986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e

max time kernel
270s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wave.png
Size

10KB
MD5

57bd5782b784673f8e3ebd06f95bdf38
SHA1

1f55e36180024eb5c8fc066a855287898e6b077a
SHA256

986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e
SHA512

9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51
SSDEEP

192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
226	camo.githubusercontent.com
223	camo.githubusercontent.com
224	camo.githubusercontent.com
225	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\WormLockerRansomwarebyCYBERSOLDIER-main.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4316	firefox.exe
Token: SeDebugPrivilege	4316	firefox.exe
Token: SeDebugPrivilege	4316	firefox.exe
Token: SeDebugPrivilege	4316	firefox.exe
Token: SeDebugPrivilege	4316	firefox.exe
Token: SeDebugPrivilege	4316	firefox.exe
Token: SeDebugPrivilege	4316	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe
4316	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 2952 wrote to memory of 4316	2952	firefox.exe	92
PID 4316 wrote to memory of 2392	4316	firefox.exe	93
PID 4316 wrote to memory of 2392	4316	firefox.exe	93
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1536	4316	firefox.exe	94
PID 4316 wrote to memory of 1692	4316	firefox.exe	95
PID 4316 wrote to memory of 1692	4316	firefox.exe	95
PID 4316 wrote to memory of 1692	4316	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\wave.png
1⤵
PID:2376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.0.2121456783\834429756" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {425d677b-9692-4b2f-957b-59e184b9ab68} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 1944 256ce9e7858 gpu
    3⤵
    PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.1.1960023194\355038554" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f411d99-8df8-45a9-b3b1-9caa0d45600b} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 2344 256c2a70158 socket
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.2.1471199075\1969141851" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3180 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56c9895f-8f79-4be1-ad4b-8eb984bbe1ac} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3156 256ce964c58 tab
    3⤵
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.3.485799703\67665640" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71e0434c-21ea-413e-9ec4-105cd512ea7c} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3624 256c2a62b58 tab
    3⤵
    PID:4056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.4.1199681670\168259548" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f721f7d-5aa3-4b08-a161-d2129cba06af} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 4528 256d4eba258 tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.5.104013572\865492435" -childID 4 -isForBrowser -prefsHandle 5156 -prefMapHandle 4708 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50596ace-acd5-4840-9b9e-9aa219df8b05} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5168 256d385e758 tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.7.1066229740\1665305307" -childID 6 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9d0d930-8527-4c16-82f6-8fa58090f3fb} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5124 256d5827c58 tab
    3⤵
    PID:3136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.6.1747767258\1127901761" -childID 5 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ed06049-b256-4d64-b37e-621247dc1bf5} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5384 256d573cb58 tab
    3⤵
    PID:2424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.8.2090795509\1414492715" -childID 7 -isForBrowser -prefsHandle 5884 -prefMapHandle 5880 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6762fcdb-eb80-4de3-92bf-1d0fbf99a4a5} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5892 256d7537d58 tab
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.9.901095110\223270260" -childID 8 -isForBrowser -prefsHandle 4628 -prefMapHandle 4316 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26f704c4-8eb7-4b59-95f5-f7d85815be04} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 4728 256d8c19158 tab
    3⤵
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.10.404448448\1253810186" -parentBuildID 20221007134813 -prefsHandle 5312 -prefMapHandle 2924 -prefsLen 27416 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95044d3b-60e4-4b45-965b-218e1e0dbc18} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5380 256d5828e58 rdd
    3⤵
    PID:3852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.11.1272138056\2002390362" -childID 9 -isForBrowser -prefsHandle 5792 -prefMapHandle 6436 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {442d1a4d-fd7e-4e9e-b012-2fc6aa8394b8} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5780 256d9a3f658 tab
    3⤵
    PID:1540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.12.1932808563\766763536" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5416 -prefMapHandle 5556 -prefsLen 27416 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1aeb2aba-b0e0-4df2-a8b3-b1300f348ee5} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5472 256d8bf0158 utility
    3⤵
    PID:1548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\cache2\doomed\11969

