Analysis

  • max time kernel
    216s
  • max time network
    220s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2024 08:35

Errors

Reason
Machine shutdown

General

  • Target

    wanakiwi.zip

  • Size

    354KB

  • MD5

    e4f370b101104c15269a3b888ed98e08

  • SHA1

    ad5b797c7cc788a21403ca0cc959bb548580c84f

  • SHA256

    40da854572ad619f1e48ebc62e7ac42fc46b2f3fbdd0dd9069eb451b79f578f4

  • SHA512

    5fd22a7bc6ae20461aab75d0806309d0ed5f926219437a2a252dd96a4dcae616c0b7faa91a7f12d693c75ef9e36c26f0f876cf3fa82d85d419bfe08b1b8ab6ef

  • SSDEEP

    6144:khQbV921g4F8OnnPl66sLG2kFCUMPX3icAmBEtHxxxXww9yz8rgot:zYNmC0pPnAmB8tweyre

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 22 IoCs
  • Loads dropped DLL 8 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 28 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 2 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Views/modifies file attributes 1 TTPs 2 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\wanakiwi.zip
    1⤵
      PID:3000
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1696
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0663308a-a27f-4dee-ab22-6d47d309cefa} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" gpu
          3⤵
            PID:3120
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {854907fa-1c70-49ab-9deb-a23a857ff077} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" socket
            3⤵
            • Checks processor information in registry
            PID:3080
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3344 -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 3332 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3987187b-d2a2-4b15-8021-55afb0ae7a39} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
            3⤵
              PID:2512
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4332 -childID 2 -isForBrowser -prefsHandle 4328 -prefMapHandle 4324 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c502a4-95ec-4ffc-88e3-8c08c6e9295e} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
              3⤵
                PID:4916
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c6d721-0c41-4658-933d-cd968008b5b7} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" utility
                3⤵
                • Checks processor information in registry
                PID:3760
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8a1cb5a-a58d-4712-ab56-ed523622fced} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
                3⤵
                  PID:3064
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf54308-8cf9-43f8-ac23-dcb4a6f3e0c0} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
                  3⤵
                    PID:1332
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b8319d-c1d5-49e1-9fd6-79f18817b11f} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
                    3⤵
                      PID:1248
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 6 -isForBrowser -prefsHandle 6196 -prefMapHandle 4904 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {976be508-76a3-4c97-93db-12fbd67b3f75} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
                      3⤵
                        PID:1988
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6408 -childID 7 -isForBrowser -prefsHandle 6400 -prefMapHandle 6396 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a4b481-26df-4db6-a838-687ddaa1a820} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
                        3⤵
                          PID:1252
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6636 -parentBuildID 20240401114208 -prefsHandle 6560 -prefMapHandle 6568 -prefsLen 29357 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aed6157b-28f0-4b44-ac46-1683aabe7733} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" rdd
                          3⤵
                            PID:5332
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6548 -prefMapHandle 6552 -prefsLen 29357 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17986cc1-180f-4453-be47-ba22df26c8e5} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" utility
                            3⤵
                            • Checks processor information in registry
                            PID:5340
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 8 -isForBrowser -prefsHandle 5908 -prefMapHandle 6868 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d7a3dab-e4e5-4538-8992-7d56ff7504e9} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
                            3⤵
                              PID:5136
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          1⤵
                            PID:4188
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe"
                            1⤵
                              PID:5560
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe"
                                2⤵
                                • Checks processor information in registry
                                • Modifies registry class
                                • NTFS ADS
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of SetWindowsHookEx
                                PID:5608
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 24253 -prefMapSize 244945 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3113143a-2b38-4fbc-8c0b-1fa5f4382496} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" gpu
                                  3⤵
                                    PID:3032
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 24289 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18c91e1-079f-408b-817f-e291e158b7ef} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" socket
                                    3⤵
                                    • Checks processor information in registry
                                    PID:4284
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 24430 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f4e20e-b4f4-41fb-ac6e-5ad7a8dea8d5} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                    3⤵
                                      PID:5796
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3996 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 2812 -prefsLen 29663 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75b163d9-6960-446a-aebb-528b810c5085} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                      3⤵
                                        PID:2064
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4568 -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37e2c96e-bba8-4d74-8675-4539cf870388} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                        3⤵
                                          PID:5932
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4968 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 29717 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3cf52eb-b82c-4ab1-8d1d-5bd43a40187e} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" utility
                                          3⤵
                                          • Checks processor information in registry
                                          PID:440
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5380 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dcbf641-7af3-40d1-b26b-d54dc6d7a358} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                          3⤵
                                            PID:3708
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03c7f37-f0ea-4fd3-8036-f2b0f3369b39} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                            3⤵
                                              PID:3016
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5272 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47467bb8-ab1b-4a9b-a813-0baf816c93d4} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                              3⤵
                                                PID:960
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4616 -childID 7 -isForBrowser -prefsHandle 5152 -prefMapHandle 5560 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e66025ca-0793-4b25-b52e-99575977963f} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                                3⤵
                                                  PID:4148
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 8 -isForBrowser -prefsHandle 6200 -prefMapHandle 6216 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95c9a843-c55e-440f-8dbf-d993f9efee00} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                                  3⤵
                                                    PID:1748
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6524 -parentBuildID 20240401114208 -prefsHandle 6516 -prefMapHandle 6512 -prefsLen 29717 -prefMapSize 244945 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8d83351-6aee-43e1-9abd-b9eb014a4d38} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" rdd
                                                    3⤵
                                                      PID:5180
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6532 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6660 -prefMapHandle 6656 -prefsLen 29717 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c51a5835-9903-4bd2-b262-3d8f8a199e2c} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" utility
                                                      3⤵
                                                      • Checks processor information in registry
                                                      PID:6024
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -childID 9 -isForBrowser -prefsHandle 5708 -prefMapHandle 5536 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4a8bb09-0700-4d91-9682-d6e5b4c9eddd} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                                      3⤵
                                                        PID:1568
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6848 -childID 10 -isForBrowser -prefsHandle 5668 -prefMapHandle 5680 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e723ee-ec9b-4c70-8547-fb646a9f7e5c} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
                                                        3⤵
                                                          PID:5260
                                                    • C:\Program Files\7-Zip\7zG.exe
                                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WannaCrypt0r\" -spe -an -ai#7zMap21574:86:7zEvent28917
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:4376
                                                    • C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]
                                                      "C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]"
                                                      1⤵
                                                      • Drops startup file
                                                      • Executes dropped EXE
                                                      • Sets desktop wallpaper using registry
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1056
                                                      • C:\Windows\SysWOW64\attrib.exe
                                                        attrib +h .
                                                        2⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Views/modifies file attributes
                                                        PID:4132
                                                      • C:\Windows\SysWOW64\icacls.exe
                                                        icacls . /grant Everyone:F /T /C /Q
                                                        2⤵
                                                        • Modifies file permissions
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4072
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
                                                        taskdl.exe
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:5804
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c 201851726389484.bat
                                                        2⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:6040
                                                        • C:\Windows\SysWOW64\cscript.exe
                                                          cscript.exe //nologo m.vbs
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5264
                                                      • C:\Windows\SysWOW64\attrib.exe
                                                        attrib +h +s F:\$RECYCLE
                                                        2⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Views/modifies file attributes
                                                        PID:5916
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:5168
                                                        • C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe
                                                          TaskData\Tor\taskhsvc.exe
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2616
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        cmd.exe /c start /b @[email protected] vs
                                                        2⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:5976
                                                        • C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:3300
                                                          • C:\Windows\SysWOW64\cmd.exe
                                                            cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                            4⤵
                                                            • System Location Discovery: System Language Discovery
                                                            PID:5752
                                                            • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                              wmic shadowcopy delete
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:3568
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
                                                        taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5852
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Sets desktop wallpaper using registry
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:6060
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wkwthgmgqegtew611" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f
                                                        2⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:6088
                                                        • C:\Windows\SysWOW64\reg.exe
                                                          reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wkwthgmgqegtew611" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f
                                                          3⤵
                                                          • Adds Run key to start application
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry key
                                                          PID:3564
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
                                                        taskdl.exe
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:6120
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
                                                        taskdl.exe
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4200
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
                                                        taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:860
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:5184
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
                                                        taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:5244
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:2032
                                                      • C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
                                                        taskdl.exe
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4496
                                                    • C:\Windows\system32\vssvc.exe
                                                      C:\Windows\system32\vssvc.exe
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:4560
                                                    • C:\Program Files\7-Zip\7zG.exe
                                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\wanakiwi\" -spe -an -ai#7zMap11632:74:7zEvent31299
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:3864
                                                    • C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
                                                      "C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5224
                                                    • C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
                                                      "C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:4336
                                                    • C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
                                                      "C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:5088
                                                    • C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
                                                      "C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:224
                                                    • C:\Users\Admin\Desktop\@[email protected]
                                                      "C:\Users\Admin\Desktop\@[email protected]"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4928
                                                    • C:\Users\Public\Desktop\@[email protected]
                                                      "C:\Users\Public\Desktop\@[email protected]"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1512
                                                    • C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
                                                      "C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:1676
                                                    • C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
                                                      "C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:5856
                                                    • C:\Windows\system32\LogonUI.exe
                                                      "LogonUI.exe" /flags:0x4 /state0:0xa3978855 /state1:0x41c64e6d
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:180

