Overview

overview

8

Static

static

1

URLScan

urlscan

https://github.com/V...

windows10-2004-x64

8

https://github.com/V...

ubuntu-18.04-amd64

Resubmissions

28-06-2023 03:26

230628-dznezsgb89 10

28-06-2023 03:24

230628-dx1yasgb85 8

28-06-2023 03:23

230628-dxp6sshb9x 1

28-06-2023 03:02

230628-djq6yahb6y 10

28-06-2023 02:51

230628-dcgc6agb52 10

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2023 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Vichingo455/MalwareDatabase/blob/main/ransomwares/PowerPoint.zip

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Disables RegEdit via registry modification 6 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 9 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies WinLogon 2 TTPs 6 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 18 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 6 IoCs
    stealer
  • Modifies registry class 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 64 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Vichingo455/MalwareDatabase/blob/main/ransomwares/PowerPoint.zip
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3972 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5052
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4204
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.0.419125217\2054472875" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdca82de-ba31-4db1-95f2-16acc70e137d} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 1948 114f2e16b58 gpu
        3⤵
          PID:488
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.1.963651330\992545845" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42f015e8-35d7-457a-bf36-fa960e5c8cd0} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2332 114e4e6fe58 socket
          3⤵
            PID:2288
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.2.523031068\1173339964" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2876 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd1c94a-20fc-4095-8eb8-58c5f213923d} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2980 114f5b05058 tab
            3⤵
              PID:5024
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.3.23104205\1742988684" -childID 2 -isForBrowser -prefsHandle 1692 -prefMapHandle 2868 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8afc31a-c9cf-4eb9-8f2f-2d0a82a3143f} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 1668 114f5ce6658 tab
              3⤵
                PID:2292
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.4.1827852903\110929754" -childID 3 -isForBrowser -prefsHandle 1668 -prefMapHandle 3916 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d46e49f-ca10-4f9a-84b0-ba30cb1bf7f8} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4048 114f6cd9458 tab
                3⤵
                  PID:5016
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.5.1446827036\697040912" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 2852 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b473f3e3-2dbb-4753-8071-7f607ea2af58} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2320 114f45cd258 tab
                  3⤵
                    PID:4928
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.6.536269508\1945292340" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c36d030-c5c5-44b9-a1ba-49d2a9474762} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5184 114f8612a58 tab
                    3⤵
                      PID:2768
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.7.563066364\2122343107" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28813ef9-ce9e-4775-8454-2d3900930535} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5424 114f8775858 tab
                      3⤵
                        PID:1016
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.8.1881822197\324858124" -childID 7 -isForBrowser -prefsHandle 5872 -prefMapHandle 5864 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {084a7597-328a-43ed-bba2-e7e85823f1b8} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5908 114fa336258 tab
                        3⤵
                          PID:336
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.9.544640336\319450755" -childID 8 -isForBrowser -prefsHandle 6156 -prefMapHandle 6180 -prefsLen 26970 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9896bc57-e8d8-4f6e-b99f-f86b614dbcce} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 6176 114f2e17a58 tab
                          3⤵
                            PID:2884
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:2232
                        • C:\Program Files\7-Zip\7zG.exe
                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Krotten\" -ad -an -ai#7zMap24543:76:7zEvent12194
                          1⤵
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          PID:1788
                        • C:\Users\Admin\Desktop\Krotten.exe
                          "C:\Users\Admin\Desktop\Krotten.exe"
                          1⤵
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Adds Run key to start application
                          • Modifies WinLogon
                          • Drops file in Windows directory
                          • Modifies Control Panel
                          • Modifies Internet Explorer settings
                          • Modifies Internet Explorer start page
                          • Modifies registry class
                          • Suspicious use of AdjustPrivilegeToken
                          • System policy modification
                          PID:1860
                        • C:\Users\Admin\Desktop\Krotten.exe
                          "C:\Users\Admin\Desktop\Krotten.exe"
                          1⤵
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Adds Run key to start application
                          • Modifies WinLogon
                          • Drops file in Windows directory
                          • Modifies Control Panel
                          • Modifies Internet Explorer settings
                          • Modifies Internet Explorer start page
                          • Suspicious use of AdjustPrivilegeToken
                          • System policy modification
                          PID:4988
                        • C:\Users\Admin\Desktop\Krotten.exe
                          "C:\Users\Admin\Desktop\Krotten.exe"
                          1⤵
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Adds Run key to start application
                          • Modifies WinLogon
                          • Drops file in Windows directory
                          • Modifies Control Panel
                          • Modifies Internet Explorer settings
                          • Modifies Internet Explorer start page
                          • Suspicious use of AdjustPrivilegeToken
                          • System policy modification
                          PID:3560
                        • C:\Program Files\7-Zip\7zG.exe
                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CryptoWall\" -ad -an -ai#7zMap23297:82:7zEvent6396
                          1⤵
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          PID:4932

