hxxp://github[.]com/endermanch

Resubmissions

01-09-2024 21:29

240901-1b7kaashjf 10

01-09-2024 21:18

240901-z54vtasakp 10

01-09-2024 21:10

240901-zz3qkasekb 8

Analysis

max time kernel
450s
max time network
462s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 21:10

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://github.com/endermanch

Score

8^/10

discovery evasion persistence ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	Free YouTube Downloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	Free YouTube Downloader.exe

Executes dropped EXE 8 IoCs

pid	Process
5960	Free YouTube Downloader.exe
5416	Free YouTube Downloader.exe
5028	Box.exe
5532	Box.exe
1816	Box.exe
5908	Box.exe
828	Box.exe
6092	Box.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	[email protected]
File opened (read-only)	\??\B:	[email protected]
File opened (read-only)	\??\I:	[email protected]
File opened (read-only)	\??\J:	[email protected]
File opened (read-only)	\??\O:	[email protected]
File opened (read-only)	\??\Q:	[email protected]
File opened (read-only)	\??\U:	[email protected]
File opened (read-only)	\??\A:	[email protected]
File opened (read-only)	\??\E:	[email protected]
File opened (read-only)	\??\K:	[email protected]
File opened (read-only)	\??\L:	[email protected]
File opened (read-only)	\??\P:	[email protected]
File opened (read-only)	\??\T:	[email protected]
File opened (read-only)	\??\W:	[email protected]
File opened (read-only)	\??\Y:	[email protected]
File opened (read-only)	\??\Z:	[email protected]
File opened (read-only)	\??\V:	[email protected]
File opened (read-only)	\??\X:	[email protected]
File opened (read-only)	\??\G:	[email protected]
File opened (read-only)	\??\H:	[email protected]
File opened (read-only)	\??\M:	[email protected]
File opened (read-only)	\??\N:	[email protected]
File opened (read-only)	\??\S:	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 18 IoCs

Web Service

T1102

flow	ioc
72	camo.githubusercontent.com
75	camo.githubusercontent.com
167	raw.githubusercontent.com
70	camo.githubusercontent.com
76	camo.githubusercontent.com
80	raw.githubusercontent.com
84	raw.githubusercontent.com
110	camo.githubusercontent.com
249	raw.githubusercontent.com
68	camo.githubusercontent.com
69	camo.githubusercontent.com
71	camo.githubusercontent.com
73	camo.githubusercontent.com
74	camo.githubusercontent.com
109	camo.githubusercontent.com
81	raw.githubusercontent.com
82	raw.githubusercontent.com
83	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\Desktop\Wallpaper	[email protected]

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5492	5280	WerFault.exe	123

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
1052	taskkill.exe
6076	taskkill.exe

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	[email protected]
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{B9669916-46EC-44AC-ACD7-BB053B101C63}	[email protected]
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe

NTFS ADS 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\FakeActivation.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Illerka.C.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Spark.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\000.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	4656	firefox.exe
Token: SeDebugPrivilege	1052	taskkill.exe
Token: SeShutdownPrivilege	548	[email protected]
Token: SeCreatePagefilePrivilege	548	[email protected]
Token: SeDebugPrivilege	6076	taskkill.exe
Token: SeIncreaseQuotaPrivilege	2184	WMIC.exe
Token: SeSecurityPrivilege	2184	WMIC.exe
Token: SeTakeOwnershipPrivilege	2184	WMIC.exe
Token: SeLoadDriverPrivilege	2184	WMIC.exe
Token: SeSystemProfilePrivilege	2184	WMIC.exe
Token: SeSystemtimePrivilege	2184	WMIC.exe
Token: SeProfSingleProcessPrivilege	2184	WMIC.exe
Token: SeIncBasePriorityPrivilege	2184	WMIC.exe
Token: SeCreatePagefilePrivilege	2184	WMIC.exe
Token: SeBackupPrivilege	2184	WMIC.exe
Token: SeRestorePrivilege	2184	WMIC.exe
Token: SeShutdownPrivilege	2184	WMIC.exe
Token: SeDebugPrivilege	2184	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2184	WMIC.exe
Token: SeRemoteShutdownPrivilege	2184	WMIC.exe
Token: SeUndockPrivilege	2184	WMIC.exe
Token: SeManageVolumePrivilege	2184	WMIC.exe
Token: 33	2184	WMIC.exe
Token: 34	2184	WMIC.exe
Token: 35	2184	WMIC.exe
Token: 36	2184	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2184	WMIC.exe
Token: SeSecurityPrivilege	2184	WMIC.exe
Token: SeTakeOwnershipPrivilege	2184	WMIC.exe
Token: SeLoadDriverPrivilege	2184	WMIC.exe
Token: SeSystemProfilePrivilege	2184	WMIC.exe
Token: SeSystemtimePrivilege	2184	WMIC.exe
Token: SeProfSingleProcessPrivilege	2184	WMIC.exe
Token: SeIncBasePriorityPrivilege	2184	WMIC.exe
Token: SeCreatePagefilePrivilege	2184	WMIC.exe
Token: SeBackupPrivilege	2184	WMIC.exe
Token: SeRestorePrivilege	2184	WMIC.exe
Token: SeShutdownPrivilege	2184	WMIC.exe
Token: SeDebugPrivilege	2184	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2184	WMIC.exe
Token: SeRemoteShutdownPrivilege	2184	WMIC.exe
Token: SeUndockPrivilege	2184	WMIC.exe
Token: SeManageVolumePrivilege	2184	WMIC.exe
Token: 33	2184	WMIC.exe
Token: 34	2184	WMIC.exe
Token: 35	2184	WMIC.exe
Token: 36	2184	WMIC.exe
Token: SeShutdownPrivilege	548	[email protected]
Token: SeCreatePagefilePrivilege	548	[email protected]
Token: SeIncreaseQuotaPrivilege	3516	WMIC.exe
Token: SeSecurityPrivilege	3516	WMIC.exe
Token: SeTakeOwnershipPrivilege	3516	WMIC.exe
Token: SeLoadDriverPrivilege	3516	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
5960	Free YouTube Downloader.exe
5416	Free YouTube Downloader.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe
5532	Box.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
5960	Free YouTube Downloader.exe
5416	Free YouTube Downloader.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
5412	[email protected]
3812	[email protected]
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
4656	firefox.exe
548	[email protected]
548	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4900 wrote to memory of 4656	4900	firefox.exe	90
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 4396	4656	firefox.exe	91
PID 4656 wrote to memory of 2812	4656	firefox.exe	92
PID 4656 wrote to memory of 2812	4656	firefox.exe	92
PID 4656 wrote to memory of 2812	4656	firefox.exe	92
PID 4656 wrote to memory of 2812	4656	firefox.exe	92
PID 4656 wrote to memory of 2812	4656	firefox.exe	92
PID 4656 wrote to memory of 2812	4656	firefox.exe	92
PID 4656 wrote to memory of 2812	4656	firefox.exe	92
PID 4656 wrote to memory of 2812	4656	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://github.com/endermanch"
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://github.com/endermanch
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e3310a4-68e5-4a4b-8870-99b563b19d97} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" gpu
    3⤵
    PID:4396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93cc725d-8b38-487f-ab40-7c2ca0bfebee} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" socket
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3300 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2948 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c762eaa8-ce1f-403b-870d-e1ffd03238fe} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:3444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 2992 -prefMapHandle 2748 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c12c5b6b-92ca-45a0-9abb-3bac265f9bb9} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4692 -prefMapHandle 4688 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94046688-319b-470b-97f3-626405513acd} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" utility
    3⤵
    - Checks processor information in registry
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5172 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f07a6ed-2aae-4676-b538-85a4c808addc} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:5728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 4 -isForBrowser -prefsHandle 5584 -prefMapHandle 5432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0e34f1-a39a-4ed6-84bb-f849514195e8} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5804 -prefMapHandle 5800 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a41eaeb3-4417-465f-adef-dc15f5d232d3} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:1460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 6 -isForBrowser -prefsHandle 5816 -prefMapHandle 5812 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eb2d1b4-3bed-4b89-85f2-2951eeef4d2f} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2788 -childID 7 -isForBrowser -prefsHandle 6432 -prefMapHandle 4976 -prefsLen 30493 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b03d48c-f692-4874-b76c-ec9de840dd75} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6688 -childID 8 -isForBrowser -prefsHandle 6680 -prefMapHandle 6676 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae514f7-9ad1-407e-99c4-b86451dbb53c} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4948 -childID 9 -isForBrowser -prefsHandle 6608 -prefMapHandle 6612 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96cb573b-6f25-46bd-8dd3-e49ecd6a010c} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
    3⤵
    PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4464,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:8
1⤵
PID:5164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6140

