Resubmissions
08-09-2023 19:19
230908-x1zdesfa2w 1008-09-2023 19:08
230908-xtd4xaeh7t 608-09-2023 19:07
230908-xs5kgaeg85 308-09-2023 18:58
230908-xmy6haeg56 708-09-2023 17:30
230908-v3hscaea96 8Analysis
-
max time kernel
628s -
max time network
606s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
08-09-2023 19:08
Static task
static1
Behavioral task
behavioral1
Sample
Captura de pantalla 2023-03-05 184332.png
Resource
win10v2004-20230831-en
General
-
Target
Captura de pantalla 2023-03-05 184332.png
-
Size
47KB
-
MD5
c662c6bef8d03268babc40558500c421
-
SHA1
33881cac944362c415ce1c000d0e6c43e7b8fd57
-
SHA256
1be92987b9ab334d25c940577da37ccbbd417b2e4e52b97b668347d90e1eeabb
-
SHA512
4f7f75247e717337309d73004a79a0986911fa0525f36f41dc5be3ca3a0ed2033575737ceded69895a77626cb6e90152bdb0ea16655e6a8048731301e11802be
-
SSDEEP
768:UZ+vjsWKoGWORUYGnBAPmxVU68vKbLxY0OKZY+S7SaLeP2MeqrsP4/jx4Lbf2:UnRofGoLJ8ib75a+kSaLK2Z+sA/eO
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272677097-406801653-1594978504-1000\{22CE8E49-DED0-43A2-A3EE-A14E8F111AD3} msedge.exe Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 3780 msedge.exe 3780 msedge.exe 5008 msedge.exe 5008 msedge.exe 4812 identity_helper.exe 4812 identity_helper.exe 5796 msedge.exe 5796 msedge.exe 3800 msedge.exe 3800 msedge.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of AdjustPrivilegeToken 41 IoCs
description pid Process Token: SeDebugPrivilege 4088 firefox.exe Token: SeDebugPrivilege 4088 firefox.exe Token: SeManageVolumePrivilege 3920 svchost.exe Token: SeRestorePrivilege 4208 7zG.exe Token: 35 4208 7zG.exe Token: SeSecurityPrivilege 4208 7zG.exe Token: SeSecurityPrivilege 4208 7zG.exe Token: SeRestorePrivilege 3340 7zG.exe Token: 35 3340 7zG.exe Token: SeSecurityPrivilege 3340 7zG.exe Token: SeSecurityPrivilege 3340 7zG.exe Token: SeRestorePrivilege 3004 7zG.exe Token: 35 3004 7zG.exe Token: SeSecurityPrivilege 3004 7zG.exe Token: SeSecurityPrivilege 3004 7zG.exe Token: SeRestorePrivilege 7008 7zG.exe Token: 35 7008 7zG.exe Token: SeSecurityPrivilege 7008 7zG.exe Token: SeSecurityPrivilege 7008 7zG.exe Token: SeRestorePrivilege 7060 7zG.exe Token: 35 7060 7zG.exe Token: SeSecurityPrivilege 7060 7zG.exe Token: SeSecurityPrivilege 7060 7zG.exe Token: SeRestorePrivilege 1440 7zG.exe Token: 35 1440 7zG.exe Token: SeSecurityPrivilege 1440 7zG.exe Token: SeSecurityPrivilege 1440 7zG.exe Token: SeRestorePrivilege 3172 7zG.exe Token: 35 3172 7zG.exe Token: SeSecurityPrivilege 3172 7zG.exe Token: SeSecurityPrivilege 3172 7zG.exe Token: SeRestorePrivilege 2452 7zFM.exe Token: 35 2452 7zFM.exe Token: SeRestorePrivilege 6760 7zG.exe Token: 35 6760 7zG.exe Token: SeSecurityPrivilege 6760 7zG.exe Token: SeSecurityPrivilege 6760 7zG.exe Token: SeRestorePrivilege 4804 7zG.exe Token: 35 4804 7zG.exe Token: SeSecurityPrivilege 4804 7zG.exe Token: SeSecurityPrivilege 4804 7zG.exe -
Suspicious use of FindShellTrayWindow 55 IoCs
pid Process 4088 firefox.exe 4088 firefox.exe 4088 firefox.exe 4088 firefox.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 4208 7zG.exe 3340 7zG.exe 3004 7zG.exe 7008 7zG.exe 7060 7zG.exe 1440 7zG.exe 3172 7zG.exe 2452 7zFM.exe 6760 7zG.exe 4804 7zG.exe -
Suspicious use of SendNotifyMessage 27 IoCs
pid Process 4088 firefox.exe 4088 firefox.exe 4088 firefox.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of SetWindowsHookEx 54 IoCs
pid Process 4088 firefox.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 6348 OpenWith.exe 4248 OpenWith.exe 6304 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 4360 OpenWith.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 4652 OpenWith.exe 6504 AcroRd32.exe 6504 AcroRd32.exe 5532 OpenWith.exe 5532 OpenWith.exe 5532 OpenWith.exe 5532 OpenWith.exe 5532 OpenWith.exe 5532 OpenWith.exe 5532 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 3736 wrote to memory of 4088 3736 firefox.exe 96 PID 4088 wrote to memory of 3680 4088 firefox.exe 97 PID 4088 wrote to memory of 3680 4088 firefox.exe 97 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 4120 4088 firefox.exe 98 PID 4088 wrote to memory of 2696 4088 firefox.exe 99 PID 4088 wrote to memory of 2696 4088 firefox.exe 99 PID 4088 wrote to memory of 2696 4088 firefox.exe 99 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Captura de pantalla 2023-03-05 184332.png"1⤵PID:4684
