Overview

overview

10

Static

static

10

Firefox In...d).exe

windows7-x64

Firefox In...d).exe

windows10-2004-x64

Firefox In...d).exe

windows10-ltsc 2021-x64

Firefox In...d).exe

windows11-21h2-x64

Resubmissions

13-01-2025 01:00

250113-bcnq5axqbt 10

09-01-2025 12:16

250109-pfhwyazjhs 10

06-01-2025 14:21

250106-rpb6vs1kgr 10

02-01-2025 20:47

250102-zlagvsvpdv 10

02-01-2025 20:45

250102-zjvd9ayjar 10

Analysis

  • max time kernel
    427s
  • max time network
    428s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2025 12:16

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Firefox Installer (ratted).exe

  • Size

    170KB

  • MD5

    200eb10c73336127006740ae06003933

  • SHA1

    32ef06528018d4f9fc8da3a7e7e07363b3a143f4

  • SHA256

    b46624ea261bec807dc1f93431ab3156450646976443c27322a7a9c4eec5e5f0

  • SHA512

    026eb0e018f25449f664dbc2655cfb5c360fd60a928fec344bd31b3cefa01a3fcce4dd1fc87b3aabce7557db57cb1247a1984c69b3ecb00d83f388fd6b09a0ce

  • SSDEEP

    1536:4ig4nFL9z2BOwVCMs6se7llqn17KineXd2wVKtivEYoNRh8RX9EIKhI49No:5zFL9zWOw7sgbcUieNJqKoPC5+Lm

Score
10/10
stormkittyxwormdiscoveryevasionexecutionpersistenceprivilege_escalationransomwareratspywarestealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

109.231.31.129:2021

Mutex

H7HNKbba3h7eEPOa

Attributes
  • Install_directory

    %AppData%

  • install_file

    FlrefoxUpdate.exe

aes.plain

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 5 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Stops running service(s) 4 TTPs
    evasionexecution
  • Executes dropped EXE 7 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 14 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 35 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 49 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Firefox Installer (ratted).exe
    "C:\Users\Admin\AppData\Local\Temp\Firefox Installer (ratted).exe"
    1⤵
    • UAC bypass
    • Disables RegEdit via registry modification
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2700
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FlrefoxUpdate" /tr "C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:2744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\How To Decrypt My Files.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1696
    • C:\Windows\system32\taskkill.exe
      taskkill /F /IM explorer.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1576
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1548
    • C:\Windows\System32\netsh.exe
      "C:\Windows\System32\netsh.exe" advfirewall set allprofiles state off
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      PID:2396
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" stop wuauserv
      2⤵
      • Launches sc.exe
      PID:1444
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" config wuauserv start=disabled
      2⤵
      • Launches sc.exe
      PID:316
    • C:\Windows\system32\shutdown.exe
      shutdown.exe /f /s /t 0
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2888
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {ED349F1A-5E0C-4F2F-B3F8-3010FC46AD38} S-1-5-21-2039016743-699959520-214465309-1000:PIDEURYY\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:332
    • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2124
    • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:876
    • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2188
    • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1516
    • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2744
    • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2200
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x270
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2224
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:948
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1520
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1792