C:\Users\Admin\Downloads\FakeActivation\[email protected]
"C:\Users\Admin\Downloads\FakeActivation\[email protected]"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5412
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5960
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5028
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1816
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:828

C:\Users\Admin\Downloads\FakeActivation\[email protected]
"C:\Users\Admin\Downloads\FakeActivation\[email protected]"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3812
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5416
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:5532
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5908
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6092

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 1556
  2⤵
  - Program crash
  PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5280 -ip 5280
1⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2708,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=1424 /prefetch:8
1⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5948
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:6076
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' set FullName='UR NEXT'
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2184
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' rename 'UR NEXT'
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3516
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /f /r /t 0
    3⤵
    PID:4868

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3903855 /state1:0x41c64e6d
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
815948d6c1c03fc38e3c56bd7b051083

SHA1
a9d142c5293b6b97564176d7772c68baf8237aa9

SHA256
5bf8129867c894006c507759cdb2d20f912cd95a13442abde7d0e6df624484c1

SHA512
3fd6d1cd6dd91daa9a3967ab5071461d59d18618d0898aa4ea378a0f0d693305eaba6f3f9ce4f95cc03450ace5df83683d0ec4055b22333c5b99ed27e839b50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\doomed\11549

Filesize
52KB

MD5
0070b018e12635f41b79ca8e604a6059

SHA1
0217ee10560286df901a77b4036a4260b51213d8

SHA256
b4ac6e6b72d7d397ea1f9ab7cb39967d3026c580c4123d456697f1f93e0ad6ea

SHA512
d25acc27d849df9a1f19782aa4cb37c2cdc6b27dd9268ef113965c06871008afcd0694b5e2dbc91b6401d5bc3d39d1aea896a47d791bc0edca950ec75d69a4ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\doomed\12727

Filesize
46KB

MD5
c9797ec86f4436b84dba6d64dc7d4e64

SHA1
52c84e104cb83db3c76efa03a42ca5ee58bc7149

SHA256
56e16a0fbe7dcaea4fd9d4223b737bab1bd8ef06f5d40a20dd099760264cac51

SHA512
6e0470b8d3d223873ccadfce4c7430b111806fdb9c8a2aed42789f7a45fe8eb593207afc12f836c998eef12569398e6a5973a84b7c6ddb57cbdfbcc44b5f5cde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\doomed\28978

Filesize
50KB

MD5
c7399f5c913ddc8bd91c18f88e1a28c6

SHA1
74980b88cfc707732b9a53535a6bd6889d1e04b4

SHA256
1ae952396fdf8533d25f17cbe77d569b58b4e6c66c0e7f8dd0945d7d0f8992f0

SHA512
3a402504318d1c3728f62caf4318493704498c3a06a7d9ce7fd174af4704495a8a4b9b26cf1b25b57df2ff217664955cdb4a451e105e82bfc02dca4015eecebc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\008802C162A9154F535C2E29053C9269F25FAFDD

Filesize
14KB

MD5
fa83e7ff44bd3a2ec5209c4179e4c478

SHA1
ffd15d44e0ddc1ddf8412e6294482b92b12313e5

SHA256
c973471c74d949d9d19eaadd10b60eb32ac2dc419dc690d37e57975d36c27013

SHA512
843b377dca32698eab6394de6c56ad95eb3745cce570e498af45d57daf69756937ac437376a0e15ad86de3cdcda02629c0ef92db683f99b409362e55fe92bde8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\0A14640657965B8513D3F26C8B0E6802EF353192

Filesize
13KB

MD5
2e16874b874e3c921e10ac7b750eb8c2

SHA1
a815e0954537d411c2860a30fa7455adaed79e84

SHA256
7dbf9f5e96c2ceb65f2f9eb16c7da8e462ff188c4f23cfdaa83c035a5328c547

SHA512
087f1457b617c1b81245054d3efbc35721d0263debd6fe409da0015d2bf83a50a2797062ae1244d6c9e7a5256f5b59406cab746167e8ed03ce53b3f993990bee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\12A7881005195A37E2C8F6FF6CD3D85EBBA79522

Filesize
15KB

MD5
101e4ec15d525c923fda14d9170dadff

SHA1
27b58572c1e15f71c5ae737cf98f2822ae177482

SHA256
222f15c774c289dd0dae51afda47b731406a7f76e1ac7eff5cd2e01b0d115988

SHA512
f9913a8ce2beb10ce58c0b1296d1422049d8e58697f07f610407637e77462d5a10688c588f7e2573d112bac2c774d0f30ed3a05da4acb39c31cd2f38a984efd4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\166FF906B29355A39FCBD052DCE5B5453BBEDB63

Filesize
28KB

MD5
4e26bc5e52e6a0dc46bb4a919f748c6d

SHA1
b1632e36e9d939a2f4033d8991ddca293b6d313a

SHA256
371249640206f223d487c98cb066e6cdcccfc2f5321681643dc3a5eb0a606ff7

SHA512
e485c3991fccf798bdedb48806204a544665c8fb8e203d8b9fd359d0fccc77913c3fd0059ed0020dff510b773c20882703a43097c3ecbc42155bf707f923f25c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
791KB

