Overview

overview

10

Static

static

3

MfW10_Fix_...om.dll

windows11-21h2-x64

MfW10_Fix_...er.exe

windows11-21h2-x64

Resubmissions

28/03/2025, 20:09

250328-yxltlasmy3 10

28/03/2025, 19:54

250328-ym1vrszzhy 10

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 20:09

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    MfW10_Fix_Repair_UWP_V2_Generic/Custom.dll

  • Size

    3.6MB

  • MD5

    28c87bb3b0a5ca2c9808e83993c3da03

  • SHA1

    babdb64f468b6893b7798a166d484f1926ec599a

  • SHA256

    c53e2fe707e0a58286c0ca7e15988c7e07a5c6609744465d5099131d115d4a3d

  • SHA512

    106dfbded22dae2f0d10655ae555e9e7fbe5f5aa28f38a01879ee898dba3e7f7ccd5658d8670f5b1f922e3cd2a2a90d6d9c557f95da239ceb7b4cfe65508999c

  • SSDEEP

    98304:5tqYopU5sN4sxMFCh2+cGjeQTBTb6rJBy7ZA9p:5tqYopzeS1hF56rJBy7O

Score
10/10
defense_evasiondiscoverypersistenceransomwaretrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    defense_evasion
  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Drops desktop.ini file(s) 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Modifies WinLogon 2 TTPs 3 IoCs
    persistence
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 3 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 22 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 4 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 15 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 19 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\MfW10_Fix_Repair_UWP_V2_Generic\Custom.dll,#1
    1⤵
      PID:4224
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2140
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Downloads MZ/PE file
        • Subvert Trust Controls: Mark-of-the-Web Bypass
        • Checks processor information in registry
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3780
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1968 -prefsLen 27097 -prefMapHandle 1972 -prefMapSize 270279 -ipcHandle 2060 -initialChannelId {6971b956-9cf8-4108-89ea-992098452411} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
          3⤵
            PID:4680
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2432 -prefsLen 27133 -prefMapHandle 2436 -prefMapSize 270279 -ipcHandle 2312 -initialChannelId {d67a5413-a229-4798-b3d0-bdec561792a2} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
            3⤵
              PID:1476
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3828 -prefsLen 27323 -prefMapHandle 3832 -prefMapSize 270279 -jsInitHandle 3836 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3844 -initialChannelId {0bc31496-0d82-469a-b327-69dff9db4ecf} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
              3⤵
              • Checks processor information in registry
              PID:3864
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3992 -prefsLen 27323 -prefMapHandle 3996 -prefMapSize 270279 -ipcHandle 4072 -initialChannelId {368a3e7a-c326-4024-a3ea-bc2d0a93ecf6} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
              3⤵
                PID:4552
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1664 -prefsLen 34822 -prefMapHandle 1684 -prefMapSize 270279 -jsInitHandle 2628 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3308 -initialChannelId {44e64810-a6e4-43f0-a32f-956878b752d2} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
                3⤵
                • Checks processor information in registry
                PID:2976
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5040 -prefsLen 35010 -prefMapHandle 5044 -prefMapSize 270279 -ipcHandle 2564 -initialChannelId {87f3d34c-a780-4222-a525-cac02bd41f05} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
                3⤵
                • Checks processor information in registry
                PID:5232
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5680 -prefsLen 33031 -prefMapHandle 5664 -prefMapSize 270279 -jsInitHandle 5688 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2432 -initialChannelId {ccf0c460-ba70-420c-8b37-8046475d0d91} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
                3⤵
                • Checks processor information in registry
                PID:5532
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5624 -prefsLen 33031 -prefMapHandle 5540 -prefMapSize 270279 -jsInitHandle 5564 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5876 -initialChannelId {6fb794e8-111d-4561-9bb8-e05a27302fab} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
                3⤵
                • Checks processor information in registry
                PID:5544
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6088 -prefsLen 33031 -prefMapHandle 6092 -prefMapSize 270279 -jsInitHandle 6096 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6072 -initialChannelId {8c8c4793-7b66-452c-9fd4-aaf4354dd492} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
                3⤵
                • Checks processor information in registry
                PID:5556
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6080 -prefsLen 33071 -prefMapHandle 6084 -prefMapSize 270279 -jsInitHandle 6336 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6088 -initialChannelId {21c4d6b0-0cd4-481a-aec0-d2da12984f40} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
                3⤵
                • Checks processor information in registry
                PID:852
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1424 -prefsLen 33071 -prefMapHandle 3188 -prefMapSize 270279 -jsInitHandle 6532 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2944 -initialChannelId {e8facb21-c442-4df4-9e41-0b9bed71ce55} -parentPid 3780 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3780" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
                3⤵
                • Checks processor information in registry
                PID:3408
          • C:\Windows\System32\rundll32.exe
            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
            1⤵
              PID:4356
            • C:\Users\Admin\Downloads\NoEscape.exe
              "C:\Users\Admin\Downloads\NoEscape.exe"
              1⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:5416
            • C:\Users\Admin\Downloads\NoEscape.exe
              "C:\Users\Admin\Downloads\NoEscape.exe"
              1⤵
              • Modifies WinLogon for persistence
              • UAC bypass
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Checks whether UAC is enabled
              • Drops desktop.ini file(s)
              • Modifies WinLogon
              • Sets desktop wallpaper using registry
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              • Modifies Control Panel
              • NTFS ADS
              • System policy modification
              PID:5996
            • C:\Windows\system32\LogonUI.exe
              "LogonUI.exe" /flags:0x4 /state0:0xa3a2a855 /state1:0x41c64e6d
              1⤵
              • Modifies data under HKEY_USERS
              • Suspicious use of SetWindowsHookEx
              PID:952