Filesize
15KB

MD5
67ed2855b7536a7a0070c134ae225c1c

SHA1
6f3d008b0c7c0cb162125169e5dd7b1d3383e34c

SHA256
5daac715e108142dfbc770f1332a2130d839905cc592663ead2dc3af39d75e7a

SHA512
c22bc05b782717a0cf5bc57a216a7a80519d4dde67a0dc03a84f345efbe7f671b4ed8deb5efaf35276c21f1b12f24f58d74be1a71424a1e3c36aeb90267c7664

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\cache2\doomed\14150

Filesize
15KB

MD5
fa7e1408d1bd5fdb305faafe7f06d987

SHA1
e68290c21892af13f405b45fe8a4b14cb1cc39c2

SHA256
7b7976af6aeef37cf68ac45f4e4fb97761da8ba3eedb14f6850b92cdaa543d8c

SHA512
9850051f1f3da9e94d981c0bc8b872fb938e849f121e6dde9d94b3349ae0b511dbcbf74bc652d58d192899937b3ff9d4a772d3078517de154f6981ec1d9683a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\cache2\doomed\28364

Filesize
53KB

MD5
fc0a73f4998e38d6bc36dc50727d52e6

SHA1
2ad87be25ed97333556e5f28c06485bbedd8d8d4

SHA256
f54838130c0310bd889e1ca54c7ed4c14d63d9739f927e4a8f0bf091cb89bcc1

SHA512
5d5b5deddf565f019140a37a7abac3ec278683150d08860a4a3ce84695b87df159f22bf049b3e53da6f77fc20e32f012ada79b3cbc509ee9450965f2353c868b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\jumpListCache\HUl2cRnSQBUHIh6h9Rfs+A==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
2.4MB

MD5
baccb89ec1601043f55cf2568c88a84f

SHA1
2bf0bd5699a28e6ef5824c6e5db8299f1fefbe73

SHA256
1d384560149fe0cd7c45aece28a35a311d7853b9e874af2a8b817f3155397658

SHA512
9e576b6218c0f95e848e81f9a6ad4ea7a650597f2aa328982f5dd85feb2fd2f1d058c24ee93327c643a47289ce2902dd44542bbebf02ab41299e5e604cf47e54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
1822f480819089b2e7bcae302e4df07d

SHA1
74f6447bd9bf18b0e287a0add8ab1c534ddb0149

SHA256
b8833025b05ebf627369d062ff225c3e204a296c9bb0f83d99a5bcd38f071650

SHA512
3e0ba43883fca99cbb202878a7ac50957f202cfcd45b9f1889c4ae8d875d0f1bc20c9e8830e73bf5c564076e23f65a02300263403e5761719338358d62ebccb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
7be5ec59a22013a26e22da9cf7a72164

SHA1
0e66d64c530ef442df285c5b7cacbc5ae23075fd

SHA256
ee2dc616caa1a459c334a044d025a8aca70dc482278d75e4eaf4dd8804e94246

SHA512
516b61508ff702d43ac5043f2f06d06e9392a993eba3d448a6e38328343e3d1ce6b5aab7431b5b2a07976154317d155f9da99185ab3136abfdf2d27ec2842ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\04dfc9b9-47ab-4207-865c-a24515111bb3

Filesize
746B

MD5
138cedbcf1bd3c7f81b3d3fd3ac50edc

SHA1
79ecfcbe7375b8f28690d05f4f3a0737f6891e2f

SHA256
210b4d98890ce42628b5ccdbc140e5d1e0ea085f1364edac1ccfbc9c6d817d38

SHA512
e61a5faf9b84b337616d763ebe3d8ee39a5b3f65964d35ca6fd0108f42f741f1ed40f41b0cb921aa1ec542a76c6c044a924a3554b007f9d4d7c7445aa1c6b43c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\2edcb70c-347e-4d6d-906b-20556f01ed7d

