58189cbd4e6dc0c7d8e66b6a6f75652fc9f4afc7ce0eba7d67d8c3feb0d5381f

Analysis

max time kernel
359s
max time network
361s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

calc.exe
Size

27KB
MD5

5da8c98136d98dfec4716edd79c7145f
SHA1

ed13af4a0a754b8daee4929134d2ff15ebe053cd
SHA256

58189cbd4e6dc0c7d8e66b6a6f75652fc9f4afc7ce0eba7d67d8c3feb0d5381f
SHA512

6e2b067760ec178cdcc4df04c541ce6940fc2a0cdd36f57f4d6332e38119dbc5e24eb67c11d2c8c8ffeed43533c2dd8b642d2c7c997c392928091b5ccce7582a
SSDEEP

384:Otj8FKzuRxmeWCJxhd2WS/YWyiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiB:QXif4CbPQ7

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 36 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	calc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	calc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	calc.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\calc.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\dllhostpgd.zip:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5412	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3180	7zFM.exe
3180	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5044	OpenWith.exe
3180	7zFM.exe
1720	firefox.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeRestorePrivilege	3180	7zFM.exe
Token: 35	3180	7zFM.exe
Token: SeSecurityPrivilege	3180	7zFM.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeManageVolumePrivilege	744	svchost.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
3180	7zFM.exe
3180	7zFM.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
5044	OpenWith.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
4376	OpenWith.exe
4508	OpenWith.exe
6008	OpenWith.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 4880 wrote to memory of 1720	4880	firefox.exe	107
PID 1720 wrote to memory of 1592	1720	firefox.exe	108
PID 1720 wrote to memory of 1592	1720	firefox.exe	108
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 2188	1720	firefox.exe	109
PID 1720 wrote to memory of 3756	1720	firefox.exe	110
PID 1720 wrote to memory of 3756	1720	firefox.exe	110
PID 1720 wrote to memory of 3756	1720	firefox.exe	110

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\calc.exe
"C:\Users\Admin\AppData\Local\Temp\calc.exe"
1⤵
- Modifies registry class
PID:4248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.0.682930467\1274851451" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0bfd73b-7143-4eeb-ad76-54e030415690} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 1980 22a5f4d4758 gpu
    3⤵
    PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.1.195723496\1477520993" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff20651e-4e10-4d74-b3d7-2bb3544553d9} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 2380 22a52c72b58 socket
    3⤵
    PID:2188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.2.1061614664\644049700" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27548627-4871-430f-bf41-e30b07a7887b} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 3136 22a5f465958 tab
    3⤵
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.3.1235772284\1444898471" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa730db3-7647-4f33-88b8-30b032161e52} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 3568 22a52c62258 tab
    3⤵
    PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.4.1918883827\874248141" -childID 3 -isForBrowser -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91bf9b73-2804-458e-bf67-bb80eb5a6795} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4668 22a655d9b58 tab
    3⤵
    PID:3276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.5.1106832097\2045737303" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 4632 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc2788a6-e6f6-4106-abbc-c43ca97d51f1} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 5088 22a65d71258 tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.6.1650727860\44175962" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67ccb3c9-19fb-4e4f-86dc-cfd8e7f7c801} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 5220 22a65d71858 tab
    3⤵
    PID:5396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.7.1980097598\1307929081" -childID 6 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f65e97ac-f750-49c3-ba21-2e7e9a53a386} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 5412 22a65d74858 tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.8.339336884\172776503" -childID 7 -isForBrowser -prefsHandle 4948 -prefMapHandle 4884 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca5dd3c9-2e09-4981-8a77-7681d1de4a3b} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4932 22a6681fc58 tab
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.9.1909505725\568768448" -childID 8 -isForBrowser -prefsHandle 6404 -prefMapHandle 6400 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bc7222b-f30f-4f11-8748-44ecc6ada8ea} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 6368 22a52c6e558 tab
    3⤵
    PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.10.809312206\503446552" -childID 9 -isForBrowser -prefsHandle 5372 -prefMapHandle 5384 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {725875a2-f836-44f5-a96f-888ee0d668d7} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 5360 22a64105958 tab
    3⤵
    PID:5324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.11.1125128295\307040703" -childID 10 -isForBrowser -prefsHandle 6656 -prefMapHandle 4648 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c893e3e-3f01-4fed-9202-c5f5194b6882} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 6692 22a68baa858 tab
    3⤵
    PID:1644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.12.1872907945\1184936441" -childID 11 -isForBrowser -prefsHandle 4748 -prefMapHandle 4756 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea24e3d1-e882-4d80-90be-27018542ae24} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4964 22a68bad258 tab
    3⤵
    PID:4808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.13.67260315\1891628082" -childID 12 -isForBrowser -prefsHandle 6328 -prefMapHandle 7144 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61c9c34e-1bce-4540-9dc9-b07ac87348a3} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 6464 22a63d51458 tab
    3⤵
    PID:5792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Temp1_calc.zip\calc.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_calc.zip\calc.exe"
1⤵
- Modifies registry class
PID:5144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Users\Admin\Desktop\calc.exe
"C:\Users\Admin\Desktop\calc.exe"
1⤵
- Modifies registry class
PID:5988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4508