            Network

            MITRE ATT&CK Enterprise v15

            Reconnaissance

            Resource Development

            Initial Access

            Execution

            Persistence

            Boot or Logon Autostart Execution

            2
            T1547

            Winlogon Helper DLL

            2
            T1547.004

            Privilege Escalation

            Abuse Elevation Control Mechanism

            1
            T1548

            Bypass User Account Control

            1
            T1548.002

            Boot or Logon Autostart Execution

            2
            T1547

            Winlogon Helper DLL

            2
            T1547.004

            Defense Evasion

            Abuse Elevation Control Mechanism

            1
            T1548

            Bypass User Account Control

            1
            T1548.002

            Impair Defenses

            1
            T1562

            Disable or Modify Tools

            1
            T1562.001

            Modify Registry

            5
            T1112

            Subvert Trust Controls

            1
            T1553

            SIP and Trust Provider Hijacking

            1
            T1553.003

            Credential Access

            Discovery

            Query Registry

            2
            T1012

            System Information Discovery

            2
            T1082

            System Location Discovery

            1
            T1614

            System Language Discovery

            1
            T1614.001

            Lateral Movement

            Collection

            Command and Control

            Web Service

            1
            T1102

            Exfiltration

            Impact

            Defacement

            1
            T1491

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\027putap.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9
              Filesize

              13KB

              MD5

              21985a4825392ef49ccb25238c83a1b0

              SHA1

              894c86c4363303335cc6086999c3fe6c8d2abfd9

              SHA256

              e3562818a93371f7faea5ddd6a5b3cb2939cabae37efadc03b60565ef027c0cc

              SHA512

              f27168b27abbc404228fc2e51ce1ff02fa5a2b5b78726e42431441b585cdb2c03da5ce8e53ac12a411bc4b5bd64d8366fc436b665ad1c5f857f33360bb0800b1

              Download Submit

            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\027putap.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD
              Filesize

              13KB

              MD5

              c78836244d1b0c9404200c0a96efaa3c

              SHA1

              f0f1ffd969deec649663b52a5bbc7a907733b2ca

              SHA256

              9b952418124334f20ec48a4aedeacaa52a5dd5042f2c829d9b561eda5692e4d7

              SHA512

              dfb97014301024896a705c6d3a8a07f75be003a256704c168f0a0a738e02e169c5fef678fc19f11303e49217a6160f185e7735fa4cd4653040a922afb0a573d0