      Network

      MITRE ATT&CK Enterprise v15

      Reconnaissance

      Resource Development

      Initial Access

      Execution

      Scheduled Task/Job

      1
      T1053

      Scheduled Task

      1
      T1053.005

      System Services

      1
      T1569

      Service Execution

      1
      T1569.002

      Persistence

      Boot or Logon Autostart Execution

      1
      T1547

      Active Setup

      1
      T1547.014

      Create or Modify System Process

      2
      T1543

      Windows Service

      2
      T1543.003

      Event Triggered Execution

      1
      T1546

      Netsh Helper DLL

      1
      T1546.007

      Scheduled Task/Job

      1
      T1053

      Scheduled Task

      1
      T1053.005

      Privilege Escalation

      Abuse Elevation Control Mechanism

      1
      T1548

      Bypass User Account Control

      1
      T1548.002

      Boot or Logon Autostart Execution

      1
      T1547

      Active Setup

      1
      T1547.014

      Create or Modify System Process

      2
      T1543

      Windows Service

      2
      T1543.003

      Event Triggered Execution

      1
      T1546

      Netsh Helper DLL

      1
      T1546.007

      Scheduled Task/Job

      1
      T1053

      Scheduled Task

      1
      T1053.005

      Defense Evasion

      Abuse Elevation Control Mechanism

      1
      T1548

      Bypass User Account Control

      1
      T1548.002

      Impair Defenses

      3
      T1562

      Disable or Modify System Firewall

      1
      T1562.004

      Disable or Modify Tools

      1
      T1562.001

      Modify Registry

      5
      T1112

      Credential Access

      Credentials from Password Stores

      1
      T1555

      Credentials from Web Browsers

      1
      T1555.003

      Unsecured Credentials

      1
      T1552

      Credentials In Files

      1
      T1552.001

      Discovery

      Browser Information Discovery

      1
      T1217

      Peripheral Device Discovery

      1
      T1120

      Query Registry

      2
      T1012

      System Information Discovery

      2
      T1082

      System Location Discovery

      1
      T1614

      System Language Discovery

      1
      T1614.001

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Command and Control

      Exfiltration

      Impact

      Defacement

      1
      T1491

      Service Stop

      1
      T1489

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        cf205a0f217ebc3ed76a82f3d943370c

        SHA1

        d3fa7197740cb05d494f4fe7aab6772066e0c3b1

        SHA256

        272e33e3f90ec92fed1c495234f3b6a228a5e75b02a5aa20e6b3ae296b5e31ae

        SHA512

        763d27a18a71f3cf06d8c526c62e0c3c04531380875fac1e75f6d50995120844a91ef2641b2af3ed855f5e2ae0a02ccaf55acb04e05e33b4d3011731bca9f4e7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        7bdd4e45779f6c8f0618484c4c4d74c6

        SHA1

        25bc8d0e6dd5dbe1d48bc917282df92a11ad0f92

        SHA256

        42d7f0013fbad612e77ded73aa777852ebe89bf0d9b174912577899bc7ea87e6

        SHA512

        b8088f02ef0304f57fa3fa820d1f457af586b10d3b997b63d66ce5dcbce61a88ff20616f8252f13f930a835c40c757f2dae011940e3dd7d241ed97d1facac1fb

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f7147cd96b316f4c3bf3b77f093e8a17

        SHA1

        a3e9fdbfcb125e1e48ac2e36c320e8f23a880954

        SHA256

        f60fd7198eb08e1f8080b50f164596a976c5c725692e3d06b4f26fcd90843941

        SHA512

        477bf9b4f44858eee0e2101861c7484b75d575e4e2d463dc826e1ac7213e9fae634e9dfccc79e850c398621c07ce6902078ad901005b8c2cd619ebf953083e97

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        eff19b87a7a7e25dac461e09c2e7816b

        SHA1

        34841542f1f3876ab4b2ea8c41d42dc998f19f09

        SHA256

        47ea7978c7a89eba7cdd9586eafe74aa612ba641bcb3d43eed2a33b022a79a6f

        SHA512

        50a7e341d18401c2fed2208c9653e94241cb8097dfb9446eb497859e7deb370d7ce165df60078666e63c94c94b2dd7999104bc285b1e6f5f8d6bcf3eaa5f25e7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        475712fc6cec1481ffc963b62e75b32d

        SHA1

        6f12e4e9ea2485d9702fc0906f4913421d3425d4

        SHA256

        535753b7833d8f6e0227b6f255051ae2da9129578f5840e8e845d64a96a435b2

        SHA512

        586d21ab50186c7e970f95f674bd4f261c5dee3f15e07eed7d3d12b856f057ca4fd7929190fc09d38b7c6844ac337a9adf8b059caa8ac275f9810a3ad02e4d31

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        0a5d94f1b0cca593d35780148b189b73

        SHA1

        a30564fc15a50ef0bde332010df95ca893d3c766

        SHA256

        c2ac6f52885e16167169af9a465ab92513cbf307893841c7a0900d8b813a7688

        SHA512

        9d085b9a7cadc23188630095fa12b17e98ec95cec255d0a10cbcbd8467583c57ef4c5a45607784667d58e2d159f76e290f8a4aac8d77d76c96e5d071d24e7a5a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        df0e53dfc8251ac4d04367b4fb817232

