Overview

overview

10

Static

static

3

download.exe

windows11-21h2-x64

10

Resubmissions

08-07-2024 21:34

240708-1erm8szdqn 10

08-06-2024 19:59

240608-yqs94afe4y 10

Analysis

  • max time kernel
    440s
  • max time network
    443s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240704-en
  • resource tags

    arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-07-2024 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    download.exe

  • Size

    283KB

  • MD5

    2773e3dc59472296cb0024ba7715a64e

  • SHA1

    27d99fbca067f478bb91cdbcb92f13a828b00859

  • SHA256

    3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

  • SHA512

    6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

  • SSDEEP

    6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Renames multiple (1509) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 9 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\download.exe
    "C:\Users\Admin\AppData\Local\Temp\download.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\download.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3980
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:888
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3064
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3100
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1708
      • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:4704
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1160
      • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:812
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4236
      • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:3408
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3384
      • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:1376
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2972

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
      Filesize

      32KB

      MD5

      829165ca0fd145de3c2c8051b321734f

      SHA1

      f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

      SHA256

      a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

      SHA512

      7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

      Download Submit

    • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun
      Filesize

      160B

      MD5

      580ee0344b7da2786da6a433a1e84893

      SHA1

      60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

      SHA256

      98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

      SHA512

      356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      Filesize

      283KB

      MD5

      2773e3dc59472296cb0024ba7715a64e

      SHA1

      27d99fbca067f478bb91cdbcb92f13a828b00859

      SHA256

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

      SHA512

      6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\drpbx.exe.log
      Filesize

      430B

      MD5

      0f8cc27b4ec8bee2903d3969f1ad8e13

      SHA1

      a81031f14b00befd6efca920a59b7e0152fb636b

      SHA256

      abe5fca3a6b5c786e6a09485fadfa3afb526a3b2370908f68fd326711a80052f

      SHA512

      d089107231bf46f4ef36987f4f9e4378391f2c8e783e79dce4e5453faf3659f35f5451fc236d32bba2ccca06bad85ce935bae7eb927591f239a6b767b5819380

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db
      Filesize

      24B

      MD5

      2dd3f3c33e7100ec0d4dbbca9774b044

      SHA1

      b254d47f2b9769f13b033cae2b0571d68d42e5eb

      SHA256

      5a00cc998e0d0285b729964afd20618cbaecfa7791fecdb843b535491a83ae21

      SHA512

      c719d8c54a3a749a41b8fc430405db7fcde829c150f27c89015793ca06018ad9d6833f20ab7e0cfda99e16322b52a19c080e8c618f996fc8923488819e6e14bb

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db.fun
      Filesize

      32B

      MD5

      a030fa2cc1f33e07ec29029ad58a9486

      SHA1

      b3154ae33fc9b87823069d61e13231c3569c8628

      SHA256

      b8683b91a302fe869d3c928a470ef8ab9b43cc9b055cb05e9c16b6a20ce0fb60

      SHA512

      cfb936cd59ed2fd6fdc134107a9589942e3c04aa7812840c3e628861952d54ae7aeffe03ea5831caaab1e7bba603029ca2d9df190252b9ac6842866e76beca87

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db
      Filesize

      24B

      MD5

      635e15cb045ff4cf0e6a31c827225767

      SHA1

      f1eaaa628678441481309261fabc9d155c0dd6cb

      SHA256

      67219e5ad98a31e8fa8593323cd2024c1ca54d65985d895e8830ae356c7bdf1d

      SHA512

      81172ae72153b24391c19556982a316e16e638f5322b11569d76b28e154250d0d2f31e83e9e832180e34add0d63b24d36dd8a0cee80e8b46d96639bff811fa58

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db.fun
      Filesize

      32B

      MD5

      4258d8781a5b5d68df688788b1b58d00

      SHA1

      013d4a0b0c06988263539e7a9bfef2d1980c602f

      SHA256

      81223a9f04c58938fe57cb17dd6ae559f1288e5512dd8e8b5be2be17ef28b6b7

      SHA512

      23120262743b96616b60e860acd74be8bdbc8c4d97464d50d00168c272ab3d6234602fa523e2de637578a6f2cf1dabf9c866b63aace0d23b61ecd8cd0e66c942

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db
      Filesize

      24B

      MD5

      f6b463be7b50f3cc5d911b76002a6b36

      SHA1

      c94920d1e0207b0f53d623a96f48d635314924d2

      SHA256

      16e4d1b41517b48ce562349e3895013c6d6a0df4fcffc2da752498e33c4d9078

      SHA512

      4d155dfedd3d44edfbbe7ac84d3e81141d4bb665399c2a5cf01605c24bd12e6faf87bb5b666ea392e1b246005dfabde2208ed515cd612d34bac7f965fd6cc57e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db.fun
      Filesize