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
              Filesize

              11KB

              MD5

              25e8156b7f7ca8dad999ee2b93a32b71

              SHA1

              db587e9e9559b433cee57435cb97a83963659430

              SHA256

              ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

              SHA512

              1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
              Filesize

              502KB

              MD5

              e690f995973164fe425f76589b1be2d9

              SHA1

              e947c4dad203aab37a003194dddc7980c74fa712

              SHA256

              87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

              SHA512

              77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
              Filesize

              14.0MB

              MD5

              bcceccab13375513a6e8ab48e7b63496

              SHA1

              63d8a68cf562424d3fc3be1297d83f8247e24142

              SHA256

              a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

              SHA512

              d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\AlternateServices.bin
              Filesize

              6KB

              MD5

              16b7208aeb1d6d28b2e53ba7e1a7f805

              SHA1

              9b3d9689fe1aa4bd357ac1a63b0e6c62a7fcc9d6

              SHA256

              9b35eeec065bffb8cca41ebf9785ff336c6b6f7952bbc9af322ad757c79568c5

              SHA512

              6585e96d09ee6ddb828bc61ae9b324f4f707e8ffc3db601b34b119094f17c0acad2fe27bf3e16bc1528ff1719fe6f65ed52e2671241be88faf6d658e98b33001

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\db\data.safe.tmp
              Filesize

              6KB

              MD5

              af763608089db74e3b0ba1f0deac4ca8

              SHA1

              7d7fd344cab1caac5c31ec7c69129b5aa7690a58

              SHA256

              94c5e8da00be016abbf7255918e232ee0543bc885ef079837dbe9e2aa6b4ed0f

              SHA512

              66e4ede325fcd8eb1c6f3056810d52e4c2afb29bc0e897b629b84a1931aff4c50ca4b555636cd26c3bd0e26dedffdb9a1b5bc8e49edfd16ebd4d8f90baf1f8ee

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\db\data.safe.tmp
              Filesize

              7KB

              MD5

              f540c1cc0cdd1017a2cb969de2bd8f35

              SHA1

              a3a82c9149ba859fb2df00147d078fd2accc22e1

              SHA256

              e86e25846bb9b55866061a25f50b14c48e3a13a24204ba96ec4cad4ca6d929a9

              SHA512

              087b26185e8596c7dd08a0de880ab25f64e086987a6fc6ea0a9a5a1df6fe9def3c3069efa1347fbb1a745b5d60b1d747cb8ef91d7851749b8e08a183e1a90614

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\db\data.safe.tmp
              Filesize

              7KB

              MD5

              86756c2336ecbbfbd1034d0990539f97

              SHA1

              6629fb2f4939c964ba6b1815277b3aacf1369d58

              SHA256

              7a53592eca9528fcd54d9a35f5637c172122b7a31b38064b25e832e5c0946689

              SHA512

              46ae0c29a3fc510f4afe1a165fb6b08bd637d24550641fa84744c8257c95318ba836f5283ff7f45551b3754e7b1f20c9497423444ba6737b16764ed9cfb3990d

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\db\data.safe.tmp
              Filesize

              7KB

              MD5

              d6dfe3af2d40257474ce8b36f0768e44

              SHA1

              3d89fe4110c183196ce50cddf0be54bbb4fa0cc5

              SHA256

              2bacbbfe4722d441156b769b2732d24e5ec39f3d6608931f5b30c185c259e2ad

              SHA512

              7195cdbc13df9543c0d2e2c3c1cd5455801148adb31f4e775d69d9ece25b7f58e36ca8aa5469a40a27de9a6781777766a2ee7ab82765d0f965c921ed9e8436ec

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\events\events
              Filesize

              1KB

              MD5

              ad1609acd34fdd1873337c04364d473e

              SHA1

              bea106781cc6e4612bbb8905f5c8e28b3e404604

              SHA256

              112013e9884bab939e7a5740f9937d3aa4d5217a74851a0ffb878bfb64dd607a

              SHA512

              6fa802e747a0b8c745d4dd4086b2c0cf9e04e998d181e88657adcf4e28fec55109d5a4fab98427c1136c4139c5e1feca5d05748e3583a7dcc345b2697f630874

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\events\events
              Filesize

