wannacry | 8623833369df77caf48fea8fbb02991288ec704408a6b2ab8f080e50c073bde3

Resubmissions

04-07-2024 11:25

240704-njkn9sycpd 10

04-07-2024 10:31

240704-mkf7sswbnj 10

04-07-2024 09:44

240704-lqjpfaxarc 10

Analysis

max time kernel
149s
max time network
153s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04-07-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8623833369df77caf48fea8fbb02991288ec704408a6b2ab8f080e50c073bde3.dll
Size

5.0MB
MD5

ee5f76b5cc4312095074df3967b13617
SHA1

254d83a07c6171e926d624080d60c0715fb19f13
SHA256

8623833369df77caf48fea8fbb02991288ec704408a6b2ab8f080e50c073bde3
SHA512

2f9e0aeb58827a6564efc495e4e195a930c75e7892761346094af58a7250789bc55e80e88be73a80f60b4a403671eadbd9e98c5c88325a73d813e6102bef5fa4
SSDEEP

49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:TDqPoBhz1aRxcSUDk36SAEdhvxWa9

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (3403) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

mssecsvc.exemssecsvc.exetasksche.exe

pid process

1840 mssecsvc.exe
1316 mssecsvc.exe
2348 tasksche.exe
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

4882 raw.githubusercontent.com
4886 raw.githubusercontent.com
4887 raw.githubusercontent.com
4892 raw.githubusercontent.com

pid	process
1840	mssecsvc.exe
1316	mssecsvc.exe
2348	tasksche.exe

flow	ioc
4882	raw.githubusercontent.com
4886	raw.githubusercontent.com
4887	raw.githubusercontent.com
4892	raw.githubusercontent.com

Drops file in System32 directory 5 IoCs

Processes:

mssecsvc.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	mssecsvc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	mssecsvc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	mssecsvc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	mssecsvc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	mssecsvc.exe

Drops file in Windows directory 2 IoCs

Processes:

rundll32.exemssecsvc.exe

description ioc process

File created C:\WINDOWS\mssecsvc.exe rundll32.exe
File created C:\WINDOWS\tasksche.exe mssecsvc.exe

description	ioc	process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies data under HKEY_USERS 8 IoCs

Processes:

mssecsvc.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	mssecsvc.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Locky.AZ.exe:Zone.Identifier firefox.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

firefox.exe

pid process

4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

firefox.exe

pid process

4440 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Locky.AZ.exe:Zone.Identifier	firefox.exe

pid	process
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe

pid	process
4440	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	4440	firefox.exe
Token: SeDebugPrivilege	4440	firefox.exe
Token: SeDebugPrivilege	4440	firefox.exe
Token: SeDebugPrivilege	4440	firefox.exe
Token: SeDebugPrivilege	4440	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

firefox.exe

pid process

4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
Suspicious use of SendNotifyMessage 7 IoCs

Processes:

firefox.exe

pid process

4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

firefox.exe

pid process

4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe
4440 firefox.exe

pid	process
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe

pid	process
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe

pid	process
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exerundll32.exefirefox.exefirefox.exe

description	pid	process	target process
PID 908 wrote to memory of 2384	908	rundll32.exe	rundll32.exe
PID 908 wrote to memory of 2384	908	rundll32.exe	rundll32.exe
PID 908 wrote to memory of 2384	908	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 1840	2384	rundll32.exe	mssecsvc.exe
PID 2384 wrote to memory of 1840	2384	rundll32.exe	mssecsvc.exe
PID 2384 wrote to memory of 1840	2384	rundll32.exe	mssecsvc.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4540 wrote to memory of 4440	4540	firefox.exe	firefox.exe
PID 4440 wrote to memory of 616	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 616	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe
PID 4440 wrote to memory of 4284	4440	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8623833369df77caf48fea8fbb02991288ec704408a6b2ab8f080e50c073bde3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8623833369df77caf48fea8fbb02991288ec704408a6b2ab8f080e50c073bde3.dll,#1
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe
3⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1840

C:\WINDOWS\tasksche.exe
C:\WINDOWS\tasksche.exe /i
4⤵
- Executes dropped EXE
PID:2348

