hxxps://whatismybrowser[.]com/

Analysis

max time kernel
1015s
max time network
1017s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/08/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://whatismybrowser.com/

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	SecHealthUI.exe
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	SecHealthUI.exe
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoEscape.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	608	firefox.exe
Token: SeDebugPrivilege	232	firefox.exe
Token: SeDebugPrivilege	232	firefox.exe
Token: SeDebugPrivilege	232	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
608	firefox.exe
608	firefox.exe
608	firefox.exe
608	firefox.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
608	firefox.exe
608	firefox.exe
608	firefox.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
608	firefox.exe
608	firefox.exe
608	firefox.exe
608	firefox.exe
608	firefox.exe
608	firefox.exe
608	firefox.exe
3660	SecHealthUI.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe
316	SecHealthUI.exe
1188	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 612 wrote to memory of 608	612	firefox.exe	74
PID 608 wrote to memory of 3032	608	firefox.exe	75
PID 608 wrote to memory of 3032	608	firefox.exe	75
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 1612	608	firefox.exe	76
PID 608 wrote to memory of 3468	608	firefox.exe	77
PID 608 wrote to memory of 3468	608	firefox.exe	77
PID 608 wrote to memory of 3468	608	firefox.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://whatismybrowser.com/"
1⤵
- Suspicious use of WriteProcessMemory
PID:612
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://whatismybrowser.com/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.0.6058738\210126510" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1656 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb2f259-e3a3-4620-99f6-5ffe954e827b} 608 "\\.\pipe\gecko-crash-server-pipe.608" 1760 1c5272c2558 gpu
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.1.1996742259\2040619766" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fda8a0c0-6bae-4469-8878-91288a1dcce7} 608 "\\.\pipe\gecko-crash-server-pipe.608" 2136 1c5271fce58 socket
    3⤵
    - Checks processor information in registry
    PID:1612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.2.1948610829\716469241" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2672 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {321584fd-55dd-43e0-856d-1a7a17876610} 608 "\\.\pipe\gecko-crash-server-pipe.608" 2764 1c52b2dca58 tab
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.3.1648121334\1147923601" -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60bf7655-a8be-4f30-b17d-865b42e50732} 608 "\\.\pipe\gecko-crash-server-pipe.608" 3780 1c52c65e358 tab
    3⤵
    PID:4492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.4.1507056175\1497851087" -childID 3 -isForBrowser -prefsHandle 4604 -prefMapHandle 4600 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6f291ef-b823-4b53-9ba2-beab415a974c} 608 "\\.\pipe\gecko-crash-server-pipe.608" 4612 1c52d73d258 tab
    3⤵
    PID:3860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.5.1778203914\1959047794" -childID 4 -isForBrowser -prefsHandle 4752 -prefMapHandle 4756 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eacea91-9ff0-4053-88cb-f087dea3671c} 608 "\\.\pipe\gecko-crash-server-pipe.608" 4836 1c52e4f6258 tab
    3⤵
    PID:1296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.6.1835214094\1926175977" -childID 5 -isForBrowser -prefsHandle 4944 -prefMapHandle 4948 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db6e5ba5-aafe-438d-b93b-49a827dd158c} 608 "\\.\pipe\gecko-crash-server-pipe.608" 4736 1c52e4f6b58 tab
    3⤵
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.7.1683532427\224299245" -childID 6 -isForBrowser -prefsHandle 5520 -prefMapHandle 5516 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6120e572-4b48-4b12-b277-5d3eac189773} 608 "\\.\pipe\gecko-crash-server-pipe.608" 5528 1c52a966358 tab
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.8.279731456\1974851092" -childID 7 -isForBrowser -prefsHandle 5680 -prefMapHandle 5684 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b21c5aa-7afc-4aee-8939-2222a5b0c153} 608 "\\.\pipe\gecko-crash-server-pipe.608" 5668 1c52a966658 tab
    3⤵
    PID:164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.9.2090703732\836612015" -childID 8 -isForBrowser -prefsHandle 5880 -prefMapHandle 5884 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3bfc55b-817c-4001-8fcb-1555ac95b133} 608 "\\.\pipe\gecko-crash-server-pipe.608" 5872 1c52b252758 tab
    3⤵
    PID:4324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="608.10.578941245\1257872012" -childID 9 -isForBrowser -prefsHandle 6120 -prefMapHandle 4832 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1f3c6a4-e6d9-404d-b4c4-b7f74e114ae0} 608 "\\.\pipe\gecko-crash-server-pipe.608" 5752 1c52fc8a158 tab
    3⤵
    PID:1264