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3736 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4088 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.0.1922204870\1688770555" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eba6aa9-6f86-4686-ade3-4e529e90a830} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 1944 2d74fce1158 gpu3⤵PID:3680
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.1.1880463805\1610894607" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf99517-a61f-48d0-a7b9-5f99b848fa96} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 2344 2d74fbfa258 socket3⤵
- Checks processor information in registry
PID:4120
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.2.2125161403\934495798" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83cb3e46-e27b-49f8-830d-8b3aef276eaf} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 3192 2d753bd3c58 tab3⤵PID:2696
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.3.273203059\698476390" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3544 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acfe9fde-cc5d-4fb5-b32e-474608fadec5} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 3576 2d743461f58 tab3⤵PID:3744
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.4.1277406404\1572559798" -childID 3 -isForBrowser -prefsHandle 4700 -prefMapHandle 4696 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d13044-24f3-4e4f-814c-78230ab06406} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4612 2d755805658 tab3⤵PID:4104
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.7.70411725\1480921459" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9367c7-50a5-4003-9148-ee9e7cf76cd5} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5376 2d755e9c758 tab3⤵PID:4916
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.6.1232225372\197374511" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {393b6e8d-876b-4404-9516-1444c10ba96c} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5184 2d755e9c458 tab3⤵PID:212
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.5.707803192\780111029" -childID 4 -isForBrowser -prefsHandle 5000 -prefMapHandle 5044 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58638b19-cfdb-4931-bb86-3ce2b9eec2d3} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5016 2d755805058 tab3⤵PID:896
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.8.499020099\1935265378" -childID 7 -isForBrowser -prefsHandle 5904 -prefMapHandle 5908 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76fa2367-752b-4ba9-b54f-c52148f7371d} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5900 2d7579f2458 tab3⤵PID:5352
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.9.1691754035\823162436" -childID 8 -isForBrowser -prefsHandle 5072 -prefMapHandle 5016 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {107f2bdb-75d2-49a8-9715-2df8ec133fee} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4572 2d752593358 tab3⤵PID:1848
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.10.1222419541\239150567" -childID 9 -isForBrowser -prefsHandle 4800 -prefMapHandle 1088 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9add9ff4-79c8-414c-b130-51f59e8d4d5a} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4932 2d75816d758 tab3⤵PID:4040
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.11.1937472160\181001118" -childID 10 -isForBrowser -prefsHandle 5264 -prefMapHandle 5084 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e652108d-46b4-4977-bc18-e7dd6ccaecf6} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5592 2d758705c58 tab3⤵PID:1060
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.12.838793436\1320321450" -childID 11 -isForBrowser -prefsHandle 1084 -prefMapHandle 1652 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46a3be64-cc56-4275-ab62-0801b04ebc59} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4900 2d75744a458 tab3⤵PID:4868
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.13.156808807\1314519237" -childID 12 -isForBrowser -prefsHandle 4500 -prefMapHandle 5652 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {071e017b-e45e-46c8-995c-5b9ae13cf8f1} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5840 2d74345cd58 tab3⤵PID:5540
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.14.162439934\1984853170" -childID 13 -isForBrowser -prefsHandle 5532 -prefMapHandle 5984 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5af0f69a-82cd-4377-a447-1d4005d6ac6a} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 2956 2d757b11e58 tab3⤵PID:2084
