fd08c82277d56982a16196dfa852ebbbfdd67752619274a6ddb4ad4b123f5ba3

Resubmissions

12-01-2025 20:27

250112-y8qlxsxqgv 10

12-01-2025 20:17

250112-y2sgyaznep 8

12-01-2025 20:07

250112-ywfwysxlft 10

12-01-2025 19:55

250112-yngtaawrdt 10

Analysis

max time kernel
570s
max time network
583s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-01-2025 20:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

99compress.py
Size

2KB
MD5

87ce3a21c9af0b3c2271e5ebe8f70658
SHA1

f299f35fc0693a9d196f53d0e7b60e94f6cc22ac
SHA256

fd08c82277d56982a16196dfa852ebbbfdd67752619274a6ddb4ad4b123f5ba3
SHA512

be03c98744791881f23db47d4cf9397a2c9cb0712344f1357f7cf1f67b95574b7c270a54c66074d78ffd092d984ec7ad57661e02c16578116339cf1edf08f7f7

Score

8^/10

discovery evasion ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
3384	6AdwCleaner.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\J:	000.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper	000.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7ev3n.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdwereCleaner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
4696	taskkill.exe
860	taskkill.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile	000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon	000.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\system.exe\:Zone.Identifier:$DATA	7ev3n.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3172	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
1708	msedge.exe
1708	msedge.exe
3200	msedge.exe
3200	msedge.exe
676	identity_helper.exe
676	identity_helper.exe
4092	msedge.exe
4092	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4188	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4484	firefox.exe
Token: SeDebugPrivilege	4484	firefox.exe
Token: SeDebugPrivilege	3384	6AdwCleaner.exe
Token: SeShutdownPrivilege	5108	000.exe
Token: SeCreatePagefilePrivilege	5108	000.exe
Token: SeDebugPrivilege	4696	taskkill.exe
Token: SeShutdownPrivilege	5108	000.exe
Token: SeCreatePagefilePrivilege	5108	000.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4752	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4752	firefox.exe
4484	firefox.exe
5108	000.exe
5108	000.exe
3384	6AdwCleaner.exe
3384	6AdwCleaner.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 4860	4188	OpenWith.exe	80
PID 4188 wrote to memory of 4860	4188	OpenWith.exe	80
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4860 wrote to memory of 4752	4860	firefox.exe	83
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 1888	4752	firefox.exe	84
PID 4752 wrote to memory of 2640	4752	firefox.exe	85
PID 4752 wrote to memory of 2640	4752	firefox.exe	85
PID 4752 wrote to memory of 2640	4752	firefox.exe	85
PID 4752 wrote to memory of 2640	4752	firefox.exe	85
PID 4752 wrote to memory of 2640	4752	firefox.exe	85
PID 4752 wrote to memory of 2640	4752	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\99compress.py
1⤵
- Modifies registry class
PID:4140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\99compress.py"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\99compress.py
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1852 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fc40088-d251-49d5-836d-2f1d603e8b60} 4752 "\\.\pipe\gecko-crash-server-pipe.4752" gpu
      4⤵
      PID:1888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db661fb-52e5-4e3e-926a-08312a1fb4fb} 4752 "\\.\pipe\gecko-crash-server-pipe.4752" socket
      4⤵
      Checks processor information in registry
      PID:2640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3316 -childID 1 -isForBrowser -prefsHandle 1572 -prefMapHandle 1568 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f665ece-4c7d-43f0-a53e-9712afbcd07e} 4752 "\\.\pipe\gecko-crash-server-pipe.4752" tab
      4⤵
      PID:4528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3936
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7048919-808e-49f2-ad18-bd2b1bcd0363} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" gpu
    3⤵
    PID:1584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71c70692-acad-4f20-9ef2-a6ff4c930743} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" socket
    3⤵
    - Checks processor information in registry
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3040 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 2900 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86cd1303-3c87-4b03-8b47-3ebd4c54a04a} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
    3⤵
    PID:892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3728 -childID 2 -isForBrowser -prefsHandle 3440 -prefMapHandle 3472 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a095a00a-8d98-4d05-b799-073a78a2baaf} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
    3⤵
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4700 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4692 -prefMapHandle 4672 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {110a28be-33ae-49a4-aa27-1a54f06abe5a} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" utility
    3⤵
    - Checks processor information in registry
    PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe05b33cb8,0x7ffe05b33cc8,0x7ffe05b33cd8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,12984909920816486540,11977956578556896867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4112

