1932	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

HorionInjector.exe

pid	process
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe
4712	HorionInjector.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

HorionInjector.exe

description pid process

Token: SeDebugPrivilege 4712 HorionInjector.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

explorer.exe

pid process

1932 explorer.exe
1932 explorer.exe

description	pid	process
Token: SeDebugPrivilege	4712	HorionInjector.exe

pid	process
1932	explorer.exe
1932	explorer.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

HorionInjector.exe

description	pid	process	target process
PID 4712 wrote to memory of 3868	4712	HorionInjector.exe	explorer.exe
PID 4712 wrote to memory of 3868	4712	HorionInjector.exe	explorer.exe

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4712

C:\Windows\explorer.exe
explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
2⤵
PID:3868

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1932

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BlockExit.exe
Filesize
196KB

MD5
a61d08eb72e8955b5fdd88b99adad5e9

SHA1
76227812cac24f052a4f49b611ad448ccfc1c0ef

SHA256
52c441bd11332315f85d8e305f942790167a08d6a01ea5fe098a400066ea6710

SHA512
1909296f66fba9b508af13576124429ab83098e8c24bfebcd4412b5de332d654a9ae2cb98507ade4266474be8a37bd78d5cef38d24fa31dec2e829e46835a36f

Download Submit
C:\Users\Admin\Desktop\CheckpointPop.ttc
Filesize
469KB

MD5
753aabbd21dd39d977ef27a80f77214c

SHA1
ab7deeb9347d8a792b880b88831156973931c387

SHA256
045b2ceea904d01ccaf602286a704cee41f3e43bb9b1119b3095847c6c61a967

SHA512
d6e491f967f4afb4833aa8c34a635433f62a5334908282b3400e83535de4599bc9b19b6fa2e55f75088e0484abb929e20f71183b6996ddab70093b53a40b4a0d

Download Submit
C:\Users\Admin\Desktop\CheckpointSend.wdp
Filesize
333KB

MD5
774cdefeedfdf81bede9820985d37019

SHA1
20bbcbaaf065e2448e3c82c547848a29245ce26e

SHA256
488aea7ba1e94ab022b689304af9d5f4dde5bf91511b1e4013cbbc9b947fa81d

SHA512
a1d9174f65002e74d4940b760316b62efc1e3c06bb50b7ceeacb7a5e82dedae0591542428e677bd2d8c5ed9ef62f322c074497423fc39f9621759fa616ec710c

Download Submit
C:\Users\Admin\Desktop\DebugOut.M2TS
Filesize
560KB

MD5
a6a739d75f8b2c24d4b68347aed3ebaa

SHA1
9e99de807173673b89e0db5d1845f9c6e894887b

SHA256
7d66d4613b79b85f7c7a7fae1bccb25ed4c8e48bdc2c5ea9d59c41f9fc87bd74

SHA512
e30ef74cd49e1db8742cea1b4e7147f610e67cfd94affa7d88235f946413eb7b9b54c33506dd4f79a1992fa13123684e6db2c84c67d72281fdad7c22e367a85a

Download Submit
C:\Users\Admin\Desktop\DenyRestore.xht
Filesize
439KB

MD5
44b74bee2cb77e8faf8b6c4401505995

SHA1
0757c0525511e90499db41f300d4be6f4b8c6264

SHA256
7d7f2ba9fabbd5796519f749ee5670759f419e3806b56ce6306c23a0a8fa5a35

SHA512
4383dbe2a783fc2b298a100a08da98ee20f08b9cceb696aab2bc59d2b01281928bf3ebb9f71881ee1ff5787b1f1a796771ed5cd2326dd7146bdb8f0e182efbc4