        SHA1

        669756fb7ef226c5a0c36000e6d05241c2429dd1

        SHA256

        ed148013fe3b1dd945cc3943b51177fcd329312f932516c57de5c22f60f04ae6

        SHA512

        06a7015310e26249e6f539d3fc3fb9432bc058bb1d6940034df6e98b0461d64f595fe7b447da36c0ee49e071a332e43213d1f4b3ee93c708903cbd6f3fc3b46b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        689361a851839f833f2ae633fd59df0c

        SHA1

        8b5a564ee6d37e3b9089f5dd0e12b3eede03b6fa

        SHA256

        a1674f5fba45ddf1b7b4db72f088d017422028dcac3395d8815e22c43b2f3482

        SHA512

        569737c2876e2f9789b159279aae63f42ff37eb864d31c9c95529b590b80da1299a2cb5288b2cffc9a90dec22c00efd0730d0f9b224f01856ff86666f4b10377

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        c6f5bfad07efaace836a53316256fde3

        SHA1

        a78b0ed90bed9effa377ea10c69c4faed99445ce

        SHA256

        abae00ab6f25b75b1ea2889479105ae21293c971fc28962d80abf138681c068b

        SHA512

        84243cbb10507d832a54d8cf521f7baed388daf82420068ed95762ddc0e30a2bf4c251f608bb4828d4149c3af4c10d9804ec898a175eccf8eca324b9ed9dc212

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9e9f16442c40077f3fc80fcb7e4a3632

        SHA1

        5929477a64ba6c70a660740352dc07e8e38ed85e

        SHA256

        1f832ad837fb6431457609deae5447c8b5312726851d91a4d9d42639692d526b

        SHA512

        b391a60868ef104dca841e31af62dd5138f10966a7bc7564503420c36b88a4029456c89285e66b0dccfd451674f659cbd5866810ddfe1c335a29f2d26b174c14

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        e60df3818e0a57af15222984b8fb3e11

        SHA1

        31a2613e5b3406c622da1b8bbc8accee567c5ffb

        SHA256

        69b500d6c55a1fd130352ea44faf684bc5414563b485eeb23ef0723558d02fdf

        SHA512

        1d137f1a1865e92993a91216019401bf71b4a7ae532a385060f294910b7d435bad6b82743d18ed257b82dfd7d95a244cba217f3aebcb6f5dcc795171bcc774d0

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f2ad03b824b063df597154955069ca8e

        SHA1

        101e6354324399b3e5dd1483ddc1eeca522813c4

        SHA256

        3ea277844378adf35d0251d4aa5d0c2561f8dd41c3fdcf731c0123638d3e0bbc

        SHA512

        c3cd5af68084a176bbebc36046ab91ee1ce09d26b9975a479f7c8edd11ecb8031ca1ae502c3cee2961bf8bcf2a5e475319ad00c7045ce8f69a989c2240b5c79c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        69e7fc0e581101ab4b1da77fdbe3e4da

        SHA1

        54a22070d63c7e0f0b66b7f134637731770e7077

        SHA256

        a88835e750d308773efb13b4e24727ca405fe72be26d652c463707ae716e5237

        SHA512

        c21c965f75e6946704aea2b7c9ec816aa391a6539dbd1ff89ebbb5a48f05fe506a4c064c4b5db03351cb475879754c25636190bf794aaefe76fb5fa3e708bf49

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        4461bc568a256faa5c2513d938ec4162

        SHA1

        4a2f52f492c115c3efdf8f457143a50566c79329

        SHA256

        049520709ec4ed2fe0344f462d5f404251a8b6844545aef715db549008d93f2d

        SHA512

        eb587e14e3c585f35f4d2c3be83a524138da129a98fcab873ed778414f0e416ddda3d8804566051e7669606c5b0aab4718c8dc8bbd0e57a542f1cdf0dee0b6b7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        7239abc7a745e4a833b1ef92270cef2f