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.0.1028661264\2087645973" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {736c67de-48df-49a5-8848-0f5dd375ce3f} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 1780 1e3196d7b58 gpu
3⤵
PID:616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.1.1627522139\394428090" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4f4f17f-4cdb-4415-ac1c-cfc5d5b8d373} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 2132 1e307272558 socket
3⤵
PID:4284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.2.448298942\319508788" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2642b48-b1ec-47cf-bf0f-b63a17e82a30} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 2928 1e31d896b58 tab
3⤵
PID:1520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.3.695900000\684787582" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bebc7cb3-35a8-4766-998d-d500822eb9d5} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 3508 1e307261f58 tab
3⤵
PID:1856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.4.273737955\772188019" -childID 3 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {551c51ea-e7bf-44ea-bb05-fd9c0859b126} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4100 1e31ee43f58 tab
3⤵
PID:804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.5.1291056664\1834736220" -childID 4 -isForBrowser -prefsHandle 4896 -prefMapHandle 4912 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03884c10-0d18-4f78-950f-55d50d51b151} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4892 1e31ce19b58 tab
3⤵
PID:2500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.6.505874507\528488190" -childID 5 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1676873b-0509-4c84-83ba-7bfc0452d5ec} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5068 1e31ce19e58 tab
3⤵
PID:388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.7.1933972731\1646834450" -childID 6 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa2636eb-19e9-4176-8b75-8518760b90e9} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5344 1e31ce1ad58 tab
3⤵
PID:2948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.8.1559980019\1619828467" -childID 7 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73db0e5c-675f-4265-9e30-56109b93f967} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5732 1e3217e9958 tab
3⤵
PID:3456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.9.434407179\2074981017" -childID 8 -isForBrowser -prefsHandle 4212 -prefMapHandle 4164 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f23337e-d941-41a2-b212-ed0acbaec449} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4668 1e31fe82158 tab
3⤵
PID:1424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.10.856140205\1601054855" -childID 9 -isForBrowser -prefsHandle 5976 -prefMapHandle 5980 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef705846-4f5a-48d2-b220-d6539b6c27df} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5968 1e31fe82758 tab
3⤵
PID:2532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.11.1431896804\912821277" -parentBuildID 20221007134813 -prefsHandle 4164 -prefMapHandle 4668 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1e5eca7-d4ee-463c-8d2b-748aaf8ceaee} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 6036 1e3223bc058 rdd
3⤵
PID:5528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.12.439363458\1130329015" -childID 10 -isForBrowser -prefsHandle 5180 -prefMapHandle 5192 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60111023-1ec3-4cbf-8053-f80b7d4686f5} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5248 1e320464e58 tab
3⤵
PID:5456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.13.294962792\795753130" -childID 11 -isForBrowser -prefsHandle 5684 -prefMapHandle 5880 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25e6b67d-b2fd-4b8b-b6c7-15e8047c4a64} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4892 1e31ce19858 tab
3⤵
PID:5808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.14.902206349\2068846960" -childID 12 -isForBrowser -prefsHandle 4140 -prefMapHandle 6252 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d27b9e47-0dc8-4087-8d26-29a5586c37fc} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4216 1e3219d9f58 tab
3⤵
PID:3604

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\8f96d95d-4d25-4291-b4ea-9da2502ed51c.dmp"
3⤵
PID:5932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.15.2059313733\1127370566" -childID 13 -isForBrowser -prefsHandle 6136 -prefMapHandle 6068 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3aa45688-409e-4ea6-95f0-97f6fc77b202} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5952 1e31fe82458 tab
3⤵
PID:4200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.16.1286963197\1646557161" -childID 14 -isForBrowser -prefsHandle 5760 -prefMapHandle 5836 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a6328ce-de72-46b9-a5a9-80a0fa5068df} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5436 1e32456c858 tab
3⤵
PID:5500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.17.2027068010\708784908" -childID 15 -isForBrowser -prefsHandle 6400 -prefMapHandle 4684 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d987e9a0-b6f6-4884-875f-f18a77a1a658} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5936 1e322b95258 tab
3⤵
PID:4848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.18.882657352\211631425" -childID 16 -isForBrowser -prefsHandle 6396 -prefMapHandle 6376 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf917c87-d2e3-4783-8c4b-608f3ff58af7} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 6200 1e31fe83f58 tab
3⤵
PID:5876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.19.1877228677\642973430" -childID 17 -isForBrowser -prefsHandle 6232 -prefMapHandle 4104 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77657a94-a806-4e57-a48c-edb0e4c7e5a9} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5924 1e31bf68058 tab
3⤵
PID:5896

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\10966
Filesize
15KB

MD5
fc0e8469fbbc56965375f07221557aa7

SHA1
719e583632674c775e39a17f92494921a40bba6b

SHA256
356f4115d06985fd612a76aa76383446867c04e4ce5d496089739683fe9e9a93

SHA512
13121ad9c5c2682c8472221b93648422800086a26d1df3ffade82197443ad0d32fdf35e0113fad9149921e871ff7688794d15b1ae45bdaa6304c6cb271cbaa12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13486
Filesize
15KB