Download Submit
C:\Users\Admin\Desktop\ExitSet.lock
Filesize
515KB

MD5
84032417a849f5332f359362fa12b4ed

SHA1
3678a9f0c21ae681fec86aba3d935e2f3f5d3d78

SHA256
ed4a26df2d655b4d5cd9d35ad847762ff8984bcd2759f2dc576084ee769fdece

SHA512
64b7c43505fcdffb0051bcedb9948c9023526bd862857d66f58cc056c5a9ac11e57827f516ffc9b279a2770a62f56516fa37e07e70bef42d6a324e69736a2010

Download Submit
C:\Users\Admin\Desktop\HideConvert.mht
Filesize
393KB

MD5
c010f5279bc0f92e73b8e6032b43ecef

SHA1
20b241984785eb91e7cf3a982979bdd2be4e890c

SHA256
0f8485e30ef5bee58fe0dcd91dc17d6b0a42089abd2211951acecf03522ea3d6

SHA512
7657f3692761708af923e9229fbd999114f0579ea33ed4dce7914df8e21bf83265b237e63f325e1e1eae3dae76585deace16e9830f54d7520b89b28c2217fae9

Download Submit
C:\Users\Admin\Desktop\HideStep.txt
Filesize
302KB

MD5
076343309ace990b2d04576c749ef4e4

SHA1
3127ed0c933627de46ddab53fd3ba3c3a61ddba5

SHA256
3a23403bf18b1c3c5dba001bd2d079e897d6aede881a0436167265ad4b0a5e23

SHA512
1e9b3dadc3366673fd5b7246ade7e845cc37f95e66b8d0f62e3c2bdc2dd2a774fd18ef6f7e182558e693e1531e145df6ef138b385ef8c6afe2088c65782e5a60

Download Submit
C:\Users\Admin\Desktop\ImportLock.odt
Filesize
272KB

MD5
4ddd86a8c36a9c131a8edd6db273154e

SHA1
d52aacaedd845e421097894684f452a5e715d543

SHA256
9210328e5942cacb5b83be4d896d2dbd14c7416d1eab7fa976a6476b01c44cdb

SHA512
da1a7b3a1e8edffaf8b95ef0eabb17ca860ca9c47f5a4b578fd4e9c67d48a9ba3c069b902191cc24bcd9868608cf6d4f986276df2a9fd6c4838c762031e22d5a

Download Submit
C:\Users\Admin\Desktop\ImportOut.vst
Filesize
318KB

MD5
ef727cbd0ae6614045f884f40378702b

SHA1
a6b9586b0e0a3937266e25f50b821978e13ce508

SHA256
768ef765a5d66687a2ab0faf61ce617a749d39c267d37b9e370b92975604b96a

SHA512
70a55c32d35bbdaae14f4d1869d75fbec0ac4481b3bedd0162dafadbe2c3a2387e5b970ef5b6ea5de87e801413ee6f08906703e8c5200f5a16588b5aeb0a557b

Download Submit
C:\Users\Admin\Desktop\InstallMerge.potm
Filesize
484KB

MD5
489b505579965eb962fd7c1b719d616f

SHA1
aa9cf6eedfb060e8257e1bb268b3c9f776edad57

SHA256
dd70ede5b04f106a01b8d0ced40b56c88227fcfb04477f51fa0230733cb8437f

SHA512
e08bbe2fcddd0affbaea53d16323d0d9f85fcba8eacec018347d5b79d113f7a19de3eb2d7d04b90bf6b71de7f2632090705b241f377205ca51e465b5fabd36ae

Download Submit
C:\Users\Admin\Desktop\InvokeRename.xlsb
Filesize
378KB

MD5
c400a814201665e7e9c7443869e26bb3

SHA1
b9a6ebb4038ab7dfbfd4d8db16a7e961b00968d0

SHA256
d8ffc1003b648889cddadad3ce41f852a0157c75730e5258b2b2957bcff8d077

SHA512
36540b26f1ef410ee622e91fb8fa57d0323071236640011003f2fe52913adf06e0e809e91b9254d7bd553b94b3505bc601ad607da7f704f355a852d541af099f