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.15.317982140\919837218" -childID 14 -isForBrowser -prefsHandle 4692 -prefMapHandle 4996 -prefsLen 26994 -prefMapSize 232645 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f97c2a9-2fc1-48c7-8504-480308db03b7} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 3116 2d752593f58 tab3⤵PID:3916
-
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:5944
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe8cf546f8,0x7ffe8cf54708,0x7ffe8cf547182⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:6100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:6076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:12⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3544 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:6236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:7116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:7124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:6228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:6256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4928 /prefetch:82⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:6840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,12079650501119955002,12913299215477516328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3800
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2800
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6932
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Ransomware-Samples-main\" -ad -an -ai#7zMap25269:108:7zEvent158521⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4208
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Vipasana\" -an -ai#7zMap18757:224:7zEvent218471⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3340
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6348
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4248
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6304
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Unnamed_0\" -an -ai#7zMap29614:228:7zEvent265011⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3004
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\WannaCry\" -an -ai#7zMap14358:224:7zEvent165921⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7008
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\WannaCry_Plus\" -an -ai#7zMap4329:244:7zEvent136581⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7060
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Petya\" -an -ai#7zMap28260:212:7zEvent97771⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1440
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4360 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.bin"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6504 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵PID:3200
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AAD267D1FB3E9E576B47F6B835EF9388 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:2316
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=20E0B56B05E45300BE6F56E0C2C145C1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=20E0B56B05E45300BE6F56E0C2C145C1 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:14⤵PID:1292
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22B2FF19323B45C57A07D75BA6CCB45A --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:448
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=20AF74CA17A6FDE37C46A6B0A457783C --mojo-platform-channel-handle=1968 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:2104
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2D43A4A6D1642BC06E819C9207867282 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:6808
-
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5784
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5532
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Petrwrap\" -an -ai#7zMap28699:224:7zEvent123641⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3172
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Mamba\Ransomware.Mamba.zip"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2452
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Mamba\" -an -ai#7zMap29015:212:7zEvent244511⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6760