C:\Users\Admin\Desktop\calc.exe
"C:\Users\Admin\Desktop\calc.exe"
1⤵
- Modifies registry class
PID:5168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6008

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\calc.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3180
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC6CBDE79\version.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5412

C:\Users\Admin\AppData\Local\Temp\Temp1_dllhostpgd.zip\dllhostpgd.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_dllhostpgd.zip\dllhostpgd.exe"
1⤵
PID:3672

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1660

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\1142

Filesize
10KB

MD5
22a9351008a913656b16ef52972f1949

SHA1
0092d080efb06895a4b939e86be35d3495d6a9de

SHA256
164851cc46697ccf543369682eab1aacee834414f8279196d237cc1763b45d10

SHA512
16cbb637c468f7fc4525e341482d98525e2fc8d1de6ab40c4df12a5b2a95066768b9ed141489b01877257bde5410fcb817c863bfde8583aab431adcbf83d82df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\14153

Filesize
22KB

MD5
63f88eb019f2af79f2e6f867ccaf437a

SHA1
1cb21931d1758b1bcb787a566dc05e7ab22b2929

SHA256
c97a09cec1ec7614dc29fcb8475a668c72c27a869e78c3a527e0fe871347ab20

SHA512
16968dd1c1b945b510e56758c732d50bc5f80df842ea1223898b3b37d5442f633a61630f254277161dc588e14ff8b0243dd9364340227798f7c5ea75c4e85c18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\15090

Filesize
22KB

MD5
866ff47d8d906dd9d7d45fd4acbc7efe

SHA1
50750d9e4afb9f2ce019cf05d6a06619bec9ffb5

SHA256
ce99f8f99a423cb81e63eb9c9251789c6e25251ec37a27450c591c0a946f0cad

SHA512
583af9789cd9f06bba1489d2e62e581a36a47bd7d5100f9f5108e1074f50871d4c598f1791dee9e30bdbf3d34465fdb788e5d252f48659a9ab92dcccf51ddc58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\15375

Filesize
9KB

MD5
061ff9abdc8d95f9b5e12dcf2db66005

SHA1
54b6e8b6537d770b5a3e887ef1bf1c39775dd9a1

SHA256
eeb987add4170c9000a7d7300b1a1f01599334e44e4e0110c089475f20386853

SHA512
edf627de6a31c5e9b10459f9f11dc4db528a9674d321f286828067d884a4500114280f3bea2732424f7d78aab7270c1c08e96b6c5e85ab49a94df1a871ee8f41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\18058

Filesize
9KB

MD5
a36446576a3d49db4cf882e6b9bb25ca

SHA1
a67d4d98edea39a317a7569aff9d3ab813fc24f8

SHA256
6e8a6967f0a0f88bc14dbc9d95e99dbede47ac222b977e3501538b1e95499647

SHA512
699b88fa33877c0424fc065abbbe6fb49d2e36f9035f2bf77b6a39fa0cf6014c5396e51dc24ff07e1e877a7e76e643f3050f9657577e30d93982a818d21aa992

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\20913

Filesize
9KB

MD5
3a3b4720c120ed10832c44f22f7b41f4

SHA1
596f423c125e8bc6838f148bff642fd8e0dc1832

SHA256
829aefa6b0735e4dde9f8901da8457898da2048ad69ecb416bed591620363a99

SHA512
17bdf360f3a934a7b8c44b2da979a57f565c4e68d37adffffdd8c1efb8de6369193acf606d0aecb9d3c8d6fa722c7b0927a4decca1c657abe391a98953f0b1cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\24033

Filesize
11KB

MD5
767bc91b37c1423b88a8bbe128c2819e

SHA1
6b4142e39bbde42e42f7728ec0c4326c4cd80f3c

SHA256
036d9f311d1f87cfa20273a240a90078c1b4ec182ee92cec6997a4cf2e2331e6

SHA512
1f4d3eceb429f6ec4088a8230af692caf4d6ad2bab8f9984004ce1698f7e0dadb2bd9a513c3c21cfc1d625f55a9fdb38dc1022e9096f4d0d358dd283bf75c82a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\25109

Filesize
43KB

MD5
3efa520399d5c5a22113242d46eae377

SHA1
9a71027498886b0307e183edeea45aeb0ad9692a

SHA256
d5f31c28c69edbb58287f19e90b8aecd41f93ac6aed009ef41133f8910ba927d

SHA512
b0186c2b38a8a368c6bf07bebd0c7b7913df1780b8d781ceabbcbcb81767db334ce51a8e83412930625d7cd50d3e2097af6bdb49e2a6ba250fa670dafb3a327d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\28746

Filesize
9KB

MD5
d800003c1657d07f91ca6ffac838cc8f

SHA1
3ac0a53db9868093fd65c6673c736f66aa034aa9

SHA256
21d20b933de119c2b1d3b122d1cb6a6a0f2470b9cdf78486798a5e900cb9ebdb

SHA512
8bc07bc74ba404e0915b40f33c4866f24e9489c360ea094018cdd29914939f86ba7160db88331491db6a508eeb08e4fab9869f4403232281ec050d0b8d61acdc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\29303

Filesize
22KB

MD5
e09ecbea58e469282885ea6dbcd38f0a

SHA1
f281a4c4e27708b1499b1dd28b756cc79820d75b

SHA256
e73f4689bfd41fc9ca17ab9a06a3371f9374adac6b2d1e6d4a03f685dadedc4a

SHA512
a51838ff95ee8efe909aa49ae37845e896be0110cba9104c47f26dd7e9d79425873f71a5b23dd4cfed840d310bfc0e0f2efdcf1be6ed6214236da40b6896fe95

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\32223

Filesize
10KB

MD5
7680cd94c73f55e7fbe32813411f3ea2

SHA1
16749eaa56ec2c0e29c0de1e561a0a94fbb925a5

SHA256
4e78617234482bfdfa013b7e30040434f5a5502976c73663de9cdabb30a2b8c6

SHA512
f137ea660163c16e25cfef2e122eb6e31004ad5110b2d530f29a3a2d1fecf4b1e8e9a6f74d09d50a7dbb8567cbf1e6dd45ffbcdb27706f9ffd0874fdc110d722