Download Submit
C:\Users\Admin\Desktop\MeasureRevoke.eps
Filesize
227KB

MD5
cf4246fe79485cb60b4a7c8a4c9f4acb

SHA1
7fc4b5950703336c615d9743d8b076a3916e3140

SHA256
88bf5cf193c9268373b91b31f41b73d0d0135ba8d06e150166d0278950502a08

SHA512
02450340d44e5ce86b607f597d8a814a8463b21b53b0c7adc5cd4f5294d2a269b9735c7b19fb264d71b54c19038184b4776f2fd198d01b0c7a63b696d0391156

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
b26d79bc86ec6cf1c4d15fdc57860064

SHA1
b62020f95751f891f6e1d45f8014a800f0aa1072

SHA256
30d24aa6bce399bb4ddd42871e170379144fb8d7c0033375bc1f28f82213357a

SHA512
f8c90a5fc655749e26a683ee10e612cfb3ba1b29c7faf396391cc43ca7e6c2c1a4264f24da39738916ca60cb7c01a76acb402d6ebaa79253fa660c9dd1abec5a

Download Submit
C:\Users\Admin\Desktop\NewRestore.docx
Filesize
16KB

MD5
158c64400443927c46e373816af14b6d

SHA1
e5aaac6ea4979e35e534390d8e89bf4794fb0a26

SHA256
a49ddde2d53a4f0a4feb800f2b8af79cfee79430f5fa0a47769940040f01e195

SHA512
462b8e99f5fc2d2e0dd9f12b5e78a12cc5ab04855012142ebee2d62645e30b5274899e74aaa2aa2350f2a56d1bc0693b5bfb4cd1f7a6453958e183f9de715db8

Download Submit
C:\Users\Admin\Desktop\OptimizePublish.docx
Filesize
15KB

MD5
f5ee5af3dd54501ec5e554cbc1653ee5

SHA1
e515274f31605f03fe51e390cfc0d4f6f4878da7

SHA256
c496bae7129af05a80c01395687440ede495abba15afe86368fdd246356dcce0

SHA512
455e6c1f32f51e74f090d1bc76194b3009c97c16572615ada37b75f8a3976e1a6645864dce56550a31d5f0477078016063d946c4f4ac69c7d0da20bc72e0da67

Download Submit
C:\Users\Admin\Desktop\PushWrite.mpp
Filesize
499KB

MD5
ddaff16908f44c11d49fba511c7b30ca

SHA1
139726ea662ee72082c6c139fdb27054b02de74c

SHA256
941aacdd2dbefad35bbea695731c06187345647b15eb542881a11527df522ce2

SHA512
3563e440844423ca6735250841b5b5f567e4edc38eb83fa65a640b91b8ba4adcc1fd47393c5da843389cf80786824a642fd6c3a0467dd9701d2c763dde5831da

Download Submit
C:\Users\Admin\Desktop\ReadWrite.docx
Filesize
17KB

MD5
1a0e76c8f0bc4e9289053a11ec48d0a5

SHA1
0112a9716312d8773c521288b651a2d3b3408f43

SHA256
df043b85e5cb0e3d8890c96229ef6bb179cd73ab240ff7e3d655eafcf71f6ebb

SHA512
11bd7b87fc3fb971b345f73c731a0fa302e76333f5cd1b506dbf86da4b8e2d10863773f74082f0d39534cb11f6130d929c6cd59a5dcf52f550c73ddb959e56f0

Download Submit
C:\Users\Admin\Desktop\ReceiveMeasure.eps
Filesize
530KB

MD5
64fdb3d14b073134e58ca57061e756cf

SHA1
1e1fa0b59329d1f714dcf5d0d14bee0512e913b7

SHA256
b38b16e48d61e5a4449ab5048a31fec8de59b5df3cdc754cbb2c5a39997213b4

SHA512
bad44aff1d384d46c836f18b7f3e25a2dfc95accf8c07f999c9f5e7e2f0d3c6f7129a1e73240c2400f4e541cbc15df8e8b99d09e8627470946a1d6595c7d4e19