MD5
8f5c7bf778797d9d2f3218435966f042

SHA1
6140409921d4ba9b70198716e74e1d8ce865fd33

SHA256
8dc1d304017184743e1db7e6f2483896e607302b9027c7ccafd2e2cc5209b805

SHA512
078021d1fc339e60910f666145f8b5ccef2f6c6c8d5892fd9f067f37df0226907d11e22bc06406f78b97ae4492d64c38008642b6c09a6cf189ea077186e39fe9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15574
Filesize
15KB

MD5
66353d8d5ad3af7342cb7464cb1c9b08

SHA1
03863804bc7e5d73b2154f0ea3fdd0c1f7a9e7fa

SHA256
f3481733e91ef46300332a204bb0e3bcc29ab24ee6a31be52f57c6368b20209c

SHA512
719da2aa731a69e2b5c775ded8eb30c267aa16400de7619e07d4147370a631a5bfed1628f83330dfe14263bdcf3f3a688959f185a00f4167b319a7b44fb2ab69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22788
Filesize
15KB

MD5
ab8d31ad1ccef6995a599a9be6a7c94f

SHA1
b2fdce051d41389f18423d23585c24464721fc13

SHA256
b993f7f90548ffec44454d5639aed750fc13a5e04bf22a54cc5ede6bc133ad05

SHA512
9648d8b9ee29fc06bf9d107e4bd1acd6fad944a859fad21acfa7a08cde493e5401514bae39819bc74a28e04e217b65d4e221f4f43501b5e4f3c78c68d7cf03de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\23543
Filesize
15KB

MD5
51a7f230ccc0c141f767959ec8acd5aa

SHA1
d3f553482ce18f38f5941e559986aa9afddba4c2

SHA256
8206f857896bb45b2871cea15af53fa0fa9f9c3f2a727c0239a2955e51e0566d

SHA512
381a5598621fdf92cc583a8c88d4e212941d1fb85497d3844a51d1f07b47af8d4a46f5eca76bd4ab61a035fa9f2bc0c2e4277e0360f356f18cce864c6b02cf02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24487
Filesize
15KB

MD5
4d806484fb0e4257a67825017bde76e6

SHA1
4156e15f823a4aa2825bd44393aa021e03f132df

SHA256
254b4ad565a51ee38a79c97524b78d5850eab662e2d32e32b28a6ae90c5f0d4d

SHA512
e8caef10457eb12d573ebb4fd37d4a024f5ebdf2cf313abe540ffad756d2929aecfebc76e68b6d1957096a55b75f00f96085896b33bd12057f98bdb03d6c3fe7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24921
Filesize
9KB

MD5
d7b950786a632b0049178907067df0fe

SHA1
2ad2b6eef84251d09671343b6bce414865b43930

SHA256
8879efd8ea97431a77143549acf9a20f7c3f672b6eaefa1ee7b0e06f3b6118b5

SHA512
20f0cbc00e1c044fff1e6ecebeb739d25961e4068bd92997a89c93f16c7554ed115eb150939bf8acc5161c3e7f4315323fffb3bf4d0000cda8efd63eddeb55fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26574
Filesize
15KB

MD5
9407076d3803570e61229175f3fec2ff

SHA1
0d77839827714375ffd6976317d2ac416b032ea2

SHA256
d408b2f5c1dadb47b6fc69109214238dbe921ca57dd5c991bf9fa06a400ab321

SHA512
552b0dde26519cf6bf7da8b14fcc9302a8ab0d1295604edc4a6d4803dde31b1f3defc64794f536acbeca067eff2cf0260d32a052a7776f431da29fd87b0c2b4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3232
Filesize
15KB

MD5
7bd1055bba9e079250dd719a5a442ce7

SHA1
0bdf380d55c3209c67e806215513770c47876392

SHA256
9cc2099ff19f6d58a77339fbe9a77641adddd643b1a53215e8360d05cc725303

SHA512
2b84a5ab838b5e40676f89d651c8a76835c92661e51eadd78383081fbf760abcf62887350289f568b67b647d5f51f81bf0fe718e5eb8a83f2e36e547951d372f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\127FAD16991F4572516984A29A9ECB7274573956
Filesize
60KB

MD5
532fe27b883290aaf98073992f4a3b38

SHA1
782fc719fdd1f1d4a1faf7214172fd5a59d45d7c

SHA256
64289a6d5eccc6ce0765964cd5e03ad61f64fa73656080d34cf5612ef4b3459a

SHA512
3c070460455d7a24b1fe95501d7b717edcad6e5024c6652ae67d55598b873787090d1af66b62c2c91f30b62656d4efcdca55c93062deb7104c5f326644d2c3de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\21235C60DB68B39BE5D5AAFD7CFDA8EB241CAC6D
Filesize
93KB