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\run.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:3172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\run.bat" "
1⤵
PID:2544
- C:\Users\Admin\Desktop\$uckyLocker.exe
  "$uckyLocker.exe"
  2⤵
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:3664
- C:\Users\Admin\Desktop\000.exe
  "000.exe"
  2⤵
  - Enumerates connected drives
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5108
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3256
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im taskmgr.exe
      4⤵
      Kills process with taskkill
      PID:860
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic useraccount where name='Admin' set FullName='UR NEXT'
      4⤵
      PID:1548
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic useraccount where name='Admin' rename 'UR NEXT'
      4⤵
      PID:1580
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown /f /r /t 0
      4⤵
      PID:3024
- C:\Users\Admin\Desktop\7ev3n.exe
  "7ev3n.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:3516
- - C:\Users\Admin\AppData\Local\system.exe
    "C:\Users\Admin\AppData\Local\system.exe"
    3⤵
    PID:3244
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
      4⤵
      PID:776
- C:\Users\Admin\Desktop\AdwereCleaner.exe
  "AdwereCleaner.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4304
- - C:\Users\Admin\AppData\Local\6AdwCleaner.exe
    "C:\Users\Admin\AppData\Local\6AdwCleaner.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3384

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c3855 /state1:0x41c64e6d
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\6AdwCleaner.exe

Filesize
168KB

MD5
87e4959fefec297ebbf42de79b5c88f6

SHA1
eba50d6b266b527025cd624003799bdda9a6bc86

SHA256
4f0033e811fe2497b38f0d45df958829d01933ebe7d331079eefc8e38fbeaa61

SHA512
232fedec0180e85560a226870a244a22f54ca130ed6d6dc95dc02a1ff85f17da396925c9ff27d522067a30ee3e74a38adff375d8752161ee629df14f39cf6ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c3d326d42ac31cb7bedb70dc4bc3e4f5

SHA1
c84404f646c4912f106e10321fa029d2e65dbc80

SHA256
b918fa9efdafc95fab88ab7166d937c24e38fcb0da4d573f3e1e332d8cf9e92b

SHA512
219b700e394cea1f2ed6d7512469587f9a58ad0d68e97b0446521459275d3383fe4f37cce9158b50c6874cc15b4b8e4c1c12334b38ae0f5ac7f453457b700eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d76db4cd5bb93754663e8d0d422afff3

SHA1
b77444651a3b726505f26214b125debcf1cc141c

SHA256
81adc9543f318c6136d4e04f837ec56f24017c29f7fe2b01bd0ce90491f249a2

SHA512
af391106211011e3fe9b7e4c26d416ebab8e99f0ec8197aab2dca7e77d329f29494ec8a3cbd4e8725706aac9ac28b915931bc9f7613e4b1d35e7904b843ceb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9e039cfa17808342d976860ea72c940d

SHA1
0977c534f2bd9321f07e102b5ba1c3d6db5c649b

SHA256
a245595183c7cb4c33cc67ef0ed0da1be59483a542506e5bebe646b0606901af

SHA512
205da350b71191f9b158bc3c9eee9a2d1258695e24bf972ee45560b1aef3c6146e9fa8f221a3746644749bed67fab3ccea054d3f000ddbcbcf0f3dff14ac0c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4a7264d0130ddb04aabffbaf5d99e0b4

SHA1
6c1d59296a2364af1123bf64da8ffdcbd0bbd93d

SHA256
8b7b168e2a03983ad1adb518182ee4fff4fd4914781881bb920fdb3f53e0bad4

SHA512
3fc11bbc74668bfac67d245d97b26f408214cc2997bdbd858198291dd3309cbaec339bae6d436dbcdac43631228b0a54ccc373fad6126c689fc0213e19e1134f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90c394fc5f1762a138f261f7dc9d2cb7

SHA1
ef548a7de77e6a0757f81f5491bc14db8568671e

SHA256
74aa20af0ae6018f08cba5b89d61a17bc212b772c4e1933e291de9efcbc4d273

SHA512
548828742d9dbb61d2c5ecafafdc84bda823840a63248a5e255e86147eebb31324ad53e206511125910ff0c31605161b659e9ede502c7566da56da67d5cf406e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78bc8705a21c656e68e4097c88cd88ad

SHA1
16c8f54eb399e38ba9f6624e8d58d30503da3597

SHA256
036deb49a629273f368c01a4634e21befe2f80ee584ff23b19d0f7122969efba

SHA512
95f4656b4204d4e949b158e4e5206a8baacc16b368f074b00c9183b6413ec63624885267903001451c44a9e0f7d2bd082e17ba70fb3ea59dd779bfa1a3392905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfb3cd366ae5c99aefee5c333971579b

SHA1
263eda1662073db82ef3a2720096fb8bf88b2e98

SHA256
50559b2df4919b62d8aa2f65c03fdee55b50c1d47349268f7af769cc5f3170c8

SHA512
3d0b4e878cd1ba8a9fd6c2841e90cfc7adab8a3c7ab78edb1f1df56b66f545600c6fccf7c6cced5b7a557aafbbb3a1d16edd19899e2c4974c36bb70e09657862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3d13cadd6b0eea85f02a7d4c193ba97