Download Submit
C:\Users\Admin\Desktop\RestartInvoke.ppt
Filesize
242KB

MD5
24d73fb41b16959a5ef051eddb36e467

SHA1
ab7d31c9d79bbb6069ec19d9676d811308c8db7a

SHA256
da02034b77438472b4a2ee2cc5f528abd3b09a0d52acb301673195cd81f474f3

SHA512
d356599949bc6309c40626feb559856fa3df2e2c3857717064be397b3a94c042a9523cd06a1e5239c3cbedc5b4bda388579ef9d51edb23539d80d97631dce3aa

Download Submit
C:\Users\Admin\Desktop\RestartMeasure.xlsx
Filesize
13KB

MD5
b8e74f0a38f77a655e79f3a860120020

SHA1
9f8c6e31433b26b684f0404aa5dfee6f3382f95d

SHA256
c8671680cb3847ce5b696664f2358097990d4930c238c768dfac069de399056c

SHA512
a03d619d5dfc3d4443825391fd6dcbc05b45af7acc9eb84c98d33a1a52e1d17629ad2a7afd82fe98014b3bc35ac7ea7b7dd49e2253c320c4e0b71515c1c3822c

Download Submit
C:\Users\Admin\Desktop\SendRemove.xlsx
Filesize
11KB

MD5
0cccf9815dfe42094cf19a99c9b7f8ca

SHA1
c1a3999443c75587567aa108974d6a7c9af1bd00

SHA256
c14c12efceee23c979eded338b1c97c05844e2b61df96140c4f643180ab4c378

SHA512
e102e1cbf119766b7ef64db31bacaa4f767bd8b63cd0a4735b0a7dc0aa0bdb9a6dc5e63dd2756561ab6d86baae220d7bf9de1d59f3350ecd9dd507a5a35b7183

Download Submit
C:\Users\Admin\Desktop\SetSubmit.cab
Filesize
545KB

MD5
b3fccd2fce7339ced97d92cc84dd14eb

SHA1
01ae233b4b1a2afd3e4a674b8341e738a3f10a64

SHA256
b8620153e0c665d4a1cee25f9cf3ce7018895ccfa85de904c21deb275b63ac04

SHA512
db3fabd7aaa7aa509c81423327773ff81a74389b844f22c86dac028a629f9b9dd89a60bf87e2390f4bbb65c5b30a7df054118c7af6285090d51bc5bbad611020

Download Submit
C:\Users\Admin\Desktop\SetUnblock.bmp
Filesize
772KB

MD5
30f40f03f9aaf1e66fd556f10c70ba94

SHA1
9f593644788d10d5a345f41bfa78e127c5928c45

SHA256
b0465ca15ca15d86cf96405d44ce57117899b77d1f599a4c694f8bff1d1b3789

SHA512
dce5d15576f78f89cd4bca8e07e76bd8ec0846e744b18640eb956e1b29918425acd4a9039cc1498e086db1758c1a34e954722af35d760fb007a1626ec88f086b

Download Submit
C:\Users\Admin\Desktop\ShowPing.emf
Filesize
212KB

MD5
19da0685ac03973e23ff823b446074c1

SHA1
dc2152bf1a97668787b6f3779ba6a3b136fecccf

SHA256
22e1d0018a7d5695600bca19717a78e64db977bcae8dad24e46d1c64a9a23f6a

SHA512
c497078ff9543541fe5ba57e35f713df11da0ae43e80c488d17ce0368a8cabbb06500c44ecfd8536b1ebf8591e69a441189f7fd3e1f217b04339f6f009754360