Filesize
11KB

MD5
0831d408d708b60e321ffd7c93870398

SHA1
2e93b6f0166ceec49df31f834690997df1486833

SHA256
abe38f37e07b40ff3b61bab45b7133ef43bc34d7273d371cef59c962b577a9b7

SHA512
9ba022f3cbbf683d8678bc17181d41fe030f1f43ee702bb9d82ac0c5431ddda9331d367eb2f905d52f6350f79d93ce25b6d82e1ca1c5cfb3a2ac829f8ef3a9f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
1.5MB

MD5
335ee1d3b639188c6be91530fcaa1f41

SHA1
adc0001966664ad5777591fdf1be49aec6d55a70

SHA256
a8d39fb87bb77a146685b7b72e05f213cac8ec925df56ab54ebda378e1b072ca

SHA512
503a7718f91f358b7895eab1a13b7041b9e8226b309c0e275110b24388c2efd3d1c53b488a6bd7280b61e3406cbead7913b12aa67b40c2beff732f68fd8f3822

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
7KB

MD5
91198c636588b7c60d80dc8c431baeff

SHA1
099216ed6bac762efdd05ed8b21df78a836b43ae

SHA256
7cc40cec7abb5fcf85f09f6f4cd9806f82c18f6ea2cbd64e841b333407f4e227

SHA512
80fc67f8ccabaf98e3ede036e40f81b99592ca96c20f19bbbc48d904dd110b8488e76309af61230e6536b4d114d082c3f0aa3f9f9ce7b7bb0b99cc9ffc7edfc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
6KB

MD5
8012eef0174ab7a1deffeb0f0cf164dc

SHA1
93e8211668006e34245af9fed2f5f166db082e28

SHA256
e120397375d8645102f6cbe6d47d0b2a229c2197bd9706a1e7c8177165ee5951

SHA512
03db752bc9d57832d1f56e524b54880da424098b59ab8a7ea0d9a677e4b1f90c8c57608a0c9f9c7e483171e6bda83fd65a9511e0e9460c3e440cf3113bd2712f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
6KB

MD5
c2b10603c1d755bd006bf2916dea3d59

SHA1
3db0a045a5669406c9709d54334deb84a26f3a72

SHA256
c0467da4cc4a3b50dfdf0c1baec1b6a17d10cf48f7febf77d52b482a2f6db4f6

SHA512
9b6b5ca65bd86739aa5c9705329d63fd0629f734af71f4c4989527b73ad2e7b95453735c79cffb78a3c9d7fc0acc2c7544228c39b97dcc965b1abae6228b2c4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
7812bde11d3e70fe0e5e6ecb5429dcb1

SHA1
2751748accbf8d7e4b1c26105d329763f3327a1d

SHA256
ae1b09f6878153e87c6d1979e4129bb5631ca76c58a796c4e02d0f39da40e4a0

SHA512
568969aaef6a53f660af846bc9ae07456128c0add3465460fa45d698907f52ace58d03ea3d8fc01e5a9e4fc6cf962a2e4098ab5933bcadb3e4497c24699387ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
dfb9fd7265a333aa4eabfbc0b24d6b4f

SHA1
7d266f3cf07c3f227f3889b57ef40076e9a7d0e2

SHA256
5177d991544b8eb73e448bccdf278bdc6a0b94b49d73131fa393a17921913f53

SHA512
a8e670e30f76e3e81d0cc3dccc2af4a4a0e412cd08c8997ab45ee0e244eb46c08f21691de1a4505bdd8da088964ae519297aae25d56264fce9789321bf6e3092

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
a1c334052ffd9e6764154abb7d48f148

SHA1
501ee7a31a5bbeae673ec1347078a3875f2be674

SHA256
92064c37fc108f1c0e91d16cb38ece043e874930ebe5142e19e7a8d0010fede7

SHA512
53f1a36e1263c5ebb5dcbd9fc677ebcb044e8f12df28d8cab6caed1ee785e6a6313cafd41e1ea9ac340638fa7aa226e1b01367bf8def292528eb172b5c82f853

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
0030daf84d590160bfd56240f900e204