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jq90lja\imagestore.dat
                          Filesize

                          1KB

                          MD5

                          175d8921117709f4e22f20277df4a9a8

                          SHA1

                          1814b4cc069092e49581101b6fd33eeac50a0338

                          SHA256

                          71aabe573ea37febe3ad0fc749e06f91a2e3a31ddad5d8102776b099baf52724

                          SHA512

                          b25896ad683a822f0a09b9a5f1b701b8ad83fd9baf9626e87cf31cf9c144f794f826b375b094b52b5b6f3b9e75ecd641b498bcb961396f92a44c4ac4846e0775

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0ZI760GS\favicon[1].png
                          Filesize

                          958B

                          MD5

                          346e09471362f2907510a31812129cd2

                          SHA1

                          323b99430dd424604ae57a19a91f25376e209759

                          SHA256

                          74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

                          SHA512

                          a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XW4YEBB9\suggestions[1].en-US
                          Filesize

                          17KB

                          MD5

                          5a34cb996293fde2cb7a4ac89587393a

                          SHA1

                          3c96c993500690d1a77873cd62bc639b3a10653f

                          SHA256

                          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                          SHA512

                          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          150KB

                          MD5

                          db5bbac18e72964284f935c0373e386d

                          SHA1

                          da84e6f220270388256a2e15257b3c1ed3df5955

                          SHA256

                          c4f679fa7c45df49fce86b561fe3554cf6c0b55f97970514b1a9f36dcb6a4746

                          SHA512

                          df71ff5243c8ef1a104fe353483bde3f8b0498ddbe0809ff330bc749351c4258d46927a136f4cdaa518965b3773d3488695ab73793339b1232f56f7358e6d5fc

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\cache2\doomed\11347
                          Filesize

                          16KB

                          MD5

                          9061b4c2c89e2226511a56ddba02a0a4

                          SHA1

                          3faafb531420b6cd6154a9348012cfc8293a1fcc

                          SHA256

                          484cf2d488eb359a4d85096ffb5e091e07c36c2029cee808b1f80cd20eb83dbc

                          SHA512

                          086b5d77e4f71a1543fd78d9600156d3ef5f00e8006f919d5de0de3563786026dc59b48f8bcbfbb1aae9fbc8e576648fdbf6a05019a84b4f1d48db505820d372

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\cache2\doomed\11683
                          Filesize

                          13KB

                          MD5

                          a0dc21e752047fa480e1f17e583cfaa1

                          SHA1

                          987ef3e2eb6dbedd226ae4ff7fc3e0aad9f43de6

                          SHA256

                          0e935181a0217a114a7623bbb38940bfb9695052c69bfe06546930148d4d938d

                          SHA512

                          37a24600cb7f8a496a7d0742e926f927a06fdd08b03379597fe0c513cf99d3f417e915a21027c8e99bf43236f08012e8d2b9e0930492dcfda8437b366870fe85

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\cache2\doomed\1538
                          Filesize

                          22KB

                          MD5

                          b347041f26bc1f9e38e30f8fb6138c9e

                          SHA1

                          e429494cf3ba6eddb7a24917bdaf2cb8bfa51f42

                          SHA256

                          e247ea6ba3e619a1931c54a25bebeedd779677cda62831396b7b88a2744af28f

                          SHA512

                          58112e334ce040c9f3337cfb666f3479ed017704b77d40bd01947d03799620fc5562183ead901058d14ae306e246a4c68178bcb90e97fc4a7f9a09ab148fa2c7

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55
                          Filesize

                          40KB

                          MD5

                          683de140c28990c3527e80c1aa9e3425

                          SHA1

                          fd13331fabdc6b586d6bca098ba9add755a8a205

                          SHA256

                          edcf7dbdd784d1d1df9e86f6aa0bf8565ad82909cfa71a9844d299b60e0b2be3

                          SHA512

                          546599e5d8531743f15c0601b56283451b942012055761cf8e4a37ae0fefb09633e6f2068639fac113a42b932d9545e2b5dc03ff05c8f7b4f77f5313804a529e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\jumpListCache\KN3P_vNaIcsIlCtbfrXm2w==.ico
                          Filesize