MD5
0984407aa6fc18f0c1fe94447cb0b5e3

SHA1
4fc4383491d87c3de43aabccb5165d27a01c39bb

SHA256
770a34302923041122b8399d38f6e98d6cda23c8d4ea42fff744c2bde3e0e1be

SHA512
23117a4e3316a7f8d39e1b5d5932831f5b2b5c669ca9e993022a2123167cbb0333409a470e889bf33df0590da182317a9166780702c3278b762bc1ea3b113acd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\462E5FADCC82A134C10A828C114C5F747964CF3D
Filesize
121KB

MD5
5a52ad4addce31314609b420cd8b2731

SHA1
6377545adee5de62871b047c93b32f9df94b94f5

SHA256
de28d18a12182f281a7e716c2b78f98d34b79a5e4a3f8b44b7a9a7694bedc102

SHA512
4185b22488d2ac5805e6dc05498af34dbdd7921c2d8cff24690cdaff5232c0e0b4286126c9572822dabb98e4df43b4c9f2919c20995afc0078c77b6f6d0c5d2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4A0A5374D9F9EBB8EF0AC99B16B4BF8B48583630
Filesize
331KB

MD5
0338d312aa87a6c3fc6f2704d302e131

SHA1
a4f05c1d10c9a50d4404a1cf200188a0fcaaad31

SHA256
b83f09d4bc71f8992d7622fdc3dd5bc0d0ba2fa38b68e2d1e5753cb550e0574b

SHA512
06db97a9c2dec459369e33d6d13545751faae9414a02415b8adbf5e4d2c583a8d720190564f5f3043c7be93c115b066a638069682d66e93a65b33342a968b457

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4D3373C611DE638ED6CA0F7AB92AED0C904A3795
Filesize
89KB

MD5
b4635135a8b520283e45329f175f6cca

SHA1
8fd7426aba2adf65003a1b8b2c9373a036d952fe

SHA256
42eefc340338f65176dda539f69413adfdbbb7aa89fff08e4bb8bd338c73efe4

SHA512
e2d836a2898170f09b8706f862c023195d0e273b6dfff56a8255b9ba9392110a9d373e42a9caac0ab3182090732e6212db6043d165fac8e2e63b2f39cce6d71e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\52E0E968F18851531C8D1CF00712BCE21F996CFD
Filesize
2.7MB

MD5
e65ede3f63cc3643816b5fe72633d7a2

SHA1
d0a6b37596a2abd5b8cc0ffd123f84ddab4868ee

SHA256
586a2454e326f7f6eb075950725cc0b647e86b966bb05da4c271e962c2c3bcfd

SHA512
eb623d752a784a736c4f253e7ca4e99e2101b1d2f7b951527e6742cf57ebd1dcb3a7b7947c52d240d58aa538227a89c6757274cf6006b8b308d28f3628b8b422

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\562B13F58782262483BB75DCC471B4CBFB451306
Filesize
1.7MB

MD5
96044dcb8d410ea0b05f6fe679a8926c

SHA1
41dcf506f53fe01576eb7bbcf8af8020b47b0c44

SHA256
e54479eea765f4637fada22f93a23f997274658c9d46edeac8a30f94cf50b3a8

SHA512
580a8d2b40f86731c1add1abe567d8e5dfe7eff02a6ed67542722ccceee9f0ab3683407aef1eee1b993fba9516f7e51f41209d413411abbdd404f9538cee5244

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\56659DE217E589C7BA86212FF2D38FA9F38F1A58
Filesize
19KB

MD5
01167b3ae85ea1c90c3feb28801636b5

SHA1
c5a9563a9a227d7bd7c5e1c53883ff013450fe74

SHA256
d3d79cb786cf87d4232bc28571266bb19bee5362ac1cc9d6c22c783b0b03f86b

SHA512
d1103e900e5e1795b47a9604442722376d899dd84e1ef8bee83dda509e08b4b0391783c7ce2bc16c3bdc8be88651edce852d3a56b6b7778e52b032e76df648b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
Filesize
32KB

MD5
d276e328e10d394d30fbe7d5f0a87098

SHA1
57b029495fa1eed8f7053aa12b118aabc4a9c58d

SHA256
f9b89c909a7bc1e88e2d7800aa836a3466c399b0a602718b4d12cccaba830f19

SHA512
ab0787def6c9a36fc2718ef7ec28ce7b5db227d244bdfe9d55affbf7319d7b433c349827a9dce6340c58c9ab281b37a3460afcffd807fa5620c48950b598df88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\639028690EAC90CBBCD6DD68DA6CE11697C3C461
Filesize
94KB