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Cerber\" -an -ai#7zMap1104:216:7zEvent125951⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5e3abd9e4daf9c0bb24918fb793fe6edc
SHA1035d3c7340ebb4789a57a73d46e1dc62ec10525b
SHA256bb923b6d7b4a48013c759598443b58fe4aae4614edd7dda15f1ca9614035835b
SHA5124abcd0cfabb43b47ee1a84abf6733d33c28fa6985756525462cf2cdcf742bb2dd1c128f88fe0e7e2c31dde67f3792b8270b43fa86c18741dea88c3a62b9cc99d
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD56b50d157e55db61c334d33cc351398b0
SHA160595d7b829f4837c8fd0f7669f7eefedc34df55
SHA25655147998641900c21689e88fb6a9deb9b25c35ade5473aced18f961cf5b12292
SHA512a9b5787ca258da6a71373cc9b4dfd77979ee128c5a5eb758610db5ef46618472c345ec2f7bf28c2258e74b4ef7746b892acfaa6dcce12498c6b4ed1cefe60930
-
Filesize
152B
MD5f7e75a88fe92d5147528c475c6908243
SHA17831682352cfdb17da7174cea8674e61e6fe7ff6
SHA2564faebaa12ccf24466cb17632b61174043ca23e183a44b29e9e3f6cfc2ce3192d
SHA512f210c56502e232b9e9b47c13eeb941a2ae7ee5b7b27742902172935e8986b23292151f21dd2d930d384b4dc74af032297b36947d1f8251ce5208cbdf93a56ff6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD51b101ad28da2c62d60d066baa83925cb
SHA1fa6dcda323064ec04b164acea95ea519bcef4008
SHA256326e999259115b12085ce525e21970128b9f9541e7edc72aa5f5afd3a346b74a
SHA512ffacccfd6bd6290e57a938c802fdf456a9f015cb870cd48354da04931a838b0914733decce0f3a817ed046786ab8a8cf3acf07cb8e0566d71cf021e30f179729
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c8b43971228076fde55ddceb329055ce
SHA10ba13cdd2ebee512ee8094abc8e364e3d43f3338
SHA25641bdd7bdfd0d3513bea76ef81590554244b3a436d651344fa61091dc0ab71465
SHA5127954e65bee82672f4dde7befe390cc95ef54eff343247f5fdfc5e67940c69d6acd25216006e2841a9219d283080c5a079a689158fd0a0e3673ee6144ea52fbb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5115d348be51b8080fff6694acf9d084d
SHA1bebdcd2471ae24018ca6f47c7b6208b359c605c9
SHA256028c063db2de30a3d6ccd17d44458dba1a2475f962e2621cea69d180e4397f9a
SHA51216de0c7e5eb50c14f471027b12a0f9f557cea77344ce5cd1815e28815aad9fa439fc555cf853026af4ee100b2dc13a28c25cd74b03a592eec859ec06d80120ab
-
Filesize
790B
MD59603410adeb8be9dc8d567a72f507d27
SHA10b0f9ad28266be54753f3cdf2c4b887bc721d3ba
SHA256e118f2de1583dc416d7cfb5076f3fb61dee5e5a104c0b18e6215fde7d0919a21
SHA51234c4f044221a0662584a259302cbb1d69aa07788e5e8753a9ec7a70a9646fca6202179fa209cdfd33ba15bf2bc8e8703c9f4c77c4bbff5e04d01213a67db84de
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
713B
MD527ffd17ca8fc529b4b104918976a6b9a
SHA154f6ce610b8071221301443eaef713d9051d66e4
SHA2560fab150cb9b0c9a0691045eae0eafa4984036d8b0cc3da79ddcdbb94606c23e7
SHA5128e99419ba2d93509fbad9a25619745a75ccc25b9c1c09b1e4148b012955c220531733e953576c860a67e4b9f6adc7a84e756db5c28103ca732399af962a96f01
-
Filesize
5KB
MD58c10aefa950b352b7b2f8aa2c8bd6975
SHA1f831a5a721dd213ac45db2dec388828bb66a6ecc
SHA256ccd1ecf9356492edcd643cad9c5517f00f887b39e0301438cd55de3d80d70117
SHA5127f7acf165de5dc90e45d59b4d54946ea803748908bfc200f2c0395dcfb39bb9db6b957f4b23309d450a27769c051d5830bc1827e312ddb8258bcbe3dc9f40ed2
-
Filesize
7KB
MD55233a2742c0ddbe015e019ee06913035
SHA1b68393d5645d341ff84cc13e513fc9fa3bb781d0
SHA256d8bce038ad7c484bf16b0dbac74705f884a983b3c060b02887879c36eb6cee46
SHA51212a5d198d526add629349168cf0eaf24f94a70acdc9913a5b958a323a4f9a92368e6f9a6864b4b330a216f6dfd5abe2bfd78c24c968b8abd768acba05e2270b1
-
Filesize
5KB
MD5fbaf5924ccab86db7c3ab1d75c28d533
SHA1bb3e180b5427640238d782d359a1211b2f353a17
SHA256c1017db1887fd717995b3e3263e20bc9b7c5fa18887fe46ad32d8c035facb7c1
SHA512ba3d3b155b8d3423cac1170ad69bcf5a1631884e50e76d5667a1e57e536a9923b449a9bb9fc0d624cecb19a5a7bb7e7d94835fda526caed8e292ab556c2dfca4
-
Filesize
6KB
MD5b991b29106fe60a51ea5d746521aee5e
SHA1ec15846a497a270f7fa26b42603f42dba2bb1c5a
SHA256e67e35000d8738e569ed3ef8905e6e73de07df8bb54b518a2431e6e393eb0d3f
SHA5121ecf2676578c6db67ea9c4848597d50ec1c195c54c50303779f071a92ae3ad838af90fa748cba8d0cf26d2657e44cc824134baa0094abf30615b8d0971daea1f
-
Filesize
6KB
MD53c5cbec03841d14ae9fc067e7d21e000
SHA129a78155bd54418e639c4896b3e510085319fce3
SHA25665443701dbff652a0d6963ec5cd4d8c4251496217586726a5b63c9badb1c6985
SHA512438481144c6a60e76468c778b69a95a9209a3b550b760d3f5a376e9646619860cd50ebb9c650f721acd6af210960ca41b677ae56ea10c16bc972686eb9176320
-
Filesize
24KB
MD588d76733cde18621ed7567c0cfda2ab7
SHA141859bb156cfd94dbd7bd185567df2a9a5479998
SHA25617a4767dee231bad758aa0b51bd7b7d8e6201c936e5b58aa76bbe5275c0c89cb