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:3660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1144
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.0.1683543077\1090609464" -parentBuildID 20221007134813 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 21915 -prefMapSize 234158 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bebde43-e9f3-417b-9057-d898d5e8970b} 232 "\\.\pipe\gecko-crash-server-pipe.232" 1832 1bffc303e58 gpu
    3⤵
    PID:3964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.1.365822221\466802016" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21996 -prefMapSize 234158 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e79d4b5-0941-4190-9a37-399f8bd2e800} 232 "\\.\pipe\gecko-crash-server-pipe.232" 2168 1bffb1f8b58 socket
    3⤵
    - Checks processor information in registry
    PID:2888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.2.337552408\699948175" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2788 -prefsLen 22099 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4e16969-b0ce-49a4-b502-a9ae1ae68dd1} 232 "\\.\pipe\gecko-crash-server-pipe.232" 2640 1bffe2d4e58 tab
    3⤵
    PID:2704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.3.947639996\851715707" -childID 2 -isForBrowser -prefsHandle 1292 -prefMapHandle 992 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ae32554-737d-4a02-8de8-de61eb4e6070} 232 "\\.\pipe\gecko-crash-server-pipe.232" 3168 1bff0161658 tab
    3⤵
    PID:1248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.4.1625099095\1867714185" -childID 3 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3509bc92-eb2f-403c-8e5e-d50956b42895} 232 "\\.\pipe\gecko-crash-server-pipe.232" 3804 1c0001f6f58 tab
    3⤵
    PID:4148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.5.867951310\455184360" -childID 4 -isForBrowser -prefsHandle 4480 -prefMapHandle 4484 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d334304-e718-428c-a783-c93f033d9510} 232 "\\.\pipe\gecko-crash-server-pipe.232" 4456 1c0001f4e58 tab
    3⤵
    PID:3604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.6.1856733994\282862566" -childID 5 -isForBrowser -prefsHandle 4612 -prefMapHandle 4616 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {245cc614-af58-466f-aedc-ffbb73601b26} 232 "\\.\pipe\gecko-crash-server-pipe.232" 4604 1c00134dd58 tab
    3⤵
    PID:1204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.7.1838382301\1650379689" -childID 6 -isForBrowser -prefsHandle 4804 -prefMapHandle 4808 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a74c0f-31af-427d-b863-ef0a25081df7} 232 "\\.\pipe\gecko-crash-server-pipe.232" 4796 1c00134fe58 tab
    3⤵
    PID:2180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.8.260078614\555929312" -childID 7 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb7492c2-a590-4e3b-99ee-48c6f4a3e744} 232 "\\.\pipe\gecko-crash-server-pipe.232" 5220 1c002bf4b58 tab
    3⤵
    PID:3548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.9.1095742521\1430906042" -childID 8 -isForBrowser -prefsHandle 4988 -prefMapHandle 4996 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2daab4a0-a87f-4199-9485-b23b87674619} 232 "\\.\pipe\gecko-crash-server-pipe.232" 4584 1bfff481658 tab
    3⤵
    PID:4128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="232.10.1630617611\1029016215" -childID 9 -isForBrowser -prefsHandle 5496 -prefMapHandle 5264 -prefsLen 27277 -prefMapSize 234158 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da489bef-bdc4-4fa5-9f37-6e9cdb1aecd5} 232 "\\.\pipe\gecko-crash-server-pipe.232" 5480 1c00397e758 tab
    3⤵
    PID:3616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3948

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\Desktop\NoEscape.exe
"C:\Users\Admin\Desktop\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5084

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aff855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\9774

Filesize
12KB

MD5
162b9d0cf85843d7e79065b7aba5ac88

SHA1
b7f22e2e6fca78acfc45103ff1928beca5dd8c84

SHA256
da9cad01eb849b6f0bb9aaa7d516b5497b7afd2135754c31c2e2d9302b66d86a

SHA512
abcf504fc5ef296953721bc9e80aa96597c9d39dcc76bcb1d8d25aa86a7d22487a005bae48cfee4f2860ed94f4feeabc5c4792874ee0e716005eae2acb7d0806

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\2FF8669E5FF51B5EA6889BB625D63DBAD36C0ABF

Filesize
1.0MB

MD5
acfb79ebb1217a1d730968a0f310a84a

SHA1
ead45ae495c2c9cc3770f4344e4cf55e761fb035

SHA256
acbab2b9950e04dbfe100692fc57e4c8b60dd2baa0bbd050334aab9cf668e9a9

SHA512
c34a6c512015256c4216435c6cb240d248caf190b2899195deddfbe391515dc66879a02f335789113083fdc06a30d9b923e7cd66bacb3af09e586316ad6a6642

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\5D5DD606FF7773FA604F05AA262322945835C645

Filesize
29KB

MD5
f4c4e91c49b65be1c75ec0ef0be4e827

SHA1
7fd8ea4d2db71f11e9d398ded5a958071deab563

SHA256
4fcf1531a68500ff40f1a5f481b2809ee90406703313d48f095960cb82274924

SHA512
e251182cf8e055542495eb79a0066ee62fedb1f40193f4b243c7325b0fd9057238d72d67d918b9b1a811ce03468f80043b4d7065424050a39e682cbd39c53733

