Analysis Overview
Threat Level: Known bad
The file https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1 was found to be: Known bad.
Malicious Activity Summary
Detect Vidar Stealer
Vidar
Vidar family
Executes dropped EXE
Suspicious use of SetThreadContext
System Location Discovery: System Language Discovery
Program crash
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 15:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 15:00
Reported
2024-11-13 15:03
Platform
win10v2004-20241007-en
Max time kernel
130s
Max time network
132s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar
Vidar family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2664 set thread context of 5832 | N/A | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe |
| PID 5808 set thread context of 5924 | N/A | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe |
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3c646f8,0x7ffba3c64708,0x7ffba3c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_Tool\" -spe -an -ai#7zMap29195:84:7zEvent11316
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_Tool\Password.txt
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.9\" -spe -an -ai#7zMap23787:122:7zEvent11048
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2664 -ip 2664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5808 -ip 5808
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5888 -ip 5888
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 296
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 272
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5984 -ip 5984
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4388 -ip 4388
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 260
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uc645a4b9320a941abf91edcb791.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uc645a4b9320a941abf91edcb791.dl.dropboxusercontent.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| GB | 88.221.134.251:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 251.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tip.neiki.dev | udp |
| US | 104.26.12.227:80 | tip.neiki.dev | tcp |
| US | 104.26.12.227:80 | tip.neiki.dev | tcp |
| US | 104.26.12.227:443 | tip.neiki.dev | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | tipstatus.statuspage.io | udp |
| GB | 18.165.160.38:443 | tipstatus.statuspage.io | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| GB | 3.162.20.18:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 227.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | q72g5l27zzgc.statuspage.io | udp |
| US | 8.8.8.8:53 | 36.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.iconify.design | udp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 8.8.8.8:53 | 159.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.neiki.dev | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_1288_SMJJXCOTBXUKQEEN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f27281f7a5fd8fd530de0f693e7048f1 |
| SHA1 | 4ca5c2a3a2740e732f6f5c3f366202b21a05bc19 |
| SHA256 | 38bde68d9f24cbd7e4f0e252c4b99ee724a46ad5389ae0181edf8960066b94be |
| SHA512 | 5520a3a3f1b64f2d07542bd9eb2670bc4c1595095a5d667647fe9c7c6f171cff378ea743ac98611617abe575e7eb034a849738b2e07b40f45114d65f2e04607a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 219d98ce510dd15b440260bf6d0d266b |
| SHA1 | 4d0ae23c4748cd531fea874b787dcdb1976d8acc |
| SHA256 | df19c76cbc2e8316c130680d8de2b7174dba72a7d1c6b3bdaed488d5e2e283ed |
| SHA512 | c4f06d2f14610fd7fd1bb140e39c2d5e35d00aa16a6ddbdd72c1eac813416352f0799174471858fc06c9ebcd2440bdcdd965a4694e0ac9f3b3da2f677b32277c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 85f58e243d68f4b8dd302e86fad24338 |
| SHA1 | a85f62ae7ac3a8392a4496d213fe90534c4ec658 |