SHA512e6555a48831412daf4af0a0039b47611428984d22ab0f851c62e68dfc9f91546542d0d68c759a988cc997b0fb1998e7aec10fa918869ed15742bfc4899f72f0c
-
Filesize
1KB
MD574a57a381ff1607f6b06ac894a30378d
SHA1a9cd42e802b755893bb942caef8edfe450622615
SHA256f95463e6a338ebc6ffa571cbb7882ef3ef67dd52097d85747ad41525ec560711
SHA51205d5609eb5eeb397d6d4c68980e0e5b0b62bfc2af53e35e5b4a9fc68b9531f9eaf1c26ab26a0429147dd723bcf08c8c73e35017e36ab60bbfddf442d69cc5409
-
Filesize
1KB
MD5ca7851a2a277a36f062122a7c05b6276
SHA1f2604cb4f5fd7d372a5310aba43a29a4903bc41d
SHA2563d4d59d4bfc8260f5da079c90c90f6cafb4c1ab4a2cd1c742bb0937ef1f52d4f
SHA512dda868323bc964d366b91cc45d041872b59db0b63572bca8613c162fd84aa201cf8febe6cfbf4e4c3162b02eec1c09c785aa7cdf7181bd2f4d242055e95117e8
-
Filesize
1KB
MD5c833fe512ec033452c046bd468ba8bb4
SHA196bb9fc47ba530a29ecbf2637897af1b7b328272
SHA2567c0344b203b2217487deb29d36e0d7673c7d6087e5191e2671ad250ec81e7f6b
SHA512743e5d65cae82527b9b64b77957c25c43885ca58f384534d8ca26a449ef644561343516c1c232729145e29440f44ba088029b1ea5e3aa4b0823ed5689cba2da1
-
Filesize
1KB
MD57d08d83c81e346d01a117f022da9e518
SHA1f2fa628852c22099680b4a273532a0e4c6dfe8cb
SHA2564ba714f7f0cc92d6d70e52eb544580fa24bcb1e0fc674d6491cef40360a820a5
SHA512b12d2c7e668391468d13a2fbe7da24bcaa9785228364764308a92e8ab4b8e01f2bc981452fbc00a2d41fd0b46990936ed7fba0746122ace5306efb7842758d3d
-
Filesize
1KB
MD5040929e0c7461c17688f259a7fec4251
SHA1ff2a8f8401557cf06c91dd1ca50f339ce4f73be1
SHA256f5caa178430389e5c112936a9f7ee794b6d91144e4928f464423bc12d55930cf
SHA512b21fd5d5e9c9f4aff12ed9cc602fa4a4d3afe1b960471096f46ec811a5612b3c9e0c9987ca9a97242dafce541b04f108799d304dd664af4e623e8021cf6b1eeb
-
Filesize
1KB
MD579b5b66a319c8e9f59f8a83ffbea9b89
SHA1975d17500e77f9068dfb50e0227be726b9965c72
SHA256eed8ed8dc04d3152fe53e40951c02d9c663e29fd42e945837fbe6df8d6f903eb
SHA51229b78bc655af46c4f5e36595e674e83958624c7f9826f3f23edae5bd1171ec67f3d22e8d294b3e256d372d509beffb37d813b01f549723997cf804810891486a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fe817022b1e14ce275061a91523069f5
SHA1deaed7d558e10afce7895d428c337fea54c92293
SHA256b6446b165e55fff88f0cbc65e916c876f0d1ae52da8d28e2165216ae2ccf6e8f
SHA512f7e45048a8bab4c64900398d851a4ac46563f4a135d65f00d27cce57786c0e4824f6e08f02d09600c8f13f5278137ee58752ed07cb29e2d0c5474f6e61f6d33f
-
Filesize
11KB
MD590767eb4df998a0c9e3a3d99a6275f53
SHA1499407c3e536ee397a7cb23e1c9f03f7149408e3
SHA256876700f0ae1b7aa29fb88cff8e91d7e5f4c7aef95cd13863930bbdd8a735397f
SHA5122386edfcb126264105d32f09ec17461487c4d73c2f744a3545783017038ea48e587a25f9df49d66939bde75d22d749a982ddc743195484993f3de2e327eb7e8d
-
Filesize
11KB
MD52fee3fa14f70590331d360263a74421f
SHA1f398e093df985a51f5ecbd2443ade70c4631aba8
SHA2569e307591c38b436cdd0efba12ff45f731e8e63b5f82cb97034c58cbbf4262057
SHA51205abf3b812258fa4a0b2997b98e8b42e8b3e2426a9fd72dc3308476de5cf8b56a37953165148aa4741fc52e8ff7e5d3d4cfae21ab520bef973a16247711dd95b
-
Filesize
12KB
MD553343687ecd241128f8add972e04e58c
SHA11f55dea81a6816f6ae0ac7f96509b3cb42b075ff
SHA256c2f52787e2c380d98b541d43e0936963cebc8eb2e4a82f778f6edd3f1ad6d698
SHA512bb3fa18918c7e646f002886cbfb9f7a01691e8efb32abc951be4f820fcae64ed32c8bf60731bdaa58ea4549fa7ad99a4cebd4994c6138dd18414855e38deaa58
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\activity-stream.discovery_stream.json.tmp
Filesize21KB
MD532ac478c73767f7cfc563364459fc55d
SHA134c399090c6b81986c9f8504526c8bbe4099f268
SHA2569f71640b72e96fc53571b4f70a14db3cd722ed5e2ca3f4e03fc6e9ca71833bcb
SHA5123105256dbae4fa553298b427a0ddb46403fa5f45db703045d7982ce87e713121879776afa58e2da46ddf3839ed973c136db2e0f2cebc86021ef503affc838493
-
Filesize
12KB
MD5ce7278ca9804a175fc8cf19d87e465ba
SHA1e3cb58f6f6b45b1cf0ae72a8e049328cd05ab949
SHA2566dadc859d0855dc17ce3030c9b56c9ccc3534a282d9ed05d60dffa1f282cfa29
SHA5122a8f8adf2cf742a797622ea0da60900d59f775852cb0baefbd3e17fd4c83877c946a1fe7fcfcd36c375e3d0763efc80e25e1bdd16950d3d0ae31eb35c6adbb77
-
Filesize
54KB
MD5147dadc239b84e061c36ff9e0406d586
SHA1939bdd437ed04579a2789f968e3f4400b2055b4c
SHA256685b44cf16d323cc5d4646d15f5e23d28d29ca300484f10adb72ce9554a500e6
SHA5129efe9cee0e2bd8475e6555b3834535c344c15d8d4afe23264efeb1a7cf53a497023363ea90cb1ebfcc390f1d14aad119e16ce65b0572da7b2eace20d4a7054dc
-
Filesize
20KB
MD513edbfe962fe38cc87a639c0c2196180
SHA16438e4ea9b90aa6986e4059d02b734e6bea9ecdd
SHA256718eac5eda0a95f58dc81b16bcebf0d0ae3f7e635cf1cb745d97e3b4852b4234