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6A0AC487910E78565D06F0D5EA8BF90A59404245

Filesize
119KB

MD5
dd05a8dd56f7934f1716925087ba9241

SHA1
bc905b38e73e3b8f7737a45838066fce6b3fdb19

SHA256
4665c0b5122ca2307faa03d974ce2d2d0a3ed844f01136dca95c785cbc839f40

SHA512
09fb500e0288f930b86901837769bfdb452b373d0df9d86b8317aa9e11d1aee245ae8e085cb5ca71eb9316977479770bb593ce10048fcf39414f3b6169001f01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
0e6cd02bc756243beff7905dd1e8c7af

SHA1
d77a3aea227dcdf6ec726b9892f63846523e988e

SHA256
e5aee40323e1c3a61d02e0bfa8e66d0ddb83a9e863a442f0861d028903aa26dd

SHA512
dd85a29069b0480d37a8581b94f535d53d47679946bd9cf56a2bb0cdce7111a01b15848ce5ff486daee95d22d9f8e7ae70e547b39b30ac8b2ec8ad828701cc63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
199B

MD5
3926003d119c1e90969bc740c521f423

SHA1
b8018b05367f01bb2adb691c23f102dbf1199038

SHA256
d1941f7f1c2fc159478786b2fa941634cb2c321d7c6cee8aba86177940d8dc68

SHA512
f738c9752e39720a175cf401d6ad06009fab38e958b14a1ac98aa2b619b6acbcccef9d7f53afc3fff35b70723f774b440459a76fc1a35321f25ba71f754fa066

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\F341E29C9740B6B3860265029470ED2178B588B2

Filesize
204KB

MD5
67377ff85097ec05ace27b769c2f9d31

SHA1
a74977d48fdaee28037c31474a64b535b9fda26c

SHA256
ba02eaa113541609275a3b70ed496f2e513d94611f55b783e1002bba823f4585

SHA512
6bc28a82aa16db1782a642c78b41822d58e176e02c82fb8d69a0d4f12ae96969bd77bc745ba6fbd1eaecafc3ce2130678f3976d54b03a9ef89e4cab51af6a3c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache-child.bin

Filesize
458KB

MD5
ecc75f6374fe4c127eabaf6ba184bf8f

SHA1
fcb9bfce7df6533dd18dc516f262b5907d08cd40

SHA256
c7d9559755cf0059c53582443c969d6293545163a3c84096d9f75170ce471315

SHA512
ff5c5dc043bf0078adf070cbe68f0d1d54102681273df6cc6ba0d01d3a067ba150edb5e00f7c9d44241a31c1478b97820b593abb4535e4452ffb455660ea49b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
4eb886ce9ac9741e4ad2b769585b0e08

SHA1
7f9ccb61ce848b3ba5b8f487dfba9160e69ddbb3

SHA256
edbbf7e8a225c3eefe5765a4b974b8e3fbec81a5eeff67bf96010301d04c338f

SHA512
6e7b8588ad3ed726d1cae63e4e5307229385e9dadb1ad8118dd34ef44bbdd2354ccd2e93d88c2d954de4bc40216bdcd45af00cb6baece55a9ecefdc689e1d58d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
9cf7df94661d032d385a55afe7f6edfc

SHA1
cb42423fe8812796a5f5f784325b9ee0ca8e6d22

SHA256
a6a2eab3f416eb31a183ca011d270206f82a5648e41e8b08a7b2f1c8dc3fbd3a

SHA512
c05af5310cb2bfec2033f3b2ee0f717f44a31cb996ede1e08373fecbfc6e834228a81ad1e95be487aea91f83a2214b38fbc40678e343335eaa38e41c2ae42449

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.sechealthui_cw5n1h2txyewy\AC\Microsoft\Windows\4272278488\2581520266.pri

Filesize
70KB

MD5
dc37deff2947a4ec8bf9b40a3dc25c49

SHA1
422bdce2dc21c634760c8b06a60c4ebf131cc592

SHA256
00dee1b03565baf7c105f1484f27a2e04d900538c153372482fbedd8cde61d85

SHA512
bbe9730344e0f648c53d2d5c518791ce8d92c1f04e1b9646bb4feca24d5f41fae255eff57ad7c36ff1d26869ad25eede25bbd4e98a59267d41ee71f3885d9dd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
56bd0b9ee9757e43b3677f8b255b66aa

SHA1
704551cb6488616839206764be59df09f1aba95c

SHA256
23a41ae27746e91fee7bfff14566af17d9ebb1b8b025f3f54d5e404eff80a309

SHA512
9b469201db247aa8e75b587c8d8dff7b0e32e4b064d6628ee133b0dac3e0ba02842e64f0c604f04f2eb82fcc93a4fdd0b6ee8cba3f2df1f2cc10414f40f69e73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\AlternateServices.txt