                          25KB

                          MD5

                          6b120367fa9e50d6f91f30601ee58bb3

                          SHA1

                          9a32726e2496f78ef54f91954836b31b9a0faa50

                          SHA256

                          92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

                          SHA512

                          c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          025c3013cb11b177ddaa545e8af76681

                          SHA1

                          6b160f3e65bce2727761c2ccdf78c5b564088d61

                          SHA256

                          c1130475ffb4d286c2ed9cccf3db7e9b632a8162e97594d1053a689cfd09cf3b

                          SHA512

                          10a69de2ec5101428224ae77d806fd73eafc3f4df84a08995d9d39081c58ef5ee688ef5fb11b285321450a30f96ca2846892df417ba868a82c2f733dbcaa1cca

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          f743bcf2700a7da1a07eaeff1e2f76a2

                          SHA1

                          21eb5a7d734b66e7a365009dcfa4e255d50f8b24

                          SHA256

                          2e900012d369cec1227c984758b2be1e7a5a1bc43d52d99ea9d70ac7613933c4

                          SHA512

                          6fc55e63c4b6a8387e00e0886f3291ced00fa625df4d2ade3e99901d1274f7907c8e7ef4c4539a80f2f8f17fa41d1fa4b885a5beea3060fd98b2c28ee24731d2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          2KB

                          MD5

                          db63099e0db23823d653540af4dabd74

                          SHA1

                          945f6ddd70cecb39ce5bdf92a3330a1008ddb2ca

                          SHA256

                          bca759acfb01c45321acf6fb83e2750fb342d3b04113eacd0ce20889b8a2f225

                          SHA512

                          99db37e5346ef1beeb2f92dcca44b79010ecdd01b043d50637cf2a0ecaaf07e83a080f8cf35991e051ac6ed3c955533287ec1100ec21b6342adfd07d7df07cc7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          1d54134fa2c84faf17b155948e94e82b

                          SHA1

                          215c2492572dc8c1446071a482b341e553f0121b

                          SHA256

                          363a1a6338d0c6ac44557fff1f742b095a40a7e81e61cfa6cefa47d177a9d541

                          SHA512

                          ae6ca2aead7d4bc7bf1ac42c7c4d7e7414bf806465143a6c6e9f448c047c226b68af43b1ff85fd338a3d34486b37f82abb48daac2a1d0e245ee447829aab28c8

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          6KB

                          MD5

                          3e21156c9cd4339d76c699967fdb1ed5

                          SHA1

                          4af956a2b1e532a930376878ce8e4ce00bdaca7a

                          SHA256

                          09537151e98c693f0eced0ea60d5fddf5813f8dfbf704fc3ae316f0863dded8a

                          SHA512

                          71b42f62fc56f0b04cbd93125837b69f30936260ac84f2647b0ba995888307783713036d189966711d3eb79d89b47bdec85a8ef65aaac3d68dc42b20f4edd750

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          206016e75fef5b8d9a82ddda629b49e4

                          SHA1

                          62a2173163442c12a9d27294a5a1077ae1fdad1c

                          SHA256

                          0e728392eacf0effc7bcc3260a323320ed384a2017b1379399497af51da4aede

                          SHA512

                          401cdfe1f33342dfab5766a9d6b633b8856de9b0bf93d55a5be68c5c893de14c32ee07cd07dd7fc65d046253013d98ea21218aa318128f116da284e8ac991479

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          6KB

                          MD5

                          8d3c14d11b375195a2811cf7b17c5a66

                          SHA1

                          fec37d5b1509741d3d3bc68d3660eec3c0848eea

                          SHA256

                          7a9d9531f17b430cfcc866920a4a39ecd35eaf4f9446e247b5395e0885ecda3d

                          SHA512

                          2cca064396746f23a0ce08ede5d6849dd573af48ca4b8eb39d8a656b8ae44c542e6957748f797192a02175ee9acc88edb871eb74b307845220eb5ec984a37efe

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1w5h9zvv.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          6KB