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\3307

Filesize
22KB

MD5
76d5b4765c455fd04e04f646cb575d38

SHA1
4673b8361160d767eb40f6b05d04fdf5dd141a54

SHA256
9a23f4317457dcf5ca7b6a85fe70df389fff6953b1b72d02fc86a9b8278217c8

SHA512
a6af5459c91368b4a7f0cfc59492379bdf3d4e66fc13eebadde0e943a6be2a69d681d3c289a1c9aa5dface85c53c6f372d5794c475fb0bcf0c95b008090f48c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\9379

Filesize
10KB

MD5
9b4fda7661e81f061dda34034bfcac97

SHA1
7a04a5229b74070f9bdc5050e9ad0b4744730f70

SHA256
52f0593a385ca26f9ea5a7bd824f1e63ee3f6095fbc88e9608d17f451b236b43

SHA512
2878bb681adbe8a0a98831f7adfad87748f73b024a4f8744d704ce2a34c3aae52840f9965e67be45ef0800c54fbfe6dd175f97783bfca47978e75cec595aaa3b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\9462

Filesize
22KB

MD5
6df587ff2564b608a204d29a76face28

SHA1
91b66ab6cc24766881354b50c983639c339aa5d6

SHA256
56845b6c44e577de40fed6bcc6158b3da40ce7d28e5f19c480e9f0b63e62ad8c

SHA512
29fef608913fad2b8bd9e5ebf03449ff04b1c2ea02519b1a56cb48df9b46a77060bac4a1ad84f2f286a63c4771aeaa91d898ef3657bbcba87a5a59482c58c606

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\entries\2F32E4F8FA8F7C2D18DA5E6FA6D70A27A827D2B1

Filesize
16KB

MD5
0953d157c0a57f8ee4c623e117c6b13f

SHA1
7cb04419c6f970921ddc699a18c6d1cd48c8f2dc

SHA256
59726501f0d9f1f449d73706c7ef65395ea8a07df23c5483f5423fcb76da40b8

SHA512
d70abe584a63c5425552cf59139ac3dc7692150ce658555f0c9464bf74c6f3276379c2b3142e158b54990ee1c3bcdd6a8143ec4ab2f2c8bd89f5922c0db15171

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\entries\574805B36EF2909D61811E8CE47A04131FCFD046

Filesize
207KB

MD5
80c2472ad3554fa428c78209801c3512

SHA1
a2261fcd6e0e1a153c096e87225a441f59b5e01f

SHA256
04ad5ac8b7e6d60f1ec5815cd0044c36e37f75a091b8793bde08407c5b8f3dd1

SHA512
56831a3b57189f4b0c11634d7149086e0dd2f0525d6b6485532c80292be054691be1eeef45c2a4f6c6fcf1c56e81b3c0eb1804cbfdc3c1312b13b8262ee1774d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC6CBDE79\version.txt

Filesize
1KB

MD5
a7695d8d28f87edb1190988664cd8418

SHA1
5affc9693e2302f374f1bbf00613a18a733fdd24

SHA256
252e8fcd4218befbf26b26badfde2c1740eb374ef8e6fa9c3c80edc010864000

SHA512
c10915bb0b99983600e3f37a785b02c3158048b15bdcc1203f962b8947b4cb026bd4127515032e765c3f97b9ebeb88ee01e5766ab19c9f8803d8e807dbff00be

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
d4105005646f6f71db347cb341046b3d

SHA1
601e8614c4251dd29e48175f87a6db497e201c59

SHA256
c711c0675bb68747459aaebfafab7d6e7a462c107ba98d65e88e6063a9f98fd9

SHA512
710aae7a9e9b515c37cefe13ad71326c7986319f29854cde2361be11e03ae888995cdc1303f32c20fa28fb79bad60094fcf8536744a1bffcc86388a2dde514f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
eaac8b20d4008747be5ba6eb4418cc99

SHA1
601b328f833744ec2af8dc57e09b4f20bc3fd038

SHA256
461de79412bee46affcf16ad8793ed51fca91ee5233c940049a165c53ca0928a

SHA512
91c1dfdf55286f4972f99cc5075ebeb54ad10a3595382d01074cebff1ed5cafd4d7581f6340c26b86029ab048f268f35b815fdb002ba8dbd5ccffc6597c452dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
1894937877967d6ae1d275f22540ecad