MD5
28ffb433671a2a41125cafc1261c4e64

SHA1
74c42b192c28fb580bd336e81436b9d2fc2ce01f

SHA256
fd5834fa30777212aa0fef7be94573ba0f05a706e975aa9685c486d6137f8f98

SHA512
ef360889e11ba16b01513ad85feeab728253699c105a8a8fb12703606b0871c9a6bb5969f56618c80f63378593673ae735946f4ffc984a67501200f6648a3cef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\64704BB53F38EAF8CBF3C69ABBFE15BCFF328EAD
Filesize
969KB

MD5
bdcd187b8ebd5c43f2e00643aaf52b3d

SHA1
5b55f99d3c5e380d329ac8fd10b7eb1a17157c7d

SHA256
71dd4310bf3795442b8b063cf955ccd159eabed63737ad23fdc3a4ed7f831359

SHA512
1f48ff7e370ad09808acb0cc8da790c8ceb7a2267d12d20933381fb746e94e0398b434fa95eac071825190a5cda5f98ee8abf559dcc8441f818e484acb3fee64

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D
Filesize
81KB

MD5
14d9aac6fb8fd3d9988d38c83ae18ce3

SHA1
5151c519258f9bf90afea1b9da2a0fd91ff24bb7

SHA256
b805d943b40f234f22e96ba5be0d7aeaf3bdf54c8c8a958a36e8b93b72bdb7ad

SHA512
41f4e865f6228de4a16d4d0d0965743b828fd679afb65e408cfda2df4c721bc172e9e22d079731d7beb36a66a25f19efd81b73faf02bd247687362a07b3a08e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8A011D3FEBBDA9B9C46229715A74F1937B2EEC47
Filesize
60KB

MD5
927df3f8a90bca95dd9d3772905e7e81

SHA1
720935854fd7c586ef02677ba3cf1a248ed565f0

SHA256
5bb759609a5a7ec5174f2d3a3a004aa88bc75c01427a507c42f3c7566ca4616f

SHA512
c2a63ac5a0be4f2b14d12297dcfbe4725355c86940ef9c974d53884b911b0a7be0b3430f8153757f27870a55f25e39c9e9abfd00120aaf223631e97b9e69efde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\92B7809CBCCEC32F8AA6B585CB23104E10E55D53
Filesize
774KB

MD5
bbd88870c396473a72022f6e1e1733f1

SHA1
74b90aac5bb92c277ac2e9620136c5d70dc94883

SHA256
67a2d594507c92abcab6e7600868ceb020bdd180f3b3d156f438304e63b2e928

SHA512
f4e768feb0a3352d84dc4e9ea447a77ad15c1353a732aabfa3d54a5e5e32c4c6197e76194c77f5d5e9dce801b8a5e2f9d7404693da2dd9f4629b03c07292940d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\97B10BC4D7847C8AE893CE9BC8685F05EBFA5B05
Filesize
2.0MB

MD5
0eb8e765496d0cecbe9a1e46d20a85f1

SHA1
a9b570ad214f74351b96575448646c2619182203

SHA256
e4f719b142b5548d5b7b9c4b7ff4e816a4ce2a5fb905d1a148b46c428bbe7dad

SHA512
d956d73cd110681ff96d8b94fdcabdb72166a8560cd32d16a91ae176ec74b3d93212ee1fd2f144e369a2a5760ea5e2728e325e5454553d9c94ccd95265ff1756

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A50BD337DF1B30C2C20F820F2A31FEBF552FE136
Filesize
4.8MB

MD5
b8684b04d4650317e403886c0c460176

SHA1
b9bca2e7d4cdea2c6ce49c709f4fd833f7bc1c33

SHA256
00b054bff791dec0cca767b2af652c82277ecddf3dd0dbec9c7648dee81127ba

SHA512
197e57b4f6e22e71d51726ef535c910c59cd408d92188811cb7c91134706fa3fdd68d47a48143f5a63ad4d01c900489bf8f99a268e67e81897f66dbfd7561a04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A6AE688A98B4F6640C6220BD0C6C2E144C7DE74C
Filesize
122KB

MD5
fa297862cb47048c8123ec5c5686bbd5

SHA1
abdff082be062816abbb6b09f57a4cc954a7a2c5

SHA256
e9694dd753a1b1b52874b53c815a731a2cf75839692169a15ba27a84551d6296

SHA512
bc223d066356e53c968adcdcbf6acac7cf11d16335d55ca5c05fb2acb12f659a4ef887d9d5e334e88fdf9a1620bb02b0f1ed1ef1c1c434989a3a227b1a304d16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026
Filesize
13KB