SHA1
9f83e3df9200a0ef21462d6cc4b9a8b1bdebff28

SHA256
fa5baf87e293b8ffdb5f890bd8be269976a33393c9101a291759360fba5ddf39

SHA512
a996d1d0e849c61d5314338b60b299d7df55bee6229cfeaee31b44aa1c942e965f06ed25e81de28ac0255ae27e409c2e82807e0e128c8431bf2c43427040bb8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2003828978888b143106b1c6c0effe6c

SHA1
c1e8a77a5d6dd09f4e81540b784f8a59adb05b83

SHA256
dd455b9ffbbb5a867e12d3ca9660c649ff1e38283ea244c2650e2abccf6b751a

SHA512
573240017a78ca8724e1d85affe26aa70ad5c83f3e4909090f5c29d12be24489fa126e0ba774128bb0a43307da4deb2b86e8c1442819e306a13ed71bf04af267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e2fa60d173213100daaedcd1dd4f8fd

SHA1
0e384464c1914e5f397556d6c70f398004c9329c

SHA256
d10e399bea1a1354392b071972a7ceb6bb1a70ed7cabb427b7770a30cbd86541

SHA512
88ef349bc06a9398c5fee12a6ee1d5a065bdfb0ae922e99bd0735ccc0b1b5a3d6ec6a9294425c273467570116251bfd9391ae96c837f335bfdde48fe2b12d8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ee4d8ffcf6aee75e1bce5e8187c1851

SHA1
48cede07ce2fcb0bd7dabafbcf26fafe86bdee10

SHA256
e0bdbe1b2503d22b9150c7c2a5d8580c2b9efccc537124744d8db28a58ee929b

SHA512
57990d63f90c3080ba1c3df8f2ea5bca71aa4b46ab3203276c0c957214badcab97516e09643d0e7706ede7c140213d1b1c6f4644771124f2f4e99c4f5add500a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c67d66bb1752fa7b97ba9c429efa46ac

SHA1
0721e42af362037f9e5115e47f61ddaed0ad8d2e

SHA256
691fbd52e1bc62296a0ab68b2768d58568ff9e4fe07b11a97a309de1d7dd6a7a

SHA512
37a0ad3ce1e7533cd15526be4b8b8dbbeabc792edde8c0d159d1e2575e5f85a3081f9696570fc65639704e5f3578cdbcd87bef141ab5d677300ae9e59bbdc6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8ff5006e0891de78bed5be3f58842c4e

SHA1
278251bf39f58de3314cd78b2206a6e568319225

SHA256
ace27e6ff4801aad24dfe56516812116651b745f154e43b6bd2168b5cb0d2c15

SHA512
449cdabf4dba6d08f6726977bc0ae677666cb6f5c119ac3dbadff7784d412f1e634a88320011f84925d2862ab891179804bab319ee05a5edbc1b7d098564f565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7fc41b9ebbec0abf2e2c84764283323

SHA1
3f173a561b3dc12b47343bba625cbc426c04ad8d

SHA256
dfaf6ecc8faae102f6b43a7a3c432510653ccb4b00c65127a43e06b8b81dc13a

SHA512
8ff874882fef2e37ea2045f6e23cf09b26cf3237b11e82034ce9a4e26cc73cf78c53135d75d7d99b3cd333be6c06d0145e3cfa8b0b20b25da0b303a0898b0ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
8a410ca32cfa68b6af87dd2a15895e22

SHA1
78218033b8278df0e23513baaffdfc346efaf5cb

SHA256
078710f879b2d154a2ca8d9983b4ba9a90fc0be52a52c98658ad9c2c5fa5592c

SHA512
de46b955a9e9ca25d045efae4f34367a5b5832d36e49291d0c5e237381af12045a479b0d53777ab135db15b7af09f24152d48210ba24e4ffe0bc815b9936972e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
2c3e9dac08a2bde718ee98e541941854

SHA1
8b20bf0a5075bb6f009f99bae06c9eacc0bf4177

SHA256
825b3bcce2da535602e42aa083f281321ecb15867c84807ffcfc83cb69abb105

SHA512
bba9a8efe84d32a060dfee7afc7204f5c3f30de323390ff8eae239260a75ff73e3321d71c2da75c6516b1318ed06d30bd3e78b9856897d0fab8a484f03655f50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
1d264f5df787b4bf8cab3f13599286a7

SHA1
c5ed687bf0e710a55f74f8ce9aab5170a4174e1c

SHA256
e5a2fb5e03e3521b280750227cfc5d958d98a64f826d1303399bb74242a8025c

SHA512
fdff51b45ebad6fc7d3f706f591c5a3ed59eb66f6eafbad1911652b868c96d43658f58111238cce424b41505603bcee04a1bd7d86c83503c11d5cd7e18699131

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
7e359e074387c4a7088a70efda6435bb