SHA1
5f3cff4e4aa0508ec00d6ec71a6e70b514513f07

SHA256
8ca2dad5b554e39dca73f7742d7e147c0a1578e6a182c87fc9bb1a8c49860eab

SHA512
a6b78b594d11e235b4916c5ebb5a5f9d148c0298d2a7feca64b3decfd0866eb1525f736493d88c758d4d62ccb64edd5a811ea47c6346f171da2e2b141c641959

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\722451b0-f1ba-49f5-88a4-14a08e998a89

Filesize
734B

MD5
d144021ffdf62f21bc2e28b6d71061a3

SHA1
3060a99d701c480f374ece7aa78f05cada278a93

SHA256
b25371c9db2e4568415855882bdc283ec4f34d5ff382b16e5a5d42fcb44595ba

SHA512
b370a9cda04dcff4202f28c82949b7c95c1e469aa4b41837cecdb3a134c225d2681a3f535518eabae788b0fea748b6cb5e62998130d8959deff37f08bf569cd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
1a0a2f0df88de58ef15240fbfbdd1fda

SHA1
c295cd7b4902023bedfa8eb296a49d276bb4c4ca

SHA256
09c133ea454518ccb50a2b90ad68ef921468bdb7ed9495b61a9be5e31a46faf7

SHA512
40dd3ee021f474007c7da985c5a22bbc3c4faac86692360fe183e1f0b677c916592b08d0238f646138da29d0d8f32ecbc2cfcb6a84bd5a1804ebf08954273108

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
7fb87a5e76ce8c1a0d1be4124b0899db

SHA1
93ec384b2442ccec3ab75e8fbdb26ba80a855f54

SHA256
dda720ff5df3b2a13550a9a7907a2403e51528073461ecd9e141242348116ca6

SHA512
ce52349c6a18f5984603b96165e30e9501fb169f3861e7f0e66e4c4cb0544020963ff79e77c95c73ed5896162b82b159cd357affbc81e951c19883849c689957

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
f535e909b6545017c190f93ffad6857a

SHA1
005318a68d02435778c319d1c7b147c9607f52e9

SHA256
be0ff59c531ec0cd850b444a8a811a9e4b98363c0f3bd8322326c4e547457556

SHA512
52e996b56fd85f14bb6014d8c87c0bd3ff57094eeb7f3c1bb1262bc7e50e92b6ab35a8a570f963957dbae7a7efd5b16829996dfbf963588d4ca2cb0b30cf177a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs.js

Filesize
6KB

MD5
41ac86f9283c2acbcd605599342bba2b

SHA1
dc9138c8487512e937f951c8c058ef14c4957c72

SHA256
8c91e79663a6e5cf369867a120f2042bc89b79645f8e6185bf19e373c8523a74

SHA512
8bd7fbab94d31e56d1358fbdc9cc411128ecd5e83da24c399c2331db0b3b2608770605b0f00a9f2f4336010bc41f8e36487fa7c8cda95093b479542c316a2bb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs.js

Filesize
6KB

MD5
ce65657faab6efa72af8e29e736d9e88

SHA1
a3626b5427720b92060994847d4f547eb5787732

SHA256
49c578f92d52a87dad1d1335fddfc9307b8dbb7d9b9d23c9ac49c372364fb4cf

SHA512
d56d7a08e2a17e616fc06660f54f55779281006329dd0fcf09086be9565066061bcc811ff8f41ae29a3ca43cc2abdf3b8033c2d3edeee483150b61ca207cb5aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\serviceworker-1.txt

