Malware Analysis Report

2025-04-13 21:28

Sample ID 240915-khhxhavckg
Target wanakiwi.zip
SHA256 40da854572ad619f1e48ebc62e7ac42fc46b2f3fbdd0dd9069eb451b79f578f4
Tags
wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

40da854572ad619f1e48ebc62e7ac42fc46b2f3fbdd0dd9069eb451b79f578f4

Threat Level: Known bad

The file wanakiwi.zip was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Wannacry

Deletes shadow copies

Reads user/profile data of web browsers

Modifies file permissions

Loads dropped DLL

Drops startup file

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Sets desktop wallpaper using registry

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Modifies registry key

Checks processor information in registry

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-15 08:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-15 08:35

Reported

2024-09-15 08:40

Platform

win10v2004-20240802-en

Max time kernel

216s

Max time network

220s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\wanakiwi.zip

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5150.tmp C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5157.tmp C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wkwthgmgqegtew611 = "\"C:\\Users\\Admin\\Downloads\\WannaCrypt0r\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\2229298842\1034423747.pri C:\Windows\system32\LogonUI.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Public\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "126" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
N/A N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 3080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\wanakiwi.zip

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0663308a-a27f-4dee-ab22-6d47d309cefa} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {854907fa-1c70-49ab-9deb-a23a857ff077} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3344 -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 3332 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3987187b-d2a2-4b15-8021-55afb0ae7a39} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4332 -childID 2 -isForBrowser -prefsHandle 4328 -prefMapHandle 4324 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c502a4-95ec-4ffc-88e3-8c08c6e9295e} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c6d721-0c41-4658-933d-cd968008b5b7} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8a1cb5a-a58d-4712-ab56-ed523622fced} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf54308-8cf9-43f8-ac23-dcb4a6f3e0c0} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b8319d-c1d5-49e1-9fd6-79f18817b11f} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 6 -isForBrowser -prefsHandle 6196 -prefMapHandle 4904 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {976be508-76a3-4c97-93db-12fbd67b3f75} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6408 -childID 7 -isForBrowser -prefsHandle 6400 -prefMapHandle 6396 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a4b481-26df-4db6-a838-687ddaa1a820} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6636 -parentBuildID 20240401114208 -prefsHandle 6560 -prefMapHandle 6568 -prefsLen 29357 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aed6157b-28f0-4b44-ac46-1683aabe7733} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6548 -prefMapHandle 6552 -prefsLen 29357 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17986cc1-180f-4453-be47-ba22df26c8e5} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 8 -isForBrowser -prefsHandle 5908 -prefMapHandle 6868 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d7a3dab-e4e5-4538-8992-7d56ff7504e9} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 24253 -prefMapSize 244945 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3113143a-2b38-4fbc-8c0b-1fa5f4382496} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 24289 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18c91e1-079f-408b-817f-e291e158b7ef} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 24430 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f4e20e-b4f4-41fb-ac6e-5ad7a8dea8d5} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3996 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 2812 -prefsLen 29663 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75b163d9-6960-446a-aebb-528b810c5085} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4568 -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37e2c96e-bba8-4d74-8675-4539cf870388} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4968 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 29717 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3cf52eb-b82c-4ab1-8d1d-5bd43a40187e} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5380 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dcbf641-7af3-40d1-b26b-d54dc6d7a358} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03c7f37-f0ea-4fd3-8036-f2b0f3369b39} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5272 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47467bb8-ab1b-4a9b-a813-0baf816c93d4} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4616 -childID 7 -isForBrowser -prefsHandle 5152 -prefMapHandle 5560 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e66025ca-0793-4b25-b52e-99575977963f} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 8 -isForBrowser -prefsHandle 6200 -prefMapHandle 6216 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95c9a843-c55e-440f-8dbf-d993f9efee00} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6524 -parentBuildID 20240401114208 -prefsHandle 6516 -prefMapHandle 6512 -prefsLen 29717 -prefMapSize 244945 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8d83351-6aee-43e1-9abd-b9eb014a4d38} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6532 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6660 -prefMapHandle 6656 -prefsLen 29717 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c51a5835-9903-4bd2-b262-3d8f8a199e2c} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -childID 9 -isForBrowser -prefsHandle 5708 -prefMapHandle 5536 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4a8bb09-0700-4d91-9682-d6e5b4c9eddd} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6848 -childID 10 -isForBrowser -prefsHandle 5668 -prefMapHandle 5680 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e723ee-ec9b-4c70-8547-fb646a9f7e5c} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WannaCrypt0r\" -spe -an -ai#7zMap21574:86:7zEvent28917

C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]

"C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 201851726389484.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\wanakiwi\" -spe -an -ai#7zMap11632:74:7zEvent31299

C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wkwthgmgqegtew611" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f

C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wkwthgmgqegtew611" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f

C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe

"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"

C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe

"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"

C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe

"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"

C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe

"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"

C:\Users\Admin\Desktop\@[email protected]

"C:\Users\Admin\Desktop\@[email protected]"

C:\Users\Public\Desktop\@[email protected]

"C:\Users\Public\Desktop\@[email protected]"

C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe

"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"

C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe

"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3978855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49882 tcp
N/A 127.0.0.1:49889 tcp
US 8.8.8.8:53 143.180.12.52.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
GB 143.204.72.186:443 www.mozilla.org tcp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 186.72.204.143.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 malwarewatch.org udp
US 172.67.168.207:80 malwarewatch.org tcp
US 8.8.8.8:53 malwarewatch.org udp
US 8.8.8.8:53 malwarewatch.org udp
US 172.67.168.207:443 malwarewatch.org tcp
US 172.67.168.207:443 malwarewatch.org udp
US 8.8.8.8:53 unpkg.com udp
US 104.17.246.203:443 unpkg.com tcp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 207.168.67.172.in-addr.arpa udp
US 8.8.8.8:53 203.246.17.104.in-addr.arpa udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 use.fontawesome.com.cdn.cloudflare.net udp
US 8.8.8.8:53 use.fontawesome.com.cdn.cloudflare.net udp
US 104.21.27.152:443 use.fontawesome.com.cdn.cloudflare.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 152.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 github.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.200.33:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.200.33:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.230:443 static.doubleclick.net udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 104.17.246.203:443 unpkg.com tcp
GB 216.58.212.206:443 play.google.com udp
US 104.21.27.152:443 use.fontawesome.com.cdn.cloudflare.net tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 127.0.0.1:50745 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 172.67.168.207:443 malwarewatch.org tcp
US 172.67.168.207:443 malwarewatch.org udp
US 172.67.168.207:443 malwarewatch.org udp
US 104.17.246.203:443 unpkg.com tcp
US 104.21.27.152:443 use.fontawesome.com.cdn.cloudflare.net tcp
US 104.21.27.152:443 use.fontawesome.com.cdn.cloudflare.net udp
GB 142.250.187.238:443 youtube-ui.l.google.com tcp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com udp
N/A 127.0.0.1:50767 tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.246:443 i.ytimg.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 github.com udp
GB 142.250.200.33:443 photos-ugc.l.googleusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 142.250.200.33:443 photos-ugc.l.googleusercontent.com udp
GB 216.58.212.206:443 play.google.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:9050 tcp
DE 31.185.104.20:443 tcp
DE 193.23.244.244:443 tcp
N/A 127.0.0.1:52999 tcp
US 8.8.8.8:53 244.244.23.193.in-addr.arpa udp
US 66.206.1.202:9000 tcp
US 8.8.8.8:53 202.1.206.66.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\f657838d-d8a9-4e1c-ae77-869a1aef4593