MD5
089ab9a71732176976c78f2751b33c99

SHA1
553fbc24a92385833110fb1a1141be21279c9bd5

SHA256
3f211d7c5b9b08bd617c346a8cf724672a5498576c57f465583615ce314444fa

SHA512
97a8e59eec515bbd1449726be78cc1cd1fad9f89b7da3b506243519e8c9d14d926aff26609ce29f34427829eb76e38cd1615be0dd108ef199228b44af8900b64

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D911690572EFF44BA9B379A93A81EA65D99204DB
Filesize
85KB

MD5
24f86f2008d374928652f39c16edb8cf

SHA1
e131b7969737ed6b6127dd7f90ef56b016876d0c

SHA256
5cd1e0e15883070cae05a73bd3d033240ececfb6f72ad5e2ed3a3c1c73512e39

SHA512
7320cbdea9ecfe968c44ead8a1b8e20b608c2bc8fcee71183288ecc4d04f31e9e25a8610872fbdd12206562d3211563faec2c06c4ba5a34507c2e02b9e55da65

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708
Filesize
19KB

MD5
45a6c63e4fe19bda7ed952a856d4c7de

SHA1
37e90e043903645151b186d3068e291b53d26ec6

SHA256
64c963bb4aaf26e2b3397733e0e6a8124a5089ca635dee009cf7de76104a5885

SHA512
7fc8ab23462065c39e25ebbdba6a539f5ac6f3c93332360ff6479eeed30c73c71df5b2bb6e91bd6f088d5856dab72def37a59910d94e0f8897c0df7653775fa9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F2A1AB9F276D978B77529B2ED419F6580F7A767A
Filesize
2.1MB

MD5
5f43aa234f0ca6b8c8d24fd03fda3ead

SHA1
21cb90e7fa6ee2ed4d4e79f4a6133947b14fc208

SHA256
8d7e494d06687e72759ec972eba0ee56c4318bc08f8b9798b2cfc3ef5988d373

SHA512
723bd50ca4d15edffb539d0017cfeabc4e531f673f7922c59cc2022c376d5d83c4dfb3dfd93e9949a5d22300f74b0eb82c32a129b91cc5d91d7817cb78c74a8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\8f96d95d-4d25-4291-b4ea-9da2502ed51c.dmp
Filesize
220KB

MD5
1b559aa23ee3237a641b74f3138102ff

SHA1
dfef2875a8c21119b2104c8c1dadcdf373b74519

SHA256
8d246fd3b20bdd843052e74eebe47c9ba54d45fc5eed59ac07d31ec89674039d

SHA512
f11306986d9de04606e5ef490f583c0969a18ea9b530ae44613f44ed88544f2a8e2fc7144e63ab22f897976b48657bb48fa89556585b59d4b9f81cc884934d56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\8f96d95d-4d25-4291-b4ea-9da2502ed51c.extra
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\8f96d95d-4d25-4291-b4ea-9da2502ed51c.extra
Filesize
14KB

MD5
ce038b76c4fddcdf53d1a70b4daa82dd

SHA1
fd7474f5e337bce714670f15a5962ff8a7c942e6

SHA256
a9238cefa3f1c823b619c15d2fa4f6844f686cc4c7cc2d29242ad90d63fa02c5

SHA512
94245fc07fe48ab089bbb9290d6d89d3679cbf7ef01cf1b0068f40d7cc6de7fd84b4c2ed3b11ad5566b61d03aa33ccfa8c4b8853a281a7a0a02ee970cc83784c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\store.json.mozlz4.tmp
Filesize
6KB

MD5
47948a5a97ec37d7a7a069e8667e8a8c

SHA1
f9f6a5daadbb6afead3b394ff0d0884f4492fd74

SHA256
8589d98dec052da19fc5f19811747e66c116e349c9835ba4b61524943cdc604f

SHA512
160df1297d33b156513ed6219250b7ee33747cffe608565a404b564949d88046f420f05370bf304f05ca43348ae86925470f7bbd470e66ee417feeeec08e725a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
5c0a82b8ee38ff9e46012bcc19caa5b5

SHA1
7f7bc58e4d0ea3f2d78ccdb0b69face3132b5163

SHA256
9e0224a189fdc5fdcb4035b9602c3151837c2ce2775277362e15ace2cda681aa

SHA512
2934e213b2539548b4a8b51816d9e6a64b4b03786c31663839713bf9f02531adf12809baf5445b86f48e493a250c0ebe031120550a8d6bb6aa8f4fb3d0790765

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3681e826-ef93-4072-b2e5-003885878417
Filesize
10KB