MD5
1054cd710dbf7d2b43ab86202b39ec75

SHA1
6317f544bef3a7a746d8352c6ac43e4c39de006f

SHA256
f377ec407410f748306fe0d2bcda286a062f91c67f3460648b0d93528ad4e8e0

SHA512
0b744936efdf342fe33beee89b76b90e42696fdee67969e1af6c8942541bab41037aae8cda0c4258504a791463cde9db938cfcb756996121daf8b73c4eac90be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\3B5769283C179770F2CAA780FDC2929B4B9E5038

Filesize
13KB

MD5
97465e38cd6353d6bd570ef3bdd18a8b

SHA1
f265cd25d1c97228d7ba4add0c4fc215cc889d4f

SHA256
047380d0c365d016b63c85075422b584a6e92416155b4a9f99131ab49c72dde1

SHA512
0c10cb4b0d5269f4b7a67fab4948911b2a5379ab01f4efae86a3fe253f5e0e7c2fc21eae2feb4e61a211185bbacf2aeb2ba3fdc21ad9b0dfb2da1aeaf46d43f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\4876157242E46F9B2B4E4BEE617E306321FEF14D

Filesize
17KB

MD5
8e794ae9192b5db81752ced1ba936267

SHA1
d2bcbc90d09d3fd7cc6a7c31b84962996045be06

SHA256
bd0969cf48462352543d557e0ba619da544c64ba6eea254cf6477eb909c82171

SHA512
614fd73637186b23467e1bf6a2667271211c3119568a0e11868f9cfe2e0d1b6702ae4ae38caab7d86799a75a5d5fc766a5e4fbb0457aeb616feff5147f21cf6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770

Filesize
80KB

MD5
8661a54621ece3b55ad6758975591dfd

SHA1
ea7647bed48acb6c527815f8f37860b099281034

SHA256
abd921857f6b10b5ea021528aae093395e9a7305296c1bb0a3d54064b278a5f4

SHA512
7325d514e643382019a02e72d7c441837b71fbe1df270d665775ded3f87af1d2db1d0117d55d5463ae4cbf4b951a0e0aa991556d75f20d4ccaa24eeddaba27a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\4CA2E679CEC293F142684E37B6B4D5F01FB00E81

Filesize
15KB

MD5
9efca86d40bdedcdab1769cc9a0c57e3

SHA1
90e043a89b224750303734665bc97ea08d2caf38

SHA256
7eeb5ac0fc09a60a2eaf7400074a356743751b1276e45cc5be022c34e79d1117

SHA512
d9f4ef7fc5ab4f8fe30a206995c1a397ad511661a9e85bbd57da1166c15f610f0a4748e44a406f0b9c1da9d5b0227e8412f94376dc08853872c3cd01026705b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\4CD1E24439AE7E1E453F9A13A8B1BEF76E52CAE8

Filesize
168KB

MD5
62d61d1c0a023667b5fa0ff837eace27

SHA1
3b8cbbebaec476bc32cbb2f0cf69baaecdbc55c2

SHA256
cced939942d3d1597c13d35c9561128979ab22606fcfb92f09edf6668126f2d7

SHA512
39ed71bf0b2814f676726f2a6f617e60efa8dd3b28ac3dcc5068b3e6c6dd721a3f7c9397ffccfaa531c362c08f77eb14b604e865308870cfc9fbf2fad95bd4b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\572F0ED336AE2650801061B8F31BB2D7362D6B9E

Filesize
20KB

MD5
3327423db859bcd7aaf2f5448de5d418

SHA1
734a525aba783f4c0811c32ebe429967afe649f9

SHA256
9b74cdf5fc5b82b86ad6f9bdd3076e6c80e00ebc266245595a67cf26d1b436e3

SHA512
a4073c8b2a47e71b636e81c1d28c908ba8fcb51a57e9b75f4d03ac02b90bbec265449663f43baf5c7166b58b1bde052803f8b66605ae53525b2b7ee63e06b831

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\57DDEF5CC90A17F06F9173DCFC477961C901787B

Filesize
46KB

MD5
d87347811fbda9189b5c3dec6df21dc0

SHA1
bbf4526cd2547e73540b57cbfc24ef3935da0ba5

SHA256
a6f22f5b7dde50a3fd8eabaa695c2dd16e6f32c73d777540fefa51d760da4d98

SHA512
fae8560edcf9762e6cd2e6f861d8cd3fc7feab0e3bf2c59956c1d7977cbd2b79213d9d8e133ab8f7e540fe0637426c0d15e8d18835f3f78e397514f6094eddc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\5BDBD103B15902A2FC3E8C5A40DAE2709DD12E8A

Filesize
66KB

MD5
8076499de69fa98ccd8c2c4a4b36a216

SHA1
409b991e74e9f0a2e58629cec3a561ceee0885fb

SHA256
2099acc9cac243655ddc9d2b3ad1136ae74cb898c8c014c01b9d13b396471f68

SHA512
e566db6a2ec38f99d88c600ffa5369492c540876c7b79b9d493e7ec81967af629e6206eb240a67d46e74dfb907fc614caf521ceccf0f2eb28d51408326f2dc49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\5C2A2B940E0EC346270C250EBD62F95402CF3D0B

Filesize
33KB

MD5
015a5e6c729c358ae6b3b155022043a2

SHA1
7b9897534689ffce7734724de5ca61a0fcc05566

SHA256
34e4e1f0b186f9f9d6e5dc8293245b237ceb0c08e1c359d7378d662dac28f88c

SHA512
feab51f30e119e64fba737a695d9e02f9d8a4caad36b4fa7cb920b71cd625036501643cd0cfadc58c957e8f7e81fe089d64366bdb1e099dc57b8f1ae559c913a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\6DA69A746F9687E1FF413119EDE7AAED2F9783B9

Filesize
2.1MB

MD5
46ba707e8657eecfb628e1b6822e2188

SHA1
58e8c9d9543298bd52eba58818c7226eeda9e54a

SHA256
5b416fb1c7c51540fc18e77f96ed0a89e7a4f8067410d4c527747a0f5c238cba

SHA512
4964242f3d6727eea4794cd56a6f110f63d0b85fdc78539a7f5ba584972e14df3268c09d785caf11fc0546536d25e5339f928ee9d7475f86f50543676c58e197

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\78EEBD7DC68B9FE38E16D93A0CCF67E1E1D0846D

Filesize
15KB

MD5
3824c58bfa6cb044b84e1a0fa516f489

SHA1
623f411b7ed1cb6d3b26b1b12dd889a0db9a218c

SHA256
0512955b8521bb634d47d78d2abe966774feafb75e8e82103e3f4377fa88682a

SHA512
886476ffb17b6f5b9a178e3fc92dd6b4c3b23be78977e6137c6c9fce5c5e896cbef95939fc916509131e2e05456a67552dafa1b987ad5949d8ba3c196a5d2bf9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\7F30F53457983F11F2D61636C9FB5706ED9AB60D