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

                                                      Filesize

                                                      696B

                                                      MD5

                                                      74c4a723b053eb80a7f7b04634693ee0

                                                      SHA1

                                                      ec15802d91a23cec205bb7b6848b5f257e9ceb53

                                                      SHA256

                                                      9325fab36b9930831ec1466ca0fb92198792a6c8044a2b7d18ad6bad72b09e80

                                                      SHA512

                                                      70caf748874a49278b843bc04fd872fde647e2f17272ecad42305af8b52e113a0f780b664c13ff3cae2332c46f22f48df9f10cc0887380ddc308acf4b0ac0e50

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json

                                                      Filesize

                                                      36KB

                                                      MD5

                                                      e9a2c49b7585675cd80299c113273c9f

                                                      SHA1

                                                      b3f95fe99190424b177ca1fe55e759bae5c48e42

                                                      SHA256

                                                      dcd306586693e6a3da3aea3f5ec771c3567144f41a2534bb90f6eded82222831

                                                      SHA512

                                                      95a26ebd2f63085de416e4c5527ca7015461b0adab7ac7ea2c4d9f48fb12d3935b0dcecf3523b59364f1f1b97e1cb9b266c28e933ef49e880f58a314eecdc532

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\12A7881005195A37E2C8F6FF6CD3D85EBBA79522

                                                      Filesize

                                                      15KB

                                                      MD5

                                                      be93ce977783081ee3608b332862fc62

                                                      SHA1

                                                      e2bcb4269a19bfc05c215183801ee34f1eeb761b

                                                      SHA256

                                                      76fc1710a7aa652308b3ba2396f55043106eb8c4f1743c013c09545db778579a

                                                      SHA512

                                                      e04aec03b8738d059ed0a85f6a34d8c42d97b9794122eb404a3ca6a68db4dbe67858026d196fb17316282348aeb81fa156f078f5956f9db31b08b5900f691b5b

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\16D3E6A057A124E8E3BC96689FCEB5904949EBB5

                                                      Filesize

                                                      14KB

                                                      MD5

                                                      aab2f0dc489f5ce3fe17f44ac22e280b

                                                      SHA1

                                                      dc489db717de8f08ee6cdb6351d1f7cbad04ed6f

                                                      SHA256

                                                      7246d99431118ef40db86ddca651982cec5a5b6a089aa55474833f0369e0b37c

                                                      SHA512

                                                      33cbbb1b7e93f2425d94b8290eb7fb3e44c853d82f744bba605611a84c8d8e576d2e823d883d9a5c093cf7ba0586755d6c230f2c90f9f82c7b6668fafccd7990

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                                                      Filesize

                                                      9KB

                                                      MD5

                                                      b718d943e75c4e1bd817551971fcf708

                                                      SHA1

                                                      59c59521f4cb0f6114212b0f8ca67b5856557f25

                                                      SHA256

                                                      9e6a5a15778884ad506da4764f879551f9ce1172fbd03cd893a38efa38595356

                                                      SHA512

                                                      1a1893256c4b8f7b9e163b728ca36db59e2ececaae1061d9e5bb7ff6b8f4a449db778b5f976db4bcafab5c360a977505afb9a66c5a6aa5045bd79b360b0140ab

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\299B4E352333008A61316AF9B2567C39F7C455F9

                                                      Filesize

                                                      93KB

                                                      MD5

                                                      20a8292f0316ba79a10bb94ded93c713

                                                      SHA1

                                                      741662fc9a46bda564a5d5db98fdefd85a71d86c

                                                      SHA256

                                                      fe1a2fa31315a539c3c99a88b76b106e1c10e48837e10078e2f18b15c242c28d

                                                      SHA512

                                                      469764c0cfaf992ea712c572dd620154be3a2bfcd5bee7e4f26c71b88db3f04eaa1388646d4beaecc0fe67995401e64ae1109a6786a3bccc1c72ebbe12b80072

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\32CDC3544254379FA0CE0BC8E82887486A808831

                                                      Filesize

                                                      14KB

                                                      MD5

                                                      5449891ba2030fcc792ba68f3eaaadb5

                                                      SHA1

                                                      dc5b84911e691d0c3646b07ff8e874159ada46d4

                                                      SHA256

                                                      fbba0f1e890808b0efefe764d531557118fc495e54e3222ec573bfcacdb1a420

                                                      SHA512

                                                      49edbe343b94ca791657e0b331dc278be879348ceca4756a29e56daa0ffaf2f5af05f0282eba6b6bcc3f2f8a7b3feec2c369e736e0afc6d0ea425b681d722409

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\35BA330A3D65A7F0DB733CEB542BE64BAA68B8E0

                                                      Filesize

                                                      23KB

                                                      MD5

                                                      8fbd2b63267037cfd119fef69379fdbf

                                                      SHA1

                                                      6876d78d8ee5a9c110b4ecaeafcaebcd77481f4e

                                                      SHA256

                                                      43088e370ff6ff83ccf5a369d855d31968a3e18e44bd9f0705eee1659aeed3ad

                                                      SHA512

                                                      29c3a5d8bce9cb99c072d2d270644746322eb83e51e7e882ce04723238628acb9a4f1ba3e547a1a6ab2f48f989ab4221ef02ed0d587873af39d13f67582dd04b

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\36E9B20E0F20ACB334FD8E9BC09DE23CA92CA161

                                                      Filesize

                                                      47KB

                                                      MD5

                                                      b0876a71139ffd6effc69d8139104fcd

                                                      SHA1

                                                      fff3a2e15b41b15daf91a33717a9da315f99e534

                                                      SHA256

                                                      6f1c46b2ddc3970badefefb5af86e7ba97ebae12ec0dcc4074625f475a3032fd

                                                      SHA512

                                                      6be2ff1bec652cf69c185fb331778e3cffddd15ca613dee2342cd1d98b360a303b907344531d59ab2aa2553e70c00d1ff8e5b0defdfa6a097ecf83533cc8b4e7

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\569310489AA355180F229B54E68092E3E2C0B048

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      382da254e008f3af69cfe6cc7f3b2cf6

                                                      SHA1

                                                      78b739aefc8f2f17d1fea2234d5bea4f43ff11cc

                                                      SHA256

                                                      cc0ffad22288cd9193137a7e390fe8548cac103880587d91207b589273544a04

                                                      SHA512

                                                      5e93f16e77b17a3b8d8c0de03a15665774bab95cf7cb54b9f09f5b42efbdacb6a592ff1b5209c6f1972af45cfa10a51dfe77954c90d716bdf3fad0d4b7c7dce8

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6586F7B38489859730F9ADC10B28BFE43E7639AA

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      93e827a37d29c9e7c915d008258467f2

                                                      SHA1

                                                      110b57de662f768dbc6e0eea9e9593b20f51e380

                                                      SHA256

                                                      7a734bbf6422f65fca9505e52987bf69e92c6982520d948d1250896e7baf9a7a

                                                      SHA512

                                                      50e9b3f344873554e63ae2be90dddb5b189e7c68014cbe1077181cd5e755618091bcd5c971df595f3f3ba283b070d3337cadd42341859d13f94a227e0e444931

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6686795D100028C4FD88FD2B1D7974E74F293236

                                                      Filesize

                                                      30KB

                                                      MD5

                                                      8212d5855a32bb54d13e0c0e4aef7755

                                                      SHA1

                                                      be36b5c4ed350d4d243ff268580782a865f31de6

                                                      SHA256

                                                      8f61faa4665b1f33da03f3ee9b8ccfa5a1664e0ebc4d1b2642329c0a3f9e385c

                                                      SHA512

                                                      ee13f71f4dbb7b04390cc8fdd509b9230c0c46cd5e3534fe484196e939a113e6e226dce838ad4cc8fd0a4635b51ef5d283ea9911498fcb443c12b3fe9e061cb6