Filesize
2KB

MD5
20b1292256b36a811cb0055f1d8bd62c

SHA1
20448efdaaa69539a3e3066c6677a506831d4460

SHA256
33583d5c6195dfe5fc57388041b3722715863f9cf666cf426399a85318b46f79

SHA512
9c87f5c307f45e13350a0c2dc1cae8689924a2563b972f33ee617c4fc6bdc1f53b0b3cec6366e985feb2920d9d40a91a1b00b452995ff452107ef3a182fe3ba6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\SiteSecurityServiceState.txt

Filesize
671B

MD5
1a20f9a74ac186e09abab90eeb8c421e

SHA1
f051fc3ae10857c54fe917d33d4aae3b0467ad90

SHA256
3017999907d5dc8214799c31a9d3c53168a16a9625172ccccd8ec84e85fdf654

SHA512
d354c8fcb3ddd66d01683b054e27180e590f80f01f1ae22aff09f4aebd36a74b02d55fbea074841d6c04109ba1f37a6da510a54a517ccc44a3f77dae79a79464

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\SiteSecurityServiceState.txt

Filesize
671B

MD5
50660fec8d48d102e83a1579fa5f5886

SHA1
57d524720beebce6ace035973fab116f9ae4cb83

SHA256
9aa5dcb9b0b47f73cc7bc80d3aaabb1b3fff185cc572ae1e499f6ce3abc1bfaf

SHA512
e5532ccaebaf83ec65bafbca211c383810263b77b0d1cf20269eda796840737eb32761c92c530e694db5819b890af7d11ed30586e6319a5ee6872d4289ab9a33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\bookmarkbackups\bookmarks-2024-08-02_11_ynjabA+xcPNHPZU1gEyrew==.jsonlz4

Filesize
946B

MD5
bc3030c50bf86982219a2ef0685a4342

SHA1
f5959d9850ba5f1b0e7ac71cfa35550c0dfb6c85

SHA256
5e38cdcb2dda5e8038815eb31f05ec6bf9d4db0718af6443aa4247fb70d888d6

SHA512
7970c02c7a335c3b1ae73f9363fd3282f495ddb8238947af59828eca4c52345e5ed2801e2b766b86d13f1fd784629ea86dba711711cc0760fcd579e11c0dae8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cert9.db

Filesize
224KB

MD5
ce76472686f6df34c88f2e8d3c344c12

SHA1
bdfd5eaa18ae96bff8bbba37aa659d47d1251b29

SHA256
7cac4bf04a152e9a50e31f69c24e5fec95e8f0f0401d8e06c86ab210a497b191

SHA512
9ca36898e54ab55c753ab47d39ea32c89eea65ef8a5c76a1348d406a04bb1d75da2bb4c208dd73915c2e789eef17b50790c380cabd1c971310b47f1b32a08e07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cookies.sqlite

Filesize
512KB

MD5
919de4f8856e2fa81f753cd5d4677b45

SHA1
cf43a6195fffdc8ca2d76fa9e1229b64bf504983

SHA256
ddac7d6450ac4098e96e9fcd19413d98d856fc4abdf8559024bafd9b21a54f6d

SHA512
c95865a173c9a717baafa869d5dc7bd183ab4955cea40b6cf1c7b8596871380cfaf0e12fc8f91ad1653e4ad2c618746d90a95be51ea249fea93acd876dbc0154

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
c2edfcd6dec33e479efa8f157fd19311

SHA1
af9bcdeeea30b23ac3ee3d281132c09aefef08ea

SHA256
c2eacebcbc5827b967970cc8af500232693675b9b43ab5585746edc4bfd261db

SHA512
e050e66cf3f8b178eda14c245b87a646a23472668dabfe6b0ea3887cd409b409db87cc33826ff8adaf8e24d5874fdee6339d1b5513b36a64e4b213b526445017

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1587a1e5a5c19d8dc0097b026a48377f

SHA1
6e14790e71c10080e0a262fbbe375c6eba2271df

SHA256
627a297844c4d92c72f4493d45874a0c51b5a37301f9f2a0b4d0b124814de6aa

SHA512
830c0b79de4b835b025a20e4c11889eb69995c1295cdf0f35b7b222c6ea010ba70ef0edc2318e4de0df5de9466f6bc03260fda3b4703d71d116e0cf51b5af555

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
15KB

MD5
59325bf18c8f4b1f9414a7164a4e1744

SHA1
b7074dbf10e6110841099da7a1f200810e83715a

SHA256
292d484b85d388dbb1b27e2b6deff0461d13d2b051300b12edb01d29613b7d9f

SHA512
58a1f56231a65ab12f19edd6a30ff1a38dbe1390fd3b03ad52af33b0a487cb9288acf2f7a3eea2fadd1cf00be33eedea40cc8eddf3a6450b55aadb97abe0fce0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\events\events