Download Submit
C:\Users\Admin\Desktop\StepAdd.ADTS
Filesize
454KB

MD5
08e0fd95e304f70d3e04152e67c587b8

SHA1
3a7e845499ccca2b65f62d651bdeb59d3e75a09f

SHA256
92df2c656e4e90828075d5658a25ca87cf30e0fcfcbc213a2c6c5889415cefd2

SHA512
a414e5f64d5566fac0ee56f53fef73bbd4e6a999b7b257eff20e196f9ddbddadb3909b5d0360bb0bcb626ad48a365dbc40abe9c05e61475043c9f08cef14d3a5

Download Submit
C:\Users\Admin\Desktop\SuspendUnlock.eprtx
Filesize
257KB

MD5
acc33215440e134df2a24f5705e944b9

SHA1
0dd174374609ea7174103a7d4053942ce4dfed6b

SHA256
e20af9aa2be3363531de15f51db31f62526767d783edc7f94d990b45a86c2314

SHA512
2ed42ffeecc3c02df0ec32bf6a00054d05fde22cc89ac34fa95641061f560f6b38bb3b0b357edb812a136af256c21ce72e8d1287df5256f53b6fbf5170a9cdd0

Download Submit
C:\Users\Admin\Desktop\SwitchReceive.scf
Filesize
408KB

MD5
1543317e2b085d9c0724a77e00a5275e

SHA1
25f5fa1b0a96d0907820c8d2f5423727047997e4

SHA256
fc48cebffaf7a2d1d02a47f7b7d7e3d0435d320c72925305ecac36c9fbf19cd4

SHA512
5dc07ab0d13c8ae1a9778d1dd0baa725b2e2ff83143edcb2bfc34d971775814f5e1145af4674d2d6f62a1dca7b323c65994e1a380e8fc020a8ab126cb76e79bf

Download Submit
C:\Users\Admin\Desktop\TraceMove.wdp
Filesize
424KB

MD5
4b3ab495a7133cc2c155893a48c4eded

SHA1
22bd08234a3dd455638e2b33aabd5591f91fb4ea

SHA256
ad0a7e82d2b12c90f79bdc7e1b2ffb7acd0c460f3ffc595dd07ab99ede469c01

SHA512
d9563774ba87af5d0dc60ab45cf783c0efcdb97ace4efb3d6742bf04c38bf2af8865de54357426984a36c64fedbe614992f2bfc72d3e549547a4d42dd020a4ef

Download Submit
C:\Users\Admin\Desktop\UnblockRevoke.exe
Filesize
287KB

MD5
ac6d5c0649495552c4240d98b2c0a5d5

SHA1
07f0676d756b44df82f352c201034b0314a56244

SHA256
f9eff02b8b1b9bb51f354fbed27194c6b701a8f55cb680193563345533b5505e

SHA512
196f90e030de0a6d200865a598d35bb843ff4ba80caa5f1cd5c87b4c697c7d9342b74877f5702f64ec6e0abd1f49d84047391f596171b8a4afe33965917ee3ce

Download Submit
C:\Users\Admin\Desktop\UnprotectConvertTo.mht
Filesize
348KB

MD5
c6dc6cb65f7cd1ce4d0a9e2f86872fc0

SHA1
1d740a8b8b90b008ec0554bf83c0c753d846a6f5

SHA256
8c569797fd7b53f72542ace44a7f5184dfb6a91a2cbf10c4611f745a7755468a

SHA512
045aa3b34a8eec8a92dbed05348b160574e2bd23a0e45618f143a0d75c470b07c7e6b2a79d832d75aeaea1be9ef9c2bff6ffa744ef467a657208f3f0c72dd160

Download Submit
C:\Users\Admin\Desktop\WaitRedo.xhtml
Filesize
363KB

MD5
3a1b4d71ee0cf58efa1dc7d21f100688

SHA1
009c5ba620a832c336efa14f548754505e3fc573

SHA256
28c8d5e6581551d5d6dadb92b5c74005e03dffb21fae82f1bef47a100dafc967

SHA512
ca8936dfd0b85f457d729f9099500fa673d3c83dace13312a7f5a4254be64257e5ae7925cc0f64bc1c705b3a900873a96b537482059f639761fecf9db1d84b2e