              5KB

              MD5

              6faff9d1e21b5203621751757165700a

              SHA1

              2b2816ceb4d6c2ad413409bd583ca423ca78f39e

              SHA256

              4af99aef494422a29a00125408032cd2b311936f3371cfcf1f9f00cfb8b46b2b

              SHA512

              33b2eca261a8adaf008315df9c0d737f1c44cc87f2286fe7a16e23da92ff86f694fba1681dc3fa2a8da853ba34e7057fa407b7e43b8c074d4f393ffc523f8c44

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\pending_pings\112c868b-9aad-4655-a63c-d3a53700344b
              Filesize

              235B

              MD5

              75e89d360a939323c4b877f05da9f716

              SHA1

              151affd771887191dc49d50a4adc65d94d0c26b1

              SHA256

              ed168faf6e5e8223cf8d5bc1e1e8c5fb9560dd5bb4946e72f2c89091714f212f

              SHA512

              4ac2570469353b16773061b2a9845bf564eec1e45bfe95dc09a0b4685c9e52e0a0d5b269e596a6ea16d0b844b76ca3ed792dfb205d47c69b9c149797195eb356

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\pending_pings\2edcf411-d939-4974-adfd-b990852d3794
              Filesize

              2KB

              MD5

              c99860ae6cda64db9cb80796c15df128

              SHA1

              b9d072c310ca93e0389c9a413e96f49d3c40a874

              SHA256

              79d6e0be34309264c7c2847bd485d1b06efc7924ac226e7d5f127bc66d2b7330

              SHA512

              f9eff3566ca1b7671adb03d3a6c79f052a587e5865a4a5829d6d2a87b90f424290e68c6c8dd1ce3bdabccf8cc692ee9771e1a78c390a37b265959fa6f0ca380a

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\pending_pings\307e6b8f-222e-40c1-a72f-197102d33c2d
              Filesize

              883B

              MD5

              51ec0dd23210e7b3a0be61178475f3c4

              SHA1

              7b41565551604a1c8cc777d569e9d06deba6ed4d

              SHA256

              b84df1b0d7101c8e81030c991c6d126714e9445acc6459ca297b6f771e7773d5

              SHA512

              e275fd9070462318a85403598ce7e54af4d94127c4a61ac07bc854681898468e4d4047f9faa28bc1c416d9e4e2fb026b04a6b696db7fa4d9145e693eb275f05b

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\pending_pings\542999bc-3a1b-4f8a-bfba-02398441c35e
              Filesize

              11KB

              MD5

              e4e289aa695d77a136c777940b3640c7

              SHA1

              947fec3e252dea0eaa52acb0f8caa1b003756c4a

              SHA256

              3dc4db9546a976dfcacce10ef40b8da441cd4f34aad35a6018dfc9c043573f1f

              SHA512

              ca4c128858c436bf7e8407ee02966cef86326d4344a687415506f8f143b5c171d4e7b91e8bb24fc81f43b694e606fa2dcb973c9b4df5f86e61630dea2f6b757f

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\pending_pings\9916bebb-1a16-4959-8992-478b72046474
              Filesize

              16KB

              MD5

              5af5009f47897cda7a729e9089715daa

              SHA1

              90cae2cf64f04630ae23dfbedcd195062f6401dc

              SHA256

              aee2ab216c6b3590bd84e341d1814f3c65b4d402526292c996dcc39d9e6f2d21

              SHA512

              054f3d73c73c13f19547d584fcaec99ad0f8c8b6830a303a51b1d4a81c492d915fd0366411397062ac261c173de470076490f9b63593f7e6a5590a197c5adc7c

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\pending_pings\a3179545-9c1c-4323-9ef4-f17209dedb77
              Filesize

              886B

              MD5

              2bbdb435ba31be2a4819d8793e484e9c

              SHA1

              e7f95e321f6634e94145a32d531d2f5adf46a497

              SHA256

              eb6eac1bd3d8079ecb150ec3b4d078921c89c682793c196b4e06da0aa659db52

              SHA512

              0c77d76840527510bff209a2f665d6823a52ad1f607fe7a4727d45db9639bfd4db8536933c6e6501d8f8b3178a901c35dfca8663fddd9d96746c9b2542aa79be

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\datareporting\glean\pending_pings\a78c961b-0f8b-4e41-880b-827918c069d7
              Filesize