MD5
f6b7dd9c95170b25ef3083ce00534e48

SHA1
985b4d0525535a33f76a41a01efdf5f0ade3eb68

SHA256
b5689248aa1ae3960977f96123835d340df40b03b7eb6e3e51114eccfed68622

SHA512
6dfb359a925433ae0ac518d7da8e84049d60a8251f8754c39b2f05f2de9d32cc4146f17a0c11e0f30af2630ac2cf25a48e3b7c799edb6cc37759ace6487e617a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7e021210-c254-4f8f-8f73-94b9806969e4
Filesize
746B

MD5
3601e3392dfeaef148fd78943bc453ff

SHA1
4607b8f8ff74edbd7f900ec5a9f073ece1504dbd

SHA256
430154674e7056d28f3e8d53154091be464c5eced6bbcac94614e25beafad3d5

SHA512
9cae5bf5dd259d5217bf7cb34bb615dbbf4d81660e1cf11407f5c153ade774d9d693ddc59e59744e345fa3e530285b0125afe4019433dccad57a01e33036cf0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
9941099c7330df8b43a0f3716b4c0370

SHA1
0d7c3cc0a78e9aadde4732a7027ec39ec509f933

SHA256
58d8be36de189b9dac2bbcbe258b987f9fb0b1a6b9943efa9acb33167192325b

SHA512
2f9ac06228956db83425e47ccd94f3558a819df68ad635992ce8cb32d4cea771b978ebde7d1860cf54e3240c35a7a3616fed1888bddb75d228ab3892c37aae69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
f877f5916fb2f9fec3e31ddbf6d41cc3

SHA1
4fada035cb8126c0565829c3b953c0fd1e641ffd

SHA256
332b4b1ab4d0f037c13ef3cc81602bb7b503a5bf6572659fd8b398a1c1a26eed

SHA512
1a4db2e2c578105f82cd4333f955cd95ae8d14ea44c5315160ed3d4df408fe6c70657135aa9b555fd6720a870bc2b6066e118c96a9fde478f6c6c7e85914d628

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
ea2996e5f730005127b32eadfd68bfc7

SHA1
c72165c85b2a9de02d7054ee4fb3b35206c5c6b1

SHA256
a00f10df0981d75f5e3148b4163734d8b516227fdcffae3724cde44f3ce3c289

SHA512
7ede8d674d0d6fdc2ed095a18101e849d5dc89eddb4058103633c958e0a2063a99c927108fd48c853e60902a4b5eae911e20036c21537f6e18faeee27ab2c65b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
f5387b2c8178e395eccae38386630fa3

SHA1
2ceeccc6a4db9fb3ab317f9106910797d44d7ea4

SHA256
6a2d5d918be2f2b29eaedb93ea3efa39ba577502e814eb8ee7ba24c4437a3fe1

SHA512
c677f9bc1835564db6e071b43cb481c8dd18171f0213ebbc366e232baa9897db7912b5fe6e2f3f13cd595356386c0c8a154651a2907f8220f8f577214505999c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
7e10fa9204770b133496434d8fd23d45

SHA1
d2aa3c831e3d3b9852f7c875afedb2595f2dcfc5

SHA256
affdb4d7a57b7294ce0141f63fd1db0a721365995fdb3bf781fd22fee3790d52

SHA512
b24668f1d10e32f33824e618a19d49483b9d90e0905fd49b12d711200cb56a6dcb1c82ce3167b443abcefe2cda6dc0b79453d2011ff1058fbf5292d739741572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
71ce06317494cc45097bab22fdf5f256

SHA1
a47aaa3f47494a200d1cb85fc669114d79918aef

SHA256
5b13fafcc715c7e8bfe7f14929de7643858c9ae5fa021f93fe3de04657f58e96

SHA512
eb07bf6ff3eb2e3b8afd67cffb64cb97a812a8a7122e8e8c66406dc1919100d423cdaa84d624e93f9a2eb914fed7ddca339c98cbc3a95e34c3d979e22d822fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
4278ce8966a5ec63850c369a0177f135

SHA1
9a68210fc12bc9d62758e97e6c578ac8cf139d38

SHA256
331ac261b5ba20c0a49e018afbd45a0713a127a5b0606dd41efe3844006772dd

SHA512
07b906eaca3e034fb720fec0fe7a2c2057ea7363b2b6c6e5b68fa322849d7c3bd289060d51cbee5a2389194d695b8a18b7baf2f80b860eaef3a46e581e4db5e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
14KB