                          MD5

                          1f67b222aa6c2a07c3efdb115103cae1

                          SHA1

                          795f566a8f2193d2ee9eff2e01d574f1a965b2ae

                          SHA256

                          2ef9f8ea48062b9181f787d5adc476e538a76a5db754ff0167278a9fc62b4f3a

                          SHA512

                          cf03cbc25f7ffa69ced7aa6e0a07d00d11eb05fdbc5108ecbe8ed851c9d9ba50ff1fc0a250d961c60d0c5d56aa2d7cfdb37b9a0520aa2801d79f89855fe06874

                          Download Submit

                        • C:\Users\Admin\Desktop\Krotten.exe
                          Filesize

                          53KB

                          MD5

                          87ccd6f4ec0e6b706d65550f90b0e3c7

                          SHA1

                          213e6624bff6064c016b9cdc15d5365823c01f5f

                          SHA256

                          e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

                          SHA512

                          a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

                          Download Submit

                        • C:\Users\Admin\Desktop\Krotten.exe
                          Filesize

                          53KB

                          MD5

                          87ccd6f4ec0e6b706d65550f90b0e3c7

                          SHA1

                          213e6624bff6064c016b9cdc15d5365823c01f5f

                          SHA256

                          e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

                          SHA512

                          a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

                          Download Submit

                        • C:\Users\Admin\Desktop\Krotten.exe
                          Filesize

                          53KB

                          MD5

                          87ccd6f4ec0e6b706d65550f90b0e3c7

                          SHA1

                          213e6624bff6064c016b9cdc15d5365823c01f5f

                          SHA256

                          e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

                          SHA512

                          a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

                          Download Submit

                        • C:\Users\Admin\Desktop\Krotten.exe
                          Filesize

                          53KB

                          MD5

                          87ccd6f4ec0e6b706d65550f90b0e3c7

                          SHA1

                          213e6624bff6064c016b9cdc15d5365823c01f5f

                          SHA256

                          e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

                          SHA512

                          a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

                          Download Submit

                        • C:\Users\Admin\Downloads\CryptoWall.zLyd7tM9.zip.part
                          Filesize

                          61KB

                          MD5

                          c333d9053f8a7d4654c30824358637e3

                          SHA1

                          2c54081865c33e195bca54338cb942dd2bbf7c90

                          SHA256

                          c3c33ac69b9cc2cebb8a8c38f8ce1cdbe75e75f8ffb7d64eac9c8e21efa6d85f

                          SHA512

                          f7080cdea81ef6312bd4991858b229cbb8cdfb0c276742f868cf946d237ae522b077ab63e7e8f6fdbf1d92f31e4af321f8a7d75c399391a6cedd890a41dc2f18

                          Download Submit

                        • C:\Users\Admin\Downloads\CryptoWall.zip
                          Filesize

                          61KB

                          MD5

                          c333d9053f8a7d4654c30824358637e3

                          SHA1

                          2c54081865c33e195bca54338cb942dd2bbf7c90

                          SHA256

                          c3c33ac69b9cc2cebb8a8c38f8ce1cdbe75e75f8ffb7d64eac9c8e21efa6d85f

                          SHA512

                          f7080cdea81ef6312bd4991858b229cbb8cdfb0c276742f868cf946d237ae522b077ab63e7e8f6fdbf1d92f31e4af321f8a7d75c399391a6cedd890a41dc2f18

                          Download Submit

                        • C:\Users\Admin\Downloads\Krotten.nz3b6UF0.zip.part
                          Filesize

                          26KB

                          MD5

                          bd7ff5905c514888addff6d17c32747b

                          SHA1

                          beafca98c2e1a8e3a677dd7a424977dc6e119a21

                          SHA256

                          7ac673f95aa0a378f99db079f69dea64825e332b00639f15b89802d125e188d4

                          SHA512

                          4cdcfb72b25d96758d9a08b6d9f96cac253f6c5dfb6cf68a8d6b921f7e508fdc3b14c0ead646e8a3563ccea53404146d2e90d643a283830d34f6b11206b9dd67

                          Download Submit

                        • C:\Users\Admin\Downloads\Krotten.zip
                          Filesize

                          26KB

                          MD5

                          bd7ff5905c514888addff6d17c32747b

                          SHA1

                          beafca98c2e1a8e3a677dd7a424977dc6e119a21

                          SHA256

                          7ac673f95aa0a378f99db079f69dea64825e332b00639f15b89802d125e188d4

                          SHA512

                          4cdcfb72b25d96758d9a08b6d9f96cac253f6c5dfb6cf68a8d6b921f7e508fdc3b14c0ead646e8a3563ccea53404146d2e90d643a283830d34f6b11206b9dd67

                          Download Submit