              235B

              MD5

              2ab26020cc62e9e96db547e48ec5923b

              SHA1

              a6c12fcaeee672affb5b3004c05b165764d4f497

              SHA256

              cb17483116d0d838b255690b2c2b9895fad116504b91fffe41f1ed72e966ee55

              SHA512

              6381eb61f053dbffb2260c52bdcd09001b3872ac86cb5a506c40683ef9014cf1007df3e401f945823e9966adb2e336455c41f410cf44ab27655df8d44fa427d9

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\extensions.json
              Filesize

              16KB

              MD5

              37e1cebe8120f54b1e3d834dadc32719

              SHA1

              99d292561a9059d5cf6852b932f280e1f5835f4f

              SHA256

              6ff8d32fadd3b41320f24fbb5a389da7920a5fdd42a6099861534b0d0f790dda

              SHA512

              b8ce907a474592be1cd672724b226cbb87bfcae37ea85c0c2259702902d261692a7d55f6a880bb8e704d77182d594b6e0ee2686c7dacacb0ab7a753fb5dfc671

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll
              Filesize

              1.1MB

              MD5

              626073e8dcf656ac4130e3283c51cbba

              SHA1

              7e3197e5792e34a67bfef9727ce1dd7dc151284c

              SHA256

              37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

              SHA512

              eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info
              Filesize

              116B

              MD5

              ae29912407dfadf0d683982d4fb57293

              SHA1

              0542053f5a6ce07dc206f69230109be4a5e25775

              SHA256

              fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

              SHA512

              6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json
              Filesize

              1001B

              MD5

              32aeacedce82bafbcba8d1ade9e88d5a

              SHA1

              a9b4858d2ae0b6595705634fd024f7e076426a24

              SHA256

              4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

              SHA512

              67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll
              Filesize

              18.5MB

              MD5

              1b32d1ec35a7ead1671efc0782b7edf0

              SHA1

              8e3274b9f2938ff2252ed74779dd6322c601a0c8

              SHA256

              3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

              SHA512

              ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\prefs-1.js
              Filesize

              11KB

              MD5

              eaa3bd3a3a36fd0a33665e8d73c425bf

              SHA1

              d08831201f863b4e7aa99f5cdbcfab93dacc9681

              SHA256

              9db82ad2660f9c09975ab285230c9e1698408a10d02f2358064565002876e59d

              SHA512

              c9b2488e2f50aca95a947ee7e90342a46c3cfb638a0ed19f595d75deeb14f760e609e91464e9ef0d79801058efdeba423c49675149dea8f861448d099865875b

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\prefs-1.js
              Filesize

              8KB

              MD5

              3655d9bb833a7c92feda7ae0dde3b925

              SHA1

              4d0c7e8d4648fda631fbef6b9af16681efa98250

              SHA256

              8f601cddd52b2d9d8a4043068976daf844135f731e219d5c6a69f870eda2cf6a

              SHA512

              7e13dfcf376599cb32b42982ddfb5b90f8d1b9dd86bd2458de778974f86b08efb13bfcae47dcee827a04c4cf2ac3e931b7d39c34d37b275f1bb399fda1627721

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\prefs.js
              Filesize

              6KB

              MD5

              78020e653aa092e9b43687f0cd5a53c0

              SHA1

              7fe6231c8f9d809f3901be7a617fbcc01fcc7b94

              SHA256

              b560508af0a4cac0242e4e42fc85e9f234537974415e13e11de92d381f2e6e07

              SHA512

              93d8350cf77dd6990f4e68b72ab42c96d41e838473ea7a87366e868a6fb378168d2a9cca1321d7f123a695560dbb78c97086ad3d2380fe06491e1835840e37d0

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\prefs.js
              Filesize

              7KB

              MD5

              885d087dbb414658ac0a1bbf1682c4db

              SHA1

              9b806319f356bdbe5651b5de7cce49e73122e274

              SHA256

              58c5fdfa7025714600fa2d26fd66e34a5fa92577c763d2b9672ac238539e697d

              SHA512

              e3329c29d26e2b43e6cfdeedcccfe0d45d6861146b8051442a041dddeb1369a156919bdd70412e705a48c7a714baa1d6329ca9de13cd5279ac4d0452ece40fde