MD5 dcc0de3434df1b28d1f186a8d0c016e7
SHA1 2294e8615ffb9f365f6c209fb4f2fc840b20a3c8
SHA256 b8f83ed459be5cf864921acc878993697da0ef00e88b3073ce873a880bf2362e
SHA512 f1b5f1b20b90b5d5e4962d65b590a69e9d3a121e4dec0c3f4f671e4bd41022718fc3fea0391b1fd1018c27e61a26f2619b512e0c12cf2681fafa6264720de836

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\cadfd83e-886f-42a1-908f-bdcbe2eed673

MD5 903d1fa0142f5f6080e9f46728c4857f
SHA1 c385a4ce8a20e1874fe26bb64bede07e6ea9d2f9
SHA256 476f27841d195dbc0156a797429e9374f4dac06537d5bba68b24daaf04ac5d9d
SHA512 6bce80af72949b2227fc2573e2a3a2ecd474e88b0ae3ec285b95ee92ba127431801b49ccb5c08525287361d2027fae29d2d3d01a6c3e78c11a9463d422b44f56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\1c0a1516-0c1c-4310-a7c3-21871fddb18d

MD5 cbad13faec9ea10b41e672a87d42c1b4
SHA1 0be1c988b2594d53e5ca7abcf1f545acf2c61797
SHA256 9221e977c023933b4d6c7b2cf916ebe0b6dbceb8a0bbe9d88f6192e04b838929
SHA512 4b103fa61587d66fea86e1b9f94e2442c7c5906755e228e833dc19cf8fe501f364fc1c5afe5991b00ef3ea8fb225fe3d1d8cbbbc8b863298642aa1a694df2256

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 3dd028edf6beeae9b9c9814a1b3bf7c4
SHA1 794b25aa8fc6f2570113fec335d07bc4befdc81a
SHA256 04cd35229ca3b5dfeee404fe6c9b09a4bc68f2e4b70f70c68106ff71be09a00c
SHA512 cc5acf59d6abb901d7d0ad6af7cb78fdc4e9da6fd3760c887a77bc57f16a884a294e0ba840cdf2300b5f30f8b719834119910a2f325ed7b8bb0e7a3674c29857

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json

MD5 e9a2c49b7585675cd80299c113273c9f
SHA1 b3f95fe99190424b177ca1fe55e759bae5c48e42
SHA256 dcd306586693e6a3da3aea3f5ec771c3567144f41a2534bb90f6eded82222831
SHA512 95a26ebd2f63085de416e4c5527ca7015461b0adab7ac7ea2c4d9f48fb12d3935b0dcecf3523b59364f1f1b97e1cb9b266c28e933ef49e880f58a314eecdc532

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

MD5 c8b40b11f74ed920aa6b4a3c4e395547
SHA1 58a80ad470f7575a7d0aac3e84f6f3ec3daf3ea0
SHA256 19bee0e0542d674d9813c85f8bd36ebbd9942430e93fa3b7657fe115f331955e
SHA512 643268b3ae5bf4b208cac2ca672f948eb9d93993b7fdd5e676f72a07038e24cb5f7d08e4b8f3b302cbb647e44fc5c2f182effafc43a3b4274a0f734e71e5fb83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

MD5 1e96a8a84c8561f5a9e64c3ecfc38f3a
SHA1 348004ef6862f248111987d892455e6fce0f4775
SHA256 9e12c0f0bcfe4b40e386896ed647f91f3a537226956dde39c3f0075924a6ba1b
SHA512 2f15d00c91564edc881eb80fa9deeb85d642a870ead92245120a1dac3fa50c0ca07b1daf6716e63d36c4a731874ffedfbe8af56e89755ff9e4520df4bb2660b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3e82010059e72a23d3dbd3256645ba97
SHA1 8d828495cba2bbbaea53c0cb60cf36d2a4332734
SHA256 15b0de8369a2381ac007adfe7c9973162149557277cf196aeb4051fd29d0d012
SHA512 408c356828af117e80756ad17723757f81b42b47542615417ce1cc8ee5fa320cd1880c138a8e5a556d7de406099d0c67de097f1b67bb3e0914821d529891b483

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 d0abf23d48a343b50d2373d0a65ba22b
SHA1 77dab920d72ccc9f1f72c303f45f7b30ea12f353
SHA256 e54d0955a572b7e73519bb7bcab33041581b94347d1be65eef0826b192f9ffc2
SHA512 543481fb2b4dec704f461fe37aee1b6334aeefe26895588d14f0e839ba685bd079b2b4c2938885323ba59ad0fa177345d1798aa1c328d1514c8ce23ffddc5d83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\10824215-bfd9-4067-89b1-09d67c7cf6b5

MD5 d85f8c3807f0ddc5ea7a655ac2606ae3
SHA1 f521f2fc89d79a1102b0d51744b7b8021481474e
SHA256 2078e6e45a0c9bbc410251dd6978c74fb4abb6ba8a107c587ce41d58fddc8b2c
SHA512 31a09580d40d839a5bd0e726c9c63891b7e2f4d2e61fd18ea25e52c29d92c3192538da8791d9a3bdacb094b8ac709695deeac88d12499c73288834f295b78d18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 91e1504493060418daffc4758d02943b
SHA1 9334f12c4920256f59ffc14b5ab5b365e60131ce
SHA256 7dd2f93c68e4faf38bb28135a700d0203ab1515a13ad0a058193726845cdfeb4
SHA512 d05e1d3663e08f8a62d57a549e9587f5485c268fa619c18186dfde0c2bc00ae67a1567e43be5c4dff6b25b7098d7ac68e21880bf850a3e84724666e4ae460323

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

MD5 28fef3027286fd3f3bbbf27d1d4486ac
SHA1 9e153518cb34b5d8e408fd0d327b862058d842de
SHA256 02409f04ace122aa4113bbaef9c9b02a26f3c2fa663d9c360bdfdaac7ee90bc0
SHA512 11d73357e1281c2073966975837bd430234c4b1a45f4c014c2cb46ea22eb5bdf56c2e2af63cd03c3a926d41c391b38474c88b744b7d34cbd275fe0769db30545