| SHA256 | 5b12dcab8bcaca58f52c924d0e246890dda84b33405d084b34e93ddc497a6dcc |
| SHA512 | 98aaf1386537df1b9c9c56489b9c6f6281860cb730b9097d29688116b825037ea7a75c78c97be45d24be36794979a4ef8b538c6ab5b6e83b11aebdfdefdd0762 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 612f593fcafd27b4d96eef573f0ac745 |
| SHA1 | 2538adf5de896135330cbd927a18187272e616b9 |
| SHA256 | 0c39fd52b602ce8221a0b34d2b76dbc43d80fd59ca94c6fb02946cd943ab5422 |
| SHA512 | c480f730e0b48519a4f0b4fc4d39e4493f9697fd35f9e9325a167c34f03c5d2ec764fc58954bbe8b21863e41216e2ba2fab6d7e70ada92166f886eb729ccd404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f41bae04b4fbd135730e83e4fc66dbc |
| SHA1 | c29c0cd74ccacb9035fb9a272a56437a9cd24afb |
| SHA256 | 64dabdc20327bf955b02a600b9c897fe84d6d37d4bddd98ca6abb554b814f04d |
| SHA512 | a70005e6c8aabe63934b5fdd32b90d826a5e5dfa7a461dfcb23b3fdd63eb7bec237593e8a06a60c2c80dfe25a59ec49ed2dcfc6eb04254354a4b98276b9010f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de2b.TMP
| MD5 | 4065d605ede7b8077f1ac1f26a62c358 |
| SHA1 | f05a3412a1b992a48c1362a9632253da8c941f6e |
| SHA256 | 3a8ddb7cfdb9608cfec688762e1ce2c9b039d7b942c2511678b85c1c2d5560e2 |
| SHA512 | c0c79d698d92039337be8a8ea63a4c885a31e28620c5e7a5b2289886ace0bca1b649ab4767231e57c267e325da677b471e8f3461fb11f550bbf3b2738165ddff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6f013fb38e42f3b34880842f3a18da36 |
| SHA1 | 760a0fb008ddf91b852e4729e7e411e848c6fd58 |
| SHA256 | c3dcad9df9e8c65b6d0b435b0311b546d6aab0c0bb7d57cc93c825fc9bf959f0 |
| SHA512 | 21c84e823f3a3c214cf1fa6e1bad0e63f7c14bf7c6fca2ba2aae6d299f0070e10ee3932e63210e5725b354a2b85b1aedcb04dc145afe664cf1418bae43f47690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0d8f6daadc72fa35f025629a44db3bcc |
| SHA1 | ab1e60ca41cd02cde57db909d5c274f595de750a |
| SHA256 | b8ea3507ded8c4f15d4920877001850c0b5e88a5b687b7595ff736e1195f0598 |
| SHA512 | e17664b448713f82814b9bc6b109905a3bdae5579eb38b4c5d6c82805cf4eda6b9b03b1db0757bdab101444be6821a2639733ccdf5c8a9e0a5b7b99a1fac4457 |
C:\Users\Admin\Downloads\Unlock_Tool\Password.txt
| MD5 | 40d2bba2661f32bec508886f1d097cef |
| SHA1 | 006afae44254592c4bf3ff8ab989dcc6c3e535dc |
| SHA256 | 310fbc255888e9d09afe844b5523cd3377eb8df64c04efe0bbf0f69e26440c8b |
| SHA512 | 9af0b4b27d6841913dc6e3ed55f685e737d96af67ed142082478ea4353b941eba1f92fd0011fe41877c50c1ba3618db430ac209f5d7c4502b25a99ccb6921fa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a7f653dec373fd7e6277411103c5f7ae |
| SHA1 | 7f7f0cb96564b97ce59136237978d389f9e9ed01 |
| SHA256 | 4949b1af26effa9d2df3dc24f8f66f128b22dbe4a9e5d4cd194e499ccda3b4b1 |
| SHA512 | 91ee0a32774ce2f77bbe89e34dbc95cbee6d1a1f6f72dcf3f6d7d7c16d288d92502e7bbfd5c0c09839484671d47591444754eb269e8646f57e61af4ffc2519bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 75136eee89da75e65b7ef14c448a608f |
| SHA1 | 203baa89914f4bef846838d6d21d715d01bf2918 |
| SHA256 | a3690ea3ad0db44e837c48dfdf46164c66b5f816695d77970e02db9004566024 |
| SHA512 | c8484d5cc99eeb5e2c01b41ac75a8e1fbf70040cbb499482eb8bfa7fea101469c536a48a440d60f0260faf68c1c31fcbd59a29c568673084d2134abf8312d6e6 |
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.9\locales\resources\Data\level4.resS
| MD5 | 64d183ad524dfcd10a7c816fbca3333d |
| SHA1 | 5a180d5c1f42a0deaf475b7390755b3c0ecc951c |
| SHA256 | 5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a |
| SHA512 | 3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e |
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.9\Unlock_Tool_v2.5.9.exe
| MD5 | e66371441b6223c517e381cfbe8e1864 |
| SHA1 | 2ac93eca52938e19c086550807923a85800e97a1 |
| SHA256 | 736ff6e041158ab21fae0f3dc2f2389f2d1baf9186e60d75900c2a71552de95b |
| SHA512 | 8aa02d9df0ee8ab6c43c8d7883a9ecfebb1f0957bb61a1101d6331324c28e0496f0c654be548ce34f9f76a08a0c102b3239c6c4b4f0457e708ba980c488d6e3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 62a7b426cc150889d08d493ae4dc8b31 |