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\prefs.js
              Filesize

              6KB

              MD5

              9e275a05db513313f826493dffce0b22

              SHA1

              c7730f4e5227e886032c873d71dd7769d68c4325

              SHA256

              ad6af42cfbd33c92edc6f33fb885b83e9e3274c6d61fe88ac5e02ba978e53fb3

              SHA512

              b3d748ebd9b1485188987f2b964b346e27054a7635342d6a78a89de56265eb8de895a66dbfda174f1379305cd7acdc8362bb4d698080f2233f696c0b60f5f6a3

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\prefs.js
              Filesize

              7KB

              MD5

              ce0f4ba7cfa0fc25351d4b4abb3dc566

              SHA1

              5697c7e28e1d6871c49844b5f44703bfdb9d56ee

              SHA256

              1b47912766c70a5992c204a791b179b2a1010873feba5991699d0c0a11584619

              SHA512

              ba5d2a8de272f3784109403d644f38675283973121eb67cc5663ddc929f6ef5eda878060af1643e83756f8871b8ca893142979469acaaaa7dae98f892c68ca2b

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\sessionstore-backups\recovery.baklz4
              Filesize

              1KB

              MD5

              2fcab998b687b5a0f43576566cdcc759

              SHA1

              aa24c4b8ddd3ab56bdc411f0e1662e39d23ed944

              SHA256

              a01036c834fc78daa6b0fd51b205e3ad2e20169c320a312db4359f8ed7fba1f7

              SHA512

              0be20300731f38cd9e87cda508f0987b705d0f073bdff48e786e9506dc0696a3c099871eeaca45dc0600ef68ffc2cb3afbf9914a7ad853fece68b54a41236e05

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\027putap.default-release\sessionstore.jsonlz4.tmp
              Filesize

              9KB

              MD5

              ee84d6196f019f6c1fee7b110d70662e

              SHA1

              f14e5873eb2c2746311c91a006a66aab7d6d092c

              SHA256

              85c2ff330421d2ea5b1fd93888643c72f0001cc904315c80e3ada590c02a5c6d

              SHA512

              44c92810d70cfc09eddb87668106914f9c2e82a6fc8d8377add4e98731303583b415120c965f5b49ab9bf4155308c4a580a59a2c89bb4b681f2a80bebdb3a918

              Download Submit

            • C:\Users\Admin\Downloads\NoEscape.exe
              Filesize

              666KB

              MD5

              989ae3d195203b323aa2b3adf04e9833

              SHA1

              31a45521bc672abcf64e50284ca5d4e6b3687dc8

              SHA256

              d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f

              SHA512

              e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

              Download Submit

            • C:\Users\Admin\Downloads\NoEscape.exe:Zone.Identifier
              Filesize

              50B

              MD5

              dce5191790621b5e424478ca69c47f55

              SHA1

              ae356a67d337afa5933e3e679e84854deeace048

              SHA256

              86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

              SHA512

              a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

              Download Submit

            • C:\Users\Public\Desktop\ᬼᛵṹểᯅᩏ๺⟁⥢ቍᎤ➣⣀ィ⼌⊈⨰ৎ⻃ẳ⼚ᮺ⋧᳽⫴Ꭳឨ
              Filesize

              666B

              MD5

              e49f0a8effa6380b4518a8064f6d240b

              SHA1

              ba62ffe370e186b7f980922067ac68613521bd51

              SHA256

              8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

              SHA512

              de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

              Download Submit

            • memory/4224-0-0x00007FFA7D4B0000-0x00007FFA7D9FE000-memory.dmp

              Filesize

              5.3MB

              Download

            • memory/5416-1137-0x0000000000400000-0x00000000005CC000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/5416-1126-0x00000000005C6000-0x00000000005C7000-memory.dmp

              Filesize

              4KB

              Download

            • memory/5416-1124-0x0000000000400000-0x00000000005CC000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/5996-1142-0x0000000000400000-0x00000000005CC000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/5996-1322-0x0000000000400000-0x00000000005CC000-memory.dmp

              Filesize

              1.8MB

              Download