Filesize
95KB

MD5
2f4964b97c2b5551b242ed149146f460

SHA1
be825748fdcd9f3ccc6f5ea39cc713a7979fa989

SHA256
bf42d2bd48de308c4b7b7ba260f0a2607f3e8b1fd92b26ef21b223bfa53f0013

SHA512
4bfefa08c218ee9cbdd816f7b2bd4da5c51ee7bf869928533fa63457a0dd9db5143e7a424abef9ff5c33514504258537fc6fc073d159ca9076249eaa5d99e4b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\7F439C9D3207370328EB4A4F1AC09F1A849BD46D

Filesize
33KB

MD5
421689d052fe1b06750dbc64c8c187de

SHA1
672b9097a384c269b985838d318eba95b7b4b6ff

SHA256
6226b21e619771baad2ede84702a38e409df9d74638e7f2f1d4b87101d4cbe63

SHA512
dec3e547ebd983153536f60a6bb5b8fbad5a203018be88d99bcb72f9c956b7e80818d998e649c71c2c1baff142f7a3aa7f457e188557da7ecf21a0eaf9965853

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\9695EF6C5E0CE18BF6742C5C0EE08F02BAE83E2C

Filesize
169KB

MD5
d41d925b7fb1d807236ec5d5b8f84096

SHA1
539a4b6e8e3ffd6e6d6dd88811cd7ea6afdf81ef

SHA256
63a761ef2bf3fab953e6e8f3b9642ca69862e13be3059043e2556bd166ae4faf

SHA512
040675a99997e6d164cbc3066f9b0ace05c0ff4352d624bd645e3d34e691178e628895e5f696d0f8d36b2d61cc6d08899c076d65d5da97890f0d63cae3ab78de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
39KB

MD5
cfde3bd4596fc2ae9d8ab6858a2ebbea

SHA1
46acbe7d2b96f9aedf0eda56504f99a0a1d00854

SHA256
10a4c0599c63867231bdaf14609d1d0e961d8479f613f81616958f983a320ade

SHA512
abc86990d31e2112e854c460c024290c03ec9550db842e19a7b6de8bcd6381b1c5b14ff09dffc1d7d992c5dbd91c5015ab8990d7d5cb4fe17677cf846b5466fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\A7BFD7F859FEEF756C6ADAE32A931308CD5C619D

Filesize
42KB

MD5
80435917d860b1e74ff284cc5f7c5dd0

SHA1
0a63c3f816d6df1c7d463f1527ea8891f47fa280

SHA256
c1a6bf715cce834f549908508873bbc4703aea232819951f52b6dc2ceb5ec73f

SHA512
451bf23225d2dc5687fbbc8371002b4add88de0d38357f7f4c016661b62583d052b92d740746bf6a745be73350a378468521036d196ceb6c39a2d0d8c72a9b84

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\AB740295913D6FEAC15A7060502087FA226E19B5

Filesize
70KB

MD5
3aad899e44b067d44299c9c62a20ebcf

SHA1
0e7e223b26c0bade8aa4509d8eb6926fa0670f74

SHA256
f2ccebd23a32f244388bd1eb080dcf3394614e1f0a023bde5cacfdf2005af9e0

SHA512
ba44c4edfa34eaf8b3b26035151e0aacb4e79b454a173a091ab3c55d32d3287a7724a85798fd8bb0a96a8d8293ed1b0d25f1cfbc348ade90a7de45cfdf588df2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\AC6959268E349C7B5497A3867D6DCDC4D543431E

Filesize
86KB

MD5
81f7cc28167316eec1fd0c7698c900aa

SHA1
b94448842c551a8a5178af82fe0be30d777b38bf

SHA256
58168cbb19adbe608800c5220fcef475dcd6476b43f344494ff28f208fc7a933

SHA512
9c4f110ce355e316f4c07c16d63ed75abcb5565d6696c742f537dd238fb104a7931709f634debd34896a340a4e522075c9fc26cda4b4c1ad464117f1db71d3ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\AD8185C100979BEE2403BB5F3C0072BB1D314C2E

Filesize
71KB

MD5
bf28063bc8570c8e5087b91e7ad5e7ff

SHA1
e4d9d181cff5880713c01d4c5b0ff9fbb3fc6d63

SHA256
6c5b5e2505e6d234e9d808557c397dd8c6f561c62cfdb87f3d1224f32887a68c

SHA512
c574b98387b876d44a51082650e90e0e87d43003590b5361e342d5248264b0719eb8fc650f7206b81cad2900b72e3e776d3407349d0f6142b6d192eda5d5a1fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
81KB

MD5
3b8020f8aab02387f3b656ac58e2249e

SHA1
2a32b60532744e04b6d5d265165da5d658888f93

SHA256
6a0b5ff95a0ee10ff198310f80f6a2534abdab28d03caadd7ab1699d62b1135c

SHA512
81de21f5446e21741332d7e259bd0bc7dc52866503d157cc72921ddcb7fde932d267b706305f32cb5a8a82488b57bb9686e0846f53f7f704712a1f5d7191f172

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\C3C1B73261AC1D76E896892B7C9776351D4E38E4

Filesize
32KB

MD5
0963ead3f585612fcc42a83a9cb58f8a

SHA1
93d6965a55c16884ca7b5a2a73890fa8107d835e

SHA256
506c2b08c8da6ec767b082bc2757531a19b3ffde0eb3408119a80acd6c309bb3

SHA512
e0b164f7d90948ed14ec8918bf970dd41896bc689aa6fb241bc0b97815067c67100ff202605a9c5c909c74c190b155c4d7a3d67f33d0bed22c62da3b34378ce0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\C9A19F720C659128631F28B59E979F9CAB42A166

Filesize
27KB

MD5
7e85fa791639cd3f33b69f51641c7ca8

SHA1
0847c33ad32e9fa90138709b4c80afa145f0897c

SHA256
c209dcbf36ecb54b81a951796c3a897b1d212cc5c9fd66d046909d1e169ebeae

SHA512
85816091e223f49af1f71e2a2ce21e491e8d1ffc71bd0784332630d6e885f16870d6e77acec1463ea35110367104d8bfe5838a5d96b72810071959f181e86143

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\E2E8122A6253CFFA077D0D33D689966608450980

Filesize
110KB

MD5
59d8809de9243686662ebf764bfad3cc

SHA1
a2231bcfe869982e9d54799d9884acec44efd208

SHA256
8bdce6b0030b71fe6571ed96a6e497c0de9c60a8bdf8bb1681410836af921ab5

SHA512
603082086cbcc8299ebb1ada9b54a1f7d11cae63b80793eaead8bd6b6a217b8c2db0ec927a5bb157c8fac6ee28a50f33c16c0a4160fd484bc650f22722fe5f9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

Filesize
14KB

MD5
ce80d4533652a88fe7d0f904bdbbb78e

SHA1
6a75c5de763e746b19f6dd33961f991ea13d9218

SHA256
b21d78d393d83fd5f9e48159b4bc0fed208927004305286334c9bb6b5dce98fb

SHA512
7f7f8b5d0d4da3bd77489fd009970f5f1b24cc85173c1a2a1d47422590591c4ccf1194e463a8148a457432a1a927ad444e962475a282bfd4eb9c3436dbed28b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\E82C79F80897EACFA36FD4EECCC130ED5F36FD6F