        SHA1

        0f048b9f91d26b44eecb293ea2138bd2e24e9fed

        SHA256

        9c9b2ecaa03e51db13aa07071ec72b75ce58350092555407f66d626f8afc8434

        SHA512

        bf8d685707ea8caaf0dd3e6b74c2675d757cd81b06c689237b1b82cdacf5388bc1022e02b6c0ddc0cc3e116b4b58e00334655584ecb699c99fd31bf83b7fb540

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        3ebec51e3583ff701ec75113baf4756d

        SHA1

        fda8dafa37ec387e75fae40bf9956a4d07cd32f6

        SHA256

        6d4de654de74cc2c6e673b099725413907ab633f8ca4bfbe30e3a64af0975a88

        SHA512

        bdf44bcb5018079df58c7a9ab13ce7d562928d3b581465505a0593eb167ff1e5444ad61b2445b5a2eb4d7946a956df22ea9144d7d40a0d06b97eeff5a0611da2

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        e075822209e10ee35e0f4be2b1c74273

        SHA1

        cd7f7465da6129ed209239bc3baecd40510cc36d

        SHA256

        49609bf4eeeac0846598072d69b6e6d09cd1ebfddf0496c467fe95ee90cd6eed

        SHA512

        54d0e8d7226a2c7bd7f0aa473b3d848e863593845d14acf2a70c776d014e6c46da32ecc49a37ae1c5d83872e63735e58d05a8ecaf86dca71214b14fa225c13d1

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        7e4501bd98a4c55bde7470806dbbbbdc

        SHA1

        58178ff0db76af07a2ae1152e257e55717a1089d

        SHA256

        769c017b2f096ed8dec2390ab8405b221ce4111b9ade9718020cfc94c89f5c12

        SHA512

        14b180ef962281cf42d24b36c1566686b6b700ae8894e93069418ce49b6214df1ce69d5fe7266fdf108f9199cbf2c21314b7ca798a7353c8ced7ba148efab7e2

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        650e540c3609708dc75a13875bc341ec

        SHA1

        63485684aaf3de1bba2ac0751f16bcf47647c916

        SHA256

        c35225cefc98cd55cb8e5b1fa5438c03d153c03ec76bfa5b44f4145d479ef3bc

        SHA512

        9d4f7787ca5cb9706a0f016bccccd808a74635026b833e5a5fa3b50bd6b4d0f63283c528673ac65101bf304aad1457709e4e4988fef998e0564ba7beac125875

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab7F50.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar7FFF.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • C:\Users\Admin\AppData\Roaming\FlrefoxUpdate.exe
        Filesize

        170KB

        MD5

        200eb10c73336127006740ae06003933

        SHA1

        32ef06528018d4f9fc8da3a7e7e07363b3a143f4

        SHA256

        b46624ea261bec807dc1f93431ab3156450646976443c27322a7a9c4eec5e5f0

        SHA512

        026eb0e018f25449f664dbc2655cfb5c360fd60a928fec344bd31b3cefa01a3fcce4dd1fc87b3aabce7557db57cb1247a1984c69b3ecb00d83f388fd6b09a0ce

        Download Submit

      • C:\Users\Admin\Desktop\AssertComplete.xlsm
        Filesize

        444KB

        MD5

        8a1f5195b81093def22aedac6835a218

        SHA1

        8394f5d8d74a395479a7d07eb5479cb9028e4f95

        SHA256

        1b69bf7b8aeb51afd9e7724c9cf0ecd1469546d8a04cdb9fc6b5d0b83d7aee04

        SHA512

        58d4af11c52eb1fa6131f7f1bde64e7682f5dd81fe9a84ba87ae641ef54f6fb0bb68b27e81dee8d8fc1d53444d09fae40fc0a7ac0cb0523ce302471f332ba2ef

        Download Submit

      • C:\Users\Admin\Desktop\CheckpointDeny.xht
        Filesize

        287KB

        MD5

        793de48baec54825c73745c08a90beb7

        SHA1

        d524259c6007e3d979fea2886f07f1672dc11d7e

        SHA256

        545d0570f935a69bcacdfce5e16949696d6092ec3411f7a4c93b54eb099cf53c

        SHA512

        4a2c7d0f7dbe28a5fde051e847af92e0283fc65338d41f8c2b4346405df41a281fdc5a691e3fc89f0028b77d03a46a81d3f294610f997202f34ff202300febbc