SHA512bc57063b28bbfa39f6d11405832b5eb88709f21eec6b16f4b765e80554a278cfc4db024d0fc1b6b8e2bd4336c5e2b01561e2a92a8296448760f372796e5bd9eb
-
Filesize
20KB
MD59223f06aface987d15c33cf9b6bc18e6
SHA1d44e1d79cd003705950f89a56cf0e662f9d51140
SHA2567adec334e09b7188de583337b0848b9c545cb9e9df56ad01a54185c8547d5111
SHA512b3421773ef501e024e4d51e737af14b458da01c153b558913e64b82946fc00f07f405d1d6cff2a9b224c062f19b0e917a81b545ad51c599de5ed5a38f03479b8
-
Filesize
15KB
MD5131c2855bbfc2da6d24bc3673c43e2a2
SHA1b1b676bac8b24f9fbd6cf2853155bab810bc0d49
SHA2566408cf2a06ab18c2b401c6a0f5f9fa4a3b77376683002c72d3e81e739966fe36
SHA512035d39739a9d554a57eeeb58b75171dd58f9fbdf24dcb74772f77b593ae173abeef3df3b658b1c33784194a858c40fad3110079d07a1188e819f701181a0ff40
-
Filesize
15KB
MD508d5582d39100c416244bd45a4cebe27
SHA15c57906a776a301d8d7b6eb1d9f424d2e0f3c41f
SHA2560f32336306c45272efbd40969e4357484afcf50c1ad48e275a9ab0d20b817265
SHA5120c8ad0d9b9f3b7899d6f0b12ea5c673178386fa33bcbab9490c8daf2df8a495c6710159be44f5ffa4ade970be84d9d93e7b20f89c1616e979b33ab448a34f7f9
-
Filesize
20KB
MD59af34a490849a6a480bd761aaec650dc
SHA1394b8faedd5aacb8b4b7ea7c05fad30aeb7d34d5
SHA2566bb0a788b01e48d9ccd4585d4c31b85baf72be9b125a0b0ab7f6a210be61dfad
SHA51279c1f288315fc92d79c966fc8a37c271edd78de493ed7281ecb04d378901a01a98b0f37ab5862c6c5e28bc97a4daf4485ccc4e11aba92df53378e17a44648a47
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\38E2AB7E5EB6718BD28080673BD993D913B751D0
Filesize295KB
MD5ec5980c5f8d30a7daa303e602455c443
SHA16fba13684a207b88dc26d2f16f617510d48c307e
SHA2563cbf30ba5871c002e4371fbfab0bdc5373bfa0039bf6531623de188700474839
SHA512ceef78d5c1f770bec315513f2342e4bb9ecd4cccd4f68b24a58c00897867cc400a3b16bb0293e24629578ebb680006b58e6c6d464f8e19bc3298947f4c4cd810
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\59AD71B3A5D09F71F212460ABA6DFB36C07B56E0
Filesize5.0MB
MD52cccbbc2a953d486e88094a1f528b5c1
SHA110e3cf0560cc076f5433208c905aae149c8c6764
SHA2566d1e6ad056bbbafa22b183e0aefdfd10098a4e070020123319a671a32ea2276d
SHA512549a6c58ada545ced692091e22a1d43a877f0c0372d15423fd4c6f82677f54a48585b0a56ab8a8ed754c70df1b6b6d05d07bd5fa1df8947111b5942354faedb2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\6C9DE693D56A11082A718873E93C1D13DEAE7ED0
Filesize44KB
MD544372e73c9348823d3c585317fdec53a
SHA1ad765bb482f1d01cb49975f87cee92773a4c70ba
SHA256fb2d3de9cadfb70a8d918b2255c6f9a888a03d567523f8bcd26190aa47148f7f
SHA512bed63c341098b612705e5a5988c3cd2ea2c02c767bd44db90dff8217cc560609eab241d8ef99925f7650f734cd8ecd00ac130b181e254ac4802d384967f5f77f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\8F479D668BCECEF12EFEA2791B0E1652C40ED285
Filesize569KB
MD55ba675ccddff3990f5ae4b2499c0a8ba
SHA17dd332cd781d0ffbaa3fa1a00d5ca6a6a9513224
SHA256aac12a3b1426aa380edffe7e41843ecd36f1d998ade719c28ae680a8e586c200
SHA5122de30ace02a935f2b2d8e540b105e08b06bd6a09973d0688ce2f3bf8b00214040aa2f006aa699fc97bcb9efffb948b156e4d89a8cefa65245d0fc34db9c69934
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\9A8A19E8421537BDDB656CED20C03CC72B2ED3A7
Filesize1.5MB
MD5dd8fb144e74d903b0a92385288d2e04a
SHA152e33c35d3c99b2a96fbac9a328e68785df66571
SHA256f4823757382f7a07bfb3c95011c1c7534b77c2195f0d5b737e5e595b6c3088dc
SHA51289c3acba02e456da8c8be256d02a228161e02867b627248de894be822984db51784d32b295c8c9664cea6eebe1358d768341d29e9e6d444bb0d81b74a561afd7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\B530E17DCBD7E392B3410566058DCB0B279DD5BA
Filesize225KB
MD5905218ea4b1cfe779e61a8c945b1f7b2
SHA10e0e13f8d9278ce951b892d297197819eba79c08
SHA256699822bfd97b77664c9c52d698a674251890214b77f7a76848f107c0d2fbd80a
SHA512df0f2428e1523b6fe12b00d1cc685bbc754f6d9004662702403cb6395f9e1d8afb49602de03361f2d96c0f1113d355eb0cb7c68f2947e73720bb07bc45ddcd41
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\BBB876FA988CEFF1A559E8C4D1DB9EE8889432E6
Filesize2.6MB
MD5db700f113d3ee45407cd92efd4c38c85
SHA1c7569f04be4f99492e55ee7ab97417a2b3aa25d0
SHA256ddaea9c9e2b758304fe7e47375b0533eba049cdf224acc02e95a0a395eb1e28e
SHA512cfaa1a226ca5e2a5f56216114ba03ec6bf1bf2995ad4190f1c672a32466446cd8d5064e24ae324707aedf4c956c1860d4d6c66ccac304bb9d687f4e26030ea0b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\CE88A86FD2ADC65BEA176D5150BF63666A2C2014
Filesize103KB
MD5cbb005fc912758329ce017bd40f064dc
SHA172f392a48b3faebb097e134b466cce05a4c9d212
SHA256d20489ac653b276495a2a55d2408d2275b6dd4b91ce24b5bd4b7a75dd34c863a