      32B

      MD5

      074c36e7a75ed9ea0f05612979cbd220

      SHA1

      f61bb9ef299f73ca21e123aa0fd7ba38f7ccde8b

      SHA256

      4a28ecbe65355748239ef3c8339e9d92f64867c143426797eba64b04e4189f12

      SHA512

      b2b68ae319e8c0ba127fe0f2024311ffaa58f4e2c52ec1c15f75a0adc4f8e8be7441210945cb5d79ba18500e2937bf70a93393b986f7c3c67695be24439f5459

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db
      Filesize

      24B

      MD5

      2d84ad5cfdf57bd4e3656bcfd9a864ea

      SHA1

      b7b82e72891e16d837a54f94960f9b3c83dc5552

      SHA256

      d241584a3fd4a91976fafd5ec427e88f6e60998954dec39e388af88316af3552

      SHA512

      0d9bc1ee51a4fb91b24e37f85afbf88376c88345483d686c6cff84066544287c98534aa701d7d4d52e53f10a3bea73ee8bc38d18425fde6d66352f8b76c0cbb5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db.fun
      Filesize

      32B

      MD5

      e82db15a7c80fd3cc26ced6cb295df86

      SHA1

      5a586a640d971994b704e4f66a41f71d106c3347

      SHA256

      59db66e67f7a5e16d4d996e7f9da54c1d1979ab5c3264cc02bd64dd185f03475

      SHA512

      2e7b4d8e168fc4c3cda3bdb3b87fb26328a24c64312beb4b8659fcdc8ad23ca096cc818dcb852af8cbff191923df009d136f1b836bfec04836b110d0faec7573

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
      Filesize

      1024KB

      MD5

      bc3a1578d48a2bf208910ad755c44a91

      SHA1

      d7aaf7b1d4eb9aa245ac9de8db59e8f8fbb8bc0b

      SHA256

      7ff995a92437a279b841c975531bcaae75eac01cd85f937dbc7a63b67494b475

      SHA512

      c8a634e3ee1f5ff72bd998c749f5007df3ad09040d1059b73be51b4bb7ade5482a0867f333640f7b8994384d085a34303e8e411f96cedd547988601de43d9e4b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
      Filesize

      24B

      MD5

      ae6fbded57f9f7d048b95468ddee47ca

      SHA1

      c4473ea845be2fb5d28a61efd72f19d74d5fc82e

      SHA256

      d3c9d1ff7b54b653c6a1125cac49f52070338a2dd271817bba8853e99c0f33a9

      SHA512

      f119d5ad9162f0f5d376e03a9ea15e30658780e18dd86e81812dda8ddf59addd1daa0706b2f5486df8f17429c2c60aa05d4f041a2082fd2ec6ea8cc9469fade3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db.fun
      Filesize

      32B

      MD5

      7baad83fdae9319783bee19deaf7ff19

      SHA1

      ae1d209b70c1fa1b1c33a43b61f15c0c19330ba5

      SHA256

      b5e393d4d97409c382662b3e732ca520a435178461c873c34afdd40df4c0798b

      SHA512

      0e0af1042c156a06c31c1bdf0b5e8785f2f95783e05cfef7021ac9893b3e05747fd535993899220e2f7ed242eb45591dc474af39fe824a01b0274765289e3d88

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
      Filesize

      24B

      MD5

      d192f7c343602d02e3e020807707006e

      SHA1

      82259c6cb5b1f31cc2079a083bc93c726bfc4fbf

      SHA256

      bb4d233c90bdbee6ef83e40bff1149ea884efa790b3bef496164df6f90297c48

      SHA512

      aec90cf52646b5b0ef00ceb2a8d739befe456d08551c031e8dec6e1f549a6535c1870adb62eec0a292787ae6a7876388dd1b2c884cba8cc6e2d7993790102f43

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db.fun
      Filesize

      32B

      MD5

      effbe5d10c00ae7ab587b62a390003c8

      SHA1

      abafcd03a906ca02f164cf0458209aef4f8b9675

      SHA256

      6c372ec232cd3e658cb12a92d2436f7e43a31fd3b1f36723d5e9b71d6eeb71de

      SHA512

      bfa688571d2ae8d6134881de2bf47676b4a0dea680e15498adba574f014004e3779bd339de9b4497243de8ec88464bd8fcaca86a71f359e703fe1ab7bcf2ef39