Filesize
33KB

MD5
e20a5efc8c74c85de93215cba08c4aa8

SHA1
3791d843aa7c9684473f226d1a7f0ec986500bc5

SHA256
cee415543573e1d89c66881ad0b4ce10773114f29b09019c5c53469067a95e7c

SHA512
7faa7edff174792018be7e060ddc5056bf5daf70b3f47c136379a0a894ea3213f0fa72f9fc2c488ca7d0aacb398ed707985771ad89f7abc8de4fa0c66818c8e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\EADD8AD0D19BD56212728537973592A5A83C9F56

Filesize
27KB

MD5
da4fc2caa82bf2bcf4a80e91419c0d4d

SHA1
db61620eefbf8b8e970d7f9c51f22becaad43b4d

SHA256
886c2f38ed25e912d13df471f44ab75f84007438e5ee8bed9678b8d7d27e1ddb

SHA512
19ccbeea2e591d281f29ce23592f87a4dd7e7086cc5e966e626bfea04f0b31dfac74dbaf59181f10fe941efe4d649e1215ce0857e267e9a97e6f2bce69348a30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

Filesize
79KB

MD5
cc83ffa3d48044315eda489c84611264

SHA1
029b7521748f1920aa66621ec85dddae63ec4e28

SHA256
4eb8fbf578dcaa6f1a5bc9f760ef36a87a605d8ff33dab4843e4ba336c91d64e

SHA512
354d785f474efd9bad1fa6a6be48e4be63cc9bbd40121f4c61a2c3abcda608d64e2d061362fbdfddc605ff41f15c49979e3cdcedae1f21674087ad0f0851d6cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\FF405EA908A0CDBF948198368567C7EC073C7A02

Filesize
123KB

MD5
db5e76c164f05efe3860bf25ea3c313c

SHA1
e02e9bafd22e769da31301166423c6106866f448

SHA256
17962df2a8f3be282d65a03909aaaec0c145684f45586f9d660e51f04a9ecdc4

SHA512
f9e350fdfddb9d02f09b64ec98b51ead065e5aa81ba1e24a1a4985b4f03032e957e1245e9ee90de7c4f39dd6ca91eeb7142c18e23e8ba9b523030ab84f67ea5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\jumpListCache\0rIlwd6DUNi47gT4Q7yeO4WobG9f2Qr1p_hR4xGbZKE=.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp

Filesize
36B

MD5
8708699d2c73bed30a0a08d80f96d6d7

SHA1
684cb9d317146553e8c5269c8afb1539565f4f78

SHA256
a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f

SHA512
38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\temp_0.tmp

Filesize
176KB

MD5
bc82784f4aa47bcfed93e81a3b9950f2

SHA1
f5f2238d45733a6dde53c7b7dfe3645ee8ae3830

SHA256
dd47684334f0a2b716e96f142e8915266d5bc1725853fd0bdc6d06148db6167f

SHA512
d2378f324d430f16ce7dcf1f656b504009b005cdb6df9d5215fe0786c112e8eba8c1650a83192b6a9afad5892a1a456714665233f6767765619ccb5ff28e2b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf

Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2X3OIAOIY88TW80SH8D5.temp

Filesize
20KB

MD5
784b3b2c52e2e51c49df0a2badc6dd16

SHA1
8cb8f1c290bb66597c802c68f19d4a7ad6ce6672

SHA256
db2bf1ce92d76e71afa0015460f008a813affc8c091ded9d64b74dd8842386fa

SHA512
1a8f3e588b95cbf1369f383545d15f1c77a0d09ad3d673506f1ffe16fad24639fa90d1bd986e20a0e087da556ff3b12c255ac5068feebd8cabe325838d5ec8aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
046434d559834e7a16d097e33a91bf93

SHA1
cca4077a1620d5c3886a0621a3005e984ef22a82

SHA256
8d2fa65ad04e460a5c4f83f48f8861bde2a14602448d498fe32a0995663c8e07

SHA512
f69255faafe78033dd494b279b83dcf6cd2a14647f17c9c5866bc819276b5eba7a023b4efa79afd34d37bdcff28d0b612b6452d9bbd2e5599f893a60c948f06d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
6KB

MD5
298f2a942a0cec81d179d29216538cce

SHA1
9f19a0cc0987b165066c0fefb6c7ca038349969f

SHA256
b5d6736ac86286005b385ad4fe4bda00c11a54d4fcd555b922d89e4fc3b6738d

SHA512
b82523124d7505dfc768e5cc0df1b9317fff52440daac0fc4317d92d5c7e374230c95620e30d5fe4d438f6a78f162566e619e2ade22026a77dd9387af0cf91be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
8KB

MD5
6287e44636bf8bacdbd9a0adcf5ff88f

SHA1
adfac4fb09c2ea4ae6d423580368900524df8b51

SHA256
caae86149a086bd94e11e1c63bdae27d60ccd958876707fa5da44d94f17ecb56

SHA512
ca788132bb256a12403c175dc7662d0eccaa6c168583bced0ee22e4cca6cf5c8e028cae9279381b3bc943f244d41f1c38d4f3c2add74607740238bd7358be301

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
533abefe56ec17731c4a113de5966aef

SHA1
6c5028d41695f1b47cac290603d4d1bc3d155461

SHA256
b2671adf66c978d317ebc3ac6fd1503f5c15c2412ecafd4e93676ed27128f212

SHA512
d10f73291ce08d75ad96a2e3b8e3e41a7c8725cc085751d62b636aafccbfbb5384aa1a67f8740a8ae660ad2fa7fc26189447fd1cc8d90db28ab303eacaeab254

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b61d008e1e324ece1c52657ce2a351f6

SHA1
71af2aedfed090defc8eadd5c76ed92957175042

SHA256
7a37b18761c9a64b688420797aa2b63893ab4b7728123120e1a60eda10670760

SHA512
ffccc5b39a4bd5b76850d0c0c8c4c000864184cd3412ae0206dbb6c319aeddf7d62d1098edaa832290b36d215bf707b3718250ad45d4d360818d3a5c1e8a8a38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
43KB

MD5
0e7837983f4f892684bf05a63a2456bf

SHA1
a29f52801e1a5b50e4f864daf12ffef8ed5a9580

SHA256
4f9e9ff01ed22b98a25e6156351b018fdf8ea1fa84821e6e1f98021ed7cc4805

SHA512
aabfc8c23b9a6eb5ff09aebdb39010a585e2625428e1e928d201a41108f69a7a93fe707f5039800cc90ae2b5f61edfe2afbfa791ce730449ac33a966199da714

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
42KB

MD5
a82d7c46deac92b7b3be34db5aebcc81

SHA1
6ad0a6141cd653cbb6bdb4f88768e1a5c39817d2

SHA256
aa3d869c4276c219e09a654323f7d1a6b40daf297c8e2199289f3c7e6ff486b8

SHA512
e6979d03888f46507c604ae0ff7421b0643f7d3d75eb6f4bb7f0266aa4193bb589be80d015221197623db3a4e09423dae594327696eb67256591b76a7c02921f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
43KB