        Download Submit

      • C:\Users\Admin\Desktop\DisconnectUndo.mpg
        Filesize

        566KB

        MD5

        cd03e8622b8375aa6176150054df8f41

        SHA1

        0882717d786ebc9341f80a9bbcd53ab7c6605bc5

        SHA256

        a4b7d75f9e2c37fa36caeaefceae0d4c860ea82b62e7cffb1ab04d5dc8dddba7

        SHA512

        e3361d569fbbc615205c4c51350ce7d561ff6aa6214cd35823e6e863d0454eb4a2dac701098b4c8d1d3904e73626f06825053044bd5f18954e2fed1b59f562ea

        Download Submit

      • C:\Users\Admin\Desktop\DismountPublish.dxf
        Filesize

        235KB

        MD5

        63eac906dbef2f2ab1306c78f159e886

        SHA1

        b9f26f6ba640c45711cd3dbcfa185c60d6ee6e10

        SHA256

        54cd4d34e21dfcda0d774557fea5788a0cfbe881788c97e068b05f42035a4e01

        SHA512

        0c00755a410a4421823206ef4f063b0dfcc7763395937b7b32d9e3a9bcb8adc5f89bf444f94815546683cce392c468957f3538544ccda415e9a57c0a5a142256

        Download Submit

      • C:\Users\Admin\Desktop\EditTrace.cab
        Filesize

        496KB

        MD5

        aaf548d29ab0aa9263b7fd791fe8835f

        SHA1

        e21928f62f0845a8aa9d76aa35f49ff1ac36e668

        SHA256

        aacf9204d48fe1efe05c2e44cd2afe0e624dd5d53cfcf70fac811ae436038333

        SHA512

        3c0ccaf961f5cdcca0f010ac09f773c2eca553110aacb4dcc4f7279ea2232653860de515b844ad411625aea2f9bb24e20211ac29eb19933a33918e7afb140974

        Download Submit

      • C:\Users\Admin\Desktop\ExitDisconnect.mpeg2
        Filesize

        357KB

        MD5

        b75e04d651a622541e14cef1d6da67dd

        SHA1

        21ba40fbbca30fc44f5f0c8debd7aafd18963e8e

        SHA256

        cd33c7d1a58930131aca3b9e2f2f5ea68da36a659148f111b6fbc7de8e15cad0

        SHA512

        01e8a7c031caaf2af70732d54fda1dedba8853c5fb16b680eb99c7b95046c27b3953ced033a1e5d9e365889b7e207efd5eebc311d0848dfcc43a50917d904b78

        Download Submit

      • C:\Users\Admin\Desktop\How To Decrypt My Files.html
        Filesize

        630B

        MD5

        255b21f69d58103d0b7ac94db2cc77dd

        SHA1

        171ed83d1a1805da597dfbbdb3563009b092eaff

        SHA256

        f6f9fd8bd3c04ce5ac3d759e34261cf8b839b9c97f1a6830c23555a12da50070

        SHA512

        a957e59777d2c78d9c354e991e52e1bd3e2820058aaf45f2d21ca4c79a216c4d6d114e1eec28624dcff801e7622255b3b507719cfde28b3bfb38f9bd61cad0c0

        Download Submit

      • C:\Users\Admin\Desktop\InitializeRead.wmv
        Filesize

        339KB

        MD5

        e5799cb2c5285cc1d5b9ad6fddea866f

        SHA1

        7c1125d75b8ae9fe6a1cf97a6da0d1b5ed6b1568

        SHA256

        20aa3885886587c6c3ea7474151ca4468690add991620fd23cdeecb441d23074

        SHA512

        0909dba398dcaf9bb7b484ca8e8cdb5ed71cf14cc5f27128a383ad692492db0d80a5ec28e15a6d2b0dfe9ed46e0824995197ea2b598c2cffb34e3102421bad6a

        Download Submit

      • C:\Users\Admin\Desktop\ReceiveDismount.wvx
        Filesize

        304KB

        MD5

        b3038d5693d5d1dff25dc5b64f5a9067

        SHA1

        bedd908eb01d8796737da8cc4565fbcfb0f40aae

        SHA256

        eb2db5119cbafc2457df09adfe8cf7b4a2ac676d67723bb75e57f2f4d63dcb55

        SHA512

        af3e5205d620e3ce4e8d97a16545674440378363c1b11711352e2f19b92140e238d8f81f94e324c6f4359dddcc314ac9303513259d46399cde2ff56cfacaf3db