SHA1
e3bd6690bbf53c38de9b4a8caf619c9482f3d57a

SHA256
a3423241f78378104839de8455cd9b6aaccef655cd50458af621b8f280fbd636

SHA512
6e24bd7733c9df2e62f703040ec9cb59d8890ff6ee445f19f3777e83b4444f07d200fde5c2ed982187e8a9452ba46c32eebb7892a9da791fdcef865637770c7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
4ef658b62b4c0226de4f39db7e5d3c50

SHA1
59750c4358336a682988920bf304d66302ee30f9

SHA256
09f75a4b0fc9c3c91df013f02646d9d218f6338ab1d7401e2f808530a224dbda

SHA512
7c4ceab5965a0374792994eb0919e7998c47b4445c9e6d52849ff0f0b23a101d5c135e38a842d5a59b8d2533a833da350674bc68f559885fba0d978212a4ad83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
f4ba1e097cf5583de3c0865d4dccb5db

SHA1
cad0aef0cc46bc2f01c4750dafbca8d6a2720826

SHA256
37cb3405f318337cf82e3ef53b03ec039d30a5de140c6c6a69fe2face74a5b49

SHA512
f5e438c5eab9e2f95c390328f60b9d89a6708858cf013c7f3619f6a8bac2f39a060a36d953eb58f5048245d617a6ae26a18d57958102601d76e08ea90cc7d627

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
cae0cee49eb581a7d6d9a1e66a25b585

SHA1
7a08d8de8a45e156cbf5d5a1b0a6733fb9c88fb6

SHA256
eb7774a0923e830edf50f3e14e4a48c42effd6b13a6c072cc95fe99286dad754

SHA512
5181e0f1ddb66a7d537895e8a8d05eac713e02eecd2f6538f701cecbbc63ba963d0746d92c1729d2fe1ad86f60c8422253fbefc2ef3c517b26767198297dd14d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\startupCache\startupCache.8.little

Filesize
875KB

MD5
6f411cf0fe143e37413c8732077d6558

SHA1
3042c2494e89dec3ea09b0f57275e3a974dcdf2c

SHA256
de7e2e733d3570cc397046950000518c691b67cdc75bbcb4b02f282ad7ee77e2

SHA512
50649568dd2c35fd744ff7edfee2f639f8a602d2c201cc14e3861c233780edb7ba4fd29928fd4439e7f7be91a79274f5aa25b087ba564cddfc3e4f155a6f098b

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\AlternateServices.bin

Filesize
6KB

MD5
e0e3149d3f1fa5f0b9c917a8619663e2

SHA1
9eb567b117ba63cb9f9da1555720f630f2bd619b

SHA256
e516718444577ccf69e02e2eb963502531a163b904b17964f48fe5da7efb1010

SHA512
bb0249bc8e97581b3d2a5ff050e790b67351cb9f4148d9ecbbec3b007c0358375b93a80f3a0b4d54f27433968353987d80242112c9d518b4c613627e891691e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
e243b9c5e0687f8a8675edaf3e01da39

SHA1
d775c2b73ed1d3fa9b9acf2c2e074bbd8b4ec471

SHA256
4f192bf0ba4c768555c98cc4edf72cd20b5763cbb0d07195edb4b713a4271cda

SHA512
ffc3ff938b95703d139ff8fd4a0a92f301d61df68c40d0ee76ee63e49a231307b2aede40c4965585e0283ad597013236b53d101e3e4806212e3dd9f3933dfb66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c7cd1e95b422114966866ddccc968cf7

SHA1
34be519fb07344b984ada93c8b5ce88951a86bd2

SHA256
4fe44c56183495b222bceb99074235c04af413dd2612a5b4738193b181bea9f9

SHA512
df38a73f1bec8991c2f25b9125e1a1be70b2c923d822b73fee7af9c3ba22bb035947d2cdc907a5e757c657a102c123982ed842cc6207f6b246d86bb90d7d2ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
f7e2dbcc42d3d04dd533d0c4f5601435

SHA1
08c98d3fd420ca1e4c8470c1eee500b53766b532

SHA256
2864000ad35bce1fae61ad407866a8935728976be4fad948ba5c4679a9346c17

SHA512
1db5c744deb9810c1f7d301cf40033cfe6d628e9c38f60982ab9bc3bc7001c2d5af969d8b10696262e995935ef55b77487887646a4e4290c42488be8cc3662f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
22264cfb63c1840f0a8a9f2d0640b7ee

SHA1
46238ab95ab785fb605e21a522e3a52363f90b0a

SHA256
9c6a17924671bd0858bbc27eb6b107d7b931398a985bea9c118b42be8e1f2bc8

SHA512
b804d9e2509a59c35022998173a4e05981463c4e6129ce27a61aba485ab9ede5c2d9c7f645bb2cfed8b90a6dfec7df3c63d695805efa114c13553ded48ef653d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
2KB