SHA512696c25de2c34122017156c923d955209289a117040943b04e6abafb82ea53c34825f0701d78e76bb428c5b619227c09dcf9411174ac7c0babe92aa2878255d9c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\D286BF830E135C0AEF93D035F8DEA4FC96EC408C
Filesize998KB
MD5c3d8f260aeb0272e7719cbcc44c27f0d
SHA108ea0a2ba2812e4d1bd8c08328e9c3efc0f8b3bd
SHA256cd36fb123e547e8d13bfc171c5ae0c64b9b58fcd38f86420cd636896a0fcbcf3
SHA51231c61c2aec35273274ca2998d14a2a17d6ea5aa6828297364156d385d8e693b3d752726a6d7256fe60f102c78c6659e318e833878a1039161eead6d5a41107e2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\D7BDB3A35C3434C5F7031AE997F9DC2B9EDC00A3
Filesize2.0MB
MD517f68747d41b6943a3f63698302ff47d
SHA1a5fe8385460d523d89017b8a5aa34cebffd626ec
SHA25671a0fe0d4a89bd1a4370f9d0cb9a1ca07efb0a6915de2840fdf23a69bd28a1a2
SHA512b8fe75e36cb51bbd1cad4a710b9782ebb70d8f46a7025e25a2bb2a8b8f7471611cf5d2bdc2f19c340c5af664f1c15cc3cd5170ecbb859417c9aa0e6531b170f6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdxf54l3.default-release\cache2\entries\ECB82B1697E10284C34B19963FA9FBE9C5001811
Filesize123KB
MD547c603a981e58854287079b1d7323124
SHA1c351a13d68cb52a43ed9e2bbd2fe1c37135dafbb
SHA256b88fa89c07f74535988ae1d0fa25e7a9e917205d8538e2958cbbb7d88411fccf
SHA512384d0abbc83b8d14d63ba32b2c3aad7a9e304a77c538ea1d936fca4272d1985484341af28a4c5e4823a574b5ddfb3fb2c3e6766bfc7c693eb43bb6911a06e6b6
-
Filesize
6KB
MD5e66c8e513ca61b502f76cd756d053e56
SHA1870ea32e7fa04a91c50fb09e6743ea3a99b6bfdf
SHA2568fa8a7741d100207c6ed6c3b785435030abe76ee6f9e5227b1537c2b33306580
SHA51296420d0da94fb7ac1698542491d0a3a7f968ca2889765de6d55582f04c2ababc436c6003e3956a546b04d6ead19d2c6ce93049502e9b7f996e6d514352a8fa29
-
Filesize
6KB
MD5560969cddf9a751758e8c72b0385a945
SHA142761b77a15b58c1e502ce145ec21d9233eca3e1
SHA256c6acbe9a84a75cef8a8811a3a5216f053e43cf27e923ba9a43d028bbade7cc62
SHA51220c24ec5294f4c3ce2ddd83fef01378c8f5b03f3949c525395ebc3ce7639b2468c0e011cf32dfdf1cc0724b74b16217e30a8f11a2929289c417b43eeab41a073
-
Filesize
6KB
MD5d28ffce8628f3992d5e16fba5e2c1da1
SHA17d39561e03674b3581f7954f2e78488221adbe79
SHA256ef542d9538ceca2a88d4c2bced9c106de7d9a4f28b800ddf42434badffd9c990
SHA5127da3dc2d64b1f6538354c3e04098c3f6827d3b9d82fcf3e4be71eadc7526e45a9779c3ee8583e8956a355684d836626492d3b86be0a35a52c03a992cb363cbd5
-
Filesize
6KB
MD5d63e487d9f8148d111210a89773fbdbc
SHA118150a1f0d80892fb15fa196175b3666fe43e8eb
SHA2566496208546d1fe078ad7dae9d76f0283d8442f09d3fc1fbf9903906d82ace0d7
SHA5121c645350133a8ab87fe6477998d47bd240236fc62f0bd0df585ede73a8c38d8768662768dd9d78640bb11a67a7575cc0fcc8634c7007283877114945327de769
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdxf54l3.default-release\sessionCheckpoints.json.tmp
Filesize259B
MD5c8dc58eff0c029d381a67f5dca34a913
SHA13576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA2564c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdxf54l3.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5d867513ea0cdb6b76553d3360fa08e9e
SHA186e5297e50629afd02a3f77071cf43e78bb980df
SHA256ec445a56de401a103c81ba0b482cfb7164219c84142c94e75db80c774a53d092
SHA5128e76c5cfdd947634d4dc14c3e5331cae5dbeaf0e98f1abdbec64ccf31b34ef42be26ebb8bc3ba7249d840c7240f957f46905ef4b5301e3cc0584066cdaf242c3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdxf54l3.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5604db844324778574432b8827c632b6e
SHA18926a6e532a1760a3f81c74732604239f6a9352a
SHA256ed3b8ab45577eee47935abb2a01693e2131389fb8770c0922111c5becd56b36d
SHA5125a58d6a5c126d8735454887d15c83edc9089b8d60a166a9601fdf6f90199d802d12b1c34a1b967086047a3d93314effc85294069db31b6b7e46a88a3919d85e1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdxf54l3.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD53603125a43e29bcf3d2ffc2e6664de6a
SHA1de7599683a0ee96d8ad84503800ded6d584bddfa
SHA2565fbfd1793f27198255cd88a60b734383e952fbfb34cab2e2216357e4b379b7e6
SHA5120635a3f32c179ec11f00d01df6ffd251cfa50197c0339b1d351e95ac255b14bf0f5b65ab00fc503c473ddbbda2ac18d562bf5e1aac0002a382aad72352206af7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdxf54l3.default-release\sessionstore-backups\recovery.jsonlz4
Filesize7KB
MD535d42baa7f256c2b0c73429951b892a1
SHA12fb58516498470b650bfcfd9b8a27cd679edd089
SHA256300557711c787b927e6c152b5745b6e126df1dc0a75814bec38de9a0976c674b
SHA51225b049b45527c4a9627731dfeb2c964dbe923a99d189cb672933c90b883c5c2b0053c5597c3bf610c5fc392a924df75d23afdf4918ef5e4e08eefc241c625c55