SHA1
228744a1cf4c5a92a6ac23f561cc8b48b84dfd9e

SHA256
8867d4a58dc1ea86845bc29ab528620258ff5dafb8e0bb3a082b4520bac5c65a

SHA512
ea2a16c8da30516944cd2840be894116e3cf7a989ff6b98efa948cdbeda69cd1a0b311d06b372eb1192717a3d8709ccf63f6c990354d5e0aa71add05fbb51a36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
3fa06f7f83d61082264b38d45f828c5d

SHA1
bbd759ad3b6d45ea145c7b0ed0a119a9ca3577c6

SHA256
55417f97f2903f9485f27f5d386e23c26836b91f42642b78ca37fae2d85794e9

SHA512
403b631d5bbfe78b33e70ee7639c0379fc8a45532a944f859b8bc04dd2c9b043948883e3d74d1a889e1ebaca9b86bf5461c48836fa82d4adf5a0a1569aae2093

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
498d7b86052e96ec7eaa56115fd2131d

SHA1
652fc31b896a9ac9efdd643d7488a6714c594ad8

SHA256
ac6d1a21fbe1e018dca63195b387b22015d15830e177097917e8cf5a03548f6c

SHA512
deaaff7788e5b672e396df6b4ddbd5ba17cd5e7397c2aad4634dda6f42c4b6f1fa2a766aabb44e9769cafa26b4286443bc21d3f4726a54e4b7d1d8ddb3037a43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
34aa2d3261391dd452dad403c93c415a

SHA1
b1a5ecd3a04b0b9f00e9bf3b73cb6766b9a1980c

SHA256
0b738f34b4461d95c8e0c63d9be68c0ad51c3a1cc52dacc165a7b9752f4bb57c

SHA512
2a388d9ac789d7d2e6b8970f21771e30598f2aa4d04e0e5ebc00206fadc162fb8e03599cb2420493b253295e06d5958bf3a4fdf1ca24a4513ff6e3678efef838

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
66743558ced72595c74b00ed53a85636

SHA1
f14fa1e74b8cc056b3109d9bf73c947095137e04

SHA256
059934fae7cf47a6187dec8ea89432af447fa428adf05806e96ec5654c6cebd6

SHA512
7d69e58cbf02c6620463ca459925bddeaa771f22dff1e27ab3ecb4a7ac257f9d96f1175bcdf46ac0ab08c9ff8b5bab271cf16dc9c6ae4e421446d0caa87c52ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
ece83350e3e556bca6df8bf6b59374df

SHA1
ec334cdf22cf99334685433bd484c852a1855632

SHA256
843d2a9d90888090f01a85c32d0a97d40f6575cdee8c7ab5a7b0aa588838908f

SHA512
ff85b62a0715f12caef00b1342c7c4ec571e05baab6806c0a4efa8b0d9f76c010df25f71d4d151a5f6bc93b69770bc9c7334da06da368d37be32ddc20b8a0cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a68ca98b5e5db8f9c6ad1f26bdcbc943

SHA1
859be5263bd7a002597b77596f33873489a5903a

SHA256
a786430d8c75c404c9ae78045ae8e1dfc54b7752069c8472c69216014d7912a0

SHA512
599ac947852fd12e8c4dda0cbeb1ad7adf24e42c467c03ec4defeb4b52dd0f906e0547a4c5150115e3931d2b55be404e28a1edb9d88487f8812049b81c33a057

Download Submit
C:\Users\Admin\Downloads\WormLockerRansomwarebyCYBERSOLDIER-main.dBWSzj9C.zip.part

Filesize
114KB

MD5
76bb39f6387c4b1e9dbe8325a5691d1b

SHA1
2e6b8630b777a9eaa01ce3fed336e23751be7974

SHA256
bf58f9e12eb28dd6982fbb6d6ad83f87b73ba8ddb6d6616c442eae9cd3c80c89

SHA512
6d6b6dae773abe2a8856c643486a7c00015702c6a9285becd212795f0f48699bdca1e5578bf447bee05e3a37cc1aa4c72516de55a8c33144cac02cd9f8cb0b87

Download Submit

Resubmissions

Analysis