MD5
99ea2f2fb016c07961c8473e6c965abe

SHA1
5bef55ccea0a7361f46641d4abddd2edbffc5aa9

SHA256
7c450e16104acf49e51599f7fc93dcecb41cb8da7c0359fc3a8e11038a02e564

SHA512
102eb1d3da1b6f08ab57db7fd34fc88f05abcb110f232fecfc0dbe95b2fef4be56d8ecb9c0a4d38bac8f297ac37bf9ad11c6321527c49a4d2bb2aad764b285e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\261b8c3f-96d9-4dc9-bb74-dedeafc33468

Filesize
26KB

MD5
a43f33e76989a7abcb4a5c4d4b9c5968

SHA1
e8483400e6f329bfbfd7938da08f1cfa505708c1

SHA256
57bf7bb850bd0a91ef2cc4067254f070e559a74eab149ebc2ce044418ec8aa2a

SHA512
4c3d4e66bbb9f5c865e3520501f46fc4d00355e86a1f1e7f60f1fbc9e18f0e999c3b989d88c68276c7f7ef4428a8cd38833c37b174b52e9f4e6c5c6c917181ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\972bfa44-37a0-4714-b076-955d43a5208d

Filesize
982B

MD5
b931b18448994f230fc589dc92fbefe5

SHA1
502611bae6738156dbc1a465d36988d3fa5c8c2c

SHA256
716ddd688b5c45d2030c8a1a2e704c7f01c7591f72d02fee0a0d8b3df4edbc1f

SHA512
7ed1d167ac8a8577dfa345224e12a71ce2f8714dbb09ca51ecd29f00ea90602db1c3a7b71e51e971a5d50bcf74fed75d30a8cbf794056ba625bcef60191f8eb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\996a8a91-af93-47fe-8a42-064abaa4ab3e

Filesize
2KB

MD5
3eba65551aedca4ce7ceb242dedcbd47

SHA1
fa7801b8633431758ce64c345a6d7a5ca7e6774f

SHA256
65fdf3971f31f83d7f12ae58488bfcc3b7ed62626ee6fb51b06827f9b792ebfb

SHA512
5441ef81b138be321b441a9f53aa5fe0eaeffb16810d6022a1efd877406bed53189974aa0f867bd32a0e213e79d9e602b350042b4d6d3d0954c2044b2a098059

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\b661283c-f158-4562-a713-0e39868b0846

Filesize
671B

MD5
209927124d03fb5530a4e74db99d7f7c

SHA1
274d3294a85421aebe3e39786f1030bc3a24a322

SHA256
3416c5806024b3e5185181794726c80912a006b2baf95ee214670bf6b0d7a562

SHA512
4f2488575d41fb1ddd796add85d6a9d09268754f685acd2c0e3ac767ec4d61886645603a1047a1224b3d1f78c9cfce293f0ca9cca40d275f6278ebf13769f128

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\c6aa0cd6-d5cc-4812-a056-99b1d8a0fa59

Filesize
847B

MD5
ec7deb7a205101af11fbf333dd0d686d

SHA1
071af4314fee1956db3c7d71d59bcbe4cd9da4c2

SHA256
45c864108859067aa6df909921ac32f276cd0391915b8f6c784d3b2f12fc173a

SHA512
e9e02deca9ce14b0cdb4d267e5be7c942b367d078350a7728ced5c03ff36375c3b731a6332dc2be93e5c00b443c194f4be0e31cad895bf03fd7a73817493f4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
12KB

MD5
2c7c5665a64ea74d2b4c2a4b5c2d02ef

SHA1
aedb8301b26704d238632ea65b5eecf26873fd1e

SHA256
271f9759da29d5af949a61a3307dd751a37c43fbe8a705f315fa1126c9e92127

SHA512
f12a272d263af2895a9691d98c4a6b3a575f394281872387db290a2ff51c7e1fb7484fb229731472cb019cd4a8aff09c896e53f89a014ed52e0808df702c2027

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
12KB

MD5
e77a32fd818fd13f34c9b9d61f390e2f

SHA1
78006f4a97766606304cc0fcbe86733014ea9392

SHA256
c39afb03491cc01b8687162202131545bdaa4347594d6742c53c85e18d612f8a

SHA512
84f621babc707db5e2ce67b443b1fb660920a8b4f7016434d228d021f8af5686b42fd4b225f520797f9776b06bb2d63bb3acbc9791d496be37de1906742c17ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
5b34f3ef8b0117d877fae563aab90f22

SHA1
cdea693de1531acccf6cfce0827ca0ff46a965b6

SHA256
20b66b82904f503824de454372cb54f40fcc6cf60513578506611bc0fdac4a86

SHA512
0fde023d2f1c066491f1adad331f26ebb4fe08dbd13673efb7436f14b0a5cb2d86096f2ea7b7cdf6c26d3da9fa9bc7c3f02e87edae06f64cef96f5bbf01634ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
774c79e40bb735653595f89e66b6878d

SHA1
36c5da139e23a519e17c91a92e61df72fbdea2e5

SHA256
8e6fd167529b378b09371ccdf4bb3dc2a7b1aab87a1b77f5a5da3c5098f7e48e

SHA512
91fe0e333c6a3145dffaafde7b163d45585eb666bd7506258bc2ac3aafe8290c3ac06fd8f9f246db074cb8c66046f533ade0ff5b4ae6a2ad6391feb99e952f3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
0556b8507df044022ec290781f28b6d9

SHA1
bd089b34f2294289b5edda52a7c74391a58771c9

SHA256
f17024801b034a979b669b579d938bd5307d81cdd707dcad89df1a99e194802d

SHA512
2a388743fd7d60066778f7aeecd589d035042b10a58281cc2281daed39c376f54ea82ae392f8e87bfdf8f39eae504c11ed6b9eaec9760fc2ced6d368780be773

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
fc4aa95443d07f66149617860ab00147

SHA1
141ae9dee06ee222a62df9cb7b17af269923930a

SHA256
3c47a2e63c99e8986457d61a61d0f3e2090934cab3632c7cfaa760c91763e9bb

SHA512
eb34431125ba860f8ae5eb18f4713e6186f19680d0e44fc5805023e7225fe99c6d8b76b3e8280822514fb010cca175451239b247dc6fdec657fb649dd3e94056

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
3016ddffad63802a23c459492d1cd8cf

SHA1
f090ce6236bd2157a9c45b01321f82f567110dfe

SHA256
7692b19a369e1c9f96e920768f5161d34ec5fd7958dda619613c60ab2fcf07d5

SHA512
027cf22d123ad58a15bac10384c676fe04ebaf2befe956bd1a9080ede3c6ceeb2f32c7e53cc3acc8d4314500aca1cea874554783edd5a6d95299613f7ab5b331

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
591456446cc790dd13976e310c316aba