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdxf54l3.default-release\sessionstore-backups\recovery.jsonlz4
Filesize2KB
MD59158830581ab3ccce48fefe81aee165f
SHA1fd784e2adcd72cf37e99fdd9681c614e1107ac6f
SHA25632b1a8cb9cd204d914d05a0e45cd57097f9d5c138775dfe73fd8e55162a29c7e
SHA512b163bb9170c0da101fdb9aaae70f4305a24dd656d9a24228f85b3babbbc4b01633f816dd31bf2eda60caed5beca1672e2ee3083c4bcaf7f8bb6cb470618d464b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdxf54l3.default-release\sessionstore.jsonlz4
Filesize7KB
MD5bb8d6a5cf92c386b669c0559e02cdf66
SHA1af502f093883057b8fe8f3a44ad59b1c583e2692
SHA2562731fb4c1cb5a1d7965be4f8d68085fc3d62ece3d91dd41366f3f716bb01f686
SHA5120fb7444aaea22b171f65881bb192f66bdeea70ff6d9f8b98ad02f8ef7f856fc1ff9b212c8fd305cd9d4e9ba16adf53d118b3950938ecf0317d151d95ae2cb21c
-
Filesize
15.1MB
MD5e88a0140466c45348c7b482bb3e103df
SHA1c59741da45f77ed2350c72055c7b3d96afd4bfc1
SHA256bab1853454ca6fdd3acd471254101db1b805b601e309a49ec7b4b1fbcfc47ad7
SHA5122dc9682f4fb6ea520acc505bdbe7671ab7251bf9abd25a5275f0c543a6157d7fa5325b9dce6245e035641ab831d646f0e14f6649f9464f5e97431ab1bf7da431
-
Filesize
15.1MB
MD5e88a0140466c45348c7b482bb3e103df
SHA1c59741da45f77ed2350c72055c7b3d96afd4bfc1
SHA256bab1853454ca6fdd3acd471254101db1b805b601e309a49ec7b4b1fbcfc47ad7
SHA5122dc9682f4fb6ea520acc505bdbe7671ab7251bf9abd25a5275f0c543a6157d7fa5325b9dce6245e035641ab831d646f0e14f6649f9464f5e97431ab1bf7da431
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Cerber\Ransomware.Cerber.zip
Filesize215KB
MD55c571c69dd75c30f95fe280ca6c624e9
SHA1b0610fc5d35478c4b95c450b66d2305155776b56
SHA256416774bf62d9612d11d561d7e13203a3cbc352382a8e382ade3332e3077e096c
SHA5128e7b9a4a514506d9b8e0f50cc521f82b5816d4d9c27da65e4245e925ec74ac8f93f8fe006acbab5fcfd4970573b11d7ea049cc79fb14ad12a3ab6383a1c200b2
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Mamba\Ransomware.Mamba.zip
Filesize1.0MB
MD5f94d1f4e2ce6c7cc81961361aab8a144
SHA188189db0691667653fe1522c6b5673bf75aa44aa
SHA256610a52c340ebaff31093c5ef0d76032ac2acdc81a3431e68b244bf42905fd70a
SHA5127b7cf9a782549e75f87b8c62d091369b47c1b22c9a10dcf4a5d9f2db9a879ed3969316292d3944f95aeb67f34ae6dc6bbe2ae5ca497be3a25741a2aa204e66ad
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Petrwrap\Ransomware.Petrwrap.zip
Filesize1.1MB
MD56884a35803f2e795fa4b121f636332b4
SHA1527bfbf4436f9cce804152200c4808365e6ba8f9
SHA256cf01329c0463865422caa595de325e5fe3f7fba44aabebaae11a6adfeb78b91c
SHA512262732a9203e2f3593d45a9b26a1a03cc185a20cf28fad3505e257b960664983d2e4f2b19b9ff743015310bf593810bd049eb03d0fd8912a6d54de739742de60
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Petya\Ransomware.Petya.zip
Filesize538KB
MD5e8fb95ebb7e0db4c68a32947a74b5ff9
SHA16f93f85342aa3ea7dcbe69cfb55d48e5027b296c
SHA25633ca487a65d38bad82dccfa0d076bad071466e4183562d0b1ad1a2e954667fe9
SHA512a2dea77b0283f4ed987c4de8860a9822bfd030be9c3096cda54f6159a89d461099e58efbc767bb8c04ae21ddd4289da578f8d938d78f30d40f9bca6567087320
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Unnamed_0\Ransomware.Unnamed_0.zip
Filesize835KB
MD5abc651b27b067fb13cb11e00d33e5226
SHA11869459025fcf845b90912236af43a5d8d0f14dd
SHA256690339e6d19da0b5c63406d68484a4984736f6c7159235afd9eeb2ae00cafc36
SHA5124b85ae9001b9d1f11d57b6b2565ab0d468c3b8be469cad231e1203c4f6858af98d8e739b03fb849c2f3ec7b493781e88d32e7b7567c4b61cc1189daeea285bbf
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\Vipasana\Ransomware.Vipasana.zip
Filesize638KB
MD58d2c4c192772985776bacfd77f7bc4d9
SHA13b923b911d443e321e551f26c9588b16a994d52e
SHA2561733b199a7063443c167e3caeae7dda2315f590341ea2152a9b132e1ad8e94a8
SHA5126c24f2fe498cf38e3f3d66b62915e6fbc8c2746a1d4c3c3de270f994b02e1369b9540099c12d150712574ececbe63c8c9f28877d8aa4557fbbb7890d5a0de6c1
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\WannaCry\Ransomware.WannaCry.zip
Filesize3.3MB
MD5efe76bf09daba2c594d2bc173d9b5cf0
SHA1ba5de52939cb809eae10fdbb7fac47095a9599a7
SHA256707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
SHA5124a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029
-
C:\Users\Admin\Downloads\here\Ransomware-Samples-main\Ransomware-Samples-main\WannaCry_Plus\Ransomware.WannaCry_Plus.zip
Filesize2.3MB
MD55641d280a62b66943bf2d05a72a972c7
SHA1c857f1162c316a25eeff6116e249a97b59538585
SHA256ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488
SHA5120633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752