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D

                                                      Filesize

                                                      341B

                                                      MD5

                                                      984101e4f1fd39fcb1eaa2dd3ba62ec0

                                                      SHA1

                                                      a349b91e7818b2aa56bf5f48165b656190a5f87a

                                                      SHA256

                                                      9871db46dbd64d9d5aabd9cfe14b61eaa8f93bb283945d7cf5525e9eeb4f05fb

                                                      SHA512

                                                      d5c5957146b2f1e35d0362c16d78457f4aea554a5244e92bfa927f3bee784a916b25f6c5e91ad933b58513418cef08ee436a5047939b97eeff67c7f9d2aecfbc

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6B4DB52338644A6A772A175E61E5FE1628EBC513

                                                      Filesize

                                                      13KB

                                                      MD5

                                                      1b793e28893296fb6136baffad49e670

                                                      SHA1

                                                      771078e2c2d09010bed2f4ef35244bd6b8d807f1

                                                      SHA256

                                                      5020e6d5558359687fec76612016ed23ec791b11def2fe2806a6c5c771796506

                                                      SHA512

                                                      197db236592ffd334fc0c2feeab97c5ca88d83c93505e21c1810e644605f279bcc8131f569a8d25c0858e8daf82591a2875df0391cbdd705f5bc36bd6f9e52d9

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                                      Filesize

                                                      15KB

                                                      MD5

                                                      ff6e5308808f588bc67b237183d02cbc

                                                      SHA1

                                                      1f8bb38b3c8fac10def5423c0119e87a7af50467

                                                      SHA256

                                                      8b4b2b799c68563a7b7e87e3ef54719ce6256fd99ed8f9d592a16b3c8b7bed25

                                                      SHA512

                                                      fdbe6518963971ff230b91c21b284e2443f0d5171c2bd6797b7c41a8687234b2e8acaa9432575afcdaa7b62bd1f57633f4024065436f8d24ca1eef90d30d83b3

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\71BF779DFBCE1307F42244F92E6190F178BC7120

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      39fcd5ff361d3a32d773dfb7a3cc77a5

                                                      SHA1

                                                      3f13b057efc3b4751c94fe4fea516ceaf155c158

                                                      SHA256

                                                      8c41e60ca99c2ea48e9900b3c75a39c9504263cd197680ca1ae9d3a92253d27e

                                                      SHA512

                                                      78792c9b39c5bd1987a35c32d764a4fdee7e567dd6f04a80abbbdafaba6bc71282acf261190939f191e6e52e749dc3759805c248bf44eb2d064f9eea51ba5b48

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\73C7F1E668813518B669C33D69033779C04F9F54

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      98c078b615877264c9d9fa3080fac334

                                                      SHA1

                                                      f95ec606b012eebb10858791f98c00611cef959b

                                                      SHA256

                                                      c5a2eec239ec4bbca412cf54007ca972278f664a7ec148e63a594bf375088b94

                                                      SHA512

                                                      54785179bbd4e0e4b49e29ed8c1d2d1e7fc84485287a38125e5e979928ce7e7aad9bdacdce59b78dcfb67077076b2d7d51ca608db9f44273082630eea5900722

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\7F30F53457983F11F2D61636C9FB5706ED9AB60D

                                                      Filesize

                                                      95KB

                                                      MD5

                                                      f05004deec6ffe17067accdd3ff39351

                                                      SHA1

                                                      c980a3c38eec5bc6a681805dc62bdee528545deb

                                                      SHA256

                                                      f3ce242e4d2cf1393c4b8fec89491673a7ab4c71e9f67c2dad2afe4cf8b536cf

                                                      SHA512

                                                      528e2b42b67b894dea0e73de7d1010ab4873082e40a0e423e6e716127a71a776c1341165568de75314f697795c68210d26a925b0cb7812291f5f80b49fa4350c

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\8560096652A022B72F28E970060DB183FE096D89

                                                      Filesize

                                                      80KB

                                                      MD5

                                                      39b9e1a78506228699d17da0b797edf8

                                                      SHA1

                                                      dc3ba42c943b08856474ee388cfa27f9d2dd81ed

                                                      SHA256

                                                      a4d1270f32c0a5ae50c3a712691dde4dad873fc8fb5514ccd0516f1efefa50ff

                                                      SHA512

                                                      4118deefd08c908edac496632f738c3b120b17ee4cc15ec640e9b2d6e4e6e130bec29efda6ff3a38fdfbf551a8084d7c034d9fa57e41cb4470c304bde6fa9d3d

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\9A7F8872B335617C85443C8249C30C8F3D8C08B3

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      f31be8f865f1e684cc35f377cfd30f97

                                                      SHA1

                                                      c656697fcd5053024601b4e191a4ab4e74d1a611

                                                      SHA256

                                                      f01acf3f882a5de779792a6bf0e6a756f0004387840a62f75a5b98650260837e

                                                      SHA512

                                                      c25793aae0b0f58e20bf13ad23bcd6a6d205ed22c2fd065bc11b2c67287272063ad19aefe07e86127e8bb41f855a80a69cbb8bdeb5f7800ddd4458957e5526dd

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A40BA588E6E8CCA1F2FF225A12C5837FA4ADFAA6

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      be6d574c69142e0cadc08d758ca0a031

                                                      SHA1

                                                      f826635cf091f581c9b28103a98e5f9191477612

                                                      SHA256

                                                      68b3c0969773830ffb2750feb93628814b5162b93cfc34e90af4a6ca0f2bfade

                                                      SHA512

                                                      0d215505358347bc6039641e42d64a3f5cee2e9c1a7d51d2ed8cdf0c2e1d68fbfa03a88df5284c1a51ae9747e9cc3ad5bb77d6e64934163d3714f88040e62a50

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A7185B128F37007861637E9F7A1F3A17CC67A193

                                                      Filesize

                                                      14KB

                                                      MD5

                                                      ae5e0403fab9392002efc569495fc213

                                                      SHA1

                                                      335f537cd244fbcd3017c25949f0b90edbfcaa5e

                                                      SHA256

                                                      976186a1a2d94593b8a18936a261c25dc96eeab29abc4069a46ce5a3ab078d6e

                                                      SHA512

                                                      5bd809abb14a9d0e121603f476cd4506fe16927548e6d1a411eb33f1787467db0923b536eb87e2a9a71954b0da8537fc99a2d3b1cc94918034f3c7a261220884

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A8B37F2C0AD843488FC6EF5D4771F29F5E92F9BF

                                                      Filesize

                                                      14KB

                                                      MD5

                                                      5d33913c933aaaf00cea4e725e6d45bf

                                                      SHA1

                                                      6e5351842103ce96877035b3bed027e89d1e5bba

                                                      SHA256

                                                      84580f2e57281cb720fc3e3789896ae5d8ca2ff0592e780e828e76f1aaae7909

                                                      SHA512

                                                      fcf36a9b818e87ae076113b5c8e32b60e275d194aeb355c5f146063dfab558c73506967fe22500744e0eeb21fe251cd42fafa33b6e3b5aa6cd8551b716fcc1c1

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\BA53031A0BA9F7163BD9B09B6CC867294FA2A699

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      3026ea6cda2e6a08080c8479e22cd98b

                                                      SHA1

                                                      60601c4c6786025d10891042a7336ede2019a7d2

                                                      SHA256

                                                      f3a055d785bfd20d91261d49d62f17fa8846f29e5c934df9c6dcebf0f8a540ce

                                                      SHA512

                                                      e8a4541a327c7b0622ae98195bdff485e9f2ff30f3530b41f129071ad6dcd3d67d8ff6de5d30dcfd6cd26ae2d40e7fc8f4c73422bfb71af59303d5ee84d98129

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\BE91A47AE98719A666A0AE5DBC6C5CAFCB6513CF

                                                      Filesize

                                                      14KB

                                                      MD5

                                                      196a144df79a9082a42f0edfd3e76b2e

                                                      SHA1

                                                      6faef000f0b75d4cd38ddbb7ffbfb439b1dd84f8

                                                      SHA256

                                                      0d5eb2741509b03043d53d8853dcd784dc690397f812089ae9272cc3acf93dc2

                                                      SHA512

                                                      5ecb39dd0b3f44cd5e9195431538878ce7345a7411173d2ce617007e456880243f31aaf629cd8045ba3f9b653b50079544f94d585b51d0941eb9e3af15785d66

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\C1B1C93A2BB99933371A4D301755C89FF654B778

                                                      Filesize

                                                      47KB

                                                      MD5

                                                      58facab4f0d6c8ba731a7227235f20e1

                                                      SHA1

                                                      5c57f4ec6e31ae89766b2ba9d296129754d0af9a

                                                      SHA256

                                                      3680569a2c51f4f7972a01642b6fe6262ebb352cc9b0e0f16f6ca0fad9968470

                                                      SHA512

                                                      1d15b66f8c8d9f21617ce4ab5b5d99f43f0949b4c9b7172645fcc134d1fc84d741ac7036686ef589a29ae0995cd444aa54191c5999190ed25eae461f720e916b

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

                                                      Filesize

                                                      148KB

                                                      MD5

                                                      de2091f19e180ea967595f4e69822a95

                                                      SHA1

                                                      0cd6175a92533baed3fee1652b51297b548b3754

                                                      SHA256

                                                      331c258bd346aac75d3dec7ac5e045506aeccbe17464a57468aa477dcd3568a8

                                                      SHA512

                                                      8fe2036c35233457882cc812f58e59636eb39e49dc67bb77ab15946ed1770d151dd75a2af7b9134ba5e3f86166ffff9860ce1f7365a2f6cd8b0a3f5f06a15c76

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\DCEBCB1AB42B452EB3865AC25EF0B47565E4D1BC

                                                      Filesize

                                                      14KB

                                                      MD5

                                                      daaa097ce6ece51d32d350cd4c612fb7

                                                      SHA1

                                                      cff9772a3d21d26db6a6ba77ba218e96560bad3a

                                                      SHA256

                                                      46c11fff7fad943113a86925aa8c5e6feabd6ae4fbd7dfa3f86cb591cf65f143

                                                      SHA512

                                                      1f2373437fdd57b92225ed6a1e74ae6aaf8db1459bbd541cfe0d171939af1ef84267d53002fa1205f7ae92e0f09c40ba7307aa4fa6ae54409f1a3a1659a02dd2

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E0CF0B7585914EF83EA2FA7D1D3E9B51D3A99B70

                                                      Filesize

                                                      14KB

                                                      MD5

                                                      462fef900274f8c90fb33a617d6e2728

                                                      SHA1

                                                      15c5dee545def3a90e66f9b23f4f5a947f4872f7

                                                      SHA256

                                                      2527ace4732de3a805522cbb6ade1de83d0e7f9b2baee18adff9dbc3ee3e03b4

                                                      SHA512

                                                      c05177f1acb242040eefaf73205246b87ed28439417f6f243f67d1f40b624345fbcc617a5fe8e57132ec53ec38796d161be28f368e5620dfcbfd0f40bca801ca

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E5598E170C71E64E82F578D0B0308297497C8C1A

                                                      Filesize

                                                      74KB

                                                      MD5

                                                      a4dd5a5b3ddf8e97f8dc689aaa0b8f3b

                                                      SHA1

                                                      5c8bac3018db5627bad7f6b257c043a23bf2dc66

                                                      SHA256

                                                      ae3686a01201ff370fd4ede77026b31a05f5c39af8adc8f3e47a3f842cf04eab

                                                      SHA512

                                                      b0225a278333cb494c66423e2deb39ac524b225e37e15a6179f35220ee1f11cd6e838a9284fb1fd60033778c900ba605cde7bfa93263450f37a5b2fcaee5d27a

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E986C21546BBCDA139DEEE3380FB6334077134D9

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      e59cb5307dafd53d42317c998daa2229

                                                      SHA1

                                                      bd9ff17fd3b52bcd338755fb99f8fcfb63f78f78

                                                      SHA256

                                                      f281045c0cc2c26c7ac18804229876be0a552a76ba63d739f707d6ec1eb43c0c

                                                      SHA512

                                                      1924f4bba813267e9a22b7fff6c51aa6ba9287a080e6dd7a326630faa2ba8742d11b2d41301d9379121a9e95728970332d52bc0023875e16b062f68b798bc413

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\EDE1C69677261F337966A25727F604E03E3DB6A2

                                                      Filesize

                                                      15KB

                                                      MD5

                                                      422e041e804f8bbbe9170eb84aba1a24

                                                      SHA1

                                                      58fe7f73cac07b6a1ef93822d3ef1763ccf2940e

                                                      SHA256

                                                      994c8928c8a2737733f258ddf39b24f6058eb882b16545e0b8905e838cecd50c

                                                      SHA512

                                                      608a5deb4f27664ab1b72c7bb9c84d34c0f2e05a1605700bc24fff8735f7f5b7ec692a603b41b869c8f087a7e55ba0f90e352edc461c158a23141036f3da8ccd

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\EFCEDDEBAD67290629B5104614094B988BB2D047

                                                      Filesize

                                                      15KB

                                                      MD5

                                                      25667b7777bc6201952cbdbc9f0d8068

                                                      SHA1

                                                      54aa316dbadbc5eb1c51722284924debb2ed6157

                                                      SHA256

                                                      e6c651501f7ffb743c512777d1348b391698e8c04b16b26729feecc08eb09b5d

                                                      SHA512

                                                      1ce4576f05e85322d1ead1a58e496943dbbd2f86e840b6d471b9b440318952634a89f3508915cf826f5dee4b6f0c110748d3153de757de37b60eabdb042254b4

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

                                                      Filesize

                                                      79KB

                                                      MD5

                                                      d0e4eb8f76de22940374ca04abecde50

                                                      SHA1

                                                      5408bf79cfe3261f94b2eac15c17f52f68e522d6

                                                      SHA256

                                                      a4d27b6061f742eb6fce73dd40424b0ca6643a24eabc70b353a9ef4d1d8cf0e4

                                                      SHA512

                                                      d25b811f4bba2d184d11220026b852e2a787e54d7babfa7d5f4c189e8152b3ca03d487add4a56f70b3bb9942324002de67cf517a40d1c32b0563da5ca785fe5a

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\FA3488F3C0AFF2AF0DDB34B33BB5C858E7FB7309

                                                      Filesize

                                                      123KB

                                                      MD5

                                                      d47fdcf8a95cd9bb47390f259f35b601

                                                      SHA1

                                                      22dc4b851918c0f96bad9a93b2a7f5f7159d2ecc

                                                      SHA256

                                                      b72c21bfd1984872c9477a9f2db4397b4d5196b916265077f4a29a2fbe2aa3bc

                                                      SHA512

                                                      b649dddb5bbcbc770290345b7b6790163e68966a5feff56e2272db43b5d688b58e4a59c127902922d4b8acd0dcba7db29aad9d6d6db84f7e4540865019c0c03f

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\scriptCache.bin

                                                      Filesize

                                                      8.6MB

                                                      MD5

                                                      51e2b60b435eb60f5ffd1134e4066e6f

                                                      SHA1

                                                      a289984f92fa293f5f8ea3dd6137390469055dd0

                                                      SHA256

                                                      8c5bbf7ab0d3abbc7b3eb7856e887450aa8c966cc03c986a1b015fc6e68f6320

                                                      SHA512

                                                      ae88ba80ec0f78f74790597a2e7db2b2efedc9fa238be8e655599de1adf90fe40f11aafe80a83f26387295fd078e72eb400c64d998441569122944cf9afc8bf8

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\urlCache.bin

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      381ebab660959c2e0ed5bbfefb7b0b3c

                                                      SHA1

                                                      3fd8178b4355be47aa9b2c73b7cda5ad8787aaaa

                                                      SHA256

                                                      db2639a6659506e3a902f25f7feee7aea79fd8623a6c4a45b8c6fac4b8818b0e

                                                      SHA512

                                                      099574b2a61e20186f2f1a316642decc678feca0f621c1ea8a49e11129ace0d2529bfd6179e1175697b6d14bcf3e00ae1683d1d14cc75472e20e86b56df9aee5

                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\webext.sc.lz4

                                                      Filesize

                                                      107KB

                                                      MD5

                                                      b9bc02ce84aa85e3651c9092f4c264a5

                                                      SHA1

                                                      1437d42cdd7c3a38231dfc87718ca53d64954280

                                                      SHA256

                                                      73f44c8d845e89e6f4e43ec6281f5b131866f3af8d3940a20fc9a91b6a96836f

                                                      SHA512

                                                      ea352df32e80859ac474906fbe5e690842eb11fb3f71d3e30f4f8b9acb94fd7fbd1370792edd472db89e2a9b18a46a82aad220680e5d252d247828c410678d5c

                                                    • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                      Filesize

                                                      3.3MB

                                                      MD5

                                                      e58fdd8b0ce47bcb8ffd89f4499d186d

                                                      SHA1

                                                      b7e2334ac6e1ad75e3744661bb590a2d1da98b03

                                                      SHA256

                                                      283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

                                                      SHA512

                                                      95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

                                                      Filesize

                                                      23KB

                                                      MD5

                                                      862254c271e0b4800ffff46b6e17d70a

                                                      SHA1

                                                      96ff45e67c2742efecb3c83207495c8f48e62bbe

                                                      SHA256

                                                      05bb3ec9aad3fdd41e9b78458e3961e7daf8454f0d5e5059ae5fd552fba83219

                                                      SHA512

                                                      b1a8c35934d6e7d160190034b2ad6bc3ed787fac773e8d368726ddc16b4e1f115f30e8635dd0654b70666e0c637eebfab2c1f7190b6c6f13aa822d9586888007

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

                                                      Filesize

                                                      26KB

                                                      MD5

                                                      40221a1151d69a4971fb95848fd625e0

                                                      SHA1

                                                      dd73feb50ddaa979af1c1d345e7e5df676fe6dc3

                                                      SHA256

                                                      d7869b178d23d1f6d1c29e27db0c1340bfa44dd0ff146c5e684d865fd8d63b16

                                                      SHA512

                                                      5e9978e71cbf584b37139231c72559fba310100ad7d00ed4a07baa26e1039b726ff4dac6fbf41c6df5d714150908792e471b123b8daf0da711fe1f6f90af5cc2

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      1e96a8a84c8561f5a9e64c3ecfc38f3a

                                                      SHA1

                                                      348004ef6862f248111987d892455e6fce0f4775

                                                      SHA256

                                                      9e12c0f0bcfe4b40e386896ed647f91f3a537226956dde39c3f0075924a6ba1b

                                                      SHA512

                                                      2f15d00c91564edc881eb80fa9deeb85d642a870ead92245120a1dac3fa50c0ca07b1daf6716e63d36c4a731874ffedfbe8af56e89755ff9e4520df4bb2660b4

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

                                                      Filesize

                                                      21KB

                                                      MD5

                                                      dffb40ef17173cb3520d9f8690212e43

                                                      SHA1

                                                      ce788afd9438f99954f0484dddf7e85727e055bb

                                                      SHA256

                                                      26eed0b844005a073c1a6d4e51a0b650d392b252378e1f9886a90c4ec8d549d0

                                                      SHA512

                                                      e1bf67a37df91a6c47784f18b9fed14410e43252db30e6434176ae45429a87587a4b0af04c97bc716a64ad174324f23289ca0a92d9df2b038cbac039cc1c03a1

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\SiteSecurityServiceState.bin

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      4def81bd3dd0ae71fe4bf9bdfe6fa613

                                                      SHA1

                                                      9176a6c7400ee4fe26433161ba98091f8e936f6c

                                                      SHA256

                                                      c7339e21120cf6884917d9789e7477fb99f78f8fefa41b0d03a877a5265fd047

                                                      SHA512

                                                      3ad779966b16410d507c2199a765aca2cbee4bd36af1ef1938f351f9bf14bc0773b55ed0b4bcdd94abf1563bce57c7e28388ec4f6dfc3a3e1977a613717aabb6

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cert9.db

                                                      Filesize

                                                      224KB

                                                      MD5

                                                      212002268ff047a360e5b92c8100a6bf

                                                      SHA1

                                                      d76da88d249e8ac177db139dc2d8ab756c3f7372

                                                      SHA256

                                                      dcbf145d3335110e214338b4ce34760b4b99c4317c767f649fc29f97f764e291

                                                      SHA512

                                                      3d1bf28404d255b5de30a3173c6d0655e07ebdbbbc84be846e0619e5271e380534144e4698f19a9517386483260e558360ab63528af11fded69769e70b810a49

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\content-prefs.sqlite

                                                      Filesize

                                                      256KB

                                                      MD5

                                                      b41ed219e2c8dac47f2701562d092621

                                                      SHA1

                                                      90d507eae3ec943a121dbe5a080412e40470b54f

                                                      SHA256

                                                      cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

                                                      SHA512

                                                      5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cookies.sqlite

                                                      Filesize

                                                      512KB

                                                      MD5

                                                      d1b88be1b76e87dda09596329052e03c

                                                      SHA1

                                                      af38424bee42464365e7b0c78639b42dea65627c

                                                      SHA256

                                                      ffae699eb4aa56177f6309b871e09655c328027e352e4e3defba0108322d3b42

                                                      SHA512

                                                      ba2e990b481453661a2f21c2c64c8521541699604470b32eb851391c97d4248b9f72227fdeb92589ddabf0fa033c97cd33ea22290bac11df67502ca50f7009df

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.bin

                                                      Filesize

                                                      49KB

                                                      MD5

                                                      3cdae9cfe1e2d2889d259e84cfea219f

                                                      SHA1

                                                      f10a4d277db78d23d0d86ca9aa5dc1a670b0161c

                                                      SHA256

                                                      d1d84aa92a0ab79cd9ebfe75cf47f39b45bf61439741faa895b6aa932b3832cc

                                                      SHA512

                                                      4e0bbd4016f05902f50578f26a06993acebbe58d1d3301c7c414e18a269b9c9490b75dd7cee7182c6d01013b47df3eba92b2149b5649b9f58a97b177f1892c3e

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      3dd028edf6beeae9b9c9814a1b3bf7c4

                                                      SHA1

                                                      794b25aa8fc6f2570113fec335d07bc4befdc81a

                                                      SHA256

                                                      04cd35229ca3b5dfeee404fe6c9b09a4bc68f2e4b70f70c68106ff71be09a00c

                                                      SHA512

                                                      cc5acf59d6abb901d7d0ad6af7cb78fdc4e9da6fd3760c887a77bc57f16a884a294e0ba840cdf2300b5f30f8b719834119910a2f325ed7b8bb0e7a3674c29857

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      48KB

                                                      MD5

                                                      295bd560ca75cb25ebba145bea8ea87b

                                                      SHA1

                                                      a9f69ceb4ee4a49d35c8962c0f516791ffb1797a

                                                      SHA256

                                                      95c539e1be1f084dfb7c6c7a264431d6f1c6be7da498135820ef793916271335

                                                      SHA512

                                                      8ef9a6fb48c3d3bd5fe16d4a32452d1f1ed229753c43eeb6762c607bdc4c469f704b6ae2d6b1277e263410c50b2ed3469bfe85621f82360a164f411dba827f12

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      48KB

                                                      MD5

                                                      96c368c64e0de2769056d464a795cb66

                                                      SHA1

                                                      d8320eeff1e3f9456291fb9ad1d2dc4552c1cd8a

                                                      SHA256

                                                      e6d3c046a2770c1e7b058b4959de67166355c38170f76644bb83cbe88f2d1ad4

                                                      SHA512

                                                      fe1774daf9577f507bec463ec253676f8db26f8906de1365d84838d9fdc9ac7da4dce13e6003963673a46e111257fb533e6427308e604fad8a4d0d13827db086

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      48KB

                                                      MD5

                                                      934a6a06280fdf8ba09f6d3201acee53

                                                      SHA1

                                                      d166e4493cfd6cd6eb1623edbf42062db05be711

                                                      SHA256

                                                      a2e3e69b49c421bf2013fdc13e9bcc7f89dc8308506c803917876aea5b81fbf5

                                                      SHA512

                                                      d1d2db473918793a5726d40c69656ff4dff54bc9b2767c29f39847d35e9fd3d206e304b6ee3853f68943af523b6b86e4a7dcc7f1646b8562cefc11dadaa37c11

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      0ccba951f4ed68b539abc2afab26afd5

                                                      SHA1

                                                      808f714482386dcaad8428426fa49ba8f1595791

                                                      SHA256

                                                      6a42d0e37928a8d55f14934dd1de10824602195a13d6b4d4d7f28cc58cc38f5d

                                                      SHA512

                                                      8aee6444ec88bc71548a7fc88516db2114e1a4d64ee9fb727612dad0a7a1d430a8dca94ab7237e81d7ab22ca693a69a43e67e644e67f57eed909161ac871f7c8

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      91e1504493060418daffc4758d02943b

                                                      SHA1

                                                      9334f12c4920256f59ffc14b5ab5b365e60131ce

                                                      SHA256

                                                      7dd2f93c68e4faf38bb28135a700d0203ab1515a13ad0a058193726845cdfeb4

                                                      SHA512

                                                      d05e1d3663e08f8a62d57a549e9587f5485c268fa619c18186dfde0c2bc00ae67a1567e43be5c4dff6b25b7098d7ac68e21880bf850a3e84724666e4ae460323

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      50KB

                                                      MD5

                                                      6b512908cd68e4b93f2e795bbd325206

                                                      SHA1

                                                      ba54c3afec1050f60d1b6ca1b224b43911d002b9

                                                      SHA256

                                                      cebedd20162d75842576f5da0627519692f8ead0ed868c7231404a1aeb39d8aa

                                                      SHA512

                                                      0ae58a712a87dfb07906c558d79202226977d672a6dc91906550a2defa8d3ec8691f2d82019c50f300ae73bc350d72f168c7e229368ee42fae04e9fb96fd4bf9

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      d0abf23d48a343b50d2373d0a65ba22b

                                                      SHA1

                                                      77dab920d72ccc9f1f72c303f45f7b30ea12f353

                                                      SHA256

                                                      e54d0955a572b7e73519bb7bcab33041581b94347d1be65eef0826b192f9ffc2

                                                      SHA512

                                                      543481fb2b4dec704f461fe37aee1b6334aeefe26895588d14f0e839ba685bd079b2b4c2938885323ba59ad0fa177345d1798aa1c328d1514c8ce23ffddc5d83

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\events

                                                      Filesize

                                                      512B

                                                      MD5

                                                      75881696a79935555ae579797c166237

                                                      SHA1

                                                      7b7f1d9eadb21fefb3695a8b4f16cde31c5d51d9

                                                      SHA256

                                                      ba926b052cba268e63136f12ca859a23ef32f2e6821611f02336edf9d5745e92

                                                      SHA512

                                                      a3567feef98c42bae75c371872b059c297324a848d48255db3d1cb71fd65505ac15754dbdfcbf567acc1a4b77b943e1d86f18bfbe976a492f3cd14e8a7294eb9

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\pageload

                                                      Filesize

                                                      400B

                                                      MD5

                                                      2b619dfacecaf19e616560ce5d12ac56

                                                      SHA1

                                                      54fde31f374f91f47e4fa716d0380be63e4dae51

                                                      SHA256

                                                      5fcea9a6a1304da5e0b944247723d9d53787855240d553bb598acfd8690472ae

                                                      SHA512

                                                      3de3ec811441db380e907264400381ce6b57a4f4ebdc88e6dafd81b7433ae54c47841e15a2163f1da8a0f10591754bee3697fab7e54832b06273010932df88a1

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\0d105101-fc2d-417c-acfc-8bf06cf24e9b

                                                      Filesize

                                                      735B

                                                      MD5

                                                      06e7f8ccf6b30a77753827b4bd3694d6

                                                      SHA1

                                                      743be59f5951301e57dfe5278d1469a25d7bf258

                                                      SHA256

                                                      1a91ece039955f89c0c9915337644693f2544417f6e470a5f53411735185ec79

                                                      SHA512

                                                      ebdc31367124863f68514131c2bede3f8e0de99f931f84f1bbe98daded396376a2da2a92de2bfcff9e30125d4dc6afce42b257606fdd5bc3f5fd283231dcdf35

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\10824215-bfd9-4067-89b1-09d67c7cf6b5

                                                      Filesize

                                                      20KB

                                                      MD5

                                                      d85f8c3807f0ddc5ea7a655ac2606ae3

                                                      SHA1

                                                      f521f2fc89d79a1102b0d51744b7b8021481474e

                                                      SHA256

                                                      2078e6e45a0c9bbc410251dd6978c74fb4abb6ba8a107c587ce41d58fddc8b2c

                                                      SHA512

                                                      31a09580d40d839a5bd0e726c9c63891b7e2f4d2e61fd18ea25e52c29d92c3192538da8791d9a3bdacb094b8ac709695deeac88d12499c73288834f295b78d18

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\1c0a1516-0c1c-4310-a7c3-21871fddb18d

                                                      Filesize

                                                      26KB

                                                      MD5

                                                      cbad13faec9ea10b41e672a87d42c1b4

                                                      SHA1

                                                      0be1c988b2594d53e5ca7abcf1f545acf2c61797

                                                      SHA256

                                                      9221e977c023933b4d6c7b2cf916ebe0b6dbceb8a0bbe9d88f6192e04b838929

                                                      SHA512

                                                      4b103fa61587d66fea86e1b9f94e2442c7c5906755e228e833dc19cf8fe501f364fc1c5afe5991b00ef3ea8fb225fe3d1d8cbbbc8b863298642aa1a694df2256

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\8a01eb95-dc4f-4bd8-b682-3772a6133bbd

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      e329dc8b0a01cdfadd55f96f8bbb5940

                                                      SHA1

                                                      b79607b6335bf6845c91d5a429e5707dda1a7bbc

                                                      SHA256

                                                      aaa189a6def6cf837b61200544888f04fce08ee9d74a44684ccda6c4e1f30308

                                                      SHA512

                                                      0bb368c21fde0d73f25f6fc23c3a22e11243565976ab38f3d0d5e849d93bbcb107b3a99a8ae227829beb441b53219c247bc208370547aa3795ce5a94ccc6d410

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\cadfd83e-886f-42a1-908f-bdcbe2eed673

                                                      Filesize

                                                      671B

                                                      MD5

                                                      903d1fa0142f5f6080e9f46728c4857f

                                                      SHA1

                                                      c385a4ce8a20e1874fe26bb64bede07e6ea9d2f9

                                                      SHA256

                                                      476f27841d195dbc0156a797429e9374f4dac06537d5bba68b24daaf04ac5d9d

                                                      SHA512

                                                      6bce80af72949b2227fc2573e2a3a2ecd474e88b0ae3ec285b95ee92ba127431801b49ccb5c08525287361d2027fae29d2d3d01a6c3e78c11a9463d422b44f56

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\d82e815a-c419-449c-99b0-489bccc71829

                                                      Filesize

                                                      789B

                                                      MD5

                                                      6df9852d1899553a1393d1466a657ad1

                                                      SHA1

                                                      7f515282de6e9f25ee79cace5be08418665e8cb5

                                                      SHA256

                                                      fec17be560b6a1837d17d6fcff61e3c2fc665196b77028e4a016b5c0e2ad0932

                                                      SHA512

                                                      0936143634460194e5ab91bb5b6b72d3b44353f3f1329d73fd51a49c1b31de053e9771be5b919701a5b1002e68b0e6feff67d92ff1205922eeedb039b86e468d

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\f657838d-d8a9-4e1c-ae77-869a1aef4593

                                                      Filesize

                                                      982B

                                                      MD5

                                                      dcc0de3434df1b28d1f186a8d0c016e7

                                                      SHA1

                                                      2294e8615ffb9f365f6c209fb4f2fc840b20a3c8

                                                      SHA256

                                                      b8f83ed459be5cf864921acc878993697da0ef00e88b3073ce873a880bf2362e

                                                      SHA512

                                                      f1b5f1b20b90b5d5e4962d65b590a69e9d3a121e4dec0c3f4f671e4bd41022718fc3fea0391b1fd1018c27e61a26f2619b512e0c12cf2681fafa6264720de836

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\extensions.json

                                                      Filesize

                                                      37KB

                                                      MD5

                                                      6336c3b6727e141bbc0e7dc5899e3d6c

                                                      SHA1

                                                      86eaabb72dd496c0d8e264161a174b280ecd7510

                                                      SHA256

                                                      fae1fdfed5a1488cfe5f80545807eba3ec1b41b95e619dfa9c057b556c8813e0

                                                      SHA512

                                                      a9a192dfe709e5854a7305aad59e5214e9073883e6a8a157895ffce632b7885f3f4f973a3bc650b00174839ca43c16901af1382ce3eed4c4c7f589f80b56520a

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\favicons.sqlite

                                                      Filesize

                                                      5.0MB

                                                      MD5

                                                      37ec2879f8ddb2b4acbf969e1346678b

                                                      SHA1

                                                      eaa2536aea1d6a81bed95c07091a075ae5f234d4

                                                      SHA256

                                                      00490f11818f091a406417ef633c586a122a7db0ff33478c8e0bc6c9e860ef6e

                                                      SHA512

                                                      aa006f70b4aaf8443026b5dc0ae57a0cb16114ded6c0d9bf2ef5a3728a30259abce6e2826242b69dec9876580b2af1293e403257ebc1ee55258371d2f759d8b0

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\permissions.sqlite

                                                      Filesize

                                                      96KB

                                                      MD5

                                                      1d0ab923d1b17663f16f0bbb72a5bd2a

                                                      SHA1

                                                      11f4cd54804b842d23137a095078b0993ee6f090

                                                      SHA256

                                                      a025cf719a6be18cb2b75372608ab700e96981e174edeb87e6eabdc5d492cc54

                                                      SHA512

                                                      1b6ee1deab258de0516f92fd8108e964c7ee39b92696bcae40c71c4724c150f61cac865c613d484f32b1f5cb0066eb6bf9d434adee142f85726bf3a6c2e12926

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\places.sqlite

                                                      Filesize

                                                      5.0MB

                                                      MD5

                                                      3ae512093c12a2694c20a72b089bdbef

                                                      SHA1

                                                      8aad114cc58a9e959341fe183bd335333ab54a42

                                                      SHA256

                                                      03467bea506fc5d0d77c6a7213d88f8a5ab0c73bea2e97b905a91d959f602984

                                                      SHA512

                                                      127bba3cc833790ddb04fda62fe50e1c54e88dc6c292158f10b9781662773dd25d16781095404e0b4996e14db33205cd4bcfce87e33fa7258db988f8981f2f25

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\places.sqlite

                                                      Filesize

                                                      5.0MB

                                                      MD5

                                                      d5028513823dc9eb24ab511da8c32bea

                                                      SHA1

                                                      9cb45045d57b91e502cb3cfc87392c54fd4db9f4

                                                      SHA256

                                                      760d0b7eedc76218028ced7b1461493b569025380ce6b6cc59be4fccbb2ffa04

                                                      SHA512

                                                      fdfd2e39151bdf61afe2ddf97241e7ce50539d132cec7d06eb4f53879bd1ff5609efbdb52bb54031f1eb3081b627c7ecfe76993ded32afaf5a4649191362b928

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      8ce42ae987b263d43bb0afb090f0b4c3

                                                      SHA1

                                                      253de806435ffc62e68977034a89152194d92ab4

                                                      SHA256

                                                      d10a158b6d7205db7270519667bcd89d189958e9fe635d9f7d549fe818221fd4

                                                      SHA512

                                                      d1c35ec736e2de2d75e49311715bb5aeb58ba410b9f0f49360bbe8c25e7e0aa6c3c0ce6b3d890e7c86993ad50b4ecb069628dbab449da22809d1c4c74db9041f

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      b1e98bb8733581f64f6eec0888f4c0b3

                                                      SHA1

                                                      a7e1955722deae3b5c5a655413e4ecaf37137619

                                                      SHA256

                                                      2184aab6fc0c1226acc48605283d0ef2434da7038b9217e30fe4cde3309f0526

                                                      SHA512

                                                      0e3ec2d6aac03e1fc9d80bbf989051d6ddd173cf12dd16fea2e8045ac236b768196c8e1028682c2e33a26dbb027f3a3def8ef2b1f0ef07c19e24c02b453bd412

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      2d28a2fd90a33610f06641b3932589d1

                                                      SHA1

                                                      750f5446dccea9f9b98ac3bd9814ddde21179d53

                                                      SHA256

                                                      5c56eb28b672c869dfe7be60bf57e872563dc7410c0f600bba56833233d90400

                                                      SHA512

                                                      08c8c850fd5a93ba22f3a1d96b88f0ed1e30675ca7942383db4c1c668798439958246e894eb772344ed6d0ea3a525d5af81fb4a56efd90ab1244f96b602d07f5

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      c8b40b11f74ed920aa6b4a3c4e395547

                                                      SHA1

                                                      58a80ad470f7575a7d0aac3e84f6f3ec3daf3ea0

                                                      SHA256

                                                      19bee0e0542d674d9813c85f8bd36ebbd9942430e93fa3b7657fe115f331955e

                                                      SHA512

                                                      643268b3ae5bf4b208cac2ca672f948eb9d93993b7fdd5e676f72a07038e24cb5f7d08e4b8f3b302cbb647e44fc5c2f182effafc43a3b4274a0f734e71e5fb83

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      28fef3027286fd3f3bbbf27d1d4486ac

                                                      SHA1

                                                      9e153518cb34b5d8e408fd0d327b862058d842de

                                                      SHA256

                                                      02409f04ace122aa4113bbaef9c9b02a26f3c2fa663d9c360bdfdaac7ee90bc0

                                                      SHA512

                                                      11d73357e1281c2073966975837bd430234c4b1a45f4c014c2cb46ea22eb5bdf56c2e2af63cd03c3a926d41c391b38474c88b744b7d34cbd275fe0769db30545

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\protections.sqlite

                                                      Filesize

                                                      64KB

                                                      MD5

                                                      76786a4c0dd19d88d6d3ed95a293bf2f

                                                      SHA1

                                                      b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

                                                      SHA256

                                                      1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

                                                      SHA512

                                                      8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

                                                      Filesize

                                                      53B

                                                      MD5

                                                      ea8b62857dfdbd3d0be7d7e4a954ec9a

                                                      SHA1

                                                      b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                                                      SHA256

                                                      792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                                                      SHA512

                                                      076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

                                                      Filesize

                                                      90B

                                                      MD5

                                                      c4ab2ee59ca41b6d6a6ea911f35bdc00

                                                      SHA1

                                                      5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                                      SHA256

                                                      00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                                      SHA512

                                                      71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

                                                      Filesize

                                                      146B

                                                      MD5

                                                      65690c43c42921410ec8043e34f09079

                                                      SHA1

                                                      362add4dbd0c978ae222a354a4e8d35563da14b4

                                                      SHA256

                                                      7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

                                                      SHA512

                                                      c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

                                                      Filesize

                                                      288B

                                                      MD5

                                                      948a7403e323297c6bb8a5c791b42866

                                                      SHA1

                                                      88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

                                                      SHA256

                                                      2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

                                                      SHA512

                                                      17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

                                                      Filesize

                                                      122B

                                                      MD5

                                                      99601438ae1349b653fcd00278943f90

                                                      SHA1

                                                      8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

                                                      SHA256

                                                      72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

                                                      SHA512

                                                      ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore.jsonlz4

                                                      Filesize

                                                      4KB

                                                      MD5

                                                      de4e9d8d9c1034bfed5c3ff4ebdbaaf2

                                                      SHA1

                                                      0e44431d09bebd8805cce120e5efb76670b41d4a

                                                      SHA256

                                                      8d121eb4af50aae5edd9cec0cd582a5cbf2bbaa7a9a1f9e5416c8fbc9a3ce1bb

                                                      SHA512

                                                      38485d6d01fe2135204af84f5b9441b2572bad866a029156ea1622f3403ed4a000fde08772f9a27de494277152ed015b4f410559c571960fc03ecff9af0299d1

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage.sqlite

                                                      Filesize

                                                      4KB

                                                      MD5

                                                      cc621161d1065a19ccd545c11ee8fdf0

                                                      SHA1

                                                      3d6c7d8fb444dfd34315dedb92f2ac6eede87568

                                                      SHA256

                                                      34b47cdb679237c7ccdfdb7891ae5d51d1ba3dcc96efebcadde2ca5468c4d514

                                                      SHA512

                                                      7f5a882765a2ba0fc28f249aee202ce6ba5f7bffc0863479de7ed0ce4756f072f9477a69e0e1fd2b5c04e52f1439710ba1b2be615e98ffca063ca40f9cb2f61a

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\.metadata-v2

                                                      Filesize

                                                      48B

                                                      MD5

                                                      d8675c53124f6bb283ecc55df3bbd75f

                                                      SHA1

                                                      3140a341b497550d423f21467bbd68f870bd3501

                                                      SHA256

                                                      d181d5481b1c0d5122763bd08b927dd8d504524dcf8e748e08684eca3e00f829

                                                      SHA512

                                                      4dae107b48b7f19dc513e91bcaa68f0b7e14fa7118896ea91a19acf62fad2ae9b113ecbe64e900a3351194c6192c47f71c152dbca025ebe1fdcd2e460fa04709

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\ls\data.sqlite

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      30fefee9735b4b72046e389c10098a4a

                                                      SHA1

                                                      48f96a0982416f2ddcdb9e01902041671f5d9a37

                                                      SHA256

                                                      145cb86fdea912f087e99b6e753d67568c800e1e63ea9c1120058b3927d8cc5c

                                                      SHA512

                                                      77c60a4c29d207c6e1544acd774176da4c6c6ba8e0ac8d08b77aceecfd1a1aad0c81b8607c6d555515c981763fcc01ee24be59b60cb15fbd1fa02cdca7252762

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\ls\usage

                                                      Filesize

                                                      12B

                                                      MD5

                                                      195332f2c92d358733afd1523b48cd7a

                                                      SHA1

                                                      9b9b76e7d1960bc09a10dca42d50b0a93ca0e173

                                                      SHA256

                                                      03f617d955a46a6575b0a0fb3b921be88a8cbc4298ba725c31ab0519c2bcac70

                                                      SHA512

                                                      a46121bb9068043b24b177a349fa6902449cedc392d79eefc77a0fa3335020fb08f78745382dcd325085accc86a78600971f4064ec737648620e6fd17544740f

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\.metadata-v2

                                                      Filesize

                                                      97B

                                                      MD5

                                                      831a7a698a902f040f18045e12cebd62

                                                      SHA1

                                                      974a13c3073cdff812e17cfc5115f92d4dbd6315

                                                      SHA256

                                                      b6b110d85021253f23d97448f9eab403be17ad86ef770dfd4d9cb9831a20eb95

                                                      SHA512

                                                      a3020493b2f46c3149574dbac6549fd3e65890a7d81afbcc17e6257ebfeae5f9e9edbe2c718619bc70b6dec55d4ddfff82338748cac0a15d43d93ebf385c1ea3

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\cache\.padding

                                                      Filesize

                                                      8B

                                                      MD5

                                                      7dea362b3fac8e00956a4952a3d4f474

                                                      SHA1

                                                      05fe405753166f125559e7c9ac558654f107c7e9

                                                      SHA256

                                                      af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                                                      SHA512

                                                      1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\cache\caches.sqlite

                                                      Filesize

                                                      64KB

                                                      MD5

                                                      2366c83e0d361f11a90118dcec27f068

                                                      SHA1

                                                      65242444afd6cea7f4cb18119178dccd54913acd

                                                      SHA256

                                                      e2011cea22ad0828ce84493394cc1e89990eafef77fa28ffb559ee89b267912d

                                                      SHA512

                                                      dbd628d46e816ee8fb135bb88037c5df3596c03f3c25afcd1b9cb589396a9f5bdb53d62cfd6e5060b12ac80ba347df47673e6030dea96bd48abbb2e20b739844

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\ls\usage

                                                      Filesize

                                                      12B

                                                      MD5

                                                      a4b57866747aa8bc0828ccb259689903

                                                      SHA1

                                                      b77c045f5580c81a6cd07a5e5d2271064aa52233

                                                      SHA256

                                                      395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88

                                                      SHA512

                                                      f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^userContextId=5&partitionKey=%28https%2Cmalwarewatch.org%29\idb\2171031483YattIedMb.sqlite

                                                      Filesize

                                                      48KB

                                                      MD5

                                                      d523105fcf82e5afcd610b7b760950b7

                                                      SHA1

                                                      d991bbf07b3113bddfa6e8a37e6c3c7dfcfeb6cf

                                                      SHA256

                                                      11d93ff77c5c197e3340333a1112d4c684e8a0f7349564abf4fc1f62fd8d396a

                                                      SHA512

                                                      9500220bc1d4dd9f8d0e44883db596fa9cf90403d15fe8657bac18c4b324582b78e2f5f93e2e30b33f16b3f56657a34c0242a8201f05d653e8583d23114b0dde

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

                                                      Filesize

                                                      48KB

                                                      MD5

                                                      14dc17130da536e1b80b27db0f3af5b7

                                                      SHA1

                                                      a56fafa691be67c212371d50ae5556899c938e02

                                                      SHA256

                                                      022df7442484d1319d189d4664904342ccaf86d75de326d2a62b1bc7dbe78042

                                                      SHA512

                                                      1d4f75fd26cba64d058750217d8bb74bd955dbf1180e58d5f12c952a96387809dba4ce5a56730a56eff93b5dab634f7e42182dbee40269ce6c3bd8e0f56b0f54

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                      Filesize

                                                      376KB

                                                      MD5

                                                      3e82010059e72a23d3dbd3256645ba97

                                                      SHA1

                                                      8d828495cba2bbbaea53c0cb60cf36d2a4332734

                                                      SHA256

                                                      15b0de8369a2381ac007adfe7c9973162149557277cf196aeb4051fd29d0d012

                                                      SHA512

                                                      408c356828af117e80756ad17723757f81b42b47542615417ce1cc8ee5fa320cd1880c138a8e5a556d7de406099d0c67de097f1b67bb3e0914821d529891b483

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                      Filesize

                                                      584KB

                                                      MD5

                                                      41f0da9c5cd3658bc04f65c7e2347e8d

                                                      SHA1

                                                      4cd4d62f1baf3b51df63a11b4d989a45a6b1dd12

                                                      SHA256

                                                      738d317bda543000b216ab0394a59797ab38b138d15e7add061290a80de3c835

                                                      SHA512

                                                      7250b20c573c73ecc4792c1abd57aa8651b659bbad87f077672f3c7af89c858a1c85dad59184dfb821972dc194f9cc2371684ecb6d47e8d2fc1df91952974f9a

                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\xulstore.json

                                                      Filesize

                                                      120B

                                                      MD5

                                                      8d689c06cb844185099c0398a280537e

                                                      SHA1

                                                      57073c7526ec37e94bb9db44fedc6d50276f7a6b

                                                      SHA256

                                                      96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

                                                      SHA512

                                                      3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

                                                    • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

                                                      Filesize

                                                      13.2MB

                                                      MD5

                                                      c91d7a1930f4604c0864b4b1c43250dc

                                                      SHA1

                                                      3bc0a026f31fdfba10acb60ee33e20e60d8b12c2

                                                      SHA256

                                                      235b4fe47137ba514de200c48a112ee4a3299f76382716c612c006a5218075d8

                                                      SHA512

                                                      00c0eb476644c9e8cae683041a37cadc098165eaf92aab7fe1344bc7969c1b0c3b3f3589c063c2eff00e142729cbcb9d4b7a642b7ca415e5b4f99b328c05a46e

                                                    • C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

                                                      Filesize

                                                      933B

                                                      MD5

                                                      7e6b6da7c61fcb66f3f30166871def5b

                                                      SHA1

                                                      00f699cf9bbc0308f6e101283eca15a7c566d4f9

                                                      SHA256

                                                      4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

                                                      SHA512

                                                      e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

                                                    • C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

                                                      Filesize

                                                      240KB

                                                      MD5

                                                      7bf2b57f2a205768755c07f238fb32cc

                                                      SHA1

                                                      45356a9dd616ed7161a3b9192e2f318d0ab5ad10

                                                      SHA256

                                                      b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

                                                      SHA512

                                                      91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

                                                    • C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\tor.exe

                                                      Filesize

                                                      3.0MB

                                                      MD5

                                                      fe7eb54691ad6e6af77f8a9a0b6de26d

                                                      SHA1

                                                      53912d33bec3375153b7e4e68b78d66dab62671a

                                                      SHA256

                                                      e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

                                                      SHA512

                                                      8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

                                                    • C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_finnish.wnry

                                                      Filesize

                                                      37KB

                                                      MD5

                                                      35c2f97eea8819b1caebd23fee732d8f

                                                      SHA1

                                                      e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                      SHA256

                                                      1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                      SHA512

                                                      908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                    • C:\Users\Default\Desktop\@[email protected]

                                                      Filesize

                                                      1.4MB

                                                      MD5

                                                      c17170262312f3be7027bc2ca825bf0c

                                                      SHA1

                                                      f19eceda82973239a1fdc5826bce7691e5dcb4fb

                                                      SHA256

                                                      d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

                                                      SHA512

                                                      c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

                                                    • memory/1056-1479-0x0000000010000000-0x0000000010010000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2616-3028-0x0000000074340000-0x00000000743C2000-memory.dmp

                                                      Filesize

                                                      520KB

                                                    • memory/2616-3027-0x0000000074460000-0x0000000074482000-memory.dmp

                                                      Filesize

                                                      136KB

                                                    • memory/2616-2996-0x00000000740A0000-0x00000000742BC000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                    • memory/2616-2999-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-2997-0x00000000743D0000-0x0000000074452000-memory.dmp

                                                      Filesize

                                                      520KB

                                                    • memory/2616-3030-0x00000000742C0000-0x0000000074337000-memory.dmp

                                                      Filesize

                                                      476KB

                                                    • memory/2616-3029-0x00000000743D0000-0x0000000074452000-memory.dmp

                                                      Filesize

                                                      520KB

                                                    • memory/2616-2995-0x0000000074340000-0x00000000743C2000-memory.dmp

                                                      Filesize

                                                      520KB

                                                    • memory/2616-3031-0x00000000740A0000-0x00000000742BC000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                    • memory/2616-3026-0x0000000074490000-0x00000000744AC000-memory.dmp

                                                      Filesize

                                                      112KB

                                                    • memory/2616-3025-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-2998-0x0000000074460000-0x0000000074482000-memory.dmp

                                                      Filesize

                                                      136KB

                                                    • memory/2616-3037-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-3044-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-3055-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-3061-0x00000000740A0000-0x00000000742BC000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                    • memory/2616-3096-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-3103-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-3113-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB

                                                    • memory/2616-3119-0x00000000740A0000-0x00000000742BC000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                    • memory/2616-3120-0x0000000000E90000-0x000000000118E000-memory.dmp

                                                      Filesize

                                                      3.0MB