Filesize
164B

MD5
e77a278f37ab6cfc414724003578ee4e

SHA1
e173df6188d35614d89679382f4f85be8e56aa02

SHA256
fb5acbd5eae9871336fb1165181bb3694fc4d89a8e17591cec172c19cd58cd94

SHA512
9e3206de77725c403767737f1b57fe2f1313852b836f2f1d3ba1162bbb58290989209bc48a8dd215944881dda8891cdb58cc681c6570426e2e4e35ea5fc5e7ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\5b3955cc-bf87-41b1-8450-1e437b41df82

Filesize
746B

MD5
45e29eee0e340a286098caccf2517000

SHA1
3a5a82ee62e254d031d1244976955e6a862f125b

SHA256
bfaef3c9c812dfcfa908161465956362478a7e1072cedb3c9b719f7aca004d55

SHA512
e64a0cac2b52ff05fbc0551081fbbf70937bc21ac4fd9972c5ed08dac8d885d4e1ed8a94ed0be7a8b00e62237a55f727752aefec384332e627eb659cb8aa7a56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\5fab56ee-1f11-44a8-ace9-63fffc3d8aea

Filesize
790B

MD5
f11872207a2f90e0f574f0646d25ae8d

SHA1
071089bb7551ab80ff3ecc8b0ff9a11d32399a2e

SHA256
4ee49c0b3e6a7c8e1edb5937a2250dd17736a665d8409b81a5d3e5cbbe6ad9c8

SHA512
9bd08cb705674722938129b5ea13afb87ec9ec6053830a0d9ac9e082d5153b41fd578b65f2baa2d5aeea38c6936fe2fb060348cb895f62700a6fd775f02bcd56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\eab3f0f4-8209-4bed-8e0d-cf14914b6fca

Filesize
769B

MD5
3962cf134ec691e6b539870a5e108707

SHA1
771bbb21964618fc26e65963454068c3b83d007f

SHA256
814ec82723c2a7d1e048a14d494fbed97a4aaf71e08b3a0ab094b41eb70e17ca

SHA512
165be49dcb521e57ef69305e1e663f4cbd48a7626ca97bc8f23f0afd6932605880dfc8a55e61d49eb60f279a1a8d89ea0fb50c91c3bdbef2831b79fe2d161ac9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\edc11b2b-c86b-4841-a2bc-a8ea24023871

Filesize
10KB

MD5
dd0b4f08b4955b00a24bc77d372f39f9

SHA1
75645fb2928ac9891c26056931d0a971d518b9ed

SHA256
029c5ef40a5f315b0873d2039fdd0433a39974cbad83e78586bba15005b80d98

SHA512
ca859e0e8781ae5ca82df8f1f0e4d9168729391d7d0d0f75fe233d0f6632e209b106c322efc3fa4eabe093fcca17609846517289eceae39dbfd06254c5dba243

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\extensions.json

Filesize
36KB

MD5
787631273a8c0537222b80e0f146bde9

SHA1
8ceda9ddacc85b1f87825295d02c59c5b958e2b6

SHA256
9af22131a2940f30650f161049733b1905d73f55bb38cde6336b76ffcc92c32a

SHA512
1aba09256ba933992f33ba4a0675d1cdb4c58c3775fa9379e634186f82be35bcd602d914fe472b922c7936192c67382f3e0a1314a69f3be72efd42feeb7eaccd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite

Filesize
5.0MB

MD5
e1f2680b84cc7b3701ba43b8f8107342

SHA1
9fa51b43a69b2fd74755f0150aca3b5ea3dfde27

SHA256
1e41780d3dc4df0c25d19909ebb860acdc62e4f9ce2daa7639c91cb8d5634a57

SHA512
74aa218f8adc5fded2d0f675071f4ad4704fc45ecbd08c69c52e3abb8d468efec0ea4b635105b714ffdee8b1fadf51c60ca8c340b096920efb8945c5d2f63ddf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite-wal

Filesize
512KB

MD5
10b932c83258a395c3258f84e386a2fd

SHA1
e07a95eec118ced1dad705d2d25d2707011f92c6

SHA256
275531eb5bb432d512583d848ab0ba578f36263c95b17130407dd8ca22cdb2f7

SHA512
7fc53a6b45174cbec9509d73510c07aa350a1d680f3c67473ad86ca6f5e2b5f214df1136ec56d63ec3fa56691b331af9ec2089f360972b0ef31e48b6138b1786

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\formhistory.sqlite

Filesize
256KB

MD5
856b71c6e2963c3a2916e696a5859e84

SHA1
126d20bc491959c6cbe751b3b3c2934f2cead2c0

SHA256
db98353069ae3abc53c4464981f1b8aca4aecd113dee1f9b680a437659c0c9ed

SHA512
642ed009e42e43ea8807cc022075880541703937f0b5a8ecab7b30eb3418aab95aa7e02824f4d0d099c7f396965e27f7198ea186f25dad6c97ee3f4e7a7897e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\permissions.sqlite