        Download Submit

      • C:\Users\Admin\Desktop\RegisterConvert.7z
        Filesize

        548KB

        MD5

        5079683d0d6eac8aa955a88cf8c17dae

        SHA1

        c4bb4f7f6a876b677587626c76ae8ff32aa4ed7f

        SHA256

        c7581b6ed58764ba227b6e9e4addb5cd19ccba0c62f67934a73615b12481bfca

        SHA512

        de41292d2b93456e8638d4656b852ec9bef16feccf23b155ca7d1a97d51af2f3a52f3fe69fc7583b676b8450253f9fe131c6fb076bed3d8f8d936829709424a0

        Download Submit

      • C:\Users\Admin\Desktop\RegisterTrace.wmf
        Filesize

        531KB

        MD5

        67a281c2526a1c9e3d70cd1230935a04

        SHA1

        82bee6a2165e51c32c7084138c25a96983b8023f

        SHA256

        0c7aba9aa8593194483b5ac7169f3e2f102c802267b1d753b982d754d3777125

        SHA512

        20124ea98a5440198a42a696a3896586926a015bb3d3e7ce6c1563ac36fa2bc2ff6a81624909b15a6bb9a69c77e36ff6ff054ed3f4302ae9e14d3b6dc8a02254

        Download Submit

      • C:\Users\Admin\Desktop\RemoveEnter.xlsb
        Filesize

        783KB

        MD5

        a8683a0a76d364d26f660258cbf4f20d

        SHA1

        ac0f7bf1460687100baf8e7c4f8ee5421980860a

        SHA256

        b88203e9960fd6100755e5102844be099ca4535363d77804ab8b85ff73efede0

        SHA512

        1aebe496dc4bbaa63d9131c5dbf13529c79603faee20bf5e8063285f0ee29b5ef93e3a386e8e74839bc236f6e4ccabf6e612850245ed5f1b0504eacb3c7fbd57

        Download Submit

      • C:\Users\Admin\Desktop\RenameApprove.odp
        Filesize

        513KB

        MD5

        611a5511d66be3885dfd55b1360dcb90

        SHA1

        ab1a823f6ca810a45ed907a65fb0de86a38a9302

        SHA256

        60f90086ebcbccda4882010b7e1e42b952fd74c55e4305d607eb4f46b819d610

        SHA512

        ebfa6ef67f832ec2fea86e5aaec193fd589e95795d03572938d1da2a326fb873971cb81cb8dcbfd9e8ebf322b51d662072206d837bdb40f319b747ccea200309

        Download Submit

      • C:\Users\Admin\Desktop\RepairConvert.scf
        Filesize

        200KB

        MD5

        c3476c97d8a4eb36d9a4a245c23ca949

        SHA1

        9548e6b73dd72e8af9b21c1adfe7652f06c1540a

        SHA256

        f0b751befa9647ad0461f9002d00c52924377877fb1c429fface79b599f992c3

        SHA512

        b1707f5f63b74b725d740f455d6876ac5bc9c6a000defdba8445d849f09e365f010163b2a990344d528ba99b622b8fdcd733d6b730b1900e3ededdeb8d575e01

        Download Submit

      • C:\Users\Admin\Desktop\RepairUnprotect.vssx
        Filesize

        409KB

        MD5

        cf932fe2b5b5bd09220661938e6d8585

        SHA1

        13bdbce0cf2af10b3dd8655be4c6e65807357cfb

        SHA256

        95df6b139da2258d47e92a8fa30645420c9c8b3a2bd25e2e873d1c78fac06f57

        SHA512

        f7c6bb3b9eb918463360a4277c26058d162ad71a833efa3d71e426d6d890f6cbe684239f322204be0031ab5c49cb9d7bc276d603c25c4d4778710dd1cd843611

        Download Submit

      • C:\Users\Admin\Desktop\RestartAdd.mht
        Filesize

        461KB

        MD5

        b88a095609ce5f1ee9496f710424b377

        SHA1

        7f599cffb78d7bb4277310845a959b2c4afcd25c

        SHA256

        1f83c5db66fb5ff78e3560355213ed2092fc6b8c9bf7c413600a6938af0eceb5

        SHA512

        943d895fb13244f66a8c00374a14fe6fe4cb357fd2c5bfe8560eb6bf54e702ba77cf28cb695642e7d9a4168b58383541f773f57d378bf8646882a100e19c501f

        Download Submit

      • C:\Users\Admin\Desktop\ResumeDisconnect.potm
        Filesize

        252KB

        MD5

        fdfc2f17f4d74884496af36e77b2e17e

        SHA1

        e7c73bac59f8ab74869667410060b55db3e659c9

        SHA256

        ae24d68988353d638c1c22f5e6befe7f4b01d6d10990d1ba4bb9c6e06ab29d6a

        SHA512

        6d4d49ed6f46de15863447d5625fea6a0cbb480cc36407f8a5226d8498511418243614436635a447172f294a4bfffec39ecde4151e0527568c62080c19b285e3

        Download Submit

      • C:\Users\Admin\Desktop\SaveAdd.ini
        Filesize

        426KB

        MD5

        80e39cb61ede3d03c06e9190267f977c

        SHA1

        72385578b7f76e63e52db020670b09d91df4cbaa

        SHA256

        2f6bf2e5a23d50f2fbf01c9582f1f4af23cdf74172070f6b0eaece375d3d79ea

        SHA512

        516365b0479328613b4018a0bef6b54dbacee150a3c5a6df632da3a8876b179a7a6b2a03590a424300a7533f05842faec10bcc4c127244e66e9a4501f73055eb

        Download Submit

      • C:\Users\Admin\Desktop\StartDisable.m4v
        Filesize

        217KB

        MD5

        04f238df6d7be2c01db84f8ccac1de7e

        SHA1

        df4670dc2e546e5416ca2711aa03b91e05530f3e

        SHA256

        55de22d0c92e236388ca35be7e2abe36d9d9958ca155ffec534ed6e36e830851

        SHA512

        23ec1ae6e7b9df9c33075d4fda486735f73ea735c7d082a66659b8313a4ad019f2e138884e64a111dbe7165084896ce317965e11bb356ee095a55207a1e5f422

        Download Submit

      • C:\Users\Admin\Desktop\UndoUnregister.xsl
        Filesize

        479KB

        MD5

        0e610d1314cdb5b9be190d04ed5498e7

        SHA1

        b06656f353e4e1cafbe6e3612e4c869cda37fbfd

        SHA256

        57a6451b6bf415c1e12e6e06612c5549952945d969070f2f59c106db552735e4

        SHA512

        25fd3d5a019d6b4374ba273a223ac55467a7927b02a311829e0ad3141aeb815b48cc19942b3924861b05260a62365e5953fb9cf139ac2a30e7cecb0da7000f55

        Download Submit

      • C:\Users\Admin\Desktop\UnlockSuspend.ttc
        Filesize

        391KB

        MD5

        e59c108966c02ce9e0c2b87b688b5493

        SHA1

        d589f38e2f8dd1c22dc4634ba112a86c91cf176c

        SHA256

        37ac24c0a5d2644e12be5f4aaebdf7a30d1036fe62a7ccc3f83b5a76af0fa0e3

        SHA512

        62eb62b6e30ba3df57bc16512cf0585dee30c5e3b55d97ec941e2db0d6ac42009ff4e3cd379db1477048bf5b49eacd6e55307cef8da017edba58fc52aef5cde0

        Download Submit

      • C:\Users\Admin\Desktop\UnprotectUnpublish.xla
        Filesize

        322KB

        MD5

        380fa0dbd2c0ce836c94aa32534de2b7

        SHA1

        7ecea73786ad4f361033732dc860f9fc73e4e5d1

        SHA256

        de6c7eadd816a1e1da58170ae3261f38d6775f65984a2d66c6d50642c1e9b155

        SHA512

        bbebc7c82ae0bcb27f2caa7be8df458efb060bc63a7b25a8ab909126169c476e4f8f8f7f4c052e8923632694fd26b820dfb002acf891344220e1ca9f4e290223

        Download Submit

      • C:\Users\Admin\Desktop\UnregisterRename.wav
        Filesize

        270KB

        MD5

        da1891e5b43f2280a7f3ed075f9d9ddc

        SHA1

        6e1f12dec9b788658d1d50bfb0d03fa609e31ca1

        SHA256

        bfc51046b385de456c119d19cee9562b56fd6472cd150811323146124b4fa813

        SHA512

        f1c55d9b1b733d1b409e4f10adc2a71f401c735d8624d7a70cf13e7ea7b033fcdd7679d13842d9edd9dfdc5fb58487a2c3dae93ba4d81a78a25805bc60a5e4f1

        Download Submit

      • C:\Users\Admin\Desktop\UseInitialize.tif
        Filesize

        374KB

        MD5

        6a45556fb58186b9cf6beaa82628b0f9

        SHA1

        edbf2df6d443f00b0358166b4b8d66534f0b3fd6

        SHA256

        0a4b2c38dc4d3954da78965f3180ff324ad999c1d8fd3c5063da4d2f0509b3f6

        SHA512

        69c29bbde4386af7660819adb486600f72390bbc155b2b2dbc4395eaf2f401ce5ae0d49df4a33e8a3842e8de63f0f193916f18c11492598521cde22b38b368dd

        Download Submit

      • C:\Users\Admin\Desktop\desktop.ini
        Filesize

        282B

        MD5

        9e36cc3537ee9ee1e3b10fa4e761045b

        SHA1

        7726f55012e1e26cc762c9982e7c6c54ca7bb303

        SHA256

        4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

        SHA512

        5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

        Download Submit

      • C:\Users\Admin\Documents\desktop.ini
        Filesize

        402B

        MD5

        ecf88f261853fe08d58e2e903220da14

        SHA1

        f72807a9e081906654ae196605e681d5938a2e6c

        SHA256

        cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

        SHA512

        82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

        Download Submit

      • C:\Users\Admin\Music\desktop.ini
        Filesize

        504B

        MD5

        06e8f7e6ddd666dbd323f7d9210f91ae

        SHA1

        883ae527ee83ed9346cd82c33dfc0eb97298dc14

        SHA256

        8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68

        SHA512

        f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98

        Download Submit

      • C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.ENC
        Filesize

        16B

        MD5

        17869dbc67df2e3d232de9dbdc40767d

        SHA1

        9228b64f9436c833428e83fd1952448eb4800d93

        SHA256

        72826958043a1252c135dc654334cc89d0dbb1944fbf096b9c2134cc38ebee60

        SHA512

        d2a68df030aab44ce9ce57ce2702a47fde40464b880b833c408cbbd31d6363d36dab960011f7a0a0b626f0fefb9b82a82cda264105557e2506d75dd9b7c0884f

        Download Submit

      • C:\Users\Admin\Pictures\desktop.ini
        Filesize

        504B

        MD5

        29eae335b77f438e05594d86a6ca22ff

        SHA1

        d62ccc830c249de6b6532381b4c16a5f17f95d89

        SHA256

        88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

        SHA512

        5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini
        Filesize

        129B

        MD5

        a526b9e7c716b3489d8cc062fbce4005

        SHA1

        2df502a944ff721241be20a9e449d2acd07e0312

        SHA256

        e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

        SHA512

        d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

        Download Submit

      • memory/332-9-0x0000000000B30000-0x0000000000B60000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2124-596-0x00000000011D0000-0x0000000001200000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2200-1519-0x0000000000330000-0x0000000000360000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2700-5-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2700-4-0x000007FEF55A3000-0x000007FEF55A4000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2700-3-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2700-1-0x0000000001250000-0x0000000001280000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2700-10-0x0000000000CE0000-0x0000000000CEC000-memory.dmp

        Filesize

        48KB

        Download

      • memory/2700-1025-0x000000001B060000-0x000000001B06E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2700-1459-0x000000001B210000-0x000000001B330000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2700-0-0x000007FEF55A3000-0x000007FEF55A4000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2700-1485-0x000000001ABF0000-0x000000001ABFA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2700-1523-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

        Filesize

        9.9MB

        Download