MD5
1837c9e7824b4b0a8748540c969fcfb7

SHA1
2cfe3aabdb7019c371c46d782c321e21af7e5a36

SHA256
0401f89ce9ef64b0271684f4ce55a0ea4ea5669299803b7bd6002f9c21470d8f

SHA512
5c8db900c425e12ae7997369513e5cc9bb049a44f14f2107ee2ba3c44089bf122039c26ab10f47233f395966db463a2df80e4c8d6e08ddd80ceffa051245caed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
3d7026a40e90636b5d9a31183c6f2d28

SHA1
21a6be0bc9a6cc19b71cb9a06ec0de526568f7f3

SHA256
7dc7e1967ea483d493fdad96d89f9e74f16f5adbed4d8d253814d9cd32377715

SHA512
58200c011a602de5037c05869bf558ee8d598333571220d49df2cb35a748e859552cbf381605cadbf8947c7dbb360ecda099d8dba25d677277ceb6d9fff9b99e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
1dc6a561b6548650c4dd2bcdb210ae20

SHA1
0f562160d9252192ebcd58a0263c370980569bec

SHA256
ca56df21aa599dfcead6bd4380f57955a3badf72a25781ce298fc7dcb616c6db

SHA512
c0ee3e5f13a2d5c24d3c5e4626b60f6a6c4a5e2c5ba94492a8a221f2fcab132e30c6daa9791f38cb6b079ff81fcae23d289c5495178bcda8f7b12bdcdb863fc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
35b6db30c7f91d094807f0b9cb542b88

SHA1
824b7e8188fb926f9b49ea00a7642d5c259aeea4

SHA256
ce6fd9a9e8553b1de42a9e13dca8e2e18dca98ed22b49f040ddf1ec4c11a9a1b

SHA512
1198a5e281c7df4f27a6ab40fcf70d4f755ed2cd33b3812c85d4e96441986ee24157ba697a84a6e3a355470f946492687100c7f99a6d6d64fe9f4bea0e742e13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
65bb9ef7d3fe94e5689b76e183abe8dd

SHA1
9771c2b6f8a962f11e02bb39fe3206e3aa8dfcfd

SHA256
04abbdcb8917781e1bb3f677ab47c57829024d43b32a5658d1f471e51d53ba16

SHA512
1332753d5fba84a114ad02d00bd48b293898d8b89e96fd0b57a20ff5b9881cb1274b40d8a412d69eff4e2c4f83bdd3e9a1a558e1335ba911cab1e794d5448380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\0f34e373-9af1-4225-b97f-c113977ddc09

Filesize
905B

MD5
7a700a164a81d4ade3fcf8c8e71351c0

SHA1
db0580bc063a5614e6564ffc819f151b5b2597cd

SHA256
10797bf14ea43ac9f67f7e50a08c25dd348116de6c5c49ec09f22bd60d846043

SHA512
c446f3a9f080ac91fb051934a9a11cdf9faa4bca7584b97c5504938d44a5bd81afbdcdba9e121da7dec4796f01e09211c6b697de5f92b11c7fba434513a7bc81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\209eb5ea-8d09-4da4-a71a-86e8ffff6f1e

Filesize
982B

MD5
d4670de1e99e7dc79e98f490cb8277e8

SHA1
49f96e0fcbc9605359caf5685565e8af98d88391

SHA256
59252b64015d9df4bcdebf320fd6d2e286b97d78554125273c88639e729a4b99

SHA512
fa869c135f07a4f2da635f474e2674513a1b9cfdd56b85889d78c03328922489c91eb425bdff4df763f4e9649e1f12b3aa019e05a99b8af0c4a2e9dfdef27bc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\28dcc8a7-ef30-4f83-a279-2a190fd15501

Filesize
23KB

MD5
f5989effd3b02ecf47d946806d4d69aa

SHA1
ac086b39a218a3f646fa4707e50dbae39f245223

SHA256
79464af0c6128aff49ac4cf4e1c1f907f3306ce61fbfed592158ae095cc485ba

SHA512
558dd728049b1fbf99d590f8824f507496435bc57254282b16395ce7eec7f3d66644a009fba841d0baa71744050460746e29600390c48634d5da737876004605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\9e787134-2679-43f5-a223-56f5e24cba1e

Filesize
659B

MD5
d6857f00ee7af852d57de427b9485179

SHA1
843f246fd8a39afd1724023ea943040e307dbdc5

SHA256
37ca28b1eecfb892d4aa2a0347e76d9e2acac75744e2b3f4be11196e878307b5

SHA512
f93f8fe35142cd90e3e39e32bb3d3c0d90843eed30872082860c4e383d12723186a6acc9a30a5a752390ca01e8179e73d419d017a27ea7be6a1725019750d3f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\c112adb1-c2fc-4672-bc38-c4a7ce381f67

Filesize
671B

MD5
a9495e1a4657a177ee3ee0746aa29347

SHA1
bcab9448b581e4ca5aa90fd7043ecc50d7c6c123

SHA256
cea9405e65d823cfc2506a7be894320b2f713910288d4ebdb4e5069fa649f6a3

SHA512
f770048317737f1f916cef329b697f80257c39a9bdbe8a4a2f5c00eb8b0acb8e1a5c6f2da2545eba246fbcefc63f837fb09839b9481612cdfbb1bd8b7ccd13cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\extensions.json