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
      Filesize

      24B

      MD5

      2a8875d2af46255db8324aad9687d0b7

      SHA1

      7a066fa7b69fb5450c26a1718b79ad27a9021ca9

      SHA256

      54097cccae0cfce5608466ba5a5ca2a3dfeac536964eec532540f3b837f5a7c7

      SHA512

      2c39f05a4dffd30800bb7fbb3ff2018cf4cc96398460b7492f05ce6afd59079fd6e3eb7c4f8384a35a954a22b4934c162a38534ad76cfb2fd772bcf10e211f7c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db.fun
      Filesize

      32B

      MD5

      31377ff4f3de38a9bf593605f60cb3b8

      SHA1

      d7da6f6c8baa5132b53909f381d4bfd2b977bda9

      SHA256

      9e2d2c95bfc028261d7b314aaf1e0e12ec0ed393892585b86f10500141251675

      SHA512

      126019146e805dcbcd1a4fa25b2fff77bf288525d8bf9a2b0437906161e2106a7be0fb7de754071bbac7ec43cfbecbce8e4a9b3ec760458bc9cdaa713f1518f5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db
      Filesize

      24B

      MD5

      f732bf1006b6529cffba2b9f50c4b07f

      SHA1

      d3e8d4af812bbc4f4013c53c4ffab992d1d714e3

      SHA256

      77739084a27cb320f208ac1927d3d9c3cac42748dbdf6229684ef18352d95067

      SHA512

      064d56217aeb2980a3bfaa1e252404613624d600c3a08b5cf0adcb259596a1c60ee903fdc2650972785e5ae9b7b51890ded01ec4da7b4de94ebda08aeaf662df

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db.fun
      Filesize

      32B

      MD5

      e5cb75826391109937eff711c145f2b0

      SHA1

      70b9c575540cc2777d519770095ff4df6d501093

      SHA256

      40a64c06df6af45fdc65e71c39e640b2ce8947aada98b85f55ca4d204e15fa2a

      SHA512

      fe450119f0783b1098aa13869103b038433ea7f55ed95286a08eda3e50304d7078c520966fcf283503e98928d7ad88968e2c0821e6387691d88364b32dae6bbf

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db
      Filesize

      24B

      MD5

      fc94fe7bd3975e75cefad79f5908f7b3

      SHA1

      78e7da8d08e8898e956521d3b1babbf6524e1dca

      SHA256

      ee1ed3b49720b22d5fda63d3c46d62a96ca8838c76ab2d2f580b1e7745521aa5

      SHA512

      4ceaf9021b30734f4ce8b4d4a057539472e68c0add199cf9c3d1c1c95320da3884caf46943fc9f7281607ab7fa6476027860ebed8bbaa9c44b3f4056b5e074d3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db.fun
      Filesize

      32B

      MD5

      a799af01d0d31d65b6635c5b52d05242

      SHA1

      5d50d9f98225c02400b74978650e1b585a041f73

      SHA256

      762a372418d3349805c00bd3c5c51a81142fc8f42475fcd2b85bc075d335607d

      SHA512

      018a96bb9d51dc5952d7384fa9be4aad7a1947f271f801e4e9e724f69c284873872f9bef9ce03e432b196c1347cf53a73ee79f45e47eb1f59916b2c13f520c88

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
      Filesize

      7KB

      MD5

      eca214a043601cda727adf6351f4ab39

      SHA1

      2548fdf68bd684d73a1513f9eda9c7553158bf86

      SHA256

      e6173c2a58dfc3c8f3524a4d5f5947c4ebb256da1388d42c1ba9ee7d3a0d28ba

      SHA512

      f35110bbe31eb19e79ba11d837b1a66146136fafdf3046a2fe5413dcc0a2c722c5fc14f095058ee6776d775ea1bd3a31297b2325c8314abece159aa8fcacf835

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db
      Filesize

      24B

      MD5

      379523b9f5d5b954e719b664846dbf8f

      SHA1

      930823ec80b85edd22baf555cad21cdf48f066aa

      SHA256

      3c9002caedf0c007134a7e632c72588945a4892b6d7ad3977224a6a5a7457bf4

      SHA512

      eca44de86bbc3309fa6eab400154d123dcd97dc1db79554ce58ce2426854197e2365f5eee42bac6e6e9455561b206f592e159ef82faf229212864894e6021e98