SHA1
e5b1198568d62ed03c2deb58258b0b90c72a3994

SHA256
411b623617bd914d0863e85d77ce26dc9d7a77f4b0c0bd370dfe867bf2bb7f66

SHA512
1f6e9f9550a18f3ce32bfd96985abcac86219eb20c67874fd47a4927a16db5faf6dc12d17bbf0bedf4af41785196dde23fb27f787690b53b7945f94867acef23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
7203d7d8170685807f50be0c3c153aae

SHA1
aa4e50719cd99f4a7a2ff31dfff945c8ced579c9

SHA256
594fb198bfa9dd9cb9359b8e23a526605bf698d69ec291b3a376749bf14c442f

SHA512
83caa3c5a28310191f425f67649a8f5f863a360170adeaedf3844093a715040573439d6f096a4ae6ada857e0367be560b2581d746eaa72dc13fdeafc040311df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
2ae0a2a1ac3ef6b268497d6420be813c

SHA1
7312119cb38b78d18c5aa532a5ff73008694c0c4

SHA256
c5e629ce7bb9deb25c12ebd286f8932f7fc6e78d3c41edecb22bca09d8b3c5b8

SHA512
ca4e572669d98324f5ba07c364cc55dd69657d0df51e13cf4bee027111fa5039fee7fbc5cfcd246d7d70ba50ed92d2a90eca236c8832de82908f17e21adc0a28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
6f2424dec36ec84023644d0b32e42554

SHA1
53cc7ae21612d5b92abe63ffa571d94ec5172d0f

SHA256
466634b2643388916a07f96af8a9ca03710591da15e7cc15cbc9726329a34bf5

SHA512
792a067f73f76a732e7344f09748d4694a56644046efcd31f36f0ddfdc49d1edb68caf09424c1020dc25a00df8c2bb324a293aa9dd58253a5d877659fd0b0434

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
63a894cc313a9b4f6b3266f2b07e1c93

SHA1
3b6c1c818700dfc48585b87d852da5873a90b0ae

SHA256
9166e5aa02e72d7dffceaaddc8d86dfa6035d99ce2e928dbc51234653ab05d1b

SHA512
f80cbfcc1896dc19d9951974985b6b006fe230579d8620f9d765e416abb049f117f26cda4c99f4743f05fb1b35ab40f5d15befe4830366ec25f2e08c3e33c40b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
04317378779d00ccaa27958a35bb69af

SHA1
c3f291ac5f4f63644e493750504ea786910b234c

SHA256
b93aaa8cad6e40b64231bc8bd94c1444382f42edbf583f9896c739b169392d6c

SHA512
acb81648ee1e70173d022035fb9bab5f98b25ca430c81615e10058b633527dbb206d8a9073768160f9d74d6468d6db40dcbab2882f381f3e7819f43d8cffa1ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
29695da8c4fef80c2fcb62ff54b7e4d3

SHA1
6b2b744ed46e2e8abcd9a8c22a632f0e3aefa4bc

SHA256
db783f1443e747a3567c68476359e52a3d270c1828320a5fb53d0d94abd93047

SHA512
d9bbce7d7666d7a71e2a59b4561457f5a939be1c49ddfc5497ce4291121f8539db664bd057395717347e9095b1f0e608297b0d0b0ee0fe3cd851c00413cff952

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
0763ef4b58159d4ebe8f8a41705c6b42

SHA1
381ef504486ddd11f9dfd9d03e29a9e7f8686865

SHA256
cb8c2fbeb582e869c760812b8c5635a8d71c3d9b48e70971e9dd794fe1a4446f

SHA512
7a778059aeedf63bd75cc0c6fdde4bdae7cb8f64084cc83b03eb8110852f2dc1f352e0ac5aa707221b8225cfecd92379e6da1656718ed4507270bfe8cea70f99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
0d2b88b782bfb6343b9484069c37c9cc

SHA1
cb76d578715430084c7fe6597c543c8679ce4055

SHA256
6f45f20e9e4f96c6bfd1f999fb6ed2f709c940d9ff6f65b7bfbd3e5401ac9ff8

SHA512
cd83e2b834d6483b691639c02e626c7b31c3f81753727c5b4480bc039f95fa034fea55598121404ad21e08ce0a6b56904274809a81453836d0a6dd0f8f0e0d78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
64ff1de70654d9b040edb80ad189b2c9

SHA1
353adbb12128cfcbd965429eab2a5c6bf0dfeb29

SHA256
3e1eceb827f0279a6e62e9348644b6ddaea74af242816e269488bde402ca567a

SHA512
8be31c9bddb31eba5d8798d8cd13389b3d815c19fbf834304ba6a9aaacabd05150597bd5a08bb6783e9a2e74fe44183ad2fc32f2c8b06b6b9f9d6ddef2b01a00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
fb1cc6c7e2eab2b76018df9975220993

SHA1
78ef4b2dbf10d7eab2545da6b4b8236361e8652e

SHA256
5ef1e9dfffe49bb2dddc19cddd2d38ab7d0b3e1b6a5ad5fc41b329e2827f42b6

SHA512
0bb536472e3b45b69ce29f52871669f7f65026876cdf749f30c0816d90d11c292076d44cc990010578b599d4e0f71f7be7672ac231a239dd876e60fe8c3f59fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
1e090afc29c83ba5595c4b00a2e02f47

SHA1
79ecfff8cca7f0c92e6501aa5dc298078d725d1b

SHA256
bcce0d436cbfb94d53266b25cea16270be41935da23b29d64e4b1f07c47bb735

SHA512
a91f5d533c3b64887ad936907dc37b4d5edcc5230da746c39b0e0749b70ed19bf57eff9e35afce304b57442fac8141a72b95330de6008f95e991502fd5b955bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
bb243b15b3c0c55acb164dffa0f1d6e0

SHA1
316863c0fb7ea72f844ea04e3ece11d96c6bd575

SHA256
07bfe630daf0a09f95cd745c67fb80843bee7df4951d7b1eb025828ceed493b1

SHA512
b0c4053914d679240521f6add00db0c63aaf5210cbe473a665c2a81fc10d2b744073d21b1a0050b831addc0aa8b049d120d50cea4b6c1ac4cbb0409309eab9c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
adb51eaf4efae40d67ec1bd69a013b82

SHA1
e61a4916ed70ad12ecea167bb238af8abd45f12b

SHA256
a22418c304693958eb38244ea015dfeedbc9f19124674ec8b484d3e110a9ea19

SHA512
325c0c83c0f3e272c5b2b857a6f8a949f0a68db2d001864740274dedd13c5f12bc68d8913ed2f5cd30390e1c5ecfaa46bca43f671168bde548bf76e040a9df17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\default\https+++github.com\ls\usage

Filesize
12B

MD5
e2cb279554811c35092577512e0d8044

SHA1
612ae6c6363df844a18b73962dbebfaacbb40f49

SHA256
a42d6bbef27e078d70bb50b7a7be5819d8f6e58d7b1988d79bb8ec5a886e6961

SHA512
88370a6b5eefd5f27080e08ed00cd600cf2d33a6417d7485d03938e6ab7b46cbc81f9ab7591c0d04fca5b87e2aa8da259bdfcdc8f2138db61e499d3648a916c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
f3b31d688c1b1f231a121f85d61ca5cb