Filesize
96KB

MD5
b4b7f6a348767ae8aa864d1779ff6ff8

SHA1
be5a38528e8e2da433cbe259a174670ee7ba98b3

SHA256
2df86d315fe83f06dec7ed2e9e0517c20b59d205bd09802b2aa313bb0dd3cff9

SHA512
e18aa79842e9af2b2a8e7747e2c44fae51e1dfc1fecaa7345916a28e9b3b0e27ec6c24157ff6f9f46f8bc4d8cf990267d380c5a2f2795b91c92b44a353cb97d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

Filesize
5.0MB

MD5
355bdf49e24879710e78c13518f97fa5

SHA1
4dd20fc300049f16d5fb30b88502571df0e4d399

SHA256
c8b777394104904a57638550f4833a39ace6d149e59161d501b79b496fbfd811

SHA512
91e80616b6f0605b1e3838a2c9d9a62fb47266aaf3addcad19503f3d11804988be922b1c16c0cb17a796b1752cc3e6f3d9229ed5cf85c82f26be0866d0d41079

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

Filesize
5.0MB

MD5
99340aa80388cb56aff8d2ff7e0f72f3

SHA1
50facf042bd6c4260ccae54c6d12ddc757f2b79f

SHA256
3c9b9c54cee92ee42e19fb1300c9724bacf2735c69a05015e98b84527a4b3883

SHA512
3dbebbfc929cbba1ca036ede9123db9465cca1529b1100d26eb72207168a0d79b3240720a99915fe03d547eea450ca5244da50f4453c82ce3dedad23e5ded5cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
21e10718a3a671d693e07730388d167c

SHA1
455363e1b5a76067e4587736b13ab756058d52ae

SHA256
daae9c406444b56df41cfe29a912569c4d80f93a60cf55438e01da6ee556cae0

SHA512
ccbc6cb6102c552d1313ed6bba0230fc77f7518f91237f1278eaf2a2f3d83c7bad0cfd87e1d9840ba2c5ca40d24a22f9707a594b5804d1b535aac5c8cbbcbba6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
8c0739b86269373faddecda4ede9ee41

SHA1
1bb0657950c71c3a823dc28197698f3e7c94d4d7

SHA256
1c38c97c951b32a0888dcd1df3e0bd910f6262b20c29aa316e18242d160166d5

SHA512
959f5e3df6fa7f3e1d163d0a95e0a3c29f33011b09f8aee788bb0277820e4ed8db484f4735bbcecac4359f169015600536af79af309811f1250203f4eaacf9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
7KB

MD5
b33676b42be9da5765544828fa0894ec

SHA1
25f38ef11bbce2b033b18d067d36711ac34b5794

SHA256
4ac9bd1bbcc47abbf11dc8f64849a4176ba33975749e7e5042296652ee656b2f

SHA512
b4a9cf3a6c12751f477f5001f0a2865a1721e7d807ad2ba7a0bc390fff9309c7970d3def04e30918438d09013f4faaae757679c31c2bd67d1bc4beb58af72640

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
8KB

MD5
579c53586f798969dd14822afd80fe21

SHA1
4a0d9693f326acc1432f1894b55a73cde5214a00

SHA256
51b91ef0994f22e56dc06c39a1e593659894242cacb3b324770c90da216ff5fb

SHA512
132c5814a3103bd516550d1cb39f820229db887299685d86da7700cedb1dc0b582c669aa032b5cdf3b0515719051b7ed0bac5960022916a5ce58995975ae76fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
7KB

MD5
d660c75ac0fe93d3c2b2b26c72acb2c7

SHA1
83f473ed5b8686777a65a9b6c9629b8b94961128

SHA256
733206dc3ed25927f6538c55ce427f40f8845fd29e004ea315fa79ef99bc1c1a

SHA512
b67e6b52684aaa2960ca99559551899777b7a52badb9eabace07644f17ee956d5db1a1baa769077da3104d7e26cdf2f2c4c3c91dcbc28201a566edd4ef03cc0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
8KB

MD5
571f5988b3c0b3e0c0718b23962ddd0a

SHA1
1443602ee3bf35ca8f44954d7226591153a90d5e

SHA256
9ebcc230adb5b1d3f5fec3c16f1022a92acd519a8d643925a69b4d6d33e5bdd1

SHA512
90d451cb427fc9b6d44407e8267ebbc05e179f39f2149b5a6ff9b683c909aa1fa3a2e208d475f918ad57137cc8bc13a1f00d2296d98b1bd8e50c6eedc7adc53e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
8KB

MD5
5876269c3d73041d04cc9883937be7a9

SHA1
16a686472d7e5b14a08c3c86a6b79233a8c87b77

SHA256
aad94d04c10a77ef35be3890777ca643ce8585ad2949629e19ffc8acdfdb0137

SHA512
761cf7b4844a802a00c537eb7e254a5d2d96dbb2eed09f7b9c7ae052ccffde10b8a3ef2bb05c9881f2c44925f4526dd3bab9a6a0e3c974f81526ef75bce244b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
7KB