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Filesize
2KB

MD5
34a57aee30ca057c61c73ebab410117f

SHA1
eaf72023e5346a733d57e0ddb9a1d42c2908f396

SHA256
d7373cca840e81a42a578a23392bcfdadc3129ea9f90fc9056a3266b1040a8a4

SHA512
e61ff556d129d5bc8ec16ab151fd10fbc8a2c2b238bbe3e7a6a89bfc3b08612c8ba8bfd2111adb0cb134503b9f85f6bfaf58915fbec220f4d9b3d243515cf077

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
41d15f39f0cdd9e1fb87b0905c5eef67

SHA1
c67f6e793d56fca48207002577aa5e5917e18ae0

SHA256
77a8aa315a9ac40f597fb28733669f40f4697f564402dcb8aa918540811add9b

SHA512
77f1f4872a7ba998f17ae9c272669419b8755c4876ff7a163fe236a62af748c13f7ff9c5850c7cd0d764b9b02583982f773e58ac24f6c543c34dbd50821a74b5

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk
Filesize
2KB

MD5
ce4864e7fb15c7c15472264a8f8cbe62

SHA1
84fcf636c709029a882d7193c9288d1d37d68262

SHA256
42c9c4687d7369395d5121db46ff708cbf18f623fc8c515e616307461e4c4d64

SHA512
b3f37b21a8fe9971776fb4d711c98ef9a6b8b225f779dcc94ceed892d05882eaf4306593473d52f7d6370d9f1286cc01756a07b3292398c1d88591e5f88b71d3

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk
Filesize
923B

MD5
99b01f86a345233811cb34cf868c8534

SHA1
e483864dec47d5e3b71ba4b6ae15ed1579221bbf

SHA256
1151b9b4d907b845d6b7ca6d660494d9c39767094e0a90c0efe62d55f3906756

SHA512
665bdc5ddcdfeadf809b0b3cc6fc8927a272f79cee0032e09b083d2a21e8ffc1df96935f096d0df55aae0279eadf4ce740f608d1594a28e7046eb7bb8e0e09ab

Download Submit
memory/4712-14-0x00007FFD38BC3000-0x00007FFD38BC5000-memory.dmp

Filesize
8KB

Download
memory/4712-9-0x00007FFD38BC0000-0x00007FFD39682000-memory.dmp

Filesize
10.8MB

Download
memory/4712-8-0x0000027EFE950000-0x0000027EFE95E000-memory.dmp

Filesize
56KB

Download
memory/4712-7-0x0000027EFE990000-0x0000027EFE9C8000-memory.dmp

Filesize
224KB

Download
memory/4712-6-0x0000027EFE940000-0x0000027EFE948000-memory.dmp

Filesize
32KB

Download
memory/4712-5-0x00007FFD38BC0000-0x00007FFD39682000-memory.dmp

Filesize
10.8MB

Download
memory/4712-4-0x00007FFD38BC0000-0x00007FFD39682000-memory.dmp

Filesize
10.8MB

Download
memory/4712-3-0x0000027EFE520000-0x0000027EFE5DA000-memory.dmp

Filesize
744KB

Download
memory/4712-0-0x00007FFD38BC3000-0x00007FFD38BC5000-memory.dmp

Filesize
8KB

Download
memory/4712-15-0x00007FFD38BC0000-0x00007FFD39682000-memory.dmp

Filesize
10.8MB

Download
memory/4712-16-0x00007FFD38BC0000-0x00007FFD39682000-memory.dmp

Filesize
10.8MB

Download
memory/4712-2-0x00007FFD38BC0000-0x00007FFD39682000-memory.dmp

Filesize
10.8MB

Download
memory/4712-1-0x0000027EFBD50000-0x0000027EFBD78000-memory.dmp

Filesize
160KB

Download