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db.fun
      Filesize

      32B

      MD5

      7f3b2f8ccfdd9af9d4119e6df94a7e53

      SHA1

      a9cc40c186fd0454356f7a8893a96c2cf0c4718f

      SHA256

      ee99ace64613b17f1456622f2596289cf899b53bfda6d772945345b7e8c0aab7

      SHA512

      21ff3f960012713f97f4ba8fee543607cebf6948927968cea1a966726bb457d7a1873f2471cb15fe38a6274d1fab5171b320b5493efeb41a08e3cc50f0b06539

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
      Filesize

      24B

      MD5

      5f243bf7cc0a348b6d31460a91173e71

      SHA1

      5696b34625f027ec01765fc2be49efcfd882bf8e

      SHA256

      1b1aed169f2acfae4cf230701bda91229cb582ff2ce29a413c5b8fe3b890d289

      SHA512

      9e08dfbbf20668b86df696a0d5969e04e6ee4a67e997ff392099bc7ff184b1b8965502215744be7fe423668b69099242bba54df3f0bfe4e70acdc7cad8195b02

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db.fun
      Filesize

      32B

      MD5

      100c69e87d7c2e57ebe4c3382f5286af

      SHA1

      164c92d22db751b112ee8cd70bf1b6f84def929e

      SHA256

      b08d263736c9eafdf0d5fb99c743dee0b965443d152856039dd0119af35303ce

      SHA512

      d592e499a7736f08cafa2abc6af54f50f312c0628e3a3e4a691148fd26398f280490fd99595887d17892b72fc4868b616eacd62ecfc113207646caf76e894655

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db
      Filesize

      24B

      MD5

      db7c049e5e4e336d76d5a744c28c54c8

      SHA1

      a4db9c8586b9e4fa24416eb0d00f06a9ebd16b02

      SHA256

      e8830e7ac4088cf3dd464caec33a0035d966a7de5ae4efc3580d59a41916ff7b

      SHA512

      b614037fb1c7d19d704bf15f355672114d25080223e7ee4424ad2cb7b89782219e7877b373bbc7fa44f3ad8df8a27eef4e8ccc765d44ec02a61e3b7fae88ae69

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db.fun
      Filesize

      32B

      MD5

      cac57bd7254cf3b6239997ae2511a4f4

      SHA1

      cc7ee87ca7d3639c136d00e03280ac12fd696125

      SHA256

      4093462f9e34e18a271690f8bb1816039cfdb67a79ec89a39895ab3be8074e32

      SHA512

      c84d5617d1dbc9efcb48a8585fa367cddf27ce2ff0bf8e4e52e7cb2c96c865b550e43c67ead8f7563c2387daed423d5aa669d8216800de96ed6afef601616f00

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
      Filesize

      8KB

      MD5

      f22599af9343cac74a6c5412104d748c

      SHA1

      e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

      SHA256

      36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

      SHA512

      5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\BroadcastMsg_1720122316.txt.fun
      Filesize

      16B

      MD5

      8ebcc5ca5ac09a09376801ecdd6f3792

      SHA1

      81187142b138e0245d5d0bc511f7c46c30df3e14

      SHA256

      619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

      SHA512

      cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Frfx\firefox.exe
      Filesize

      283KB

      MD5

      ae3fe9b7d59e9f5c770f9c0e6e534287

      SHA1

      e98d2659660ecf6f8da4a557ab5d096451e39359

      SHA256

      467149065efa1e04a828bc92d571a5c40a81e007303f3a3092726b9227ff607f

      SHA512

      1a8f1bf2989d389980c65e058333ff4b25994a489ab1d945a34f5bb97d2e840f75d7261e5564cd8e444ac455fdee62c13b5b5f1e0f4f0d89daa547846eb209ad

      Download Submit

    • memory/1392-0-0x00007FFDED6C5000-0x00007FFDED6C6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1392-1-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1392-2-0x0000000000DC0000-0x0000000000DF8000-memory.dmp

      Filesize

      224KB

      Download

    • memory/1392-3-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1392-4-0x000000001B9B0000-0x000000001BE7E000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/1392-5-0x000000001BE80000-0x000000001BF1C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1392-20-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3064-1542-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1541-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1535-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1547-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1545-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1544-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1537-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1543-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1546-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1536-0x000001966B4B0000-0x000001966B4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3980-486-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-22-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-23-0x000000001BD20000-0x000000001BD28000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3980-21-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-19-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-487-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-488-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-1532-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-1533-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3980-1534-0x00007FFDED410000-0x00007FFDEDDB1000-memory.dmp

      Filesize

      9.6MB

      Download