SHA1
39bd0e3d595989a6831436d3fce0ee2fc1995daa

SHA256
81ba110b85ed0244125a613f7bfe71d891b53da69c4b0d72b76ac58151d5825d

SHA512
9636414ed123fee4c9ace5797f6456369a61977b74ba7c49fe10ccc0357f21fe2d5e8fce47214d684a20034421724c1645ce1f24e7bd51bc34b2b9eb71acf263

Download Submit
C:\Users\Admin\Desktop\Free Youtube Downloader.lnk

Filesize
2KB

MD5
3caf0ba9456abf9837fc9ce9503df71a

SHA1
be2d92dffc7bf2a83cfef5b57b4407208995d766

SHA256
7854f643aa6764b0c4e57d0d9300cf1f40b8e40464cfa05f762699a883e72d90

SHA512
76566c6108a43115fca51f5e405d166140538dbe14efd8fa284c22e142aa22a7ef7eab24057f1d1be428bc6c422bcd821ed9c6eb48c2b1f9286b01c73407c165

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\000.q77Xh3Dx.zip.part

Filesize
119KB

MD5
d113bd83e59586dd8f1843bdb9b98ee0

SHA1
6c203d91d5184dade63dbab8aecbdfaa8a5402ab

SHA256
9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8

SHA512
0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5

Download Submit
C:\Users\Admin\Downloads\FakeActivation.Ptr2QrJ9.zip.part

Filesize
275KB

MD5
6db8a7da4e8dc527d445b7a37d02d5d6

SHA1
4fcc7cff8b49a834858d8c6016c3c6f109c9c794

SHA256
7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

SHA512
b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

Download Submit
C:\Users\Admin\Downloads\Illerka.G6VtCS90.C.zip.part

Filesize
64KB

MD5
9f7249077b949c96bfa3fbafc38e4ee2

SHA1
1fec3d58de9f782dfaabc323222f89adea6b7d05

SHA256
519fb20d9caba12bac93c363bb64d8bade4971fad49e8bf489d1e512784c28c0

SHA512
088ce74aee633ae25ef764555f1a2686f32efde5b28cb1afebad9926ab69f574506e3dc68b7b2d8f966bc19b96b50f9cbbd28beed0afd70cdad6d77581e072f6

Download Submit
C:\Users\Admin\Downloads\Spark.87ARbG3v.zip.part

Filesize
1.6MB

MD5
860168a14356be3e65650b8a3cf6c3a0

SHA1
ea99e29e119d88caf9d38fb6aac04a97e9c5ac63

SHA256
1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9

SHA512
0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.Ct7b0CmP.zip.part

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

Filesize
438KB

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe

Filesize
110KB

MD5
ab648a0df4fe7a47fe9d980c545b065d

SHA1
ce28ea7dd117289daf467467a592bc304c72d4e6

SHA256
905a849721ec95ab08754aeee9a60b3ed435d36962466fcbe5cfca63dfc455cd

SHA512
7ae99da55fbf1c31c5281e5f4e10ab2bc33b89effeee82b574eb4b60541c5ea2913d5d99836608873da372c78e75436ae7e535568f48d81cb9dd26d2cc1b3a8c

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini

Filesize
3KB

MD5
c92a1d4d0755c886dd137c6cab43c35e

SHA1
fc16175e58ad1f67c57e7fdf55333fdd0e01d936

SHA256
6ab1ee65e6c9c5e31fe3680fc92a2a0ae73f216e966f5582a2d9c265357238d4

SHA512
0525880a1f4cc7dd912ca4006fe4bd02bf1218931fcb56489a0ec728a682fdf1ecd35e8797c665c63dc19d8236942d9b832a6a8c46e00df02afa2c65327dd9de

Download Submit
memory/548-1978-0x0000000000CC0000-0x000000000136E000-memory.dmp

Filesize
6.7MB

Download
memory/548-2000-0x000000000C970000-0x000000000C980000-memory.dmp

Filesize
64KB

Download
memory/548-2009-0x000000000C970000-0x000000000C980000-memory.dmp

Filesize
64KB

Download
memory/548-2011-0x000000000C940000-0x000000000C950000-memory.dmp

Filesize
64KB

Download
memory/548-2010-0x000000000C970000-0x000000000C980000-memory.dmp

Filesize
64KB

Download
memory/548-2008-0x000000000C940000-0x000000000C950000-memory.dmp

Filesize
64KB

Download
memory/548-2007-0x000000000C940000-0x000000000C950000-memory.dmp

Filesize
64KB

Download
memory/548-2001-0x000000000C970000-0x000000000C980000-memory.dmp

Filesize
64KB

Download
memory/548-2002-0x000000000C970000-0x000000000C980000-memory.dmp

Filesize
64KB

Download
memory/548-2003-0x000000000C970000-0x000000000C980000-memory.dmp

Filesize
64KB

Download
memory/548-1997-0x0000000009B10000-0x0000000009B1E000-memory.dmp

Filesize
56KB

Download
memory/548-1996-0x000000000C830000-0x000000000C868000-memory.dmp

Filesize
224KB

Download
memory/3812-937-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5028-1233-0x0000000000040000-0x00000000000B4000-memory.dmp

Filesize
464KB

Download
memory/5280-1003-0x0000000004D70000-0x0000000004D7A000-memory.dmp

Filesize
40KB

Download
memory/5280-1004-0x0000000004FC0000-0x0000000005016000-memory.dmp

Filesize
344KB

Download
memory/5280-1002-0x0000000004E30000-0x0000000004EC2000-memory.dmp

Filesize
584KB

Download
memory/5280-1001-0x0000000005340000-0x00000000058E4000-memory.dmp

Filesize
5.6MB

Download
memory/5280-1000-0x0000000004CB0000-0x0000000004D4C000-memory.dmp

Filesize
624KB

Download
memory/5280-1005-0x0000000005030000-0x000000000503A000-memory.dmp

Filesize
40KB

Download
memory/5280-999-0x00000000003B0000-0x0000000000422000-memory.dmp

Filesize
456KB

Download
memory/5412-903-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5960-905-0x000002165FA30000-0x000002165FA5E000-memory.dmp

Filesize
184KB

Download
memory/5960-904-0x00007FFBE8C63000-0x00007FFBE8C65000-memory.dmp

Filesize
8KB

Download
memory/5960-918-0x00007FFBE8C60000-0x00007FFBE9721000-memory.dmp

Filesize
10.8MB

Download
memory/5960-906-0x00007FFBE8C60000-0x00007FFBE9721000-memory.dmp

Filesize
10.8MB

Download
memory/5960-910-0x00007FFBE8C60000-0x00007FFBE9721000-memory.dmp

Filesize
10.8MB

Download
memory/5960-2867-0x00007FFBE8C60000-0x00007FFBE9721000-memory.dmp

Filesize
10.8MB

Download
memory/5960-917-0x00007FFBE8C63000-0x00007FFBE8C65000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads