Analysis
-
max time kernel
671s -
max time network
649s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
18-07-2024 13:30
General
-
Target
Screenshot 2024-07-17 170406.png
-
Size
197KB
-
MD5
7bfa0d3ebbb2a47e61b4d0a96f89a198
-
SHA1
d8eb75bb078f7868c9fd070a4f455e27f101170a
-
SHA256
34ff5e904a3dc6268af261b04fb43440bc329e5ecf7219eaaf59ccbd82501701
-
SHA512
a5d39664831b1598855bcf905d763ef73cfdeb57742d31d9fa360eae4a7e949ee69feb404725672a7d2683fbe5e1b43827fc61b88ead64590bb0dcf7bbd70ee7
-
SSDEEP
6144:CvxkMyQexd18lY2d70Jc8bLy7oQBH3HyqmjYVVT:UVyQezKf7qPy7f93SqmOT
Malware Config
Extracted
C:\Users\Admin\Documents\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Signatures
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (318) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Drops startup file 7 IoCs
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 8 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops desktop.ini file(s) 64 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
-
Drops file in System32 directory 2 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Interacts with shadow copies 3 TTPs 3 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 4 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 53 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-07-17 170406.png"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.0.1475272755\1314659821" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f420307c-ca1d-42c1-8c82-c042d31a3854} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 1288 121f4758 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.1.1415839002\703054512" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5423020-a120-4077-9d56-2f1afc22108d} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 1492 d71358 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.2.1621937131\1927658173" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {742cc298-8bb7-440a-8770-4983a76be96f} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 2088 1a399758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.3.1084527256\1820487195" -childID 2 -isForBrowser -prefsHandle 2076 -prefMapHandle 2480 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a7ecbc-31b6-4c3a-a606-2e3960757f21} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 1688 1a488258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.4.984548213\423718740" -childID 3 -isForBrowser -prefsHandle 2480 -prefMapHandle 2736 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df96585a-ac40-4553-99dc-42908b60d814} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 2968 16f5c158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.5.178141703\254785572" -childID 4 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b994a83e-b92e-40ff-a4cd-de3a629d4383} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 3736 1f11b658 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.6.965281789\406176501" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c915ca54-08de-49fc-a39b-2b5af0cf5e05} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 3840 1f195258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.7.1382952731\1789110697" -childID 6 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad152cc1-bb16-4c1b-887a-5cf0c8bc2f50} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 4004 1f195e58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.8.1613372704\1508933618" -childID 7 -isForBrowser -prefsHandle 1804 -prefMapHandle 1704 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cc837cb-805f-4353-8428-032e56fdad02} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 1952 21f5b258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.9.955338888\1846401999" -childID 8 -isForBrowser -prefsHandle 3492 -prefMapHandle 2744 -prefsLen 26805 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c2f7f99-dbc4-4877-8339-88863eb8c0d2} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 4316 1c149858 tab3⤵
-
C:\Users\Admin\Downloads\WannaCry.exe"C:\Users\Admin\Downloads\WannaCry.exe"1⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\cmd.execmd /c 57731721309774.bat2⤵
-
C:\Windows\SysWOW64\cscript.execscript //nologo c.vbs3⤵
- Loads dropped DLL
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe f2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im MSExchange*2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im Microsoft.Exchange.*2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlserver.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlwriter.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe c2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b !WannaDecryptor!.exe v2⤵
- Loads dropped DLL
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe v3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin delete shadows /all /quiet5⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\CoronaVirus.exe"C:\Users\Admin\Downloads\CoronaVirus.exe"1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
-
C:\Windows\system32\mode.commode con cp select=12513⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
-
C:\Windows\system32\mode.commode con cp select=12513⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"2⤵
- Modifies Internet Explorer settings
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"2⤵
- Modifies Internet Explorer settings
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.id-1DDCE81F.[[email protected]].ncovFilesize
6.3MB
MD5ac47ef60dc6fe831aaa21dcec7fc1f7c
SHA1629a5ddadb223d81fc59cff5f4404bb8c4a0ed88
SHA25619bd691da0a54fa10ab320589158a9d07d44296d2a2debb2bd071a42617fe6d1
SHA512d8c1ec8da6c725df3723f2b580bc972beb00f231325e6f77b31a84e59492e6f1a602d60e8f7eb1cdb4ce791417a593d15e142d79016b5c742f18f52e11b13d4b
-
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.WCRYFilesize
126KB
MD573066565292c9c45601fc8655a95013b
SHA1dbac94ddee0f3583422c085508f1f7ffdc82f61a
SHA25645d6af97a2332bd3846548444a68a6922f22e59c6484c71a016eef8357f88915
SHA5123bf30ec3d2dc3c6c023a8d7912b19d1fff499a0c8aa997746c4336e8e409d473ee1367b44d8c67b400851f59e56bfe22dfb497375cd28cf77ae5f6cbf7f7a02a
-
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.WCRYFilesize
43KB
MD5c4989582fb2d8146f49c30b2adcf62b1
SHA190927735c10c53d2fb37abaa671764b31db8639f
SHA25621243b0f8176599d6eeed37089d25e175b624794f955956efd423017962f9e04
SHA5120f81caab972eeef62a92e82ea53dc85914ed95c82a72c4ee3af0e73bf8e4f2e314632311242e5a17dc7f233e07fa47345c7504bc9f73d836e788571c5094db79
-
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.WCRYFilesize
48KB
MD5aff4bc27953c9015fd5322bc6e5ce38d
SHA150731421e76f0174675c32401701ffc8e7d1ae84
SHA2566a9b2027845c7453b3bf1f951612a8604865f9f911f66135957d95c74bf72c6c
SHA512608481c0557fa654f3e9c848446e3cd7dd13a6000306469da5b3f2dd614ea5f48d0af5dc11568011d94ec4e913840568f650550a8d97ebaa2e5295dd104275af
-
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.WCRYFilesize
48KB
MD597ddd4fdd825e4d5fd3593e44f0ce55a
SHA1a4eb1619a6b791d5c7af19cfea5ac159dae13984
SHA25687d67a4d5401bf58f8a4b5412bf196eb3de03f7a5c0f2d33489e7eb029dec91f
SHA51227c80180dd7726bc5a263c062a6e6639a26db2b02d679a1d7a8723a344049ff4fb62fce0a0118ff7afec26ee1ae1871e41827a52971c68f19661d9860c890e84
-
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.WCRYFilesize
48KB
MD5cd6aa2a82c4ba6eed9a756545131580b
SHA113989a7063f18b3ea7b1f0bd10dd9a6acc0af588
SHA2560119dfadfb6f65a113084168dcc32b2705348a8ae4b09759d35796c7664acff1
SHA51250c1e4a31cab379727f76814020023458d3f1598bd541bab405ef402253fa4cdcc938a5c3f7b92d61153b4e52a336e6385d0276e21665bc6cbae2c093e55160e
-
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.WCRYFilesize
48KB
MD5dc1f786da1c787258aceecedd0125268
SHA178d609e8d88dd55a5bae71dee3e1eee2b27118f8
SHA2560d74dbcb6697dbf5e04e090989e549af1822f9ecd6858147580a5aa14737a073
SHA512667ca56ed65fa87e1ab8bfb8591ed8cd583c2878157c2c2674a4979b56473f29a028fc858f3a810a766e0dc683ea64ba95234aea026a290113409c35b932f027
-
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.WCRYFilesize
48KB
MD5588c236aa4bae43af8bbf815eb80ac1d
SHA1eb0dcae46af06f3d36993735a10c0cf730cc078b
SHA2567782dd939911bfedaeabb9729fefb2dbd598f11e64d35004023f4d15de9406b9
SHA5124e5694ce2ee72371910c42e3ca410c305893dae60b577fb85dd8af335ce2408dbf179bf2f238f46dec1c53f3ca9f143581c74514d883cc96be6d534d9a5ccd25
-
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.WCRYFilesize
48KB
MD53cb00119043871ceab5662307a6dd72f
SHA19d30854e435a1ee3b56ccf9f764dc61c4a8afb9f
SHA256d78f6b92209904958ad15dde9f8e718ffe54b42e57d9ab878eb0f857206b938a
SHA51224fdcaa00690b2f5723b85a562ee29462889232ff82cdc93765653fb965f97e239b3c4777f10c6990856d4d69b61dada61250d3b6713a2b84670bb9a5ebac3ee
-
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.WCRYFilesize
48KB
MD5c7ebee81fd359c0d45125c974a16fc93
SHA1ca30f0ea9a104477c6bd829d75d9d1aaab4bb63e
SHA256d791cf97fb231ab9d07cd6507c0cbe30bbb3f431f8c83ad8227e7a6ca0f996d0
SHA512408c2a1d8abecf98908d6bbdd02fdfd0c15c4e4924ae3fd951fc1308acb26e0b2b0959fc54c7cce0ffc563536c67d587c65eef1585025fce381662f4588667d1
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\activity-stream.discovery_stream.json.tmpFilesize
29KB
MD5e76726433f4382763a7a07556c0cc689
SHA16b45255afe25db586dc23b58a05ae8bf1d4addb5
SHA256f0343e913bd10a1b9298e7a5de55f9af98a4b9c5ee6a18088221aa5a1b3f21f0
SHA5127d137da17417f59d95919aa64be0dff4cdeea9414069702872849d8dd8f11244f12fd33cf9ef995c8e36c184bb75c43b8112d6887f17a4cb68133c0c5c27d7e8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\cache2\doomed\19399Filesize
27KB
MD5bf1d746c44f6b9c7558ecf0026de4b8d
SHA14fa17466ca0315bec223f20102d6e4106a09ae4b
SHA256c772c8c7bffe4711b320321a29680411a9f44e85fda7b579531affdce47c7c26
SHA512c45272d334122d747886c971d406b5bad8a58276b66bcbb621dd66f89a4e74deaea5dcb5eca92c5494370bd213587627e33dbe45f2da8e2b80c493a61f558187
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\cache2\doomed\25660Filesize
18KB
MD50fd2f960c4b349f9b89c99b2f13e141e
SHA1eda0c1450a6c153e3b3c180eebda3f00fc6a7a37
SHA2568aab5e7942ae520177e34ab25c10cf3a0732c2ba34a21c823232e77c48394e65
SHA51235dd8f3aeb6f5cffe787991baffddeb037a2a64b94487361d40b268a68dfe9fa6a6736df32b1aafa11ef7f73419122a7d126b7d3b8d816bc76b4ef6964a1065c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\cache2\doomed\3640Filesize
14KB
MD5f37b949e34d1487b7cd641856f30ae3d
SHA18691c19e13e306291879625c0abb2d63ca2a36b3
SHA256656617419df29c3203589750f467e76fe26e602f34e98b50687d7e411a858c85
SHA5126ba313f7fd12d981470b918604a12b3d458d4dbc1c0e2e2f56de54015255458156fb5a29e85587c60746e8ae3e0a83b1c7c2c6cfc9304a901637da5884fc58e6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\cache2\doomed\7793Filesize
15KB
MD5d2e1183fe9ee33540de279d68ee473d9
SHA183178ac6f51a0021eaac9deb8c00ddc28bf19d66
SHA2563d76d7c8486a99e288f06b4dbabc330e5f956e9096695f60e3068cdbaab12d52
SHA512d85312d95fc611e467c1f9506e23c12c328c1fcfad64382512a363f55efc7d3664998c375af99ffda7916e79e550d8a5d526c3cdc244b340ef97ab0431053a79
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\jumpListCache\0AcmuFtFpIssxK5AU77scA==.icoFilesize
965B
MD5c9da4495de6ef7289e392f902404b4c8
SHA1aa002e5d746c3ba0366cd90337a038fc01c987c9
SHA25613ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f
SHA512bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\jumpListCache\XiQUtKQHIYeSNVP8J82DpQ==.icoFilesize
25KB
MD56b120367fa9e50d6f91f30601ee58bb3
SHA19a32726e2496f78ef54f91954836b31b9a0faa50
SHA25692c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41Filesize
1.0MB
MD5055d1462f66a350d9886542d4d79bc2b
SHA1f1086d2f667d807dbb1aa362a7a809ea119f2565
SHA256dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
SHA5122c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
13KB
MD5b7d18e76983228b33341e4681b6aebda
SHA196b354f3f370fae10959375a8b2b7ce6d3d4d422
SHA2569532ed2e5a066c283c0e812b987a079fcb428c0e484edb6f7da52ae6a7a6d222
SHA512db56686eb5d66a8e11c21a047a0f8bc7af562a3a2f3c34be7521e676d0bf7fc17ec06907896b39ab800dcff496fa9b8185e8f9f7e1ec3d7eec72edae4ee3e16a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\AlternateServices.txtFilesize
465B
MD5b11734dfc3eb40328dba3e8f8a534d74
SHA199c1a460b5cbf7e8eeb83f652fbde2b9fba4a5b8
SHA256e8f8bab66fe5e8c415b76d6d2386ff7b05061ded0149e998e99f4a64443c3e7d
SHA5128146e1b346dfcbc81e4d5f0c0db2cffe76d7cc79b93d95ccc7df81b40a70e07f332cbd67fdf73ed2f18709a47042eb9959cf92eaa3cdea372b9b53315ded326d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\SiteSecurityServiceState.txtFilesize
993B
MD5d8901a637567b066ce38f144b1629511
SHA1c6f57775b20cd3182c8e9a68e9e2b349941fa4a8
SHA2566ed0b27788db7cfe6f7ed8e960b6051fcb1c66a93c0e96b06c1bbf9fb85e99f0
SHA5121b2b5be246ae08799e509197358bd0d412b0d02308715fba6a3afb3c99c1e81d20716c2369f8c4779fadf4e9497cb577c1dda9d9dfe7a8dd14f8ac06d9d4be39
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\cert9.dbFilesize
224KB
MD55e1b20862a87675edc9ab02e9150dcdd
SHA103da4e35f3d7510c1ceea26f17897bbd6d23e707
SHA25683d49dc46d7be756d06e0c6d5843c1f4319e65e363b4f52163112766132198cc
SHA512e0b5568379fd7cee5cd060c381f028087c49eacba5a7e4ad18100124849c422b9f49aef2b7adfc44efbf16c8c617530805af63e06042650555185bc6f9d383fc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5dce27a38e7765b5265822b09b0b584b7
SHA118b2de249c9ec61f262c1ccafa103b90104a6444
SHA2561864058774da6043ad179d0cfbe9d3c68bd137ae39c84aa44d3336634823ae96
SHA51286fb7ba3c59adc3b74062f98789d6c82e680c70c60fb01cfb22e4518a499beff752463326feec78a02225d19878dc028fcce1e0ecce7a59225321c64eab1cb05
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\pending_pings\4a483a4d-7da4-438a-b946-82aeb1cb2ab0Filesize
12KB
MD593fced4b68807b58dcd6d33a1d506ab3
SHA16944d0ca5cf7dc2b578d59cb51235643bbaf37a2
SHA256f10fbeef4c14fe88bf992ecf198ee1c5d622f5e67620372e2ec418bc8ff1816d
SHA5125c9041c029ec4f9b1dcd503167731e0d922f0c30a8dc715798695cd7cef9a92b486be95ab3462d3ca3b552dd37591151f6dbf80759fe9a69031a193789c982ab
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\pending_pings\77302a6d-58c0-4e4d-b01c-5a998597012eFilesize
745B
MD5125a9d71901d68d63b223af8faef2455
SHA176a5b6a6f46dd42eb715cfc5815346452460ab95
SHA256c14bd102e29dc4aad57c4db849b8c950c1b6a18d75ddfa1a3bfc7d73b6908f80
SHA51229f6680260a43dc84652812a80d76eb39dfb8106f4d7146ccf9c35b7c561793944961f2c3c96de0a38b83b62f321cc7433ed387a10b59d9827c79cbda2ec18fc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs-1.jsFilesize
7KB
MD57fccbfb9c8b41e17c4d1cb8a36fee2a4
SHA116f7c3bd31221b74202aad16ce61022163a2cc65
SHA25694351dba98f133e0eb73ed3cc643ce349ed1c683f228efc12cd8ffbcbb6f4aa6
SHA51299e9006b592a1253ef8c285aaadb9b147c5f4afcd4876135abab13036874925a62510a6ed7d599e49800ca9ccfe3addb920a0e26aa83018188420d3f60e1c5a6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs-1.jsFilesize
6KB
MD5dd89bcd87fd5ad018630963f42153d90
SHA1fc9b28f32042f10910d60daec5ff1721cd90426d
SHA256ec0f9db1ede83e82515adb14dba47f6d6be5cc66cedcdd224c0075db3670425e
SHA512c4df0f216f40d99e6a353e74681e634369ebfa6138f8081775c4b421387f29bb9bb612d5b990bbb5f0607202077f6d80719bcf6573fcb35e53526da14dc2ca56
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs-1.jsFilesize
6KB
MD58600a46551370effc27b44cdebd70da7
SHA11a5989e6394cf7f3f1bcdce7ee379b93ccf37425
SHA256637d1e71e20be06863769a4a3502072b7cafcaecdbef288b2b5d41e1ec56aed2
SHA5122998dca40166d6c2c73a46c7c5bd194dd1fb842164d9d40546ddf21e9a0431ebc19450f48d42bff4553bc61acd60c18acb499c71bfc3c3af72dac9750b836a83
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs.jsFilesize
7KB
MD59d322306824d08c069c67d1b4d430a76
SHA1b36124f46eb504ba528cd9039696792eb24d7c6d
SHA256b1d5bddb4101256e05924551e465577032c0cda06cac2833048d5e8515283a6f
SHA512a75c36f2795da913cb7a5c942f7ddb03ca8e73c8f913486045de6c61adb8951c2451ea7f0f9e1d062434938a2dd854114dc6bde4e907f6d672d5862a9ba9bc24
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs.jsFilesize
6KB
MD5abb2f1ca6cb03abec2ace0ba8ff83119
SHA1156a6eb611ebfbb25d722da0ca795f37124cbc47
SHA25656e0bf5ab614541b2f6de6821aa44bbf507ec5c15625195cf4ee3fd5e446c282
SHA5126da375f8a11f06ea2341643e41b676e5aef88c93f8845888855160dac19cbbc3c6b781376c1ccbbceaf8605f877ce4bc3646bc098d14e61af2b01ef71792546e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs.jsFilesize
6KB
MD58328404640a24c72efe5bc9e09f3f5b7
SHA14dd5b992e26ea29689f848586ca1f0ef0053a477
SHA256d7725d2701963dd10fcd2d69fe941683962a3f3462b3bd3d002a934f3c4ae384
SHA512d9e4cd9ee5c823e006c6c8a185c2529c69c49f1e9e581b77a1af451f14c1be4ecd95c04c51e28bc5077b8d3409ab044575c0d66a0df058ce0062ca5ad6c6a2d9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD57d0cf22c6c7d4a833706a194fcc6d41e
SHA17ea3ae8480c68bb60c07c0761c5f2c301dd289e4
SHA256a5f93a04db03621bab7ab158c5223ca208ff2083a4781006f950ef5ba5bf8cda
SHA512a646fddd2c4a5b76cf2eba02ea6c30c1da2ffa49af4c4370e62e374d3fd42cb9e0e4b039829e6e29fefe9f33fc8fb9696aa0d7bcc8fbdd784fb57833a0c3406d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5b3f02a62fc0d0d3fe7f52c1e32956d94
SHA1282e4253783a394055590b295975d825eae9f5cf
SHA256fb13a7fe4349d518cfe0b3c03e10cb52dd038a963a51fa0fd5692dea460aa9a8
SHA5127f14ae21b6f9df1210e1a32fb4031de03b55d1720b26dad70f870005e6a69392160e765d8751b5d6fcefcc5fa7f8f76bbb6952c768de9021af1338adc59a59cc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD50a45a58d37442f9bb93a173621f6020c
SHA1cf5ece34683c119ffe70171d3b526df5d3dd73ca
SHA256f139aabca536635607856982b7a4d8ef42d88bbd1e2bd59c4b5e6acb65ef64ae
SHA512ff0a341998b9923dd9affb5e68f564c60047d875340cb42d8ddc308a05acbe1108958d03d19732c5fb40912142fc48daf1abb57fc61de1cbb53875ecf4c982d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD55f43e47eda105412f4caaaa67398129c
SHA1c172f8be9cffcbb15a1a6a527c3b47cea798a447
SHA256388f9bfce401ca97326f8be92d4046f0d93b7047d3a44a160018adb3c3eced2c
SHA51297e8b5d2e3d4c33f3a8cd03fc6814cd494ee71d1e70388249bcfddbbb0e0650d3f853e041a8b10bdabd75ae7e44d2387ce4b066d71947bfa604cab80da7ee662
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD5967c6ff2b498f8cbf16f3a33e4a3202c
SHA194606fa51b077f41f2aac6623d0c36b8726dc585
SHA2564adad2539e771ab3f60c330b3ef53bedef6b9b6047e0947c4b4e840b75663a31
SHA512e9dbf7bf97516f29675a5b682032713e230dac5ae290042d994b545e5f9119e430a1da703c3ce736e283352cfd8fb9cc68f406f23262ec9880a8ab60b3ca05a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD5086c228211212484b0051a1753f1fc73
SHA185e5f94440c5a5454b6f6a87127d72230c02dba9
SHA25631b65187e6e79d7130840740bcfa3b23cbe18e8bc310079e0e5ece6cdbbf1d23
SHA51267ca6a042b80f2e135650a90c55ab2b06b1acd65c13defab24b03fe5c029dd5372819f5dc9faf277b371f7e2ccc8f8122c9a3e5d923d3d382476095f84cb3fa2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD5f437b38d4c6775dd71278addade05e73
SHA156e68748d39f9089b10f1b736751cb9d90c9034f
SHA256bdc04534c39c88376ccea24d7212a995fc9e82c19c4aa5141cf027378289d4c2
SHA5125273421b6d3e3a052dffc74a79361c0c74158b4eb3e698fe8921473671c197f9945fb00a3e8392e5c56966a7d3bc99060bdccaea17fc472f3198ab411d8c3416
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD59599f925fda0f61b9f9e719e07c1e2a0
SHA159b4f516017edcaa06d69f7ab175ae3f896e156f
SHA256e4ca62731369f27bd0762a90b43a5ae2bad3ffca3ea0c00961a66804ab73e3b3
SHA5126d33fe9a129d6227b0633b2339e43e754a3f04b880d17fd38f39621917f86a267093dad8f6d9038f2dab782071738125b709ad6c128e0785923dfb5a8825f0ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD5d8dca3735ae79633bbf1a6965b4fe466
SHA15c113689f5fa511c6feb82c006c8a86fa7614561
SHA256e609ca7f54e606056b4bfb37d823b4eed8dbb6ffe6d420dff9e0b8b134ec8c2d
SHA51235933185141b34ce390cddeec2e5c96905e524880c6e6547351925525f533c96d59fbde1d61ab13a906a7a48b481a7d6ded864e75437699954069a55bddb7269
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD5a25a9048dd283439417d9487afac2aa8
SHA1bf182674865f35a16fbdc40a09229283007989ae
SHA256e6fb3f92f967ff79d29d40a4b7dc9e6f118c8e83a5648f3df47175308e047471
SHA51203b9a9631114cd0f183df964100f011befcc2b15acc38f425951a88e64021d3ae03b6d1b76e074eb1eab63f14d67dab797b2422223b695a8d9e365dbc3665e6f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD5ef8f9a0693be6c0da34df228d8dd10a6
SHA1eaaf12e95e5ccadb997085e84677f84e10ab7a28
SHA2560e49cd581efcbc7d2ae5f10cb75b9283a835d683c5720eb7bc25f5ede8f7d556
SHA5129d1153a949a06192d6b609f32ec3793f3d56536bcdaacaf1ce6aaf03b39ca90b44826bb3116bd41541bb9078e35db7fbd587014aebb1db3c77aab34c8d5c6ff0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD54cb462f31a7626105be5c781493ad18e
SHA10e587b686b34e2e995d06b5135a33bb7639b357f
SHA256be936ebd43e4dd6a82272f9988aa2c3fcc62ab4ebee81369d7c51ca545854051
SHA51276d2d86afdcceea9fe3bd4e0a08aee61bab3565416b70c288cc0bd4c450cae42bf7aa9f9be94fa9aaf89af1d73a3607a49837811ce0ec46274774251b5e15be0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
6KB
MD5887e873f62d91232243357d03a958859
SHA185623c23aeccba107cf11f76ad83e844d12e0d78
SHA2562e12d62ff44d6e2c5d33c2c17ac5e762a2e300531f39c4d77e7986baf3f83ff9
SHA512a8f204cb6dd544a80c73bd284f547081ae5fbe75d532e8343d9ae99bde235229c3026fa0081cd5debb1b722ff439096a037b37c5e2d34752ec6effd955fa477a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
6KB
MD515205934d8ee9fded203d03c10007262
SHA1abf6d0e6de4e9a1ac66a62da0dce990b7dd6f9a2
SHA256eaa2b2d0782f951c6833e25b034fc6f58e5dc3c05a1df0f431050bb958091d84
SHA512a96f5966a9a853cece261241b7423ad3a7c1667d4c894b58871571edf9e995817371c372821f557075d748e83e024c907a6b663100ec9a885f047bf0029db014
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
6KB
MD5e78012710a5c74ce0719217f439d71b1
SHA16b3cfea4efb4c75804c6cb46d03dee60b4206162
SHA2566290faef69e29b4f5844925aadf29fe1bd109a57e97dd10fae72c6d1994db7f0
SHA5122d843e22c02c3be46a4b76ce968e6fbf03ee0e2d0cbf457e98fa2081a1c5e412bfad98e71ccb422f482b30f4a117890a8d33b9a7f3b035efa64629b5dd8a5c94
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
6KB
MD574bff3a2422bc6b01305735871ec3b9d
SHA158faed3f42aa82ef939083111a8df1670315d84d
SHA2567cd592b6a755eac23f46cc0239765678fc00d85eadb1963ce464cb98ef5cf7f5
SHA5127be8ff7759b735344d919d650b9c8673de05f2fe67dd28ab184dc5c664ab0d77115cfbc90b6434c78b8b36e5e647a12cc858c958e52b09363d6149870969ef94
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
6KB
MD5f7475da0197b1356947df74ec41aa4c6
SHA1fb372da62be6943c05f659a17e62657d20a43d00
SHA2569ca684b463111a5fa0ef887bfff05fc5b94c738e75fca6294af64530b70e5b12
SHA512ca27411c1dfcbe8713824912a1e829af696b00ec0fa27bfab4481570dea6ffce47271c0e05c2cff21241fa1a2a9d8676cbe071aad6df9e861d569e1ad9d08973
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4Filesize
6KB
MD50b8889d413518efe60ed90341555c310
SHA117b7b0474e93f1ddfe1fc1dacf9ab945e83e8a4f
SHA2560506016b99db07d97681adc4bf3e495f6ed700aa32dd378db7c9a38676b4d2ab
SHA512450412b61b511925d3355dc2f6821b15a555bcb26261128daf6cf61b0be7cd4b152f5063eb5f6477b46a0b1b129d90dbb1a697c84a08d384ca5a70d762319a6e
-
C:\Users\Admin\Documents\!Please Read Me!.txtFilesize
797B
MD5afa18cf4aa2660392111763fb93a8c3d
SHA1c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA5124161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exeFilesize
236KB
MD5cf1416074cd7791ab80a18f9e7e219d9
SHA1276d2ec82c518d887a8a3608e51c56fa28716ded
SHA25678e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA5120bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnkFilesize
672B
MD562b2ba3750fa55a694bdd348406eb9e9
SHA10c95407ea303c680f9eeca92c4cad06c5154cacf
SHA256ae4052e85447a90fcc083fba13d529684b4a65c1f8699e71e58644d49ed26997
SHA512862595b13902ce704ea1c366d41cde70fc7e4550c37fa647786e734a134ab80ac39152c0a03562c5aae1de9a556e3b4b75bfc778133d1ae063ba18bf45623c6c
-
C:\Users\Admin\Downloads\00000000.ekyFilesize
1KB
MD58988c5317d4d993e8cba04bafb879988
SHA1c936fc62ffdd4015106f557685708468a2279317
SHA256542f1da12e03191eb730e3cb642bfe74bb7c246074cdc9a6d62670f7435fcf9a
SHA51294bdac23a2d8d995c7949d800f23182eaa9e92ba524c81cf45a8f9be4312a62a56fd0738878135546653895c4f8b2737766595c0f3b17fd50874dacaff1cb272
-
C:\Users\Admin\Downloads\00000000.resFilesize
136B
MD539fbb47cf939d5974313039861e33b5b
SHA117b6d2fa4e8f90d4d6a53276243211089d562fbe
SHA256452a05115e942b6626be3312dc44f3452d02b4d04528728c5012325ab7263efe
SHA512250ee88e00ba9119344a09e531c7d90b6f748813a8892e481df4500ac09b493c7972fb98d7f082dd2b7600d0fc3caa2ecba72f00c4542e33c85e01528335d5e2
-
C:\Users\Admin\Downloads\00000000.resFilesize
136B
MD5184d9222b7d6116a3646e8edd2f0e5ca
SHA141ba348d1eb2584866c38d0fcd46881a949df41c
SHA256d4ddee24f843a2a7af507fd7cbe2f92d20988eb87229b644afc01cdb8f8e0dc9
SHA512b1d62091cc6cc080ffa3d29f39ce31939016069ce8552c47cde7ea1e21ce520261b255d0cd2c81a469635c518b5e2e14fe610da2ed54583605daa48704be1525
-
C:\Users\Admin\Downloads\00000000.resFilesize
136B
MD5a3e6fa3cc63c15c9dfbb226924517165
SHA18426b635155bfbf2fabb2ced80ae4e637ecc48e8
SHA256960a6a6b95a98e69e09af3a4073b3ca363f7296b062477f006a88ece3a8a0ae9
SHA512c06094e7222e35e45e8d80fec13f1936adbd1bff588c862b49610211ac21b29c1f694604493f18083677fea8cc7c406f71cfc4782350e936a1f271ab9c7eb102
-
C:\Users\Admin\Downloads\57731721309774.batFilesize
318B
MD5a261428b490a45438c0d55781a9c6e75
SHA1e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e
SHA2564288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44
SHA512304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40
-
C:\Users\Admin\Downloads\WannaCry.exeFilesize
224KB
MD55c7fb0927db37372da25f270708103a2
SHA1120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206
-
C:\Users\Admin\Downloads\c.vbsFilesize
201B
MD502b937ceef5da308c5689fcdb3fb12e9
SHA1fa5490ea513c1b0ee01038c18cb641a51f459507
SHA2565d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1
SHA512843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653
-
C:\Users\Admin\Downloads\c.wryFilesize
628B
MD59195a236cb3087ac8c55e0e48e51dce1
SHA1f65077395d2b883ee2717b4d6a87f638cf47b156
SHA256bdc7ee3c8979db99547c0fede242ba11e1fd058aa2d050ba3fd7175b0cfbc661
SHA5124eb09e491aaa7d96a3b86dbec84e2342c6d0c421fa04f1461dcca2b260539240e7a206100914559e6a6074587b1f053de4afd489766d90458eba5386edbb8016
-
C:\Users\Admin\Downloads\m.wryFilesize
42KB
MD5980b08bac152aff3f9b0136b616affa5
SHA12a9c9601ea038f790cc29379c79407356a3d25a3
SHA256402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496
-
\??\PIPE\samrMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEFilesize
4.7MB
MD561bffb5f57ad12f83ab64b7181829b34
SHA1945d94fef51e0db76c2fd95ee22ed2767be0fe0b
SHA2561dd0dd35e4158f95765ee6639f217df03a0a19e624e020dba609268c08a13846
SHA512e569639d3bb81a7b3bd46484ff4b8065d7fd15df416602d825443b2b17d8c0c59500fb6516118e7a65ea9fdd9e4be238f0319577fa44c114eaca18b0334ba521
-
memory/1632-769-0x0000000010000000-0x0000000010012000-memory.dmpFilesize
72KB
-
memory/3288-13255-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22964-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-17044-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-13238-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-11653-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-11636-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-20873-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-21194-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-21292-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22757-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22817-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22876-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22943-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22980-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22963-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-17049-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22965-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22966-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22968-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22969-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22970-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22971-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22974-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22975-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22976-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22977-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22978-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3288-22979-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/3416-8312-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/3416-1787-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/3416-1785-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/5784-22960-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmpFilesize
64KB