MD5
176996038bffcca630c3be1e202e94fa

SHA1
89caa641fad1f5a96126024b5463b58b32aa14ee

SHA256
632d239c16df660a8649a145ac8b04b15f4a8d3f658bf2508c62a5c9c733c600

SHA512
019376d59a6ce3b1d207842ab201bd6387569aa8dea2af77c3c72795847977a7a617b6ff02a5894d7f88d9ac3a77183e51882bfbd34241b6a4295afdd7dc4ad8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
535a2b264188b84c7f6669537866af96

SHA1
605b9ffe4bd702b57b1cf857cac818d2b27517f1

SHA256
c55d265df821bedce7a509cf83641021031e6018197fdbbe840a71bf2b124dca

SHA512
2d9a959ff9c0ecf2f6aa9ceeb7165567a39bb2f0f37f0cbd08e546eb7c7f00a741fd3b46e9502b8877054a9746d6745d3e7b798e54469840be6d20c87bc3c103

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
6d0b5c77d22531f5dc7804273de9645a

SHA1
e87f2e843818b2843c56610033fc2d7271d8c632

SHA256
e23098d3897218ba4562dfa195c13431e35227004eee8476751276aa6aa66046

SHA512
37f148294788aff16b0cc7c97686009cac1b39544f5e825439f860eeb4c0f217960d2b92eb06f8411188915b4ca3efaa7b1be2f70818f0b780bc44e05cb30e10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
bfcf11d86268b57cd180eef9701d348f

SHA1
e7589f8701b84bc77128d145fe2ffa0f40c46a3f

SHA256
a7b864e0e4393235ab561e846b842c37347579d083a43f23bc0b55b7bba29cce

SHA512
5651633bb1082bb6956642481adeebfa0914505b65e989a2e2dc5d3953bc1e6ce6ae1224b861ed43d40094c55a2542665a9bf2f5a2eeb615be233072220dd692

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
3d808d9b950283a03afb2bb152d9d0d3

SHA1
18e14a99d86a19064da88a8124b4112f030aff7d

SHA256
a493128e01082c482cecbf44673b2200550bcafe2c9a9fe98ecffc0a19cd24db

SHA512
aa80ac26cfe15c8c057fec9a581abf70ba76f96c40f89f88b0b55989e6b234c3b194b6b9290969b6460333ddf8dabf4a617989bcca5ee599281891359ba1fe6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube-nocookie.com^partitionKey=%28https%2Ctheguardian.com%29\idb\2171031483YattIedMb.sqlite
Filesize
48KB

MD5
f904427a7220d4b553b1b0181aee7d5a

SHA1
1ec6fe97862ba2bd3a01db3f971bdebf40c2222c

SHA256
79348a877994a371677e12e5d722315863b4d5e06b4214483f8af13fdcc64203

SHA512
2a131624ffa59ec72ee2af7641f2f7b778f7d6c529f8f7ce66f5334bf6743d275de22a7f16fe56acf9c0675006d6a31b68af1f61a04ea34a26f813a3447db6d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\Downloads\Locky.AZ.exe
Filesize
181KB

MD5
0826df3aaa157edff9c0325f298850c2

SHA1
ed35b02fa029f1e724ed65c2de5de6e5c04f7042

SHA256
2e4319ff62c03a539b2b2f71768a0cfc0adcaedbcca69dbf235081fe2816248b

SHA512
af6c5734fd02b9ad3f202e95f9ff4368cf0dfdaffe0d9a88b781b196a0a3c44eef3d8f7c329ec6e3cbcd3e6ab7c49df7d715489539e631506ca1ae476007a6a6

Download Submit
C:\Windows\mssecsvc.exe
Filesize
3.6MB

MD5
9890c9dbf8c659fa98130bba6c38683f

SHA1
42ae2ad8a47176f67f71f4b69552e37401a62d38

SHA256
860069ce5390b85cfff852295d2113ea0d052003f8c769c20184962aae6b37d6

SHA512
b5a196a8a9b25f57bc075ed117dbfe991f3cd7fff33f598cee5e1109caf749431221098098127fb2e0bdf8c820ccf236fe1a863c8f33c12dc7c055b33eca2d60

Download Submit
C:\Windows\tasksche.exe
Filesize
3.4MB

MD5
dbcd133912ef8b511909bceafe6eb16d

SHA1
cdeb4dc71a6287ad3dc42de4ecd5cd160eae3ea2

SHA256
5265873b0641f1875701a126fcf56d45d1f4a91de77ee4e1ca5507a5062c362a

SHA512
1a5d5c78de9609bf60b62ab595dc4e1cd90ad9f3582b45052c1837578d10d86ab533340a3251db143ea19a8a157329bdd622a1ac88e3416883eab3b15a05a8cf

Download Submit