MD5
cc736d454e6daae40dc85aca57f186c3

SHA1
8fb8993f202240010ac3fb23d75bc62cd555669b

SHA256
987e997958fc242be96632792f6827f55048ba520e03d5baa5dcac0a30b357a9

SHA512
2fd57acd9e65a5e4848530ddac27bca412d3097f7139a0522c1d500ff5819ea4fe6f38d4f775024dfc4dd44b7807365ee13a22c2fd4e72184cc30a925f2f5307

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
8KB

MD5
d868b8d3407f88c65c64450c8b0c1e2e

SHA1
034e945ddec92c774e36627ec0a67acb7be5cf56

SHA256
e7b9428a4c8c9ca93827e28e60c6379c5ac0cc24ba3705aae0b1b67a30d84927

SHA512
7e72e852aff8bfe680cc3bb7b20b4960c6d308211f97787ee84da14e495d5a0e98ac7004668c85d7ba60a630f191c3d67d9e7dc1496ca81c1db4f2eb2622e33e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9d9369e92d2724482f34d46ad35d250e

SHA1
523aa91b000c6b5b00c20cdff4bbb5870a66b155

SHA256
2334e87978f2ce23596ce946927ad0c1f34ed422b7e3947127e4abc6940f81a2

SHA512
b1843ea8b9e49ead52ae8e5dab6d110f394658b2a3dbdd41b8ddf2947c314e37c8780472d65730bd72c48c4b28552e0d4fbeda51f61f778270bbea677db495e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
d31de1e2fc03110858af3fe45c7332ae

SHA1
672aea90c5acb3440203a3d3018b04051aec616b

SHA256
6db7d50587d1b58244a45b1dc04007f51f27b33f338dffddcbbdd7860989ef7c

SHA512
af4c248615f6d501435d2491460605a4749b0c934d0cba70ea39d20d01492bb2454a8b3f04def7a313f3a6c823789f6fbfdd6a460912ee39bc0cbef386ff0c6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
c2dd39edea274f64e2396e62c669db93

SHA1
e71ef6c7c08c1bb60f4f30c3ccba790fb1a376d4

SHA256
53f8b18f464b659c3f9fe0834c4081e6a89bd19c46a66b39026d6d41571384c1

SHA512
6dd26a11e167af00f59d8f1c723f9bf1f5c0e2692b833d21e3ce6c7da33ed2406c0cf3b44f688eac129db71ab2ef720d49bcb9e62d009f250df6c249e4d25a49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6dcc65958d4ed3c9dfdad11187049cd4

SHA1
243a8bad5b147853cdaa088d997588b43204aedf

SHA256
c79271f8566621ff9b532c8ac334cef02d7fb258c5b46ab546fa8ef867291be9

SHA512
abd6fc8b2323e5595c5ac6b9b7960735653624243b7a3aa76d4234d375d656361561c30539d6cabf1381d846a3b6918aa04b709008c274cf5b16ac57798a0f86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
8d28819fcf69a6c5aa4a53d0d9b13a5d

SHA1
0700c6b95e3698f8dfa7c5574d4f357ad94b1ebd

SHA256
c5782dbe89a08ab4edf30c7e61d24929d825e9f1090d77adf4edf0cca5cc6d78

SHA512
ab1b958f88983c9602ffcf80040ad37839fcc59686d2a51664e9993a5acd330de6eea88688097a0d4a193a133fccc389751cb80bb8b8fb64a49f3f8d433919c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
515b479df99ac2db091097f72d039860

SHA1
9119b293c18c1f2b256ae9c74503ff5230bac0d0

SHA256
38e2b8555287c64cc49341884700776cc2b0c436606f6241c784245386e2af56

SHA512
8751d7de6e49632019d77c7b774e5b0d55f5cdae2a3b4ca165d313f817384cfc245c80134cfd4e1938122c3559dd7a37d60434c9c102f8919832ca4ca27f7ce3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
ff002b0e872e094b2abbf4f18e68c338

SHA1
17d16d419205ec7bbff819357a965547d636a1d4

SHA256
1ba37d357e172caccadc56de3448aa24323cd413b0417a50f3edabd205089617

SHA512
fc1d951c3c7a1eb9b3ddca7c61834ce69ef2b8c69bc04a57eadb7433f3aceeb113bd3d8b077201eb0e2bdeb03967ec154d331282ec632b7571c2f528a8b56dd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
62c22471ae23c00f65bc807e2c4c5af1

SHA1
a25020a90815105283be1e12f26252074adfd63f

SHA256
1e2f2b43f55f867253ba74ab8d597cacb8f3eb37e3c070dc2e8b9b575dfd9fd2

SHA512
e38d41acbca05bb7c9e33b9e285d75788f4b3b14389689558dd213b4cdae20b92a1b0654b574099b51389babd93fd76d888d2095ef345890858f93487aa5e46d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
7KB