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

MD5 2d28a2fd90a33610f06641b3932589d1
SHA1 750f5446dccea9f9b98ac3bd9814ddde21179d53
SHA256 5c56eb28b672c869dfe7be60bf57e872563dc7410c0f600bba56833233d90400
SHA512 08c8c850fd5a93ba22f3a1d96b88f0ed1e30675ca7942383db4c1c668798439958246e894eb772344ed6d0ea3a525d5af81fb4a56efd90ab1244f96b602d07f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\scriptCache.bin

MD5 51e2b60b435eb60f5ffd1134e4066e6f
SHA1 a289984f92fa293f5f8ea3dd6137390469055dd0
SHA256 8c5bbf7ab0d3abbc7b3eb7856e887450aa8c966cc03c986a1b015fc6e68f6320
SHA512 ae88ba80ec0f78f74790597a2e7db2b2efedc9fa238be8e655599de1adf90fe40f11aafe80a83f26387295fd078e72eb400c64d998441569122944cf9afc8bf8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\urlCache.bin

MD5 381ebab660959c2e0ed5bbfefb7b0b3c
SHA1 3fd8178b4355be47aa9b2c73b7cda5ad8787aaaa
SHA256 db2639a6659506e3a902f25f7feee7aea79fd8623a6c4a45b8c6fac4b8818b0e
SHA512 099574b2a61e20186f2f1a316642decc678feca0f621c1ea8a49e11129ace0d2529bfd6179e1175697b6d14bcf3e00ae1683d1d14cc75472e20e86b56df9aee5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cookies.sqlite

MD5 d1b88be1b76e87dda09596329052e03c
SHA1 af38424bee42464365e7b0c78639b42dea65627c
SHA256 ffae699eb4aa56177f6309b871e09655c328027e352e4e3defba0108322d3b42
SHA512 ba2e990b481453661a2f21c2c64c8521541699604470b32eb851391c97d4248b9f72227fdeb92589ddabf0fa033c97cd33ea22290bac11df67502ca50f7009df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cookies.sqlite-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\webext.sc.lz4

MD5 b9bc02ce84aa85e3651c9092f4c264a5
SHA1 1437d42cdd7c3a38231dfc87718ca53d64954280
SHA256 73f44c8d845e89e6f4e43ec6281f5b131866f3af8d3940a20fc9a91b6a96836f
SHA512 ea352df32e80859ac474906fbe5e690842eb11fb3f71d3e30f4f8b9acb94fd7fbd1370792edd472db89e2a9b18a46a82aad220680e5d252d247828c410678d5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore.jsonlz4

MD5 de4e9d8d9c1034bfed5c3ff4ebdbaaf2
SHA1 0e44431d09bebd8805cce120e5efb76670b41d4a
SHA256 8d121eb4af50aae5edd9cec0cd582a5cbf2bbaa7a9a1f9e5416c8fbc9a3ce1bb
SHA512 38485d6d01fe2135204af84f5b9441b2572bad866a029156ea1622f3403ed4a000fde08772f9a27de494277152ed015b4f410559c571960fc03ecff9af0299d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

MD5 de2091f19e180ea967595f4e69822a95
SHA1 0cd6175a92533baed3fee1652b51297b548b3754
SHA256 331c258bd346aac75d3dec7ac5e045506aeccbe17464a57468aa477dcd3568a8
SHA512 8fe2036c35233457882cc812f58e59636eb39e49dc67bb77ab15946ed1770d151dd75a2af7b9134ba5e3f86166ffff9860ce1f7365a2f6cd8b0a3f5f06a15c76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\permissions.sqlite

MD5 1d0ab923d1b17663f16f0bbb72a5bd2a
SHA1 11f4cd54804b842d23137a095078b0993ee6f090
SHA256 a025cf719a6be18cb2b75372608ab700e96981e174edeb87e6eabdc5d492cc54
SHA512 1b6ee1deab258de0516f92fd8108e964c7ee39b92696bcae40c71c4724c150f61cac865c613d484f32b1f5cb0066eb6bf9d434adee142f85726bf3a6c2e12926

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 41f0da9c5cd3658bc04f65c7e2347e8d
SHA1 4cd4d62f1baf3b51df63a11b4d989a45a6b1dd12
SHA256 738d317bda543000b216ab0394a59797ab38b138d15e7add061290a80de3c835
SHA512 7250b20c573c73ecc4792c1abd57aa8651b659bbad87f077672f3c7af89c858a1c85dad59184dfb821972dc194f9cc2371684ecb6d47e8d2fc1df91952974f9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage.sqlite

MD5 cc621161d1065a19ccd545c11ee8fdf0
SHA1 3d6c7d8fb444dfd34315dedb92f2ac6eede87568
SHA256 34b47cdb679237c7ccdfdb7891ae5d51d1ba3dcc96efebcadde2ca5468c4d514
SHA512 7f5a882765a2ba0fc28f249aee202ce6ba5f7bffc0863479de7ed0ce4756f072f9477a69e0e1fd2b5c04e52f1439710ba1b2be615e98ffca063ca40f9cb2f61a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\extensions.json

MD5 6336c3b6727e141bbc0e7dc5899e3d6c
SHA1 86eaabb72dd496c0d8e264161a174b280ecd7510
SHA256 fae1fdfed5a1488cfe5f80545807eba3ec1b41b95e619dfa9c057b556c8813e0
SHA512 a9a192dfe709e5854a7305aad59e5214e9073883e6a8a157895ffce632b7885f3f4f973a3bc650b00174839ca43c16901af1382ce3eed4c4c7f589f80b56520a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\SiteSecurityServiceState.bin

MD5 4def81bd3dd0ae71fe4bf9bdfe6fa613
SHA1 9176a6c7400ee4fe26433161ba98091f8e936f6c
SHA256 c7339e21120cf6884917d9789e7477fb99f78f8fefa41b0d03a877a5265fd047
SHA512 3ad779966b16410d507c2199a765aca2cbee4bd36af1ef1938f351f9bf14bc0773b55ed0b4bcdd94abf1563bce57c7e28388ec4f6dfc3a3e1977a613717aabb6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 ff6e5308808f588bc67b237183d02cbc
SHA1 1f8bb38b3c8fac10def5423c0119e87a7af50467
SHA256 8b4b2b799c68563a7b7e87e3ef54719ce6256fd99ed8f9d592a16b3c8b7bed25
SHA512 fdbe6518963971ff230b91c21b284e2443f0d5171c2bd6797b7c41a8687234b2e8acaa9432575afcdaa7b62bd1f57633f4024065436f8d24ca1eef90d30d83b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

MD5 dffb40ef17173cb3520d9f8690212e43
SHA1 ce788afd9438f99954f0484dddf7e85727e055bb
SHA256 26eed0b844005a073c1a6d4e51a0b650d392b252378e1f9886a90c4ec8d549d0
SHA512 e1bf67a37df91a6c47784f18b9fed14410e43252db30e6434176ae45429a87587a4b0af04c97bc716a64ad174324f23289ca0a92d9df2b038cbac039cc1c03a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\content-prefs.sqlite

MD5 b41ed219e2c8dac47f2701562d092621
SHA1 90d507eae3ec943a121dbe5a080412e40470b54f
SHA256 cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f
SHA512 5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\8a01eb95-dc4f-4bd8-b682-3772a6133bbd

MD5 e329dc8b0a01cdfadd55f96f8bbb5940
SHA1 b79607b6335bf6845c91d5a429e5707dda1a7bbc
SHA256 aaa189a6def6cf837b61200544888f04fce08ee9d74a44684ccda6c4e1f30308
SHA512 0bb368c21fde0d73f25f6fc23c3a22e11243565976ab38f3d0d5e849d93bbcb107b3a99a8ae227829beb441b53219c247bc208370547aa3795ce5a94ccc6d410

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\d82e815a-c419-449c-99b0-489bccc71829

MD5 6df9852d1899553a1393d1466a657ad1
SHA1 7f515282de6e9f25ee79cace5be08418665e8cb5
SHA256 fec17be560b6a1837d17d6fcff61e3c2fc665196b77028e4a016b5c0e2ad0932
SHA512 0936143634460194e5ab91bb5b6b72d3b44353f3f1329d73fd51a49c1b31de053e9771be5b919701a5b1002e68b0e6feff67d92ff1205922eeedb039b86e468d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\0d105101-fc2d-417c-acfc-8bf06cf24e9b

MD5 06e7f8ccf6b30a77753827b4bd3694d6
SHA1 743be59f5951301e57dfe5278d1469a25d7bf258
SHA256 1a91ece039955f89c0c9915337644693f2544417f6e470a5f53411735185ec79
SHA512 ebdc31367124863f68514131c2bede3f8e0de99f931f84f1bbe98daded396376a2da2a92de2bfcff9e30125d4dc6afce42b257606fdd5bc3f5fd283231dcdf35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\protections.sqlite

MD5 76786a4c0dd19d88d6d3ed95a293bf2f
SHA1 b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7
SHA256 1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31
SHA512 8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 295bd560ca75cb25ebba145bea8ea87b
SHA1 a9f69ceb4ee4a49d35c8962c0f516791ffb1797a
SHA256 95c539e1be1f084dfb7c6c7a264431d6f1c6be7da498135820ef793916271335
SHA512 8ef9a6fb48c3d3bd5fe16d4a32452d1f1ed229753c43eeb6762c607bdc4c469f704b6ae2d6b1277e263410c50b2ed3469bfe85621f82360a164f411dba827f12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\pageload

MD5 2b619dfacecaf19e616560ce5d12ac56
SHA1 54fde31f374f91f47e4fa716d0380be63e4dae51
SHA256 5fcea9a6a1304da5e0b944247723d9d53787855240d553bb598acfd8690472ae
SHA512 3de3ec811441db380e907264400381ce6b57a4f4ebdc88e6dafd81b7433ae54c47841e15a2163f1da8a0f10591754bee3697fab7e54832b06273010932df88a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\events

MD5 75881696a79935555ae579797c166237
SHA1 7b7f1d9eadb21fefb3695a8b4f16cde31c5d51d9
SHA256 ba926b052cba268e63136f12ca859a23ef32f2e6821611f02336edf9d5745e92
SHA512 a3567feef98c42bae75c371872b059c297324a848d48255db3d1cb71fd65505ac15754dbdfcbf567acc1a4b77b943e1d86f18bfbe976a492f3cd14e8a7294eb9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 b718d943e75c4e1bd817551971fcf708
SHA1 59c59521f4cb0f6114212b0f8ca67b5856557f25
SHA256 9e6a5a15778884ad506da4764f879551f9ce1172fbd03cd893a38efa38595356
SHA512 1a1893256c4b8f7b9e163b728ca36db59e2ececaae1061d9e5bb7ff6b8f4a449db778b5f976db4bcafab5c360a977505afb9a66c5a6aa5045bd79b360b0140ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 96c368c64e0de2769056d464a795cb66
SHA1 d8320eeff1e3f9456291fb9ad1d2dc4552c1cd8a
SHA256 e6d3c046a2770c1e7b058b4959de67166355c38170f76644bb83cbe88f2d1ad4
SHA512 fe1774daf9577f507bec463ec253676f8db26f8906de1365d84838d9fdc9ac7da4dce13e6003963673a46e111257fb533e6427308e604fad8a4d0d13827db086

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.bin

MD5 3cdae9cfe1e2d2889d259e84cfea219f
SHA1 f10a4d277db78d23d0d86ca9aa5dc1a670b0161c
SHA256 d1d84aa92a0ab79cd9ebfe75cf47f39b45bf61439741faa895b6aa932b3832cc
SHA512 4e0bbd4016f05902f50578f26a06993acebbe58d1d3301c7c414e18a269b9c9490b75dd7cee7182c6d01013b47df3eba92b2149b5649b9f58a97b177f1892c3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 934a6a06280fdf8ba09f6d3201acee53
SHA1 d166e4493cfd6cd6eb1623edbf42062db05be711
SHA256 a2e3e69b49c421bf2013fdc13e9bcc7f89dc8308506c803917876aea5b81fbf5
SHA512 d1d2db473918793a5726d40c69656ff4dff54bc9b2767c29f39847d35e9fd3d206e304b6ee3853f68943af523b6b86e4a7dcc7f1646b8562cefc11dadaa37c11

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\favicons.sqlite

MD5 37ec2879f8ddb2b4acbf969e1346678b
SHA1 eaa2536aea1d6a81bed95c07091a075ae5f234d4
SHA256 00490f11818f091a406417ef633c586a122a7db0ff33478c8e0bc6c9e860ef6e
SHA512 aa006f70b4aaf8443026b5dc0ae57a0cb16114ded6c0d9bf2ef5a3728a30259abce6e2826242b69dec9876580b2af1293e403257ebc1ee55258371d2f759d8b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\places.sqlite

MD5 d5028513823dc9eb24ab511da8c32bea
SHA1 9cb45045d57b91e502cb3cfc87392c54fd4db9f4
SHA256 760d0b7eedc76218028ced7b1461493b569025380ce6b6cc59be4fccbb2ffa04
SHA512 fdfd2e39151bdf61afe2ddf97241e7ce50539d132cec7d06eb4f53879bd1ff5609efbdb52bb54031f1eb3081b627c7ecfe76993ded32afaf5a4649191362b928

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cert9.db

MD5 212002268ff047a360e5b92c8100a6bf
SHA1 d76da88d249e8ac177db139dc2d8ab756c3f7372
SHA256 dcbf145d3335110e214338b4ce34760b4b99c4317c767f649fc29f97f764e291
SHA512 3d1bf28404d255b5de30a3173c6d0655e07ebdbbbc84be846e0619e5271e380534144e4698f19a9517386483260e558360ab63528af11fded69769e70b810a49

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 14dc17130da536e1b80b27db0f3af5b7
SHA1 a56fafa691be67c212371d50ae5556899c938e02
SHA256 022df7442484d1319d189d4664904342ccaf86d75de326d2a62b1bc7dbe78042
SHA512 1d4f75fd26cba64d058750217d8bb74bd955dbf1180e58d5f12c952a96387809dba4ce5a56730a56eff93b5dab634f7e42182dbee40269ce6c3bd8e0f56b0f54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\ls\usage

MD5 a4b57866747aa8bc0828ccb259689903
SHA1 b77c045f5580c81a6cd07a5e5d2271064aa52233
SHA256 395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88
SHA512 f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\cache\caches.sqlite

MD5 2366c83e0d361f11a90118dcec27f068
SHA1 65242444afd6cea7f4cb18119178dccd54913acd
SHA256 e2011cea22ad0828ce84493394cc1e89990eafef77fa28ffb559ee89b267912d
SHA512 dbd628d46e816ee8fb135bb88037c5df3596c03f3c25afcd1b9cb589396a9f5bdb53d62cfd6e5060b12ac80ba347df47673e6030dea96bd48abbb2e20b739844

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\cache\.padding

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\.metadata-v2

MD5 831a7a698a902f040f18045e12cebd62
SHA1 974a13c3073cdff812e17cfc5115f92d4dbd6315
SHA256 b6b110d85021253f23d97448f9eab403be17ad86ef770dfd4d9cb9831a20eb95
SHA512 a3020493b2f46c3149574dbac6549fd3e65890a7d81afbcc17e6257ebfeae5f9e9edbe2c718619bc70b6dec55d4ddfff82338748cac0a15d43d93ebf385c1ea3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\ls\usage

MD5 195332f2c92d358733afd1523b48cd7a
SHA1 9b9b76e7d1960bc09a10dca42d50b0a93ca0e173
SHA256 03f617d955a46a6575b0a0fb3b921be88a8cbc4298ba725c31ab0519c2bcac70
SHA512 a46121bb9068043b24b177a349fa6902449cedc392d79eefc77a0fa3335020fb08f78745382dcd325085accc86a78600971f4064ec737648620e6fd17544740f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\.metadata-v2

MD5 d8675c53124f6bb283ecc55df3bbd75f
SHA1 3140a341b497550d423f21467bbd68f870bd3501
SHA256 d181d5481b1c0d5122763bd08b927dd8d504524dcf8e748e08684eca3e00f829
SHA512 4dae107b48b7f19dc513e91bcaa68f0b7e14fa7118896ea91a19acf62fad2ae9b113ecbe64e900a3351194c6192c47f71c152dbca025ebe1fdcd2e460fa04709

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

MD5 862254c271e0b4800ffff46b6e17d70a
SHA1 96ff45e67c2742efecb3c83207495c8f48e62bbe
SHA256 05bb3ec9aad3fdd41e9b78458e3961e7daf8454f0d5e5059ae5fd552fba83219
SHA512 b1a8c35934d6e7d160190034b2ad6bc3ed787fac773e8d368726ddc16b4e1f115f30e8635dd0654b70666e0c637eebfab2c1f7190b6c6f13aa822d9586888007

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

MD5 b1e98bb8733581f64f6eec0888f4c0b3
SHA1 a7e1955722deae3b5c5a655413e4ecaf37137619
SHA256 2184aab6fc0c1226acc48605283d0ef2434da7038b9217e30fe4cde3309f0526
SHA512 0e3ec2d6aac03e1fc9d80bbf989051d6ddd173cf12dd16fea2e8045ac236b768196c8e1028682c2e33a26dbb027f3a3def8ef2b1f0ef07c19e24c02b453bd412

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

MD5 40221a1151d69a4971fb95848fd625e0
SHA1 dd73feb50ddaa979af1c1d345e7e5df676fe6dc3
SHA256 d7869b178d23d1f6d1c29e27db0c1340bfa44dd0ff146c5e684d865fd8d63b16
SHA512 5e9978e71cbf584b37139231c72559fba310100ad7d00ed4a07baa26e1039b726ff4dac6fbf41c6df5d714150908792e471b123b8daf0da711fe1f6f90af5cc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^userContextId=5&partitionKey=%28https%2Cmalwarewatch.org%29\idb\2171031483YattIedMb.sqlite

MD5 d523105fcf82e5afcd610b7b760950b7
SHA1 d991bbf07b3113bddfa6e8a37e6c3c7dfcfeb6cf
SHA256 11d93ff77c5c197e3340333a1112d4c684e8a0f7349564abf4fc1f62fd8d396a
SHA512 9500220bc1d4dd9f8d0e44883db596fa9cf90403d15fe8657bac18c4b324582b78e2f5f93e2e30b33f16b3f56657a34c0242a8201f05d653e8583d23114b0dde

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D

MD5 984101e4f1fd39fcb1eaa2dd3ba62ec0
SHA1 a349b91e7818b2aa56bf5f48165b656190a5f87a
SHA256 9871db46dbd64d9d5aabd9cfe14b61eaa8f93bb283945d7cf5525e9eeb4f05fb
SHA512 d5c5957146b2f1e35d0362c16d78457f4aea554a5244e92bfa927f3bee784a916b25f6c5e91ad933b58513418cef08ee436a5047939b97eeff67c7f9d2aecfbc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\EFCEDDEBAD67290629B5104614094B988BB2D047

MD5 25667b7777bc6201952cbdbc9f0d8068
SHA1 54aa316dbadbc5eb1c51722284924debb2ed6157
SHA256 e6c651501f7ffb743c512777d1348b391698e8c04b16b26729feecc08eb09b5d
SHA512 1ce4576f05e85322d1ead1a58e496943dbbd2f86e840b6d471b9b440318952634a89f3508915cf826f5dee4b6f0c110748d3153de757de37b60eabdb042254b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\ls\data.sqlite

MD5 30fefee9735b4b72046e389c10098a4a
SHA1 48f96a0982416f2ddcdb9e01902041671f5d9a37
SHA256 145cb86fdea912f087e99b6e753d67568c800e1e63ea9c1120058b3927d8cc5c
SHA512 77c60a4c29d207c6e1544acd774176da4c6c6ba8e0ac8d08b77aceecfd1a1aad0c81b8607c6d555515c981763fcc01ee24be59b60cb15fbd1fa02cdca7252762

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6586F7B38489859730F9ADC10B28BFE43E7639AA

MD5 93e827a37d29c9e7c915d008258467f2
SHA1 110b57de662f768dbc6e0eea9e9593b20f51e380
SHA256 7a734bbf6422f65fca9505e52987bf69e92c6982520d948d1250896e7baf9a7a
SHA512 50e9b3f344873554e63ae2be90dddb5b189e7c68014cbe1077181cd5e755618091bcd5c971df595f3f3ba283b070d3337cadd42341859d13f94a227e0e444931

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\73C7F1E668813518B669C33D69033779C04F9F54

MD5 98c078b615877264c9d9fa3080fac334
SHA1 f95ec606b012eebb10858791f98c00611cef959b
SHA256 c5a2eec239ec4bbca412cf54007ca972278f664a7ec148e63a594bf375088b94
SHA512 54785179bbd4e0e4b49e29ed8c1d2d1e7fc84485287a38125e5e979928ce7e7aad9bdacdce59b78dcfb67077076b2d7d51ca608db9f44273082630eea5900722

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\71BF779DFBCE1307F42244F92E6190F178BC7120

MD5 39fcd5ff361d3a32d773dfb7a3cc77a5
SHA1 3f13b057efc3b4751c94fe4fea516ceaf155c158
SHA256 8c41e60ca99c2ea48e9900b3c75a39c9504263cd197680ca1ae9d3a92253d27e
SHA512 78792c9b39c5bd1987a35c32d764a4fdee7e567dd6f04a80abbbdafaba6bc71282acf261190939f191e6e52e749dc3759805c248bf44eb2d064f9eea51ba5b48

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\C1B1C93A2BB99933371A4D301755C89FF654B778

MD5 58facab4f0d6c8ba731a7227235f20e1
SHA1 5c57f4ec6e31ae89766b2ba9d296129754d0af9a
SHA256 3680569a2c51f4f7972a01642b6fe6262ebb352cc9b0e0f16f6ca0fad9968470
SHA512 1d15b66f8c8d9f21617ce4ab5b5d99f43f0949b4c9b7172645fcc134d1fc84d741ac7036686ef589a29ae0995cd444aa54191c5999190ed25eae461f720e916b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\36E9B20E0F20ACB334FD8E9BC09DE23CA92CA161

MD5 b0876a71139ffd6effc69d8139104fcd
SHA1 fff3a2e15b41b15daf91a33717a9da315f99e534
SHA256 6f1c46b2ddc3970badefefb5af86e7ba97ebae12ec0dcc4074625f475a3032fd
SHA512 6be2ff1bec652cf69c185fb331778e3cffddd15ca613dee2342cd1d98b360a303b907344531d59ab2aa2553e70c00d1ff8e5b0defdfa6a097ecf83533cc8b4e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6686795D100028C4FD88FD2B1D7974E74F293236

MD5 8212d5855a32bb54d13e0c0e4aef7755
SHA1 be36b5c4ed350d4d243ff268580782a865f31de6
SHA256 8f61faa4665b1f33da03f3ee9b8ccfa5a1664e0ebc4d1b2642329c0a3f9e385c
SHA512 ee13f71f4dbb7b04390cc8fdd509b9230c0c46cd5e3534fe484196e939a113e6e226dce838ad4cc8fd0a4635b51ef5d283ea9911498fcb443c12b3fe9e061cb6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\BE91A47AE98719A666A0AE5DBC6C5CAFCB6513CF

MD5 196a144df79a9082a42f0edfd3e76b2e
SHA1 6faef000f0b75d4cd38ddbb7ffbfb439b1dd84f8
SHA256 0d5eb2741509b03043d53d8853dcd784dc690397f812089ae9272cc3acf93dc2
SHA512 5ecb39dd0b3f44cd5e9195431538878ce7345a7411173d2ce617007e456880243f31aaf629cd8045ba3f9b653b50079544f94d585b51d0941eb9e3af15785d66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A8B37F2C0AD843488FC6EF5D4771F29F5E92F9BF

MD5 5d33913c933aaaf00cea4e725e6d45bf
SHA1 6e5351842103ce96877035b3bed027e89d1e5bba
SHA256 84580f2e57281cb720fc3e3789896ae5d8ca2ff0592e780e828e76f1aaae7909
SHA512 fcf36a9b818e87ae076113b5c8e32b60e275d194aeb355c5f146063dfab558c73506967fe22500744e0eeb21fe251cd42fafa33b6e3b5aa6cd8551b716fcc1c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\35BA330A3D65A7F0DB733CEB542BE64BAA68B8E0

MD5 8fbd2b63267037cfd119fef69379fdbf
SHA1 6876d78d8ee5a9c110b4ecaeafcaebcd77481f4e
SHA256 43088e370ff6ff83ccf5a369d855d31968a3e18e44bd9f0705eee1659aeed3ad
SHA512 29c3a5d8bce9cb99c072d2d270644746322eb83e51e7e882ce04723238628acb9a4f1ba3e547a1a6ab2f48f989ab4221ef02ed0d587873af39d13f67582dd04b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\569310489AA355180F229B54E68092E3E2C0B048

MD5 382da254e008f3af69cfe6cc7f3b2cf6
SHA1 78b739aefc8f2f17d1fea2234d5bea4f43ff11cc
SHA256 cc0ffad22288cd9193137a7e390fe8548cac103880587d91207b589273544a04
SHA512 5e93f16e77b17a3b8d8c0de03a15665774bab95cf7cb54b9f09f5b42efbdacb6a592ff1b5209c6f1972af45cfa10a51dfe77954c90d716bdf3fad0d4b7c7dce8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A40BA588E6E8CCA1F2FF225A12C5837FA4ADFAA6

MD5 be6d574c69142e0cadc08d758ca0a031
SHA1 f826635cf091f581c9b28103a98e5f9191477612
SHA256 68b3c0969773830ffb2750feb93628814b5162b93cfc34e90af4a6ca0f2bfade
SHA512 0d215505358347bc6039641e42d64a3f5cee2e9c1a7d51d2ed8cdf0c2e1d68fbfa03a88df5284c1a51ae9747e9cc3ad5bb77d6e64934163d3714f88040e62a50

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\12A7881005195A37E2C8F6FF6CD3D85EBBA79522

MD5 be93ce977783081ee3608b332862fc62
SHA1 e2bcb4269a19bfc05c215183801ee34f1eeb761b
SHA256 76fc1710a7aa652308b3ba2396f55043106eb8c4f1743c013c09545db778579a
SHA512 e04aec03b8738d059ed0a85f6a34d8c42d97b9794122eb404a3ca6a68db4dbe67858026d196fb17316282348aeb81fa156f078f5956f9db31b08b5900f691b5b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\DCEBCB1AB42B452EB3865AC25EF0B47565E4D1BC

MD5 daaa097ce6ece51d32d350cd4c612fb7
SHA1 cff9772a3d21d26db6a6ba77ba218e96560bad3a
SHA256 46c11fff7fad943113a86925aa8c5e6feabd6ae4fbd7dfa3f86cb591cf65f143
SHA512 1f2373437fdd57b92225ed6a1e74ae6aaf8db1459bbd541cfe0d171939af1ef84267d53002fa1205f7ae92e0f09c40ba7307aa4fa6ae54409f1a3a1659a02dd2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\9A7F8872B335617C85443C8249C30C8F3D8C08B3

MD5 f31be8f865f1e684cc35f377cfd30f97
SHA1 c656697fcd5053024601b4e191a4ab4e74d1a611
SHA256 f01acf3f882a5de779792a6bf0e6a756f0004387840a62f75a5b98650260837e
SHA512 c25793aae0b0f58e20bf13ad23bcd6a6d205ed22c2fd065bc11b2c67287272063ad19aefe07e86127e8bb41f855a80a69cbb8bdeb5f7800ddd4458957e5526dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E986C21546BBCDA139DEEE3380FB6334077134D9

MD5 e59cb5307dafd53d42317c998daa2229
SHA1 bd9ff17fd3b52bcd338755fb99f8fcfb63f78f78
SHA256 f281045c0cc2c26c7ac18804229876be0a552a76ba63d739f707d6ec1eb43c0c
SHA512 1924f4bba813267e9a22b7fff6c51aa6ba9287a080e6dd7a326630faa2ba8742d11b2d41301d9379121a9e95728970332d52bc0023875e16b062f68b798bc413

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E0CF0B7585914EF83EA2FA7D1D3E9B51D3A99B70

MD5 462fef900274f8c90fb33a617d6e2728
SHA1 15c5dee545def3a90e66f9b23f4f5a947f4872f7
SHA256 2527ace4732de3a805522cbb6ade1de83d0e7f9b2baee18adff9dbc3ee3e03b4
SHA512 c05177f1acb242040eefaf73205246b87ed28439417f6f243f67d1f40b624345fbcc617a5fe8e57132ec53ec38796d161be28f368e5620dfcbfd0f40bca801ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\BA53031A0BA9F7163BD9B09B6CC867294FA2A699

MD5 3026ea6cda2e6a08080c8479e22cd98b
SHA1 60601c4c6786025d10891042a7336ede2019a7d2
SHA256 f3a055d785bfd20d91261d49d62f17fa8846f29e5c934df9c6dcebf0f8a540ce
SHA512 e8a4541a327c7b0622ae98195bdff485e9f2ff30f3530b41f129071ad6dcd3d67d8ff6de5d30dcfd6cd26ae2d40e7fc8f4c73422bfb71af59303d5ee84d98129

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\16D3E6A057A124E8E3BC96689FCEB5904949EBB5

MD5 aab2f0dc489f5ce3fe17f44ac22e280b
SHA1 dc489db717de8f08ee6cdb6351d1f7cbad04ed6f
SHA256 7246d99431118ef40db86ddca651982cec5a5b6a089aa55474833f0369e0b37c
SHA512 33cbbb1b7e93f2425d94b8290eb7fb3e44c853d82f744bba605611a84c8d8e576d2e823d883d9a5c093cf7ba0586755d6c230f2c90f9f82c7b6668fafccd7990

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6B4DB52338644A6A772A175E61E5FE1628EBC513

MD5 1b793e28893296fb6136baffad49e670
SHA1 771078e2c2d09010bed2f4ef35244bd6b8d807f1
SHA256 5020e6d5558359687fec76612016ed23ec791b11def2fe2806a6c5c771796506
SHA512 197db236592ffd334fc0c2feeab97c5ca88d83c93505e21c1810e644605f279bcc8131f569a8d25c0858e8daf82591a2875df0391cbdd705f5bc36bd6f9e52d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\EDE1C69677261F337966A25727F604E03E3DB6A2

MD5 422e041e804f8bbbe9170eb84aba1a24
SHA1 58fe7f73cac07b6a1ef93822d3ef1763ccf2940e
SHA256 994c8928c8a2737733f258ddf39b24f6058eb882b16545e0b8905e838cecd50c
SHA512 608a5deb4f27664ab1b72c7bb9c84d34c0f2e05a1605700bc24fff8735f7f5b7ec692a603b41b869c8f087a7e55ba0f90e352edc461c158a23141036f3da8ccd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A7185B128F37007861637E9F7A1F3A17CC67A193

MD5 ae5e0403fab9392002efc569495fc213
SHA1 335f537cd244fbcd3017c25949f0b90edbfcaa5e
SHA256 976186a1a2d94593b8a18936a261c25dc96eeab29abc4069a46ce5a3ab078d6e
SHA512 5bd809abb14a9d0e121603f476cd4506fe16927548e6d1a411eb33f1787467db0923b536eb87e2a9a71954b0da8537fc99a2d3b1cc94918034f3c7a261220884

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\32CDC3544254379FA0CE0BC8E82887486A808831

MD5 5449891ba2030fcc792ba68f3eaaadb5
SHA1 dc5b84911e691d0c3646b07ff8e874159ada46d4
SHA256 fbba0f1e890808b0efefe764d531557118fc495e54e3222ec573bfcacdb1a420
SHA512 49edbe343b94ca791657e0b331dc278be879348ceca4756a29e56daa0ffaf2f5af05f0282eba6b6bcc3f2f8a7b3feec2c369e736e0afc6d0ea425b681d722409

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\299B4E352333008A61316AF9B2567C39F7C455F9

MD5 20a8292f0316ba79a10bb94ded93c713
SHA1 741662fc9a46bda564a5d5db98fdefd85a71d86c
SHA256 fe1a2fa31315a539c3c99a88b76b106e1c10e48837e10078e2f18b15c242c28d
SHA512 469764c0cfaf992ea712c572dd620154be3a2bfcd5bee7e4f26c71b88db3f04eaa1388646d4beaecc0fe67995401e64ae1109a6786a3bccc1c72ebbe12b80072

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E5598E170C71E64E82F578D0B0308297497C8C1A

MD5 a4dd5a5b3ddf8e97f8dc689aaa0b8f3b
SHA1 5c8bac3018db5627bad7f6b257c043a23bf2dc66
SHA256 ae3686a01201ff370fd4ede77026b31a05f5c39af8adc8f3e47a3f842cf04eab
SHA512 b0225a278333cb494c66423e2deb39ac524b225e37e15a6179f35220ee1f11cd6e838a9284fb1fd60033778c900ba605cde7bfa93263450f37a5b2fcaee5d27a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\FA3488F3C0AFF2AF0DDB34B33BB5C858E7FB7309

MD5 d47fdcf8a95cd9bb47390f259f35b601
SHA1 22dc4b851918c0f96bad9a93b2a7f5f7159d2ecc
SHA256 b72c21bfd1984872c9477a9f2db4397b4d5196b916265077f4a29a2fbe2aa3bc
SHA512 b649dddb5bbcbc770290345b7b6790163e68966a5feff56e2272db43b5d688b58e4a59c127902922d4b8acd0dcba7db29aad9d6d6db84f7e4540865019c0c03f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\7F30F53457983F11F2D61636C9FB5706ED9AB60D

MD5 f05004deec6ffe17067accdd3ff39351
SHA1 c980a3c38eec5bc6a681805dc62bdee528545deb
SHA256 f3ce242e4d2cf1393c4b8fec89491673a7ab4c71e9f67c2dad2afe4cf8b536cf
SHA512 528e2b42b67b894dea0e73de7d1010ab4873082e40a0e423e6e716127a71a776c1341165568de75314f697795c68210d26a925b0cb7812291f5f80b49fa4350c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

MD5 d0e4eb8f76de22940374ca04abecde50
SHA1 5408bf79cfe3261f94b2eac15c17f52f68e522d6
SHA256 a4d27b6061f742eb6fce73dd40424b0ca6643a24eabc70b353a9ef4d1d8cf0e4
SHA512 d25b811f4bba2d184d11220026b852e2a787e54d7babfa7d5f4c189e8152b3ca03d487add4a56f70b3bb9942324002de67cf517a40d1c32b0563da5ca785fe5a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\8560096652A022B72F28E970060DB183FE096D89

MD5 39b9e1a78506228699d17da0b797edf8
SHA1 dc3ba42c943b08856474ee388cfa27f9d2dd81ed
SHA256 a4d1270f32c0a5ae50c3a712691dde4dad873fc8fb5514ccd0516f1efefa50ff
SHA512 4118deefd08c908edac496632f738c3b120b17ee4cc15ec640e9b2d6e4e6e130bec29efda6ff3a38fdfbf551a8084d7c034d9fa57e41cb4470c304bde6fa9d3d

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 e58fdd8b0ce47bcb8ffd89f4499d186d
SHA1 b7e2334ac6e1ad75e3744661bb590a2d1da98b03
SHA256 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
SHA512 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/1056-1479-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\places.sqlite

MD5 3ae512093c12a2694c20a72b089bdbef
SHA1 8aad114cc58a9e959341fe183bd335333ab54a42
SHA256 03467bea506fc5d0d77c6a7213d88f8a5ab0c73bea2e97b905a91d959f602984
SHA512 127bba3cc833790ddb04fda62fe50e1c54e88dc6c292158f10b9781662773dd25d16781095404e0b4996e14db33205cd4bcfce87e33fa7258db988f8981f2f25

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 0ccba951f4ed68b539abc2afab26afd5
SHA1 808f714482386dcaad8428426fa49ba8f1595791
SHA256 6a42d0e37928a8d55f14934dd1de10824602195a13d6b4d4d7f28cc58cc38f5d
SHA512 8aee6444ec88bc71548a7fc88516db2114e1a4d64ee9fb727612dad0a7a1d430a8dca94ab7237e81d7ab22ca693a69a43e67e644e67f57eed909161ac871f7c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

MD5 8ce42ae987b263d43bb0afb090f0b4c3
SHA1 253de806435ffc62e68977034a89152194d92ab4
SHA256 d10a158b6d7205db7270519667bcd89d189958e9fe635d9f7d549fe818221fd4
SHA512 d1c35ec736e2de2d75e49311715bb5aeb58ba410b9f0f49360bbe8c25e7e0aa6c3c0ce6b3d890e7c86993ad50b4ecb069628dbab449da22809d1c4c74db9041f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

MD5 6b512908cd68e4b93f2e795bbd325206
SHA1 ba54c3afec1050f60d1b6ca1b224b43911d002b9
SHA256 cebedd20162d75842576f5da0627519692f8ead0ed868c7231404a1aeb39d8aa
SHA512 0ae58a712a87dfb07906c558d79202226977d672a6dc91906550a2defa8d3ec8691f2d82019c50f300ae73bc350d72f168c7e229368ee42fae04e9fb96fd4bf9

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]

MD5 7e6b6da7c61fcb66f3f30166871def5b
SHA1 00f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA256 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512 e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5 74c4a723b053eb80a7f7b04634693ee0
SHA1 ec15802d91a23cec205bb7b6848b5f257e9ceb53
SHA256 9325fab36b9930831ec1466ca0fb92198792a6c8044a2b7d18ad6bad72b09e80
SHA512 70caf748874a49278b843bc04fd872fde647e2f17272ecad42305af8b52e113a0f780b664c13ff3cae2332c46f22f48df9f10cc0887380ddc308acf4b0ac0e50

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/2616-2995-0x0000000074340000-0x00000000743C2000-memory.dmp

memory/2616-2997-0x00000000743D0000-0x0000000074452000-memory.dmp

memory/2616-2998-0x0000000074460000-0x0000000074482000-memory.dmp

memory/2616-2996-0x00000000740A0000-0x00000000742BC000-memory.dmp

memory/2616-2999-0x0000000000E90000-0x000000000118E000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c91d7a1930f4604c0864b4b1c43250dc
SHA1 3bc0a026f31fdfba10acb60ee33e20e60d8b12c2
SHA256 235b4fe47137ba514de200c48a112ee4a3299f76382716c612c006a5218075d8
SHA512 00c0eb476644c9e8cae683041a37cadc098165eaf92aab7fe1344bc7969c1b0c3b3f3589c063c2eff00e142729cbcb9d4b7a642b7ca415e5b4f99b328c05a46e

memory/2616-3030-0x00000000742C0000-0x0000000074337000-memory.dmp

memory/2616-3029-0x00000000743D0000-0x0000000074452000-memory.dmp

memory/2616-3028-0x0000000074340000-0x00000000743C2000-memory.dmp

memory/2616-3031-0x00000000740A0000-0x00000000742BC000-memory.dmp

memory/2616-3026-0x0000000074490000-0x00000000744AC000-memory.dmp

memory/2616-3025-0x0000000000E90000-0x000000000118E000-memory.dmp

memory/2616-3027-0x0000000074460000-0x0000000074482000-memory.dmp

memory/2616-3037-0x0000000000E90000-0x000000000118E000-memory.dmp

memory/2616-3044-0x0000000000E90000-0x000000000118E000-memory.dmp

memory/2616-3055-0x0000000000E90000-0x000000000118E000-memory.dmp

memory/2616-3061-0x00000000740A0000-0x00000000742BC000-memory.dmp

memory/2616-3096-0x0000000000E90000-0x000000000118E000-memory.dmp

memory/2616-3103-0x0000000000E90000-0x000000000118E000-memory.dmp

memory/2616-3113-0x0000000000E90000-0x000000000118E000-memory.dmp

memory/2616-3119-0x00000000740A0000-0x00000000742BC000-memory.dmp

memory/2616-3120-0x0000000000E90000-0x000000000118E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-15 08:35

Reported

2024-09-15 08:40

Platform

win10v2004-20240802-en

Max time kernel

93s

Max time network

205s

Command Line

"C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe

"C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A