Filesize
190B

MD5
d17fd0a90d2c67ff31f80698c5d4b4c7

SHA1
f1fb2a3abadbb1c743101a9ca80f4fa7cd9f1b58

SHA256
aeb25b815036eeb2e89516d6461250b5d5fb57eaf2c56e35017d2c0c6c32dd8e

SHA512
d8886ccd7e9ac587105c50cecf2dae676926c0d23f9f4e5ac6507603c84ab890f38c0586cb9e88e85eab0820cea148bd2d39d54d6907fb3ecc364495363e1d06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\serviceworker.txt

Filesize
190B

MD5
f80e27f0d1f3c41b5c8a8603634d8dfa

SHA1
4fcbc7e4385a9bdd47c502bc6e36db2600ab8859

SHA256
25d11407f6d486ce7bed8446ae99e686bda7cfed29d7b42123cbc141ffc571b6

SHA512
24c20706cbbda25427e26ff952b54cc1590c74087c1e368849cc4ccefda4e52c06a7fe35a307b768fe88935378dfbbf73f36bca6c5094dcb4c015c26e6324d85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ec70614dec93e1d1650860aac5c1adf7

SHA1
4be362dec099af83f772a8a2083727e6791a46b9

SHA256
508bb726171d20d3da519784506558b6bb106d64e624f0de9dea8119f2dcafc9

SHA512
0c60b3d4da0e3af7b680d3e91911c53d5ddc9ff2df39a0bbbaf1ec86abaccd1e7b0aee1a2a5adb725275767ae47f24d4fe00c00c4d39beed6bb4d477e9fffdab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c35c802594e0fd47feaba719f064ea28

SHA1
4d9ae38af285926a90ed180b73da482cd8c71aa5

SHA256
90e278c508bbabecff0d86cbdc3a05ba6680e314385ff4e8bbc4e6bc233541b1

SHA512
ef63b52903df1e93efbd2406d2341a39a604bfc04c5b3f1653fb0305e802304e7e906973c3975d410ae28033deb913a74e2555081f942626a3515d7c7731a556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
68a386be410a8f40783c259cd3607fd0

SHA1
9d0e7287bfbdc71f0ba1ed25395602f8b687b14b

SHA256
9923514a8b9d2b424ecebb969d949e6b54c039fbff7bece090a09280c5a83bb2

SHA512
5fe0254b68fe298e6cb4f420a998153b850ed3342edc98640d9aafcd69c452a6725c61ea48faf9fbf4161e0e0fc5fefb8e05bcf5ef2fe58fbc54c21667a6187e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
4634333c42ae5b4d57529f9f573379cf

SHA1
c4e260b1572dca0b0736a47f7332252b8f66b362

SHA256
b39fb85d5295e562d01012f30da84ff0008d304344a9149b711b3502dfd530b6

SHA512
d588ae9013dff652d69cb50256c200811666102490d8a62ee1ffc70db02ace0c6ab79e9ca0d2dec1fd00761235eeb9fbdc74353d8e398f51d723925f26109126

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
59bf479d5f54e33ca35dfac8b583afc7

SHA1
e8e5b056d1da8e8c5aa8e8ef36864742bc76cfc8

SHA256
23453fcca834e2db00bf4bc80dcae4b2ed1982c6eecdba978428e5d95b64c448

SHA512
f4ca645782a1252def45678c4e293db552eedcf13826f8d285ed8396d65b00f91afbfe418a8586ff0307f2b2f2bfcfd273519ab2ce3681320215687da1b15551

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c0156f5a73e6bd32b0505b9425e6ecfb

SHA1
42fcdfda93e2d74d678687aaa36638d2619dd888

SHA256
6f5d2dbccd7065db75f89eaa85a4b7c6dd1a2aceda427be020b43b508f9bb3e3

SHA512
be98f70746fbc137618f6d70ffae82206b9b1df5ce865151fa00f2d18e15725cf71729a3fea2b429e99265629eb880094de0235e699199aa9ffbc57b51fc056b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
be7dc849e94c545d37a84d9610b5a608

SHA1
0e6ab94cf0bfb75ef5248ddd5630bc46c2cd9ab4

SHA256
1646ca5cbc61f6253628ccc2699e55816caf74551b3ec36acdcfd8861f71cd92

SHA512
2fc49f198a0508306607ba10d791d29bc02cc0b7bf9816c8b33653caf32fffb3bcbc31e97e3dffa00ad97c2d4d6d9d2491c614ab13d131c388d797e7c454ed2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5d87e9162e49ad5e7bb898907d5a6a8c

SHA1
dbc94770f1ee4790ab4eee0be6687c26f969d0ce

SHA256
fc5bedc9a6becef2d4dd5ffd7e7991a6d832ef60a45f428dc37683093637f36f

SHA512
fa47184fba855bfb863c974abf54aa4a5f80ed8754bc548b91f1970c8e699ea6d58bc6502f15cd4bfbcf32b97690ec141ba7d0ea603fb8ebb1903559c1c5ef88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
7fd69649a4eaad76cd3d669e180ec687

SHA1
bc5517270668734ad5a6ddc05a238b1e8f5e18c1

SHA256
0173eb616709d1096fe42ef401481c04b7048e6d904373b928cf2cf663402e43

SHA512
ede8b2e5125c1b3e1afeba0aecd6cf064f0328d17fdc1b54821251ec70de8aa2564a4230e24d5474d59f079c315c2e0dc4d2a763a7185a2a0cb260e907bdcc19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
7bbad37362b78f902e85ea75ba155bae

SHA1
11d6e7e1af4772cd49743cb3498090e9c1d968eb

SHA256
b7985de9742b6242f204ef7ac9a9e50352ed5775eedc4cf4da24057bb8815f87

SHA512
63a9ee686015b9937e52d6024e3035cca730ede92bcf980b64e838e27ac6c901e06bcc7375ece8fd191b808c823739627203ea5eb59019203f6ec3662e3ddad5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b1a151b3960a041e32977d8df7348618

SHA1
438958b87cb43c312f95915fb29138e1bd8abb47

SHA256
7fa304a2cdb88fb1fb456259eb320cfb15d44aaf848100a0bf9d6aee4f3ce1f4

SHA512
bcd6a60ae5857a310fdcd309b1ebb9d75c78de91b76c31b6efe8c98df5fe3c5fd220e5b3b6dc5526050f9866248673acc04769584b96e91506a6b430a6f07298

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ef96e08d58fd93edc3d4fd91ad92239f

SHA1
1f41a1582a293ef3d89fac59f36664349b7e69a4

SHA256
f86e0ee4ecb2e413e1388ba3af51eec9c456d76bab4226db8ab5083096e5e748

SHA512
8b1334dc82e731994c340c050cd5ff1d312f652a3eacd0bd7d99272dc817becd743e5b770d02957c6a7b9dc398316bf4ca403095fb76449d62265ccd33967511

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
cddb72ae043aa9473879171ed8f9c17b

SHA1
a0c441635d008e17b621c4bc3104d66695bb8d87

SHA256
7e8ad9f6b1edcf0e3eb4cec29e886c379eb32c97f4424bce3930f8329e4c7d6c

SHA512
8de3c667631ba4ec235b779fe87e61b6a7ae6d943e8f2b81969b61374f07f54a05994ddc7b3aa244fb981e429fb59feeed9d13944384821af4f1d64563e19cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
addb37c63d2bdb11470e8798ddd3a14d

SHA1
dd2fce8b6de9c89547d7427761c1d8f4dc9856e0

SHA256
d162a5cff5577f4524c85b41449cbf26830606c219063efd26de36eb35e48cce

SHA512
f83721e5fdf464a248f8c7e7caa9641e1d2151bf73209c4d879bd1a6cdec15cd2a18974e8a55645fa22c9145a5a27e985516ca00876bed9ae6cf37fc152a035c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\storage\default\https+++www.virustotal.com\cache\morgue\250\{8f311833-7c2a-4f9f-814b-967624660efa}.final

Filesize
47KB

MD5
0d1a7f5503bd4bfbdb0b16e6666bc650

SHA1
4465c8bfe03e7840ebc1f0c2098471f1065dc2a8

SHA256
d8145ba6dc19150853c958763c3432a903fd5c2dd056f823d19f4e803daa4426

SHA512
8185fff9eadf34128a42c1a7c392a58dad6a7dd4b1b9b015e91849d8068dff0992b6fb09c4033b2fcb425c942f0554d4fbbc416429d3d4c2dc1bf678137cdb89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\storage\default\https+++www.virustotal.com\cache\morgue\252\{bd2dc642-30b3-48cf-8614-c1c38f636cfc}.final

Filesize
47KB

MD5
0e4ae4f2da193311ab6ac6ed266a5cec

SHA1
4c4404ee259095e657c3a9a7b6991a2187280ca7

SHA256
af770d81f436f8ab7c8a2db88d7ccbc54048086e4b63c76e6e7a846243401393

SHA512
42ee8b45f5d2d66eb221e8bf306d0f560e998662feea7b9d83dd01bd670d25325cae6f8d5d57c1e5c744b96d7bc2a643cd9ff8a562a30cd5c697b8b5aac6a304

Download Submit
C:\Users\Admin\Downloads\calc.G7w-J-gV.zip.part

Filesize
5KB

MD5
68549c575d20b1de6c21fd6ece55939a

SHA1
7d0e49d81f77bce698445d55f96c65cf0dbac8ea

SHA256
08fd751614d81074475c81b17d9bd2ec845e3783863912f7c719c4d7a05516d7

SHA512
9623b23447c553d1f2d5a24d838b9d2b2457004f3e91406f6e924b2ba50313bfa553348351f48011cca48402fb330477788fe6efa61a4b1405a55a88db0523c0

Download Submit
C:\Users\Admin\Downloads\dllhostpgd.8uOHqGjW.zip.part

Filesize
2KB

MD5
fff0fe9a36c26ba9fb87c3a1546faa05

SHA1
c5f20feb8edf5f5b603d829a02fa70f9f49e807e

SHA256
c75733de364098b830498162a539ffddfa358dac9f3e2a942d42d541cfa6965f

SHA512
9c374f8c792e5161a544592c034d8be8ca9bbb8d719df76b3489d4aa80ee0eccf26745cad07399ac303afa64c60020fa87200542fc8e3d0d8e216bcf64564190

Download Submit
C:\Users\Admin\Downloads\dllhostpgd.8uOHqGjW.zip.part

Filesize
94KB

MD5
06ffad9cafad2804348fc8e518a41105

SHA1
50eb3a5d3bcc3c19ff227ca52da48c0903fa20de

SHA256
c0f7e2f90dea89ec73337c46ae0d862d2008608c14f9d0bd8ce8740768f694f2

SHA512
20921344acb9c0969f9924bcef053a5bcc037296946fbbbfbe23232965fa8765f3c8a6be4105570fba618335d8ad200d30d7574c9e9e2743240665caeddd8cc3

Download Submit
memory/744-581-0x00000221B37D0000-0x00000221B37D1000-memory.dmp

Filesize
4KB

Download
memory/744-577-0x00000221B3690000-0x00000221B3691000-memory.dmp

Filesize
4KB

Download
memory/744-561-0x00000221AB340000-0x00000221AB350000-memory.dmp

Filesize
64KB

Download
memory/744-545-0x00000221AB240000-0x00000221AB250000-memory.dmp

Filesize
64KB

Download
memory/744-580-0x00000221B36C0000-0x00000221B36C1000-memory.dmp

Filesize
4KB

Download
memory/744-579-0x00000221B36C0000-0x00000221B36C1000-memory.dmp

Filesize
4KB

Download