| SHA1 | 0012fa67df21dc3f358c2c55e691f60279590329 |
| SHA256 | 9416d85f4014f1401fedc4bb523144a8ccda07b8d861c61b01953dde40212e0f |
| SHA512 | b5130ffc5571aacda572e47a21ba7c2fb2e46f4805409d517375973b9ce8b5d4c2c05f91a035483b8b9d73150a7ef44bd3b486802e695e363da54a3c4f5821bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e73057e1010ca3e4665d8684aa5cb27 |
| SHA1 | 0ca566c7ad7989fbc18c776a3fba50efad8f1d4a |
| SHA256 | d85e29689cd211d3cd266baca7738ffd200e2ac07f24b3aaa75940e274f10e7b |
| SHA512 | 48b7d189e431bd565fefbae5ac1060401e4401bb11a5e4dfdd2d8c925212abf2180936bee8712a70f30728250b31a2016a20abede0d2d1cbfc405c8eb14242ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c2daef1f300f525d1a5ea3e8cd3cf55 |
| SHA1 | 722eb5d530bc00dcc7b2423e38c7f60bffb24c3e |
| SHA256 | d6e90851be8b09dc3858c73a190fdfe8c54fc5908178bf44bcb57d07c701cf5e |
| SHA512 | 2c99f4cbeb81651222dccea7d7490197a10510da8933b36969573a96cbea76afa8466398194d6a8b8ed6eca26d21337831c30649496a5ceda3f367d862d9febf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ebd95dfe4def75ddfe6e23d2fdf14928 |
| SHA1 | f25655e3511f2ec769a32e68f6e748a7b1b6ad7f |
| SHA256 | 1400aa4a44eb81b3bf967a19afe97e9bcba5def94d1fd5a0060aed1f7c9aca1b |
| SHA512 | 8a17fb35753c5f97468b87599d9b5b2b9b37e63acf8c4758f5aa70c97657d97197bdc76290689f1e3bd93bb3d4668425e5f8554d7ad4c63855e98fa4ce3802ae |
memory/5832-1006-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5832-1008-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5832-1010-0x0000000000400000-0x0000000000659000-memory.dmp
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
| MD5 | ffb4471226b35c2c0786116e96ce847f |
| SHA1 | ac13b87354771880715acfa93a807cf675b25d05 |
| SHA256 | 1cff3c013ac5769bdb2a892135bed19b5aa58e94bcf1e48a63c63e62948604d8 |
| SHA512 | b07cfb4e72ebff238ff66952d826d3076c2f0a60dfcdaec412b2476b064739cb1bc0f27be466e12c01be7167d2166e023ef0766be550244194d26a1568781826 |
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
| MD5 | 02667fd4801618e851c2aa0b89236692 |
| SHA1 | 2d5ed412d924908a455ac70fa280c430079d555a |
| SHA256 | c688ab98b3ce475a30d73be4bb2ba7b3e1c0d43b98e55a946b2ad75fe4127888 |
| SHA512 | bbac9c0b89238c8c8385e8c4d422bb8457a08b9672197b0a8aa231c3d7e0a76011e078662b61f36ec40d57c0527c44b4984bb9565089be8eeab12f7087253a60 |
C:\Users\Admin\AppData\Local\Temp\delays.tmp
| MD5 | 1a193683dc74337cbe008b244ae86358 |
| SHA1 | 926e6b7e6c2c26d65f028e50b7c41d9a8c4dfa92 |
| SHA256 | 458eb5faa7e902a906b649529b45f806c8fab7b480db06ff8f0e033d2ed08608 |
| SHA512 | 752f20331e34e9c864bff13fde9333148d235b0c1564a9d18f9a0f873f627b5e04b6bd24c763f64fdc1e8281e3701782e8d754a54bc2a6cef47ef230d97770c0 |
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
| MD5 | 1736b099d03923213471ab745472a9cd |
| SHA1 | fe4ab5f1fb86b6dd73fce9c95878c58056526950 |
| SHA256 | 0669dcfae99c920ae35197a45ba0a362d9b3828c74685d4d27751ea6ebfd75e0 |
| SHA512 | 500e06cd3951cb3838eb5681343816683471ec3d13b4978c80df5ecbf204540e6a3999aa0ffcf1466f0ebc4bfa2ba1b25471c9ef59aa6707c4c8bbd0fdf08fa4 |
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
| MD5 | eb4a412aa8d5c9c7e4c489f685688075 |
| SHA1 | 3a4c3c99ceaf4608eba404e5870a9d033e6c9912 |
| SHA256 | 095d005b613228c7306f68cc0b617a62768266fcf298433ab0be01e9f94a56c3 |
| SHA512 | 459f3fdf8f883efc21ddfe06030fa2ef66a17a49008e55799603f1fa043eeb32f906c0e0a2aad4e48081442c2895fe465d9110cb2ee2c35aebb00bdf494ee573 |
C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
| MD5 | debb713ff875e66ccd03f34df8ce807f |
| SHA1 | 305ca23d2931e375b13a09a0f48aac5eddbb299c |
| SHA256 | 409e78124545fe7c99da07a29cd8b2ffc267605affa4d281e8036efd773049b6 |
| SHA512 | 2263c19dacfa57c6b8dcca1395890dc630bef55961ff979bc2a7d575f9ea2d316fb0b5fe52b4b5e7efacc94e601cc753b5a4fdf7d65af1b8fcbba823539a3c6e |