MD5
e421fa09f5c72c14b7fa2f9aa1082ff8

SHA1
450c28f2bacdefe4fa18740e326b18e5357483d0

SHA256
741acfc285924088140d308a5357df83c5477f4e11b02bd3094d8ffa35198707

SHA512
e0afad0592727b2c7d4b27942f1b7de0eca628a827ef463f21b8b862aa5a440bafceca46588ded642a4270f4df2a24c23099b694f78cb6e0de5412ac06dae0fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage.sqlite

Filesize
4KB

MD5
f3603aa9bc2e376315e8ab0db15f43c2

SHA1
8b5cf101720bb692f2c49c99bc2f96d07490d8d2

SHA256
e898477622e91ba51c7efe29cfcc1c72195f3c6203b0a7660b93e55009b65187

SHA512
b51e5968e668d0de107249a636193349bbf7cd11a2abb26be4639cb967d94d7690e9461d6c5a3b16ad63b2a20d665cc1881bd5916b0c32a1f097b2c222e9fa82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.whatismybrowser.com\.metadata-v2

Filesize
80B

MD5
c1f41c81811c547fa7a78a67e5600891

SHA1
d24909c1ca4effc0884bdd35dc36ae4ce5fd26e3

SHA256
4993b8c5e81468f80043ad4b8fc7e0d45164a38112de9855ef8ea3d0eb61fd9d

SHA512
73cee01a2f31bb427ab50ec4c5766dad0565655bae57ee83d6a4cf5ea7c051250505ec245d32ba0eee771beea4f02519cf4b6c969eaec046277ccfe44ab3ba89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.whatismybrowser.com\ls\usage

Filesize
12B

MD5
f965373786dd748e760ca1ad4a804685

SHA1
ed1b4d42d05269a91fb130ca675ce2ea1efaacf0

SHA256
44cbac7329ea2bc60541ffbaa27d1c63bca455413e4d2115c39f2f2c47f469c5

SHA512
33bb536fe2f2e85e54971b01cae20899e85cf3026ba8c7f092a37aca4464d0062b1b038e722e0e3b16fcfd63b457056a1722e03991b76431a21fca09b8066416

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
eebe033c3a7f81704ced3e3ffbdc51c4

SHA1
9a42696b963ead940a6cf18e956ebb4d5af86d5c

SHA256
4668c9a0acfd28dca1e1d03e3315e0b406a3461fa7bd39a6ce0f7725c8ca7353

SHA512
4551ed35c90bba40dbe38d765077e45fd2018b069db889e6cd2681cf07b74a99f8e3e1a8b87e1c945f5e968c8f34718df35c52fcbe7bdc2b9d750b2e002f147f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
0cba8a29a9135878f7ffe619576da253

SHA1
85aad615ea2799e7857f59bb0149446199323532

SHA256
fd3d0d79dcf874c391ca732983d7c5fd2da42dab8d85fc81604f8d3174ef6314

SHA512
ea00527ba9260f42e3d985bfb9a561c04510017d533faf1dca01ed8221be9ea5f07f961d2bd2e3e0a036fb3b61467d3957edfe17865c3529a9ed3a9ef510b74e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a4627d94b477e3f653435fcf27e2663d

SHA1
d5dc31c0165277e469d92453c556786995e2800d

SHA256
7c1ea6cee0386d6af3cb7523167c2b880592657ceacc4e56edbc2394575c5c69

SHA512
7619d8f8f790c6b47faa75eb3f834640fe6ab684209f2eeb6eff26017c7ebb44972018463bb15d0e7955bed5bde4ebff809754b3c2057d7749bafe82dbe48455

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\targeting.snapshot.json

Filesize
3KB

MD5
2355742f1313f01498f82ee0a9260860

SHA1
92086d6d79bc738a2eeaa279a78bb0a635154544

SHA256
064244192a0e4d44a21cacbb4d754069ed640e508da734bf16be40313d6fba48

SHA512
28a37a70019edd0d9cd3caf61f9381710338532933a65193419a9f27ee797d39fda1d15c842373c0cd1bf2b439ff78d66512335397166b15621d5b25e215a45c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\Downloads\NoEscape.Y5inBRUf.exe.zip.part

Filesize
26KB

MD5
dd23087e3ca489e4c4c6286c31869749

SHA1
6e8aa40f48534de9008558e791b61f84ff04e0f7

SHA256
4fa04d8ff434bf18954c6d2f2358723589e89bb839ebf8b42e5591bf9b84c563

SHA512
7701a62a37f0eb98e607ffff5594f27ccc88c0cded8067f29bb5d8554d459d20b3ad0617a1de29e56d5aed6416e772c5d1bb1773e1546bc163079cdfa876e71a

Download Submit
C:\Users\Public\Desktop\⎑Ự⦈☜⊷ᗙ܇ጻ◡ᙫถႝᨾᬁ᧷╅ᓿړ

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/5084-1315-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/5084-1491-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads