Analysis
-
max time kernel
1052s -
max time network
1017s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 23:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/NTFS123/MalwareDatabase
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
https://github.com/NTFS123/MalwareDatabase
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
https://github.com/NTFS123/MalwareDatabase
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
https://github.com/NTFS123/MalwareDatabase
Resource
win11-20240508-en
General
-
Target
https://github.com/NTFS123/MalwareDatabase
Malware Config
Extracted
C:\Users\Admin\Desktop\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (64) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file 2 IoCs
Processes:
Trojan.Ransom.WannaCry.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDABF1.tmp Trojan.Ransom.WannaCry.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDAC17.tmp Trojan.Ransom.WannaCry.exe -
Executes dropped EXE 4 IoCs
Processes:
!WannaDecryptor!.exe!WannaDecryptor!.exe!WannaDecryptor!.exe!WannaDecryptor!.exepid process 4904 !WannaDecryptor!.exe 1088 !WannaDecryptor!.exe 4028 !WannaDecryptor!.exe 2732 !WannaDecryptor!.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Trojan.Ransom.WannaCry.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Desktop\\Trojan.Ransom.WannaCry.exe\" /r" Trojan.Ransom.WannaCry.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
Processes:
flow ioc 125 raw.githubusercontent.com 126 raw.githubusercontent.com 127 raw.githubusercontent.com 176 raw.githubusercontent.com 177 raw.githubusercontent.com 178 raw.githubusercontent.com 179 raw.githubusercontent.com -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
!WannaDecryptor!.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" !WannaDecryptor!.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Kills process with taskkill 4 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 5004 taskkill.exe 3052 taskkill.exe 1580 taskkill.exe 2596 taskkill.exe -
Modifies registry class 2 IoCs
Processes:
firefox.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{05175451-9AC0-4A72-988E-6511BBE3BB2A} msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
taskmgr.exepid process 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
taskmgr.exepid process 3880 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 60 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskmgr.exeWMIC.exevssvc.exefirefox.exedescription pid process Token: SeDebugPrivilege 2596 taskkill.exe Token: SeDebugPrivilege 3052 taskkill.exe Token: SeDebugPrivilege 1580 taskkill.exe Token: SeDebugPrivilege 5004 taskkill.exe Token: SeDebugPrivilege 3880 taskmgr.exe Token: SeSystemProfilePrivilege 3880 taskmgr.exe Token: SeCreateGlobalPrivilege 3880 taskmgr.exe Token: SeIncreaseQuotaPrivilege 3984 WMIC.exe Token: SeSecurityPrivilege 3984 WMIC.exe Token: SeTakeOwnershipPrivilege 3984 WMIC.exe Token: SeLoadDriverPrivilege 3984 WMIC.exe Token: SeSystemProfilePrivilege 3984 WMIC.exe Token: SeSystemtimePrivilege 3984 WMIC.exe Token: SeProfSingleProcessPrivilege 3984 WMIC.exe Token: SeIncBasePriorityPrivilege 3984 WMIC.exe Token: SeCreatePagefilePrivilege 3984 WMIC.exe Token: SeBackupPrivilege 3984 WMIC.exe Token: SeRestorePrivilege 3984 WMIC.exe Token: SeShutdownPrivilege 3984 WMIC.exe Token: SeDebugPrivilege 3984 WMIC.exe Token: SeSystemEnvironmentPrivilege 3984 WMIC.exe Token: SeRemoteShutdownPrivilege 3984 WMIC.exe Token: SeUndockPrivilege 3984 WMIC.exe Token: SeManageVolumePrivilege 3984 WMIC.exe Token: 33 3984 WMIC.exe Token: 34 3984 WMIC.exe Token: 35 3984 WMIC.exe Token: 36 3984 WMIC.exe Token: SeIncreaseQuotaPrivilege 3984 WMIC.exe Token: SeSecurityPrivilege 3984 WMIC.exe Token: SeTakeOwnershipPrivilege 3984 WMIC.exe Token: SeLoadDriverPrivilege 3984 WMIC.exe Token: SeSystemProfilePrivilege 3984 WMIC.exe Token: SeSystemtimePrivilege 3984 WMIC.exe Token: SeProfSingleProcessPrivilege 3984 WMIC.exe Token: SeIncBasePriorityPrivilege 3984 WMIC.exe Token: SeCreatePagefilePrivilege 3984 WMIC.exe Token: SeBackupPrivilege 3984 WMIC.exe Token: SeRestorePrivilege 3984 WMIC.exe Token: SeShutdownPrivilege 3984 WMIC.exe Token: SeDebugPrivilege 3984 WMIC.exe Token: SeSystemEnvironmentPrivilege 3984 WMIC.exe Token: SeRemoteShutdownPrivilege 3984 WMIC.exe Token: SeUndockPrivilege 3984 WMIC.exe Token: SeManageVolumePrivilege 3984 WMIC.exe Token: 33 3984 WMIC.exe Token: 34 3984 WMIC.exe Token: 35 3984 WMIC.exe Token: 36 3984 WMIC.exe Token: SeBackupPrivilege 3928 vssvc.exe Token: SeRestorePrivilege 3928 vssvc.exe Token: SeAuditPrivilege 3928 vssvc.exe Token: SeDebugPrivilege 612 firefox.exe Token: SeDebugPrivilege 612 firefox.exe Token: SeDebugPrivilege 612 firefox.exe Token: SeDebugPrivilege 612 firefox.exe Token: SeDebugPrivilege 612 firefox.exe Token: SeDebugPrivilege 612 firefox.exe Token: SeDebugPrivilege 612 firefox.exe Token: SeDebugPrivilege 612 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
taskmgr.exepid process 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
taskmgr.exepid process 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe 3880 taskmgr.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
!WannaDecryptor!.exe!WannaDecryptor!.exe!WannaDecryptor!.exe!WannaDecryptor!.exefirefox.exepid process 4904 !WannaDecryptor!.exe 4904 !WannaDecryptor!.exe 1088 !WannaDecryptor!.exe 1088 !WannaDecryptor!.exe 4028 !WannaDecryptor!.exe 4028 !WannaDecryptor!.exe 2732 !WannaDecryptor!.exe 2732 !WannaDecryptor!.exe 612 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Trojan.Ransom.WannaCry.execmd.execmd.exe!WannaDecryptor!.execmd.exemsedge.exefirefox.exefirefox.exedescription pid process target process PID 3964 wrote to memory of 2224 3964 Trojan.Ransom.WannaCry.exe cmd.exe PID 3964 wrote to memory of 2224 3964 Trojan.Ransom.WannaCry.exe cmd.exe PID 3964 wrote to memory of 2224 3964 Trojan.Ransom.WannaCry.exe cmd.exe PID 2224 wrote to memory of 4732 2224 cmd.exe cscript.exe PID 2224 wrote to memory of 4732 2224 cmd.exe cscript.exe PID 2224 wrote to memory of 4732 2224 cmd.exe cscript.exe PID 3964 wrote to memory of 4904 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 4904 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 4904 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 3052 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 3052 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 3052 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 5004 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 5004 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 5004 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 2596 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 2596 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 2596 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 1580 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 1580 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 1580 3964 Trojan.Ransom.WannaCry.exe taskkill.exe PID 3964 wrote to memory of 1088 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 1088 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 1088 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 4856 3964 Trojan.Ransom.WannaCry.exe cmd.exe PID 3964 wrote to memory of 4856 3964 Trojan.Ransom.WannaCry.exe cmd.exe PID 3964 wrote to memory of 4856 3964 Trojan.Ransom.WannaCry.exe cmd.exe PID 4856 wrote to memory of 4028 4856 cmd.exe !WannaDecryptor!.exe PID 4856 wrote to memory of 4028 4856 cmd.exe !WannaDecryptor!.exe PID 4856 wrote to memory of 4028 4856 cmd.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 2732 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 2732 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 3964 wrote to memory of 2732 3964 Trojan.Ransom.WannaCry.exe !WannaDecryptor!.exe PID 4028 wrote to memory of 1416 4028 !WannaDecryptor!.exe cmd.exe PID 4028 wrote to memory of 1416 4028 !WannaDecryptor!.exe cmd.exe PID 4028 wrote to memory of 1416 4028 !WannaDecryptor!.exe cmd.exe PID 1416 wrote to memory of 3984 1416 cmd.exe WMIC.exe PID 1416 wrote to memory of 3984 1416 cmd.exe WMIC.exe PID 1416 wrote to memory of 3984 1416 cmd.exe WMIC.exe PID 2976 wrote to memory of 1376 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 1376 2976 msedge.exe msedge.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 3000 wrote to memory of 612 3000 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe PID 612 wrote to memory of 4712 612 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NTFS123/MalwareDatabase1⤵PID:4664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3924 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵PID:4740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3644 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵PID:4316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4928 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:3048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5476 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:3700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5360 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵PID:4892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5472 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:4012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=3896 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵PID:2476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6376 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6576 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:4160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6840 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:1580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6700 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:4740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6340 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:1424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6352 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵PID:4616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5884 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:4700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6940 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:2596
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4564
-
C:\Users\Admin\Desktop\.exe"C:\Users\Admin\Desktop\.exe"1⤵PID:5036
-
C:\Users\Admin\Desktop\Trojan.Ransom.WannaCry.exe"C:\Users\Admin\Desktop\Trojan.Ransom.WannaCry.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3964 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 238381719014520.bat2⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\cscript.execscript //nologo c.vbs3⤵PID:4732
-
C:\Users\Admin\Desktop\!WannaDecryptor!.exe!WannaDecryptor!.exe f2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4904 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im MSExchange*2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3052 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im Microsoft.Exchange.*2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5004 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlserver.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2596 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlwriter.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1580 -
C:\Users\Admin\Desktop\!WannaDecryptor!.exe!WannaDecryptor!.exe c2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088 -
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b !WannaDecryptor!.exe v2⤵
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Users\Admin\Desktop\!WannaDecryptor!.exe!WannaDecryptor!.exe v3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4028 -
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3984 -
C:\Users\Admin\Desktop\!WannaDecryptor!.exe!WannaDecryptor!.exe2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:2732
-
C:\Users\Admin\Desktop\Trojan.Ransom.WannaCry.exe"C:\Users\Admin\Desktop\Trojan.Ransom.WannaCry.exe"1⤵PID:800
-
C:\Users\Admin\Desktop\.exe"C:\Users\Admin\Desktop\.exe"1⤵PID:4924
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5368 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵PID:2768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6304 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:4876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5920 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵PID:4756
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x234,0x238,0x240,0x23c,0x260,0x7ffc9b282e98,0x7ffc9b282ea4,0x7ffc9b282eb02⤵PID:1376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2296 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:22⤵PID:412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2436 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:32⤵PID:3104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2460 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:3724
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:5272
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:5284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4516 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:5616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:5620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4680 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:5508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4624 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:5952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4720 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:3996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2300,i,3873757263937701938,1927759491208156345,262144 --variations-seed-version /prefetch:82⤵PID:5280
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:612 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.0.185257069\2087519554" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1812 -prefsLen 18084 -prefMapSize 231738 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {696b40c4-0b6f-4b36-8d2f-f75367c0038a} 612 "\\.\pipe\gecko-crash-server-pipe.612" 1924 2aad3e06e58 socket3⤵PID:4712
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.1.812320892\1965477695" -parentBuildID 20221007134813 -prefsHandle 2476 -prefMapHandle 2432 -prefsLen 19120 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7dbbef5-5ac3-498a-b227-7694a9a1f841} 612 "\\.\pipe\gecko-crash-server-pipe.612" 2200 2aad4a0f258 gpu3⤵PID:5060
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.2.1087064114\306279018" -childID 1 -isForBrowser -prefsHandle 3548 -prefMapHandle 3528 -prefsLen 19749 -prefMapSize 231738 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6686f8c8-472a-4e66-a90a-1bf6db783966} 612 "\\.\pipe\gecko-crash-server-pipe.612" 3460 2aad6856c58 tab3⤵PID:4528
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.3.2026397920\1594883081" -childID 2 -isForBrowser -prefsHandle 4308 -prefMapHandle 4296 -prefsLen 19937 -prefMapSize 231738 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37bccb27-af92-48c2-9a9f-a824cc64ec3f} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4288 2aad816f858 tab3⤵PID:2800
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.4.827840246\222830353" -childID 3 -isForBrowser -prefsHandle 4104 -prefMapHandle 4156 -prefsLen 26639 -prefMapSize 231738 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d344cc22-aa73-47f9-9c1c-d1de303e73b5} 612 "\\.\pipe\gecko-crash-server-pipe.612" 2120 2aad914ab58 tab3⤵PID:4940
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.5.1018860650\1581063163" -parentBuildID 20221007134813 -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 27584 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {818c7044-f25d-44a8-8fdf-0078d1ee8725} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5040 2aac705f858 rdd3⤵PID:5164
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.6.1421824773\371863377" -childID 4 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 27663 -prefMapSize 231738 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50217e9c-622f-4ab6-9c98-4634c7ff422c} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5272 2aad91bdb58 tab3⤵PID:5444
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.7.1726336166\1791663956" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27663 -prefMapSize 231738 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5010816-fcdf-4412-b30a-606031f30e65} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5384 2aadac91c58 tab3⤵PID:5456
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.8.1697840855\173770590" -childID 6 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27663 -prefMapSize 231738 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b23998a-e5e3-4aee-8513-e1cb5eec3232} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5576 2aadacd9e58 tab3⤵PID:5464
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.9.1632707634\1154490927" -childID 7 -isForBrowser -prefsHandle 4348 -prefMapHandle 2976 -prefsLen 27945 -prefMapSize 231738 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8c23e8b-539a-4a7a-a154-78377e030c6a} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4232 2aad91bfc58 tab3⤵PID:6056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
Filesize102B
MD57d1d7e1db5d8d862de24415d9ec9aca4
SHA1f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA5121688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477
-
Filesize
280B
MD51b62ac9b8695ce31f2168f4f07ebffb8
SHA13867dd9b5f76d68880249c2d1fa90e1ecae10162
SHA2567902dcd3ad70bc79117127d0c6ae12b489767ff9c6b9b15f3773c0c5f8a10fde
SHA5123dd3de6e3efb4bcfcb86aa10b29ff6a6531acf81a2d6b9f1c7ad07d8e784e9799aea511dbf28a2967739d919b9ee4bea1c9d24b65f864430c76df8c92452e53e
-
Filesize
280B
MD5511863cdc88ca83ae54f1381a44ba119
SHA123d75453a5c37c8bb77bab5ec9b8b7a718b86829
SHA256921611afe7ceced435281923c1dd868253f656906651b2fe942257bcf11331b9
SHA5120202456171441bc613bb6b3a5c5038ed7859debfa48e51d638add9144cd86108d91fa56094f0f723bdd64fcd5b31829dcb4a13830a754a229ef981acbeb0827d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2KB
MD5e8d296f67f030b4e744c72fd4e7af353
SHA10e68a5ac6e26b0398908b9a6e38f9151720a6fc5
SHA256f83c22a262bbe196125f94a2681afe9a4ecb0ed66732fce0c863896a8963ff97
SHA5120cbd9af90495c4357af8bc7822c95a77f880d88dd3987d279486abe4df59a5d7cd824b2842370d4c614f6b915b78f0b7a75448f69b04107dcbcbda5fc609f88e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
12KB
MD585a8e7d596fa5679e45a08b61cd6d508
SHA1d9df0c1633400aa2abcf806962f1dca4f8dab98c
SHA2569b6f59fe1ad4ac1818d10bf2e70acbac160ca704adb00d5034f3735657eeea3c
SHA512e7acd8c03aff8f2ed79c372bbdbc88fa404bd7391562a181ab93175c4657f51e57268e2623b80c68066aa8201b4ec4e6bf5bda1488614992eb28ba0f718e8db3
-
Filesize
30KB
MD5dfe3bb3fe1371133cfd30cd865824cfa
SHA188bb2c95c28f5acb555a65a54a5930023f4b0b06
SHA2561b69b3903f81e8e6ea37dc3c4bfdf643a44590613a4b82909aad992f3c0acc99
SHA512d0edb65d71a85e4a744c90d1b8cac6c3159d7e1232b03a4157c74d624cd0bfa8e5a5f9c7ed2d6e01327e7093b8f06152aebeb562c7589da2eb2eebf8a6d80b2b
-
Filesize
80KB
MD5ed4d47888f0d38a9718ca8a498498925
SHA10cf6292930028cc982cf0ab6aaaff6bcc29eb74a
SHA256047ea0f01cf99a9f2a78366cb54473a7eb7a838ea7c7b5f02c1dbba92929bf4e
SHA51289da111313da91b0d75975088969c71f2ed5c96e72cc8029802ca241e7ef22ae6b1d5cf36b9cdc3cc0b33226bf2504daa4057a9fe0b7fa827178d0e7bb7a0b01
-
Filesize
90KB
MD5a769b213bffb34a3488746cd34f6a911
SHA1a8182748bfdfa3fe02af7c4d01ffd09a2035bd9e
SHA25667a9f9299e180f0ad84f2b466a73899bbd6fc37c434e79af9d3e7ddd1a0cbdee
SHA51272b21b28ea831a5ce830881d7d13a23d4edf7da79d79f3199cbe1f7f51dc6ca3e973bb6ab8b367a2e7cd5ef0d4ec80f1c00b58a167dd49d8e921a10ebd518ce2
-
Filesize
24B
MD52dd3f3c33e7100ec0d4dbbca9774b044
SHA1b254d47f2b9769f13b033cae2b0571d68d42e5eb
SHA2565a00cc998e0d0285b729964afd20618cbaecfa7791fecdb843b535491a83ae21
SHA512c719d8c54a3a749a41b8fc430405db7fcde829c150f27c89015793ca06018ad9d6833f20ab7e0cfda99e16322b52a19c080e8c618f996fc8923488819e6e14bb
-
Filesize
24B
MD5635e15cb045ff4cf0e6a31c827225767
SHA1f1eaaa628678441481309261fabc9d155c0dd6cb
SHA25667219e5ad98a31e8fa8593323cd2024c1ca54d65985d895e8830ae356c7bdf1d
SHA51281172ae72153b24391c19556982a316e16e638f5322b11569d76b28e154250d0d2f31e83e9e832180e34add0d63b24d36dd8a0cee80e8b46d96639bff811fa58
-
Filesize
24B
MD52d84ad5cfdf57bd4e3656bcfd9a864ea
SHA1b7b82e72891e16d837a54f94960f9b3c83dc5552
SHA256d241584a3fd4a91976fafd5ec427e88f6e60998954dec39e388af88316af3552
SHA5120d9bc1ee51a4fb91b24e37f85afbf88376c88345483d686c6cff84066544287c98534aa701d7d4d52e53f10a3bea73ee8bc38d18425fde6d66352f8b76c0cbb5
-
Filesize
24B
MD5d192f7c343602d02e3e020807707006e
SHA182259c6cb5b1f31cc2079a083bc93c726bfc4fbf
SHA256bb4d233c90bdbee6ef83e40bff1149ea884efa790b3bef496164df6f90297c48
SHA512aec90cf52646b5b0ef00ceb2a8d739befe456d08551c031e8dec6e1f549a6535c1870adb62eec0a292787ae6a7876388dd1b2c884cba8cc6e2d7993790102f43
-
Filesize
24B
MD52a8875d2af46255db8324aad9687d0b7
SHA17a066fa7b69fb5450c26a1718b79ad27a9021ca9
SHA25654097cccae0cfce5608466ba5a5ca2a3dfeac536964eec532540f3b837f5a7c7
SHA5122c39f05a4dffd30800bb7fbb3ff2018cf4cc96398460b7492f05ce6afd59079fd6e3eb7c4f8384a35a954a22b4934c162a38534ad76cfb2fd772bcf10e211f7c
-
Filesize
24B
MD5f732bf1006b6529cffba2b9f50c4b07f
SHA1d3e8d4af812bbc4f4013c53c4ffab992d1d714e3
SHA25677739084a27cb320f208ac1927d3d9c3cac42748dbdf6229684ef18352d95067
SHA512064d56217aeb2980a3bfaa1e252404613624d600c3a08b5cf0adcb259596a1c60ee903fdc2650972785e5ae9b7b51890ded01ec4da7b4de94ebda08aeaf662df
-
Filesize
24B
MD5fc94fe7bd3975e75cefad79f5908f7b3
SHA178e7da8d08e8898e956521d3b1babbf6524e1dca
SHA256ee1ed3b49720b22d5fda63d3c46d62a96ca8838c76ab2d2f580b1e7745521aa5
SHA5124ceaf9021b30734f4ce8b4d4a057539472e68c0add199cf9c3d1c1c95320da3884caf46943fc9f7281607ab7fa6476027860ebed8bbaa9c44b3f4056b5e074d3
-
Filesize
24B
MD5379523b9f5d5b954e719b664846dbf8f
SHA1930823ec80b85edd22baf555cad21cdf48f066aa
SHA2563c9002caedf0c007134a7e632c72588945a4892b6d7ad3977224a6a5a7457bf4
SHA512eca44de86bbc3309fa6eab400154d123dcd97dc1db79554ce58ce2426854197e2365f5eee42bac6e6e9455561b206f592e159ef82faf229212864894e6021e98
-
Filesize
24B
MD55f243bf7cc0a348b6d31460a91173e71
SHA15696b34625f027ec01765fc2be49efcfd882bf8e
SHA2561b1aed169f2acfae4cf230701bda91229cb582ff2ce29a413c5b8fe3b890d289
SHA5129e08dfbbf20668b86df696a0d5969e04e6ee4a67e997ff392099bc7ff184b1b8965502215744be7fe423668b69099242bba54df3f0bfe4e70acdc7cad8195b02
-
Filesize
24B
MD5db7c049e5e4e336d76d5a744c28c54c8
SHA1a4db9c8586b9e4fa24416eb0d00f06a9ebd16b02
SHA256e8830e7ac4088cf3dd464caec33a0035d966a7de5ae4efc3580d59a41916ff7b
SHA512b614037fb1c7d19d704bf15f355672114d25080223e7ee4424ad2cb7b89782219e7877b373bbc7fa44f3ad8df8a27eef4e8ccc765d44ec02a61e3b7fae88ae69
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\activity-stream.discovery_stream.json.tmp
Filesize26KB
MD58d8b7bb936a40f03eea1081e3fb163d7
SHA156c761d415b4025a8cf5c8629f25b554540cb129
SHA256ba9b278ebbd6a788a9b9dfada6b76f77f749870979e67de88eee5d193bf93908
SHA5125d1d538576410a6cc1f08b68b3680de676d1f48229d091909c08f03676b4198a48702d8e9b9f3931ec6976577ba243dc61d2fd0cf20ad39d425902740852ffc5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\BC0DEF32A0157EF46FE3978BA10BDBC89D00D071
Filesize213KB
MD5ebeaf6e6bcff82351d16bbe0f63cc569
SHA1df2aa8f75aafd410ebf5614083f1331a6c4bea73
SHA2566df08b70ac844c1acc72aefbd9b4efc7c8ca50728205e5c4fdd23658c914538b
SHA5129bc075014d5f815ca5ebcf62508ea9bbcb5b6e61fbbc16a2198d78a3a52b1a10e7765d2a0ef7bcaca741d831288700d3d0c762999e22ddb08e34a2a0cb9a2158
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize7KB
MD50e828496497b4f0058a4fbdeccf69522
SHA12ecb0e5381a3394d1eaf4128dc926ebf2b41d506
SHA2568d2cb47a82067992acae15aed29f2b7fbfb930d42a4cdd3e6dd978c0ff179027
SHA5127462029f0c7d2fcd4d465dad5c2dc617c7bdc7913d3d667a51c7a394a12e01f39e4f6017666b04362fe2d165adcbfd784fc81499dfeb786da37fa4bb57f08634
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize9KB
MD5abc826c3ec1d3d48b832d510452c3910
SHA1b96caf0de1a69cba806c9067e0e2bb0d172960a5
SHA256f79064333ad184391e62343ed5abc4f9a462c11b2b63f047ddf35128f600f335
SHA5125def6fd17c81c8e77ae850dd766665923e74fd4f6a05c58e75d490dfaeee9b56de6045410bbb71f3814ea74e95ca6347d3cc9c16a469da84f18ac2ecf2ebc63c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\a93eea16-4369-4e44-b3c6-20099c808eeb
Filesize734B
MD5eded9411c67d679d1bccebcc1fcb3620
SHA168d1f3eb7f950e8fe965f9caa91bb34d897ac805
SHA256a1fab3217184c1e3ef2291f9c550433d49a811a18de12e6b1525ee1136e5871c
SHA512f56a39cbb44d64176f37130f33150082cc54e45bbb96143bc88b8a5ddb5277904c53a0f75c0f6df48551d3a3ba178ceb352c05969367a32172453b6e5398d6e6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\extensions.json.tmp
Filesize42KB
MD5d316758c0849b1c7cfe7b59e81343bca
SHA1f2e3aab01effc7f70d27f669f0ba922d93b726f7
SHA2560125a1b596661914a43205a9d30bd64516c82f38d913ebcfabe24cdd4eb095da
SHA512e2c1d8de66bb369448d35c93a34f35b8ea9d72dbf05a169b77ea263c91a5d4c311fe3e5a1a8a3b847ee837d16381106b5458bb13bf01dc45311c3e198e087823
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
288KB
MD5fa953c16fdbd75ab9471bc02fd360056
SHA126242b4c8850547fa428b21eaf900beceb297a88
SHA25642c3398cd82b9ce54b1b20f4450ec3f2b0432bdcf92918f7ab56e21d326202e6
SHA51280e0585c124bdbd90b31f9e570ffc3d17045e81ef30254ce4d83808fad5b91b3c275789bc127e79343d754565a767e8b79cfed40a3046d715f8b9a2cf233b36e
-
Filesize
5KB
MD50a76b1c3e984e946a91db0865ef27648
SHA160c0e73f233ee8271f59589807ea49a485e10baa
SHA256a8583a1515cbd32c5d9cbd342f2a6f193dc7ef60f5b2cbd621662dfd76a0d6c2
SHA512d29addeeb44889741e57707652383634fa0a301646e45459d71aa988245c824aaff69e866868b4f6be657a94efcdaa16eed1916067d35376308b044c8df18710
-
Filesize
6KB
MD5e2934584ed2c6f5bb9a892723dfdc2cb
SHA1563bb3317b3dd87213f2593563b1a9833e380dee
SHA256f77ff59f1e618b1d46757b46cc26c2b42bd5bd4774d8441f8144d95aaf0c3356
SHA5126e224eb1a231358ae248323377388014964746d3d4d77057cfebbafc96ca55b9782403d23f1cf5af8c13fcc820fa65a47e291998556181eee0162d6bd95f5cbe
-
Filesize
6KB
MD57e5312877a3c09ce83a67dbc626a2c89
SHA1722cf8fb6a703d7de83ea022e896bed9251adcbe
SHA25634f214c7ab92f3ca16413a62f16810b7401f1028f0a9ce5552839ce8e7e5977f
SHA512553c39cf07deee40fc053532b2743e31a280ace83a3f862b809a11a9c9d173be004ab53a34298190d230b4fab666326bbfc70a7077e4db2a5f9cb6f75ee1f3c6
-
Filesize
2KB
MD5925e4f55748e96947d12181822fd00e6
SHA1ce72ce2731762ffcab32946f6844fb1b3711d983
SHA256fa427e14c8b72115f73c0be201d964cfc2ed625ddaeeb892f8f1ef3c87fe9a4d
SHA512387e2b715bc42c0d4cecc886399e9252fc7178b0adfc9675bd145c972beba0c5ee4fff5945fc5a53ab5fb64855adde1df292f8fc167604c09bf93a76d4b625b8
-
Filesize
2KB
MD55699b712513f6aff0c4be9d32de4340a
SHA1e0555f56ec3c4f8b181499ad843146409a40025e
SHA25607b6bbf35bf2d48218305d78f4d29dcbc6c1942d8ac7a083f295e337207d4e1b
SHA51254f40f4ecb944af6a75e1905847359133c99e7445dd8e29f6bbde59d5105170a7dbbc87d8fda5c9adefc9c4887ed9114136cc1077aee37e859dcf6cbe419cd31
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD55936108fab75963c500de6dde2a74da1
SHA1828149aab2f2551d5486c88b5db550f98510ab79
SHA25677b0ae3054ef4f9a0cc8d35a1b4ba6670b86c3e8947ed0ca493da4181b65ef70
SHA512139a14879b3a3b393b4c5026e0d9f43d125bbd34d66f35b81288c3113c4abb93db33286d20fc73b8e2a8edd1d9111e65d75257ee50a8a35c12f7872b88becd60
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5fe0504bef5a0b40f1d700185647db9a3
SHA171aee53fe95b6630b39a3d25f9854809c9738a4f
SHA25610189ea7ef76a5e9e578f49261fbf96366b80d70f2e50da7dcff635169a5550e
SHA51293513931d928f8135d11c226b785b38a5e6e8796fa3bdbc26cabced56c5d51129b6e4a483c7aa6cce7fc3b2d574cc1d2fa73de2b051e252cbc3fd67c9e37bfca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD599d99d8bb3aff1924fd73777fdb69a00
SHA1871ee40e9ad98a526f537e8a99f679aca2c0c74a
SHA2569e0b4bab4b1ff417ef1000aa65f841a4f62953f76159b643ffe4fe48cbd4c890
SHA512c4268f469fdf1afb243346fce6157f3dabfb5c53bfece48ca22888ff340ac90e08d070a5c152bc16195aabde4aea41618d4814b0125d0e45149bf1013c4afaac
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5b01efd0877d8bb4a5d754d6d5a5922cf
SHA16dfaecd4219afbb206185171c64c777e9c73ae21
SHA256ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA5126f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086
-
Filesize
797B
MD5afa18cf4aa2660392111763fb93a8c3d
SHA1c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA5124161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b
-
Filesize
588B
MD552f90a6d311692b710caf121b6cbf189
SHA11da7633680fc3f84d238407dc91e8bcb840dd759
SHA256aa3675738ef72a095a45369087cf9074e3559a5b17285dec599a1dda4085057d
SHA512e9aa80a38e92a0bd1e8a1ccfc2a33310586b27b9a7ff1db5bc4491987ab3141e30f2e3c8cc97b71742d27913c079d1a139c85f39538fc819fc17e941ee6b20b5
-
Filesize
1KB
MD56c4527571525c0dabb66d4dc40d29c93
SHA126e96ae0355578dd6b00b1fd985898b57a4088af
SHA256a33ca9628b341b2b341fb52ecaa6cae589406e0cbf3dbf4fa521503184b4f95b
SHA512138926289ab20de3f0cce2a3ab119ba2ce674cb19d2e1d82e2f14c45ed24f89a7b37c55155fdc54c112b113ccad79d13b52bfcb727ad8f4a76f34fb5893698a0
-
Filesize
136B
MD5a8d8cd93b1e2a7afb631230a6312ab18
SHA1410c92c472a43f8825d680382a1d129c970db687
SHA25687cd593146143171699cff9e457283d11cf88cf5446934def19cbb71854105df
SHA512bd5a4eb5e3c28ab4abbf909a68c06cbeeda65b2b8214fc316845e0337e6ae43d7933eb7aa6fafb41ccbfd97c163ea12d326f147879f6242f43b7ba29fdcd90d9
-
Filesize
136B
MD5c589b66e542b2dad089d10a6fc066646
SHA1d55ddb35180c4083248d166e7eb1fee95be74534
SHA256041d8e8e676f8cf647b06fe1fd8379f50e282d251f0d7f7e98462044e178f998
SHA512338b5a33c7bba369754c30b922e42a58501a0dd23612aac2baa41139af67a5e33845ec2652476d238f7c4b0c43e6b0507d56c75de239d47376adb066afc70296
-
Filesize
136B
MD506afe1d5e1d72b014efdad8bbbde92b5
SHA1da74cc76652ac2081a73e9792fde0440fffb6b22
SHA256c24f97c01f931f01179d2d0a6ff1b3d1f066606f04e6c08a854850b772ebb128
SHA51283f8c1b7e4605c697734bc6072292c88095d54b0ff6664f223f5308bf28d535dbbbef3f7bdec725099a30d84acb40ae14ae2cc21f701c3148d2b93f8d7fd68a6
-
Filesize
136B
MD5c72fbe8dbd688766497e542bae13625f
SHA169fa81c9658cc2f7a8c866f26933efec2c6cd198
SHA2564904b332f305a64152f8bccaafc3b5066733d070ea82ec3a4bb0f25555ea5336
SHA51214d1d2345b5631f91873e44e8b53292529addb2a225321b597e3a6ae91c4f58a1fa643edeb79d6101238888389b609113210a993205dacd363da79d274acf076
-
Filesize
136B
MD58ec1caa9ad9de90c868ac91d2ee1e4e0
SHA1d32478e1c47ee14dfeb66b8283d9c9f4a8a83784
SHA25695a5048c87c551baddd9ec92aa297cee9fc5479cac2d6b9e73cea8c8a2be3c36
SHA5121d3e9fb56b951e857f528bd58691baeb83b9f6278541c3a58fbc4a7c31ebf2f453f25cd3952c73db42b985b91f2bca486aae72db78ee2da56fd74aee2148ace6
-
Filesize
314B
MD5a112cca9dc4d4389853960a4090375ee
SHA1a41ef3b4ca3e316d1bc4095aedf80b07ccc2d045
SHA25616cc3752392a4575db02c89c72f0808bd7e6b37ed5c69490a248b9309907c7b3
SHA512470af17cc72848693327b30794a6f6d00ae77693780645259b5ed02256e3b1a9dd895489eca7e6a0dd558ce40e6e18ee3c3666fe0119935e6a1ca1bcb7e0ccd0
-
Filesize
197B
MD567ac56e98bdb0c90862e8472916f11ab
SHA1f961a11be9a04743f3e053a2bf46c12b9471fd28
SHA2566e20336f20c42fc21f30dc362dfea245333b195597a42bb7c87143283be8ea10
SHA51224267afc873e725d2c07bf51ce5b7e40026966a94919624baeb0d605770b9e64164948f9330b7e1910a913651b58132bffc76ceb4f0f8a5cecb9a56349bbc1da
-
Filesize
628B
MD5663e55df21852bc8870b86bc38e58262
SHA11c691bf030ecfce78a9476fbdef3afe61724e6a9
SHA256bf22e8e18db1638673f47591a13d18ee58d8c6019314bab5a90be82ae3dc9538
SHA5126a54be1fa549633a2fd888c559207437b8f6efda98bb18d491c8749f39e9754f1e680fa8e2d623777b5f665b2c04d19385c75ce4e61fb251db16018963a9a6f9
-
Filesize
628B
MD5f4d41dbfea26a00d04d9d10c246f16e1
SHA1767a21b282eb477ac3113f0c9897a7fd51b36151
SHA2569680a08573a466a8284aca8b39baaf34a7258313b21c0725d48f2e650ae2753a
SHA512540eca179e86a71f57c617444b9c330d2e971af68440c7d326e62548d1d5ab5c60dba86780b6b510fde52e7033f0965138c56616bc146c09527c45f9a633da3c
-
Filesize
42KB
MD5980b08bac152aff3f9b0136b616affa5
SHA12a9c9601ea038f790cc29379c79407356a3d25a3
SHA256402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496
-
Filesize
729B
MD5880e6a619106b3def7e1255f67cb8099
SHA18b3a90b2103a92d9facbfb1f64cb0841d97b4de7
SHA256c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35
SHA512c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243
-
Filesize
68KB
MD55557ee73699322602d9ae8294e64ce10
SHA11759643cf8bfd0fb8447fd31c5b616397c27be96
SHA256a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825
SHA51277740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e
-
Filesize
236KB
MD5cf1416074cd7791ab80a18f9e7e219d9
SHA1276d2ec82c518d887a8a3608e51c56fa28716ded
SHA25678e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA5120bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e