Filesize
37KB

MD5
b5219f42296833d1d5eba6f0b695be92

SHA1
de578eee6604fdbb43cc50803d8a766319bd1a46

SHA256
c637ca93d580f98c23e88c62419dc84d4d4a19806594017d7faf0336b1e1184e

SHA512
83211394bf130500f7a97025ad4fc81d2f08d0c990593b594a3b65c22632c613b89ad7384e5c6ba88dbc263d640a93e370d717f4ab676dc2e79f4fa65cfb1ba7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs-1.js

Filesize
10KB

MD5
7795c3e1b50739a7924457608834612e

SHA1
d09e7a0b8b289c30644169435eacee51fd2475cd

SHA256
11cf470439a369e0e7ec392f703c1c9acdd2a15a2401abdaeb0d8a0007e32977

SHA512
9f896f28a3a24c0594fe414315d9f89e3954648ea2c1a3cfad5d0fec941d2b140294cd6d872e496b1e230f50453e4cf581e561a3390757982a5435ca0f41cd56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs-1.js

Filesize
9KB

MD5
9ab11741d5371d41bb874200aeb17d8c

SHA1
aec96882933ecda29709e2336b8023764094d779

SHA256
70bae27d7c53a027b4591614919d441f836984426cd7d254a32cdc886c1d9aaf

SHA512
09e4c56dcc0c054f5300eaea4ad4654f68087a67d7cad5eef908d14e0c45abae7e703afbacaece8b2b6b052c743a67459be97d04ea77eedc0dd50eba858362fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
e9cceb8af1de037db88be58f193a43a9

SHA1
2a3c48ec1a5bec9913fb2242a20a9153b63d78e3

SHA256
7e7a204c9d0e25120269845612ef46c95af449db874ba975a321563bbaa7f004

SHA512
c149663425927bf6b0945fb864567cb267118969f08f87f240c491274c250732740a05f12a72629aecbd6e558a571fa114a503deb5dabf068fdc0ee3ee5cc4b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\Desktop\Blaser.C.sourcecode.txt.WINDOWS

Filesize
64B

MD5
a9b35390b4093cae8d3f4e9f741e3205

SHA1
fd48f75819f9647d6d561569f9e459c68cf8169b

SHA256
f7ccb8d75d3978f69831522a4a472aa60dad311b61e81c321f2244f76037589f

SHA512
0622aa5a85f7bd2c8489adf063a7fb98d943a34fb4949fc4aca18459bd97664d520980afc9c1e1e6b91e2ac955feb3e05c537c56975c52ba1d821add6fb22db9

Download Submit
C:\Users\Admin\Desktop\BonziKill.txt.WINDOWS

Filesize
208B

MD5
ad36431297f16595afc37dfcaa4d7b78

SHA1
12900b66691f084d5696963184f03bcd3231f71c

SHA256
14e50fc1c058dc4b1fe5153e009a8f85d4480c20d18d42030781a9088fc2d90d

SHA512
e7c20e3e8cb1edebd1003c3a5d6fa5a07c2410ba7678f92c1cf5b6c44d84c35f3192d7ceaaf3802c7ff9cb0bea80914dccad69804518226e9b6a1378500088bb

Download Submit
C:\Users\Admin\Desktop\BubbleBoy.html.WINDOWS

Filesize
12KB

MD5
cee896a0c7506bb21df00b5dcdfd1ac5

SHA1
e27354a7dc8a78445b57597ec1e99e99f072539d

SHA256
915c87ba152d9ac1bae3645d655f835b6521ab938dea1cee309dd21eedaa3f4f

SHA512
6dce9658307c44a4eb91550a47d54846bc92b6a1e9c98121aa946f2e238ed26dcb023e39fe743aa79bafc377da7921e0042b09493cda550f7046a3dc830064a5

Download Submit
C:\Users\Admin\Desktop\CobaltStrike.doc.WINDOWS

Filesize
86KB

MD5
d3fd1457414d84bb6289afa382ce4348

SHA1
7ab8cc671629afa2e47442fd1377dcc59cd0aecf

SHA256
6e6fbad770ddd257450771991103e23bbb697f1fc0a5127661f03de6ece7ded4

SHA512
f04115cb09a44f074d49f858f71557b179aa4099cc006ac47f56f6e8c77a53d56b21e118f9181f9b0f39f7c026f1abb51d66ee4c985252f211c12a8c39b59fcf

Download Submit
C:\Users\Admin\Desktop\DudleyTrojan.bat.WINDOWS

Filesize
192B

MD5
9dc689ce6ca7463916119ed4f52f443b

SHA1
fe64a726d10c138d5de89e55fd172c03f3ca4b77

SHA256
66dcf55757535c0f120ec3feab962d0555c9b48da2e9851810b71cd5160c1fff

SHA512
452e8cf57535002446fd88209a70c095dbf07a82d2e3eb6d7aa1296f177f7a291d9a66ee9f8e0185e1d6cbb30ba227f5df25a363a2047b15e8d25d9446986cdf

Download Submit
C:\Users\Admin\Desktop\EditLock.docx.WINDOWS

Filesize
15KB

MD5
cd4ef5e48c69f3f7727aef97f39f475b

SHA1
bd0959a88098b0ee55055de1280284b2a64aec66

SHA256
4c91b5e47e2958098653d0dd1c71c6b9585bbb31a4855bb9681a3946dfbac904

SHA512
4dba8b0ffd272fe1658f5e9b83dbd97ac2c9693a1680fe6a6145700df338b1b38b569c50b37c4d620ec1dc68de108a54fd0791a5486bd7cbcab8b08273c6bdfc

Download Submit
C:\Users\Admin\Desktop\Frankenstein.doc.WINDOWS

Filesize
493KB

MD5
91aa468b8c39aaf1de86890492849f02

SHA1
b2d3f77343425ea195ab7d9962244f2f03144040

SHA256
f3991dbb9a8045124c32db54242f303e2db09b076be4063e70e26bfd034596f9

SHA512
ceb67fb94795b90f21be8b2aa3b2a2b26d3640fbbbb493e64de958719ae53144613a99af85ab98880698749f83697ecbf45cf25899374a6780c2ba311388f611

Download Submit
C:\Users\Admin\Desktop\InstallBlock.docx.WINDOWS

Filesize
14KB

MD5
cb602fc785f43603749fb9949cedae89

SHA1
32efb22f69a2d7317ffd8e4d33111625161db905

SHA256
8c311bcc92d628bc803d6675c00652a5849aee79529d28fb3d3936c2eb2bfa61

SHA512
95f6696ee246f4a32572b6acad0356fbe66fedba7d9a05c8acaf25be8ab83867277325eebfd77502c303c34d73c0394bd505d801ea24e44e8addbd77f5e5c3a8

Download Submit
C:\Users\Admin\Desktop\Jer.html.WINDOWS

Filesize
5KB

MD5
109953fd2f6ba799ae55a07f51e63e27

SHA1
3318746eb131deff0f795ee09841299193c618fc

SHA256
5113e0c217fd626a8749e9138f760d9b443e4bed102ac0de5908cc8cd7bc4dcb

SHA512
078c21ac089daa19132150bfe8c5089571309859d63ccc1b1a685a8ec93bd5a46b650c37ab40784ca72a5b2b95a7996346ab429daaaa113829fe41ba87e2d29e

Download Submit
C:\Users\Admin\Desktop\Kakwa.doc.WINDOWS

Filesize
72KB

MD5
8c82070f666b8a09ea2889d163911d40

SHA1
7a28edb030c3c752d868d8aa2ac453bf9b8eb5b6

SHA256
3de9ddcfd8209e4cc726038171ac72bcd0e78dd2931d9e39cced363ff0d4bbec

SHA512
088aea95c209e038556a3285d5876627afd8347a43784db4b97264d2039ccd3216d1a40f44bcdb345a2e989f2113618d436ded25d2ddfb0b85448587bc12709e

Download Submit
C:\Users\Admin\Desktop\L0Lz.bat.WINDOWS

Filesize
6KB

MD5
56a06d446409228bae39283d4843e6da

SHA1
d9f0f5682648f621b387496a477b7481a4cc26d4

SHA256
bc7c838ab461db68b2cbc245fe27b27ef11ea31f6a8eae433607c63de9753ef7

SHA512
c394c5d38837dc6daaf57f9f08c9d461c77edbb5441bbdf30ed828ce9b38db0f34b4d21634e9bd6dfc0513b82298ed8697447fa57d3ba45334d71f1af4bd2260

Download Submit
C:\Users\Admin\Desktop\Loveware.txt.WINDOWS

Filesize
320B

MD5
64888d589523f090c321df30f7118176

SHA1
18e5e2d44950bddc5275f34ef405eeac1e682685

SHA256
7f4a6c554c41e907c5a0f4f841a0b316ed1c59f73027dd6fa318badc48d451e0

SHA512
9e9ec6f0739e84b51bc2cc650963d51cc88a5585d52650d27f6a0c587a4295d44420aa2254dfd162d7621023bcdaedcf8f80c36178f9b9b94d4b2895918fbb45

Download Submit
C:\Users\Admin\Desktop\Melissa.doc.WINDOWS

Filesize
40KB

MD5
146e14b90c43a2e50c7da3d473e76b2a

SHA1
4b2f1d601a25ca19e3d7991edf0a180d3db45819

SHA256
8a725940c97deec30cc8af397df190dbd298fce860b6676192266e8ad875b376

SHA512
2207fea1b2742107697b0e24d0a80f045549d90cb78a62a18391da5ce03470e509a104b136b6a7fe96766f38bab483ecb0a71abaaca5a4ffd60bac88f14725dc

Download Submit
C:\Users\Admin\Desktop\NetWire.doc.WINDOWS

Filesize
7.3MB

MD5
a9b9b4895abf14a273ea8814cd82f325

SHA1
d79d2b17f3c26d8ec2b52b3c1c2496528671075e

SHA256
b94a3ee507568a50df711a5d7f6b6f3d90d39598f8659943f80a65cdde73ea3c

SHA512
e829c81623c0fd9466572ffa6c70bddd21bf829221c17aca47963212527f0c7b557f8d91a08d0b86afc3a0532a80854056231a6dac6f6ff058ae350e210ae6c3

Download Submit
C:\Users\Admin\Desktop\READ_IT.txt

Filesize
108B

MD5
d845190db42d07b1f4a34292d8f335c7

SHA1
fa97f5c6d4aa832a0a1451730e8ba2a32b2f9339

SHA256
6bd70f8e5afcaf2bac76a5e40649be7ad4d59fb10d37e4f18ed3b1027b714b9a

SHA512
9d9310f6885084665a54cba5c33ce55d2de89978b82d59c70746f1e9ca2abdd094713e562f802f5e723654824ab872b9ab453cb32e279b5960edc196f683a08c

Download Submit
C:\Users\Admin\Desktop\San.html.WINDOWS

Filesize
4KB

MD5
2c8382d31309ad14883a9473a1edb234

SHA1
fb5f0321b918ee6a3bf0da8843e833a4221b3c45

SHA256
23ad3bbdda50821febd5d64d81645c253d4255e6ee65eb619dc96a9bb889a4ab

SHA512
53501a38dcaadfb0094249ae06fa3a236ca33b9bf159204356d29f4ab018a6e12558c5ef8f854bae358f9e105b1294e04bb7cd9cd32805cc0e0f4b582c3738bb

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Desktop\run.bat

Filesize
47B

MD5
8d35d0d7e1ca3075d84850f9617cd7db

SHA1
1fd7e994754451736b44e0deb7e1c9574fde6697

SHA256
e79bfc6343f99089a97273021e1dabdad93900b87e83794ee1821dd5f19838bf

SHA512
e8f5935eaf90bcdb466888a3d7438d9b8cb6ebf03ea7c5aa64c9e4b9c3d91a8f66bd46906a259a007badfccc7dbebc4e80707f3d632b825b110ae952fbee4edf

Download Submit
C:\Users\Admin\Desktop\run.bat.WINDOWS

Filesize
48B

MD5
d2bd1a863fc78810a106ee9f528a4465

SHA1
9100df96b622c104aba8160700974ba04d2d0327

SHA256
0f8532d88e12c927c4d5f9a8edcb25d9d7a3561df7d5808d0e6b0796ad5bca05

SHA512
76d4222f2d4402599560a18a0b62724aa980a4497f56ea56bb1c2f504404199b43d6633b6c5ef68e5744a34e6ce675cba0800a6b111f2a4c001500c060718fd1

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3384-974-0x0000000000460000-0x000000000048E000-memory.dmp

Filesize
184KB

Download
memory/3664-961-0x0000000005100000-0x0000000005192000-memory.dmp

Filesize
584KB

Download
memory/3664-973-0x00000000050F0000-0x00000000050FA000-memory.dmp

Filesize
40KB

Download
memory/3664-958-0x00000000005D0000-0x000000000063E000-memory.dmp

Filesize
440KB

Download
memory/3664-960-0x00000000057B0000-0x0000000005D56000-memory.dmp

Filesize
5.6MB

Download
memory/5108-1002-0x000000000BE00000-0x000000000BE10000-memory.dmp

Filesize
64KB

Download
memory/5108-1014-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

Filesize
64KB

Download
memory/5108-1001-0x000000000BE00000-0x000000000BE10000-memory.dmp

Filesize
64KB

Download
memory/5108-1010-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

Filesize
64KB

Download
memory/5108-1003-0x000000000BE00000-0x000000000BE10000-memory.dmp

Filesize
64KB

Download
memory/5108-1000-0x000000000BE00000-0x000000000BE10000-memory.dmp

Filesize
64KB

Download
memory/5108-996-0x000000000BB30000-0x000000000BB3E000-memory.dmp

Filesize
56KB

Download
memory/5108-995-0x000000000BB60000-0x000000000BB98000-memory.dmp

Filesize
224KB

Download
memory/5108-1013-0x000000000BE00000-0x000000000BE10000-memory.dmp

Filesize
64KB

Download
memory/5108-962-0x0000000000BF0000-0x000000000129E000-memory.dmp

Filesize
6.7MB

Download
memory/5108-1012-0x000000000BE00000-0x000000000BE10000-memory.dmp

Filesize
64KB

Download
memory/5108-1011-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads