Analysis Overview
SHA256
40da854572ad619f1e48ebc62e7ac42fc46b2f3fbdd0dd9069eb451b79f578f4
Threat Level: Known bad
The file wanakiwi.zip was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Reads user/profile data of web browsers
Modifies file permissions
Loads dropped DLL
Drops startup file
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Modifies registry key
Checks processor information in registry
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-15 08:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-15 08:35
Reported
2024-09-15 08:40
Platform
win10v2004-20240802-en
Max time kernel
216s
Max time network
220s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5150.tmp | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5157.tmp | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wkwthgmgqegtew611 = "\"C:\\Users\\Admin\\Downloads\\WannaCrypt0r\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\2229298842\1034423747.pri | C:\Windows\system32\LogonUI.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Public\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "126" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\wanakiwi.zip
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0663308a-a27f-4dee-ab22-6d47d309cefa} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {854907fa-1c70-49ab-9deb-a23a857ff077} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3344 -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 3332 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3987187b-d2a2-4b15-8021-55afb0ae7a39} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4332 -childID 2 -isForBrowser -prefsHandle 4328 -prefMapHandle 4324 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c502a4-95ec-4ffc-88e3-8c08c6e9295e} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c6d721-0c41-4658-933d-cd968008b5b7} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8a1cb5a-a58d-4712-ab56-ed523622fced} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf54308-8cf9-43f8-ac23-dcb4a6f3e0c0} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b8319d-c1d5-49e1-9fd6-79f18817b11f} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 6 -isForBrowser -prefsHandle 6196 -prefMapHandle 4904 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {976be508-76a3-4c97-93db-12fbd67b3f75} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6408 -childID 7 -isForBrowser -prefsHandle 6400 -prefMapHandle 6396 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a4b481-26df-4db6-a838-687ddaa1a820} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6636 -parentBuildID 20240401114208 -prefsHandle 6560 -prefMapHandle 6568 -prefsLen 29357 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aed6157b-28f0-4b44-ac46-1683aabe7733} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6548 -prefMapHandle 6552 -prefsLen 29357 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17986cc1-180f-4453-be47-ba22df26c8e5} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 8 -isForBrowser -prefsHandle 5908 -prefMapHandle 6868 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d7a3dab-e4e5-4538-8992-7d56ff7504e9} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 24253 -prefMapSize 244945 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3113143a-2b38-4fbc-8c0b-1fa5f4382496} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 24289 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18c91e1-079f-408b-817f-e291e158b7ef} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 24430 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f4e20e-b4f4-41fb-ac6e-5ad7a8dea8d5} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3996 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 2812 -prefsLen 29663 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75b163d9-6960-446a-aebb-528b810c5085} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4568 -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37e2c96e-bba8-4d74-8675-4539cf870388} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4968 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 29717 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3cf52eb-b82c-4ab1-8d1d-5bd43a40187e} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5380 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dcbf641-7af3-40d1-b26b-d54dc6d7a358} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03c7f37-f0ea-4fd3-8036-f2b0f3369b39} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5272 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47467bb8-ab1b-4a9b-a813-0baf816c93d4} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4616 -childID 7 -isForBrowser -prefsHandle 5152 -prefMapHandle 5560 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e66025ca-0793-4b25-b52e-99575977963f} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 8 -isForBrowser -prefsHandle 6200 -prefMapHandle 6216 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95c9a843-c55e-440f-8dbf-d993f9efee00} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6524 -parentBuildID 20240401114208 -prefsHandle 6516 -prefMapHandle 6512 -prefsLen 29717 -prefMapSize 244945 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8d83351-6aee-43e1-9abd-b9eb014a4d38} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6532 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6660 -prefMapHandle 6656 -prefsLen 29717 -prefMapSize 244945 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c51a5835-9903-4bd2-b262-3d8f8a199e2c} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -childID 9 -isForBrowser -prefsHandle 5708 -prefMapHandle 5536 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4a8bb09-0700-4d91-9682-d6e5b4c9eddd} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6848 -childID 10 -isForBrowser -prefsHandle 5668 -prefMapHandle 5680 -prefsLen 27296 -prefMapSize 244945 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e723ee-ec9b-4c70-8547-fb646a9f7e5c} 5608 "\\.\pipe\gecko-crash-server-pipe.5608" tab
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WannaCrypt0r\" -spe -an -ai#7zMap21574:86:7zEvent28917
C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]
"C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 201851726389484.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\wanakiwi\" -spe -an -ai#7zMap11632:74:7zEvent31299
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wkwthgmgqegtew611" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wkwthgmgqegtew611" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f
C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
C:\Users\Public\Desktop\@[email protected]
"C:\Users\Public\Desktop\@[email protected]"
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe
"C:\Users\Admin\Desktop\wanakiwi\wanakiwi.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3978855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49882 | tcp | |
| N/A | 127.0.0.1:49889 | tcp | |
| US | 8.8.8.8:53 | 143.180.12.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | 186.72.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 172.67.168.207:80 | malwarewatch.org | tcp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 172.67.168.207:443 | malwarewatch.org | tcp |
| US | 172.67.168.207:443 | malwarewatch.org | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | 207.168.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | use.fontawesome.com.cdn.cloudflare.net | udp |
| US | 104.21.27.152:443 | use.fontawesome.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.33:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com.cdn.cloudflare.net | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:50745 | tcp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 172.67.168.207:443 | malwarewatch.org | tcp |
| US | 172.67.168.207:443 | malwarewatch.org | udp |
| US | 172.67.168.207:443 | malwarewatch.org | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com.cdn.cloudflare.net | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com.cdn.cloudflare.net | udp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| N/A | 127.0.0.1:50767 | tcp | |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 142.250.200.33:443 | photos-ugc.l.googleusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 142.250.200.33:443 | photos-ugc.l.googleusercontent.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 31.185.104.20:443 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| N/A | 127.0.0.1:52999 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 66.206.1.202:9000 | tcp | |
| US | 8.8.8.8:53 | 202.1.206.66.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\f657838d-d8a9-4e1c-ae77-869a1aef4593
| MD5 | dcc0de3434df1b28d1f186a8d0c016e7 |
| SHA1 | 2294e8615ffb9f365f6c209fb4f2fc840b20a3c8 |
| SHA256 | b8f83ed459be5cf864921acc878993697da0ef00e88b3073ce873a880bf2362e |
| SHA512 | f1b5f1b20b90b5d5e4962d65b590a69e9d3a121e4dec0c3f4f671e4bd41022718fc3fea0391b1fd1018c27e61a26f2619b512e0c12cf2681fafa6264720de836 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\cadfd83e-886f-42a1-908f-bdcbe2eed673
| MD5 | 903d1fa0142f5f6080e9f46728c4857f |
| SHA1 | c385a4ce8a20e1874fe26bb64bede07e6ea9d2f9 |
| SHA256 | 476f27841d195dbc0156a797429e9374f4dac06537d5bba68b24daaf04ac5d9d |
| SHA512 | 6bce80af72949b2227fc2573e2a3a2ecd474e88b0ae3ec285b95ee92ba127431801b49ccb5c08525287361d2027fae29d2d3d01a6c3e78c11a9463d422b44f56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\1c0a1516-0c1c-4310-a7c3-21871fddb18d
| MD5 | cbad13faec9ea10b41e672a87d42c1b4 |
| SHA1 | 0be1c988b2594d53e5ca7abcf1f545acf2c61797 |
| SHA256 | 9221e977c023933b4d6c7b2cf916ebe0b6dbceb8a0bbe9d88f6192e04b838929 |
| SHA512 | 4b103fa61587d66fea86e1b9f94e2442c7c5906755e228e833dc19cf8fe501f364fc1c5afe5991b00ef3ea8fb225fe3d1d8cbbbc8b863298642aa1a694df2256 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 3dd028edf6beeae9b9c9814a1b3bf7c4 |
| SHA1 | 794b25aa8fc6f2570113fec335d07bc4befdc81a |
| SHA256 | 04cd35229ca3b5dfeee404fe6c9b09a4bc68f2e4b70f70c68106ff71be09a00c |
| SHA512 | cc5acf59d6abb901d7d0ad6af7cb78fdc4e9da6fd3760c887a77bc57f16a884a294e0ba840cdf2300b5f30f8b719834119910a2f325ed7b8bb0e7a3674c29857 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json
| MD5 | e9a2c49b7585675cd80299c113273c9f |
| SHA1 | b3f95fe99190424b177ca1fe55e759bae5c48e42 |
| SHA256 | dcd306586693e6a3da3aea3f5ec771c3567144f41a2534bb90f6eded82222831 |
| SHA512 | 95a26ebd2f63085de416e4c5527ca7015461b0adab7ac7ea2c4d9f48fb12d3935b0dcecf3523b59364f1f1b97e1cb9b266c28e933ef49e880f58a314eecdc532 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js
| MD5 | c8b40b11f74ed920aa6b4a3c4e395547 |
| SHA1 | 58a80ad470f7575a7d0aac3e84f6f3ec3daf3ea0 |
| SHA256 | 19bee0e0542d674d9813c85f8bd36ebbd9942430e93fa3b7657fe115f331955e |
| SHA512 | 643268b3ae5bf4b208cac2ca672f948eb9d93993b7fdd5e676f72a07038e24cb5f7d08e4b8f3b302cbb647e44fc5c2f182effafc43a3b4274a0f734e71e5fb83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin
| MD5 | 1e96a8a84c8561f5a9e64c3ecfc38f3a |
| SHA1 | 348004ef6862f248111987d892455e6fce0f4775 |
| SHA256 | 9e12c0f0bcfe4b40e386896ed647f91f3a537226956dde39c3f0075924a6ba1b |
| SHA512 | 2f15d00c91564edc881eb80fa9deeb85d642a870ead92245120a1dac3fa50c0ca07b1daf6716e63d36c4a731874ffedfbe8af56e89755ff9e4520df4bb2660b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 3e82010059e72a23d3dbd3256645ba97 |
| SHA1 | 8d828495cba2bbbaea53c0cb60cf36d2a4332734 |
| SHA256 | 15b0de8369a2381ac007adfe7c9973162149557277cf196aeb4051fd29d0d012 |
| SHA512 | 408c356828af117e80756ad17723757f81b42b47542615417ce1cc8ee5fa320cd1880c138a8e5a556d7de406099d0c67de097f1b67bb3e0914821d529891b483 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d0abf23d48a343b50d2373d0a65ba22b |
| SHA1 | 77dab920d72ccc9f1f72c303f45f7b30ea12f353 |
| SHA256 | e54d0955a572b7e73519bb7bcab33041581b94347d1be65eef0826b192f9ffc2 |
| SHA512 | 543481fb2b4dec704f461fe37aee1b6334aeefe26895588d14f0e839ba685bd079b2b4c2938885323ba59ad0fa177345d1798aa1c328d1514c8ce23ffddc5d83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\10824215-bfd9-4067-89b1-09d67c7cf6b5
| MD5 | d85f8c3807f0ddc5ea7a655ac2606ae3 |
| SHA1 | f521f2fc89d79a1102b0d51744b7b8021481474e |
| SHA256 | 2078e6e45a0c9bbc410251dd6978c74fb4abb6ba8a107c587ce41d58fddc8b2c |
| SHA512 | 31a09580d40d839a5bd0e726c9c63891b7e2f4d2e61fd18ea25e52c29d92c3192538da8791d9a3bdacb094b8ac709695deeac88d12499c73288834f295b78d18 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 91e1504493060418daffc4758d02943b |
| SHA1 | 9334f12c4920256f59ffc14b5ab5b365e60131ce |
| SHA256 | 7dd2f93c68e4faf38bb28135a700d0203ab1515a13ad0a058193726845cdfeb4 |
| SHA512 | d05e1d3663e08f8a62d57a549e9587f5485c268fa619c18186dfde0c2bc00ae67a1567e43be5c4dff6b25b7098d7ac68e21880bf850a3e84724666e4ae460323 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js
| MD5 | 28fef3027286fd3f3bbbf27d1d4486ac |
| SHA1 | 9e153518cb34b5d8e408fd0d327b862058d842de |
| SHA256 | 02409f04ace122aa4113bbaef9c9b02a26f3c2fa663d9c360bdfdaac7ee90bc0 |
| SHA512 | 11d73357e1281c2073966975837bd430234c4b1a45f4c014c2cb46ea22eb5bdf56c2e2af63cd03c3a926d41c391b38474c88b744b7d34cbd275fe0769db30545 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js
| MD5 | 2d28a2fd90a33610f06641b3932589d1 |
| SHA1 | 750f5446dccea9f9b98ac3bd9814ddde21179d53 |
| SHA256 | 5c56eb28b672c869dfe7be60bf57e872563dc7410c0f600bba56833233d90400 |
| SHA512 | 08c8c850fd5a93ba22f3a1d96b88f0ed1e30675ca7942383db4c1c668798439958246e894eb772344ed6d0ea3a525d5af81fb4a56efd90ab1244f96b602d07f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\scriptCache.bin
| MD5 | 51e2b60b435eb60f5ffd1134e4066e6f |
| SHA1 | a289984f92fa293f5f8ea3dd6137390469055dd0 |
| SHA256 | 8c5bbf7ab0d3abbc7b3eb7856e887450aa8c966cc03c986a1b015fc6e68f6320 |
| SHA512 | ae88ba80ec0f78f74790597a2e7db2b2efedc9fa238be8e655599de1adf90fe40f11aafe80a83f26387295fd078e72eb400c64d998441569122944cf9afc8bf8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\urlCache.bin
| MD5 | 381ebab660959c2e0ed5bbfefb7b0b3c |
| SHA1 | 3fd8178b4355be47aa9b2c73b7cda5ad8787aaaa |
| SHA256 | db2639a6659506e3a902f25f7feee7aea79fd8623a6c4a45b8c6fac4b8818b0e |
| SHA512 | 099574b2a61e20186f2f1a316642decc678feca0f621c1ea8a49e11129ace0d2529bfd6179e1175697b6d14bcf3e00ae1683d1d14cc75472e20e86b56df9aee5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cookies.sqlite
| MD5 | d1b88be1b76e87dda09596329052e03c |
| SHA1 | af38424bee42464365e7b0c78639b42dea65627c |
| SHA256 | ffae699eb4aa56177f6309b871e09655c328027e352e4e3defba0108322d3b42 |
| SHA512 | ba2e990b481453661a2f21c2c64c8521541699604470b32eb851391c97d4248b9f72227fdeb92589ddabf0fa033c97cd33ea22290bac11df67502ca50f7009df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cookies.sqlite-wal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\webext.sc.lz4
| MD5 | b9bc02ce84aa85e3651c9092f4c264a5 |
| SHA1 | 1437d42cdd7c3a38231dfc87718ca53d64954280 |
| SHA256 | 73f44c8d845e89e6f4e43ec6281f5b131866f3af8d3940a20fc9a91b6a96836f |
| SHA512 | ea352df32e80859ac474906fbe5e690842eb11fb3f71d3e30f4f8b9acb94fd7fbd1370792edd472db89e2a9b18a46a82aad220680e5d252d247828c410678d5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore.jsonlz4
| MD5 | de4e9d8d9c1034bfed5c3ff4ebdbaaf2 |
| SHA1 | 0e44431d09bebd8805cce120e5efb76670b41d4a |
| SHA256 | 8d121eb4af50aae5edd9cec0cd582a5cbf2bbaa7a9a1f9e5416c8fbc9a3ce1bb |
| SHA512 | 38485d6d01fe2135204af84f5b9441b2572bad866a029156ea1622f3403ed4a000fde08772f9a27de494277152ed015b4f410559c571960fc03ecff9af0299d1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F
| MD5 | de2091f19e180ea967595f4e69822a95 |
| SHA1 | 0cd6175a92533baed3fee1652b51297b548b3754 |
| SHA256 | 331c258bd346aac75d3dec7ac5e045506aeccbe17464a57468aa477dcd3568a8 |
| SHA512 | 8fe2036c35233457882cc812f58e59636eb39e49dc67bb77ab15946ed1770d151dd75a2af7b9134ba5e3f86166ffff9860ce1f7365a2f6cd8b0a3f5f06a15c76 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\permissions.sqlite
| MD5 | 1d0ab923d1b17663f16f0bbb72a5bd2a |
| SHA1 | 11f4cd54804b842d23137a095078b0993ee6f090 |
| SHA256 | a025cf719a6be18cb2b75372608ab700e96981e174edeb87e6eabdc5d492cc54 |
| SHA512 | 1b6ee1deab258de0516f92fd8108e964c7ee39b92696bcae40c71c4724c150f61cac865c613d484f32b1f5cb0066eb6bf9d434adee142f85726bf3a6c2e12926 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 41f0da9c5cd3658bc04f65c7e2347e8d |
| SHA1 | 4cd4d62f1baf3b51df63a11b4d989a45a6b1dd12 |
| SHA256 | 738d317bda543000b216ab0394a59797ab38b138d15e7add061290a80de3c835 |
| SHA512 | 7250b20c573c73ecc4792c1abd57aa8651b659bbad87f077672f3c7af89c858a1c85dad59184dfb821972dc194f9cc2371684ecb6d47e8d2fc1df91952974f9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage.sqlite
| MD5 | cc621161d1065a19ccd545c11ee8fdf0 |
| SHA1 | 3d6c7d8fb444dfd34315dedb92f2ac6eede87568 |
| SHA256 | 34b47cdb679237c7ccdfdb7891ae5d51d1ba3dcc96efebcadde2ca5468c4d514 |
| SHA512 | 7f5a882765a2ba0fc28f249aee202ce6ba5f7bffc0863479de7ed0ce4756f072f9477a69e0e1fd2b5c04e52f1439710ba1b2be615e98ffca063ca40f9cb2f61a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\extensions.json
| MD5 | 6336c3b6727e141bbc0e7dc5899e3d6c |
| SHA1 | 86eaabb72dd496c0d8e264161a174b280ecd7510 |
| SHA256 | fae1fdfed5a1488cfe5f80545807eba3ec1b41b95e619dfa9c057b556c8813e0 |
| SHA512 | a9a192dfe709e5854a7305aad59e5214e9073883e6a8a157895ffce632b7885f3f4f973a3bc650b00174839ca43c16901af1382ce3eed4c4c7f589f80b56520a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\SiteSecurityServiceState.bin
| MD5 | 4def81bd3dd0ae71fe4bf9bdfe6fa613 |
| SHA1 | 9176a6c7400ee4fe26433161ba98091f8e936f6c |
| SHA256 | c7339e21120cf6884917d9789e7477fb99f78f8fefa41b0d03a877a5265fd047 |
| SHA512 | 3ad779966b16410d507c2199a765aca2cbee4bd36af1ef1938f351f9bf14bc0773b55ed0b4bcdd94abf1563bce57c7e28388ec4f6dfc3a3e1977a613717aabb6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | ff6e5308808f588bc67b237183d02cbc |
| SHA1 | 1f8bb38b3c8fac10def5423c0119e87a7af50467 |
| SHA256 | 8b4b2b799c68563a7b7e87e3ef54719ce6256fd99ed8f9d592a16b3c8b7bed25 |
| SHA512 | fdbe6518963971ff230b91c21b284e2443f0d5171c2bd6797b7c41a8687234b2e8acaa9432575afcdaa7b62bd1f57633f4024065436f8d24ca1eef90d30d83b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin
| MD5 | dffb40ef17173cb3520d9f8690212e43 |
| SHA1 | ce788afd9438f99954f0484dddf7e85727e055bb |
| SHA256 | 26eed0b844005a073c1a6d4e51a0b650d392b252378e1f9886a90c4ec8d549d0 |
| SHA512 | e1bf67a37df91a6c47784f18b9fed14410e43252db30e6434176ae45429a87587a4b0af04c97bc716a64ad174324f23289ca0a92d9df2b038cbac039cc1c03a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\content-prefs.sqlite
| MD5 | b41ed219e2c8dac47f2701562d092621 |
| SHA1 | 90d507eae3ec943a121dbe5a080412e40470b54f |
| SHA256 | cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f |
| SHA512 | 5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\8a01eb95-dc4f-4bd8-b682-3772a6133bbd
| MD5 | e329dc8b0a01cdfadd55f96f8bbb5940 |
| SHA1 | b79607b6335bf6845c91d5a429e5707dda1a7bbc |
| SHA256 | aaa189a6def6cf837b61200544888f04fce08ee9d74a44684ccda6c4e1f30308 |
| SHA512 | 0bb368c21fde0d73f25f6fc23c3a22e11243565976ab38f3d0d5e849d93bbcb107b3a99a8ae227829beb441b53219c247bc208370547aa3795ce5a94ccc6d410 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\d82e815a-c419-449c-99b0-489bccc71829
| MD5 | 6df9852d1899553a1393d1466a657ad1 |
| SHA1 | 7f515282de6e9f25ee79cace5be08418665e8cb5 |
| SHA256 | fec17be560b6a1837d17d6fcff61e3c2fc665196b77028e4a016b5c0e2ad0932 |
| SHA512 | 0936143634460194e5ab91bb5b6b72d3b44353f3f1329d73fd51a49c1b31de053e9771be5b919701a5b1002e68b0e6feff67d92ff1205922eeedb039b86e468d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\0d105101-fc2d-417c-acfc-8bf06cf24e9b
| MD5 | 06e7f8ccf6b30a77753827b4bd3694d6 |
| SHA1 | 743be59f5951301e57dfe5278d1469a25d7bf258 |
| SHA256 | 1a91ece039955f89c0c9915337644693f2544417f6e470a5f53411735185ec79 |
| SHA512 | ebdc31367124863f68514131c2bede3f8e0de99f931f84f1bbe98daded396376a2da2a92de2bfcff9e30125d4dc6afce42b257606fdd5bc3f5fd283231dcdf35 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\protections.sqlite
| MD5 | 76786a4c0dd19d88d6d3ed95a293bf2f |
| SHA1 | b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7 |
| SHA256 | 1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31 |
| SHA512 | 8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 295bd560ca75cb25ebba145bea8ea87b |
| SHA1 | a9f69ceb4ee4a49d35c8962c0f516791ffb1797a |
| SHA256 | 95c539e1be1f084dfb7c6c7a264431d6f1c6be7da498135820ef793916271335 |
| SHA512 | 8ef9a6fb48c3d3bd5fe16d4a32452d1f1ed229753c43eeb6762c607bdc4c469f704b6ae2d6b1277e263410c50b2ed3469bfe85621f82360a164f411dba827f12 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\pageload
| MD5 | 2b619dfacecaf19e616560ce5d12ac56 |
| SHA1 | 54fde31f374f91f47e4fa716d0380be63e4dae51 |
| SHA256 | 5fcea9a6a1304da5e0b944247723d9d53787855240d553bb598acfd8690472ae |
| SHA512 | 3de3ec811441db380e907264400381ce6b57a4f4ebdc88e6dafd81b7433ae54c47841e15a2163f1da8a0f10591754bee3697fab7e54832b06273010932df88a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\events
| MD5 | 75881696a79935555ae579797c166237 |
| SHA1 | 7b7f1d9eadb21fefb3695a8b4f16cde31c5d51d9 |
| SHA256 | ba926b052cba268e63136f12ca859a23ef32f2e6821611f02336edf9d5745e92 |
| SHA512 | a3567feef98c42bae75c371872b059c297324a848d48255db3d1cb71fd65505ac15754dbdfcbf567acc1a4b77b943e1d86f18bfbe976a492f3cd14e8a7294eb9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | b718d943e75c4e1bd817551971fcf708 |
| SHA1 | 59c59521f4cb0f6114212b0f8ca67b5856557f25 |
| SHA256 | 9e6a5a15778884ad506da4764f879551f9ce1172fbd03cd893a38efa38595356 |
| SHA512 | 1a1893256c4b8f7b9e163b728ca36db59e2ececaae1061d9e5bb7ff6b8f4a449db778b5f976db4bcafab5c360a977505afb9a66c5a6aa5045bd79b360b0140ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 96c368c64e0de2769056d464a795cb66 |
| SHA1 | d8320eeff1e3f9456291fb9ad1d2dc4552c1cd8a |
| SHA256 | e6d3c046a2770c1e7b058b4959de67166355c38170f76644bb83cbe88f2d1ad4 |
| SHA512 | fe1774daf9577f507bec463ec253676f8db26f8906de1365d84838d9fdc9ac7da4dce13e6003963673a46e111257fb533e6427308e604fad8a4d0d13827db086 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3cdae9cfe1e2d2889d259e84cfea219f |
| SHA1 | f10a4d277db78d23d0d86ca9aa5dc1a670b0161c |
| SHA256 | d1d84aa92a0ab79cd9ebfe75cf47f39b45bf61439741faa895b6aa932b3832cc |
| SHA512 | 4e0bbd4016f05902f50578f26a06993acebbe58d1d3301c7c414e18a269b9c9490b75dd7cee7182c6d01013b47df3eba92b2149b5649b9f58a97b177f1892c3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 934a6a06280fdf8ba09f6d3201acee53 |
| SHA1 | d166e4493cfd6cd6eb1623edbf42062db05be711 |
| SHA256 | a2e3e69b49c421bf2013fdc13e9bcc7f89dc8308506c803917876aea5b81fbf5 |
| SHA512 | d1d2db473918793a5726d40c69656ff4dff54bc9b2767c29f39847d35e9fd3d206e304b6ee3853f68943af523b6b86e4a7dcc7f1646b8562cefc11dadaa37c11 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\favicons.sqlite
| MD5 | 37ec2879f8ddb2b4acbf969e1346678b |
| SHA1 | eaa2536aea1d6a81bed95c07091a075ae5f234d4 |
| SHA256 | 00490f11818f091a406417ef633c586a122a7db0ff33478c8e0bc6c9e860ef6e |
| SHA512 | aa006f70b4aaf8443026b5dc0ae57a0cb16114ded6c0d9bf2ef5a3728a30259abce6e2826242b69dec9876580b2af1293e403257ebc1ee55258371d2f759d8b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\places.sqlite
| MD5 | d5028513823dc9eb24ab511da8c32bea |
| SHA1 | 9cb45045d57b91e502cb3cfc87392c54fd4db9f4 |
| SHA256 | 760d0b7eedc76218028ced7b1461493b569025380ce6b6cc59be4fccbb2ffa04 |
| SHA512 | fdfd2e39151bdf61afe2ddf97241e7ce50539d132cec7d06eb4f53879bd1ff5609efbdb52bb54031f1eb3081b627c7ecfe76993ded32afaf5a4649191362b928 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cert9.db
| MD5 | 212002268ff047a360e5b92c8100a6bf |
| SHA1 | d76da88d249e8ac177db139dc2d8ab756c3f7372 |
| SHA256 | dcbf145d3335110e214338b4ce34760b4b99c4317c767f649fc29f97f764e291 |
| SHA512 | 3d1bf28404d255b5de30a3173c6d0655e07ebdbbbc84be846e0619e5271e380534144e4698f19a9517386483260e558360ab63528af11fded69769e70b810a49 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 14dc17130da536e1b80b27db0f3af5b7 |
| SHA1 | a56fafa691be67c212371d50ae5556899c938e02 |
| SHA256 | 022df7442484d1319d189d4664904342ccaf86d75de326d2a62b1bc7dbe78042 |
| SHA512 | 1d4f75fd26cba64d058750217d8bb74bd955dbf1180e58d5f12c952a96387809dba4ce5a56730a56eff93b5dab634f7e42182dbee40269ce6c3bd8e0f56b0f54 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\ls\usage
| MD5 | a4b57866747aa8bc0828ccb259689903 |
| SHA1 | b77c045f5580c81a6cd07a5e5d2271064aa52233 |
| SHA256 | 395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88 |
| SHA512 | f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\cache\caches.sqlite
| MD5 | 2366c83e0d361f11a90118dcec27f068 |
| SHA1 | 65242444afd6cea7f4cb18119178dccd54913acd |
| SHA256 | e2011cea22ad0828ce84493394cc1e89990eafef77fa28ffb559ee89b267912d |
| SHA512 | dbd628d46e816ee8fb135bb88037c5df3596c03f3c25afcd1b9cb589396a9f5bdb53d62cfd6e5060b12ac80ba347df47673e6030dea96bd48abbb2e20b739844 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\cache\.padding
| MD5 | 7dea362b3fac8e00956a4952a3d4f474 |
| SHA1 | 05fe405753166f125559e7c9ac558654f107c7e9 |
| SHA256 | af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc |
| SHA512 | 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cmalwarewatch.org%29\.metadata-v2
| MD5 | 831a7a698a902f040f18045e12cebd62 |
| SHA1 | 974a13c3073cdff812e17cfc5115f92d4dbd6315 |
| SHA256 | b6b110d85021253f23d97448f9eab403be17ad86ef770dfd4d9cb9831a20eb95 |
| SHA512 | a3020493b2f46c3149574dbac6549fd3e65890a7d81afbcc17e6257ebfeae5f9e9edbe2c718619bc70b6dec55d4ddfff82338748cac0a15d43d93ebf385c1ea3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\ls\usage
| MD5 | 195332f2c92d358733afd1523b48cd7a |
| SHA1 | 9b9b76e7d1960bc09a10dca42d50b0a93ca0e173 |
| SHA256 | 03f617d955a46a6575b0a0fb3b921be88a8cbc4298ba725c31ab0519c2bcac70 |
| SHA512 | a46121bb9068043b24b177a349fa6902449cedc392d79eefc77a0fa3335020fb08f78745382dcd325085accc86a78600971f4064ec737648620e6fd17544740f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\.metadata-v2
| MD5 | d8675c53124f6bb283ecc55df3bbd75f |
| SHA1 | 3140a341b497550d423f21467bbd68f870bd3501 |
| SHA256 | d181d5481b1c0d5122763bd08b927dd8d504524dcf8e748e08684eca3e00f829 |
| SHA512 | 4dae107b48b7f19dc513e91bcaa68f0b7e14fa7118896ea91a19acf62fad2ae9b113ecbe64e900a3351194c6192c47f71c152dbca025ebe1fdcd2e460fa04709 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin
| MD5 | 862254c271e0b4800ffff46b6e17d70a |
| SHA1 | 96ff45e67c2742efecb3c83207495c8f48e62bbe |
| SHA256 | 05bb3ec9aad3fdd41e9b78458e3961e7daf8454f0d5e5059ae5fd552fba83219 |
| SHA512 | b1a8c35934d6e7d160190034b2ad6bc3ed787fac773e8d368726ddc16b4e1f115f30e8635dd0654b70666e0c637eebfab2c1f7190b6c6f13aa822d9586888007 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js
| MD5 | b1e98bb8733581f64f6eec0888f4c0b3 |
| SHA1 | a7e1955722deae3b5c5a655413e4ecaf37137619 |
| SHA256 | 2184aab6fc0c1226acc48605283d0ef2434da7038b9217e30fe4cde3309f0526 |
| SHA512 | 0e3ec2d6aac03e1fc9d80bbf989051d6ddd173cf12dd16fea2e8045ac236b768196c8e1028682c2e33a26dbb027f3a3def8ef2b1f0ef07c19e24c02b453bd412 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin
| MD5 | 40221a1151d69a4971fb95848fd625e0 |
| SHA1 | dd73feb50ddaa979af1c1d345e7e5df676fe6dc3 |
| SHA256 | d7869b178d23d1f6d1c29e27db0c1340bfa44dd0ff146c5e684d865fd8d63b16 |
| SHA512 | 5e9978e71cbf584b37139231c72559fba310100ad7d00ed4a07baa26e1039b726ff4dac6fbf41c6df5d714150908792e471b123b8daf0da711fe1f6f90af5cc2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.youtube.com^userContextId=5&partitionKey=%28https%2Cmalwarewatch.org%29\idb\2171031483YattIedMb.sqlite
| MD5 | d523105fcf82e5afcd610b7b760950b7 |
| SHA1 | d991bbf07b3113bddfa6e8a37e6c3c7dfcfeb6cf |
| SHA256 | 11d93ff77c5c197e3340333a1112d4c684e8a0f7349564abf4fc1f62fd8d396a |
| SHA512 | 9500220bc1d4dd9f8d0e44883db596fa9cf90403d15fe8657bac18c4b324582b78e2f5f93e2e30b33f16b3f56657a34c0242a8201f05d653e8583d23114b0dde |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D
| MD5 | 984101e4f1fd39fcb1eaa2dd3ba62ec0 |
| SHA1 | a349b91e7818b2aa56bf5f48165b656190a5f87a |
| SHA256 | 9871db46dbd64d9d5aabd9cfe14b61eaa8f93bb283945d7cf5525e9eeb4f05fb |
| SHA512 | d5c5957146b2f1e35d0362c16d78457f4aea554a5244e92bfa927f3bee784a916b25f6c5e91ad933b58513418cef08ee436a5047939b97eeff67c7f9d2aecfbc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\EFCEDDEBAD67290629B5104614094B988BB2D047
| MD5 | 25667b7777bc6201952cbdbc9f0d8068 |
| SHA1 | 54aa316dbadbc5eb1c51722284924debb2ed6157 |
| SHA256 | e6c651501f7ffb743c512777d1348b391698e8c04b16b26729feecc08eb09b5d |
| SHA512 | 1ce4576f05e85322d1ead1a58e496943dbbd2f86e840b6d471b9b440318952634a89f3508915cf826f5dee4b6f0c110748d3153de757de37b60eabdb042254b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++github.com\ls\data.sqlite
| MD5 | 30fefee9735b4b72046e389c10098a4a |
| SHA1 | 48f96a0982416f2ddcdb9e01902041671f5d9a37 |
| SHA256 | 145cb86fdea912f087e99b6e753d67568c800e1e63ea9c1120058b3927d8cc5c |
| SHA512 | 77c60a4c29d207c6e1544acd774176da4c6c6ba8e0ac8d08b77aceecfd1a1aad0c81b8607c6d555515c981763fcc01ee24be59b60cb15fbd1fa02cdca7252762 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6586F7B38489859730F9ADC10B28BFE43E7639AA
| MD5 | 93e827a37d29c9e7c915d008258467f2 |
| SHA1 | 110b57de662f768dbc6e0eea9e9593b20f51e380 |
| SHA256 | 7a734bbf6422f65fca9505e52987bf69e92c6982520d948d1250896e7baf9a7a |
| SHA512 | 50e9b3f344873554e63ae2be90dddb5b189e7c68014cbe1077181cd5e755618091bcd5c971df595f3f3ba283b070d3337cadd42341859d13f94a227e0e444931 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\73C7F1E668813518B669C33D69033779C04F9F54
| MD5 | 98c078b615877264c9d9fa3080fac334 |
| SHA1 | f95ec606b012eebb10858791f98c00611cef959b |
| SHA256 | c5a2eec239ec4bbca412cf54007ca972278f664a7ec148e63a594bf375088b94 |
| SHA512 | 54785179bbd4e0e4b49e29ed8c1d2d1e7fc84485287a38125e5e979928ce7e7aad9bdacdce59b78dcfb67077076b2d7d51ca608db9f44273082630eea5900722 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\71BF779DFBCE1307F42244F92E6190F178BC7120
| MD5 | 39fcd5ff361d3a32d773dfb7a3cc77a5 |
| SHA1 | 3f13b057efc3b4751c94fe4fea516ceaf155c158 |
| SHA256 | 8c41e60ca99c2ea48e9900b3c75a39c9504263cd197680ca1ae9d3a92253d27e |
| SHA512 | 78792c9b39c5bd1987a35c32d764a4fdee7e567dd6f04a80abbbdafaba6bc71282acf261190939f191e6e52e749dc3759805c248bf44eb2d064f9eea51ba5b48 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\C1B1C93A2BB99933371A4D301755C89FF654B778
| MD5 | 58facab4f0d6c8ba731a7227235f20e1 |
| SHA1 | 5c57f4ec6e31ae89766b2ba9d296129754d0af9a |
| SHA256 | 3680569a2c51f4f7972a01642b6fe6262ebb352cc9b0e0f16f6ca0fad9968470 |
| SHA512 | 1d15b66f8c8d9f21617ce4ab5b5d99f43f0949b4c9b7172645fcc134d1fc84d741ac7036686ef589a29ae0995cd444aa54191c5999190ed25eae461f720e916b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\36E9B20E0F20ACB334FD8E9BC09DE23CA92CA161
| MD5 | b0876a71139ffd6effc69d8139104fcd |
| SHA1 | fff3a2e15b41b15daf91a33717a9da315f99e534 |
| SHA256 | 6f1c46b2ddc3970badefefb5af86e7ba97ebae12ec0dcc4074625f475a3032fd |
| SHA512 | 6be2ff1bec652cf69c185fb331778e3cffddd15ca613dee2342cd1d98b360a303b907344531d59ab2aa2553e70c00d1ff8e5b0defdfa6a097ecf83533cc8b4e7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6686795D100028C4FD88FD2B1D7974E74F293236
| MD5 | 8212d5855a32bb54d13e0c0e4aef7755 |
| SHA1 | be36b5c4ed350d4d243ff268580782a865f31de6 |
| SHA256 | 8f61faa4665b1f33da03f3ee9b8ccfa5a1664e0ebc4d1b2642329c0a3f9e385c |
| SHA512 | ee13f71f4dbb7b04390cc8fdd509b9230c0c46cd5e3534fe484196e939a113e6e226dce838ad4cc8fd0a4635b51ef5d283ea9911498fcb443c12b3fe9e061cb6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\BE91A47AE98719A666A0AE5DBC6C5CAFCB6513CF
| MD5 | 196a144df79a9082a42f0edfd3e76b2e |
| SHA1 | 6faef000f0b75d4cd38ddbb7ffbfb439b1dd84f8 |
| SHA256 | 0d5eb2741509b03043d53d8853dcd784dc690397f812089ae9272cc3acf93dc2 |
| SHA512 | 5ecb39dd0b3f44cd5e9195431538878ce7345a7411173d2ce617007e456880243f31aaf629cd8045ba3f9b653b50079544f94d585b51d0941eb9e3af15785d66 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A8B37F2C0AD843488FC6EF5D4771F29F5E92F9BF
| MD5 | 5d33913c933aaaf00cea4e725e6d45bf |
| SHA1 | 6e5351842103ce96877035b3bed027e89d1e5bba |
| SHA256 | 84580f2e57281cb720fc3e3789896ae5d8ca2ff0592e780e828e76f1aaae7909 |
| SHA512 | fcf36a9b818e87ae076113b5c8e32b60e275d194aeb355c5f146063dfab558c73506967fe22500744e0eeb21fe251cd42fafa33b6e3b5aa6cd8551b716fcc1c1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\35BA330A3D65A7F0DB733CEB542BE64BAA68B8E0
| MD5 | 8fbd2b63267037cfd119fef69379fdbf |
| SHA1 | 6876d78d8ee5a9c110b4ecaeafcaebcd77481f4e |
| SHA256 | 43088e370ff6ff83ccf5a369d855d31968a3e18e44bd9f0705eee1659aeed3ad |
| SHA512 | 29c3a5d8bce9cb99c072d2d270644746322eb83e51e7e882ce04723238628acb9a4f1ba3e547a1a6ab2f48f989ab4221ef02ed0d587873af39d13f67582dd04b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\569310489AA355180F229B54E68092E3E2C0B048
| MD5 | 382da254e008f3af69cfe6cc7f3b2cf6 |
| SHA1 | 78b739aefc8f2f17d1fea2234d5bea4f43ff11cc |
| SHA256 | cc0ffad22288cd9193137a7e390fe8548cac103880587d91207b589273544a04 |
| SHA512 | 5e93f16e77b17a3b8d8c0de03a15665774bab95cf7cb54b9f09f5b42efbdacb6a592ff1b5209c6f1972af45cfa10a51dfe77954c90d716bdf3fad0d4b7c7dce8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A40BA588E6E8CCA1F2FF225A12C5837FA4ADFAA6
| MD5 | be6d574c69142e0cadc08d758ca0a031 |
| SHA1 | f826635cf091f581c9b28103a98e5f9191477612 |
| SHA256 | 68b3c0969773830ffb2750feb93628814b5162b93cfc34e90af4a6ca0f2bfade |
| SHA512 | 0d215505358347bc6039641e42d64a3f5cee2e9c1a7d51d2ed8cdf0c2e1d68fbfa03a88df5284c1a51ae9747e9cc3ad5bb77d6e64934163d3714f88040e62a50 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\12A7881005195A37E2C8F6FF6CD3D85EBBA79522
| MD5 | be93ce977783081ee3608b332862fc62 |
| SHA1 | e2bcb4269a19bfc05c215183801ee34f1eeb761b |
| SHA256 | 76fc1710a7aa652308b3ba2396f55043106eb8c4f1743c013c09545db778579a |
| SHA512 | e04aec03b8738d059ed0a85f6a34d8c42d97b9794122eb404a3ca6a68db4dbe67858026d196fb17316282348aeb81fa156f078f5956f9db31b08b5900f691b5b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\DCEBCB1AB42B452EB3865AC25EF0B47565E4D1BC
| MD5 | daaa097ce6ece51d32d350cd4c612fb7 |
| SHA1 | cff9772a3d21d26db6a6ba77ba218e96560bad3a |
| SHA256 | 46c11fff7fad943113a86925aa8c5e6feabd6ae4fbd7dfa3f86cb591cf65f143 |
| SHA512 | 1f2373437fdd57b92225ed6a1e74ae6aaf8db1459bbd541cfe0d171939af1ef84267d53002fa1205f7ae92e0f09c40ba7307aa4fa6ae54409f1a3a1659a02dd2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\9A7F8872B335617C85443C8249C30C8F3D8C08B3
| MD5 | f31be8f865f1e684cc35f377cfd30f97 |
| SHA1 | c656697fcd5053024601b4e191a4ab4e74d1a611 |
| SHA256 | f01acf3f882a5de779792a6bf0e6a756f0004387840a62f75a5b98650260837e |
| SHA512 | c25793aae0b0f58e20bf13ad23bcd6a6d205ed22c2fd065bc11b2c67287272063ad19aefe07e86127e8bb41f855a80a69cbb8bdeb5f7800ddd4458957e5526dd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E986C21546BBCDA139DEEE3380FB6334077134D9
| MD5 | e59cb5307dafd53d42317c998daa2229 |
| SHA1 | bd9ff17fd3b52bcd338755fb99f8fcfb63f78f78 |
| SHA256 | f281045c0cc2c26c7ac18804229876be0a552a76ba63d739f707d6ec1eb43c0c |
| SHA512 | 1924f4bba813267e9a22b7fff6c51aa6ba9287a080e6dd7a326630faa2ba8742d11b2d41301d9379121a9e95728970332d52bc0023875e16b062f68b798bc413 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E0CF0B7585914EF83EA2FA7D1D3E9B51D3A99B70
| MD5 | 462fef900274f8c90fb33a617d6e2728 |
| SHA1 | 15c5dee545def3a90e66f9b23f4f5a947f4872f7 |
| SHA256 | 2527ace4732de3a805522cbb6ade1de83d0e7f9b2baee18adff9dbc3ee3e03b4 |
| SHA512 | c05177f1acb242040eefaf73205246b87ed28439417f6f243f67d1f40b624345fbcc617a5fe8e57132ec53ec38796d161be28f368e5620dfcbfd0f40bca801ca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\BA53031A0BA9F7163BD9B09B6CC867294FA2A699
| MD5 | 3026ea6cda2e6a08080c8479e22cd98b |
| SHA1 | 60601c4c6786025d10891042a7336ede2019a7d2 |
| SHA256 | f3a055d785bfd20d91261d49d62f17fa8846f29e5c934df9c6dcebf0f8a540ce |
| SHA512 | e8a4541a327c7b0622ae98195bdff485e9f2ff30f3530b41f129071ad6dcd3d67d8ff6de5d30dcfd6cd26ae2d40e7fc8f4c73422bfb71af59303d5ee84d98129 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\16D3E6A057A124E8E3BC96689FCEB5904949EBB5
| MD5 | aab2f0dc489f5ce3fe17f44ac22e280b |
| SHA1 | dc489db717de8f08ee6cdb6351d1f7cbad04ed6f |
| SHA256 | 7246d99431118ef40db86ddca651982cec5a5b6a089aa55474833f0369e0b37c |
| SHA512 | 33cbbb1b7e93f2425d94b8290eb7fb3e44c853d82f744bba605611a84c8d8e576d2e823d883d9a5c093cf7ba0586755d6c230f2c90f9f82c7b6668fafccd7990 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6B4DB52338644A6A772A175E61E5FE1628EBC513
| MD5 | 1b793e28893296fb6136baffad49e670 |
| SHA1 | 771078e2c2d09010bed2f4ef35244bd6b8d807f1 |
| SHA256 | 5020e6d5558359687fec76612016ed23ec791b11def2fe2806a6c5c771796506 |
| SHA512 | 197db236592ffd334fc0c2feeab97c5ca88d83c93505e21c1810e644605f279bcc8131f569a8d25c0858e8daf82591a2875df0391cbdd705f5bc36bd6f9e52d9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\EDE1C69677261F337966A25727F604E03E3DB6A2
| MD5 | 422e041e804f8bbbe9170eb84aba1a24 |
| SHA1 | 58fe7f73cac07b6a1ef93822d3ef1763ccf2940e |
| SHA256 | 994c8928c8a2737733f258ddf39b24f6058eb882b16545e0b8905e838cecd50c |
| SHA512 | 608a5deb4f27664ab1b72c7bb9c84d34c0f2e05a1605700bc24fff8735f7f5b7ec692a603b41b869c8f087a7e55ba0f90e352edc461c158a23141036f3da8ccd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\A7185B128F37007861637E9F7A1F3A17CC67A193
| MD5 | ae5e0403fab9392002efc569495fc213 |
| SHA1 | 335f537cd244fbcd3017c25949f0b90edbfcaa5e |
| SHA256 | 976186a1a2d94593b8a18936a261c25dc96eeab29abc4069a46ce5a3ab078d6e |
| SHA512 | 5bd809abb14a9d0e121603f476cd4506fe16927548e6d1a411eb33f1787467db0923b536eb87e2a9a71954b0da8537fc99a2d3b1cc94918034f3c7a261220884 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\32CDC3544254379FA0CE0BC8E82887486A808831
| MD5 | 5449891ba2030fcc792ba68f3eaaadb5 |
| SHA1 | dc5b84911e691d0c3646b07ff8e874159ada46d4 |
| SHA256 | fbba0f1e890808b0efefe764d531557118fc495e54e3222ec573bfcacdb1a420 |
| SHA512 | 49edbe343b94ca791657e0b331dc278be879348ceca4756a29e56daa0ffaf2f5af05f0282eba6b6bcc3f2f8a7b3feec2c369e736e0afc6d0ea425b681d722409 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\299B4E352333008A61316AF9B2567C39F7C455F9
| MD5 | 20a8292f0316ba79a10bb94ded93c713 |
| SHA1 | 741662fc9a46bda564a5d5db98fdefd85a71d86c |
| SHA256 | fe1a2fa31315a539c3c99a88b76b106e1c10e48837e10078e2f18b15c242c28d |
| SHA512 | 469764c0cfaf992ea712c572dd620154be3a2bfcd5bee7e4f26c71b88db3f04eaa1388646d4beaecc0fe67995401e64ae1109a6786a3bccc1c72ebbe12b80072 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E5598E170C71E64E82F578D0B0308297497C8C1A
| MD5 | a4dd5a5b3ddf8e97f8dc689aaa0b8f3b |
| SHA1 | 5c8bac3018db5627bad7f6b257c043a23bf2dc66 |
| SHA256 | ae3686a01201ff370fd4ede77026b31a05f5c39af8adc8f3e47a3f842cf04eab |
| SHA512 | b0225a278333cb494c66423e2deb39ac524b225e37e15a6179f35220ee1f11cd6e838a9284fb1fd60033778c900ba605cde7bfa93263450f37a5b2fcaee5d27a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\FA3488F3C0AFF2AF0DDB34B33BB5C858E7FB7309
| MD5 | d47fdcf8a95cd9bb47390f259f35b601 |
| SHA1 | 22dc4b851918c0f96bad9a93b2a7f5f7159d2ecc |
| SHA256 | b72c21bfd1984872c9477a9f2db4397b4d5196b916265077f4a29a2fbe2aa3bc |
| SHA512 | b649dddb5bbcbc770290345b7b6790163e68966a5feff56e2272db43b5d688b58e4a59c127902922d4b8acd0dcba7db29aad9d6d6db84f7e4540865019c0c03f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\7F30F53457983F11F2D61636C9FB5706ED9AB60D
| MD5 | f05004deec6ffe17067accdd3ff39351 |
| SHA1 | c980a3c38eec5bc6a681805dc62bdee528545deb |
| SHA256 | f3ce242e4d2cf1393c4b8fec89491673a7ab4c71e9f67c2dad2afe4cf8b536cf |
| SHA512 | 528e2b42b67b894dea0e73de7d1010ab4873082e40a0e423e6e716127a71a776c1341165568de75314f697795c68210d26a925b0cb7812291f5f80b49fa4350c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080
| MD5 | d0e4eb8f76de22940374ca04abecde50 |
| SHA1 | 5408bf79cfe3261f94b2eac15c17f52f68e522d6 |
| SHA256 | a4d27b6061f742eb6fce73dd40424b0ca6643a24eabc70b353a9ef4d1d8cf0e4 |
| SHA512 | d25b811f4bba2d184d11220026b852e2a787e54d7babfa7d5f4c189e8152b3ca03d487add4a56f70b3bb9942324002de67cf517a40d1c32b0563da5ca785fe5a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\8560096652A022B72F28E970060DB183FE096D89
| MD5 | 39b9e1a78506228699d17da0b797edf8 |
| SHA1 | dc3ba42c943b08856474ee388cfa27f9d2dd81ed |
| SHA256 | a4d1270f32c0a5ae50c3a712691dde4dad873fc8fb5514ccd0516f1efefa50ff |
| SHA512 | 4118deefd08c908edac496632f738c3b120b17ee4cc15ec640e9b2d6e4e6e130bec29efda6ff3a38fdfbf551a8084d7c034d9fa57e41cb4470c304bde6fa9d3d |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | e58fdd8b0ce47bcb8ffd89f4499d186d |
| SHA1 | b7e2334ac6e1ad75e3744661bb590a2d1da98b03 |
| SHA256 | 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a |
| SHA512 | 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/1056-1479-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\places.sqlite
| MD5 | 3ae512093c12a2694c20a72b089bdbef |
| SHA1 | 8aad114cc58a9e959341fe183bd335333ab54a42 |
| SHA256 | 03467bea506fc5d0d77c6a7213d88f8a5ab0c73bea2e97b905a91d959f602984 |
| SHA512 | 127bba3cc833790ddb04fda62fe50e1c54e88dc6c292158f10b9781662773dd25d16781095404e0b4996e14db33205cd4bcfce87e33fa7258db988f8981f2f25 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0ccba951f4ed68b539abc2afab26afd5 |
| SHA1 | 808f714482386dcaad8428426fa49ba8f1595791 |
| SHA256 | 6a42d0e37928a8d55f14934dd1de10824602195a13d6b4d4d7f28cc58cc38f5d |
| SHA512 | 8aee6444ec88bc71548a7fc88516db2114e1a4d64ee9fb727612dad0a7a1d430a8dca94ab7237e81d7ab22ca693a69a43e67e644e67f57eed909161ac871f7c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js
| MD5 | 8ce42ae987b263d43bb0afb090f0b4c3 |
| SHA1 | 253de806435ffc62e68977034a89152194d92ab4 |
| SHA256 | d10a158b6d7205db7270519667bcd89d189958e9fe635d9f7d549fe818221fd4 |
| SHA512 | d1c35ec736e2de2d75e49311715bb5aeb58ba410b9f0f49360bbe8c25e7e0aa6c3c0ce6b3d890e7c86993ad50b4ecb069628dbab449da22809d1c4c74db9041f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6b512908cd68e4b93f2e795bbd325206 |
| SHA1 | ba54c3afec1050f60d1b6ca1b224b43911d002b9 |
| SHA256 | cebedd20162d75842576f5da0627519692f8ead0ed868c7231404a1aeb39d8aa |
| SHA512 | 0ae58a712a87dfb07906c558d79202226977d672a6dc91906550a2defa8d3ec8691f2d82019c50f300ae73bc350d72f168c7e229368ee42fae04e9fb96fd4bf9 |
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
| MD5 | 7e6b6da7c61fcb66f3f30166871def5b |
| SHA1 | 00f699cf9bbc0308f6e101283eca15a7c566d4f9 |
| SHA256 | 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e |
| SHA512 | e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 74c4a723b053eb80a7f7b04634693ee0 |
| SHA1 | ec15802d91a23cec205bb7b6848b5f257e9ceb53 |
| SHA256 | 9325fab36b9930831ec1466ca0fb92198792a6c8044a2b7d18ad6bad72b09e80 |
| SHA512 | 70caf748874a49278b843bc04fd872fde647e2f17272ecad42305af8b52e113a0f780b664c13ff3cae2332c46f22f48df9f10cc0887380ddc308acf4b0ac0e50 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/2616-2995-0x0000000074340000-0x00000000743C2000-memory.dmp
memory/2616-2997-0x00000000743D0000-0x0000000074452000-memory.dmp
memory/2616-2998-0x0000000074460000-0x0000000074482000-memory.dmp
memory/2616-2996-0x00000000740A0000-0x00000000742BC000-memory.dmp
memory/2616-2999-0x0000000000E90000-0x000000000118E000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | c91d7a1930f4604c0864b4b1c43250dc |
| SHA1 | 3bc0a026f31fdfba10acb60ee33e20e60d8b12c2 |
| SHA256 | 235b4fe47137ba514de200c48a112ee4a3299f76382716c612c006a5218075d8 |
| SHA512 | 00c0eb476644c9e8cae683041a37cadc098165eaf92aab7fe1344bc7969c1b0c3b3f3589c063c2eff00e142729cbcb9d4b7a642b7ca415e5b4f99b328c05a46e |
memory/2616-3030-0x00000000742C0000-0x0000000074337000-memory.dmp
memory/2616-3029-0x00000000743D0000-0x0000000074452000-memory.dmp
memory/2616-3028-0x0000000074340000-0x00000000743C2000-memory.dmp
memory/2616-3031-0x00000000740A0000-0x00000000742BC000-memory.dmp
memory/2616-3026-0x0000000074490000-0x00000000744AC000-memory.dmp
memory/2616-3025-0x0000000000E90000-0x000000000118E000-memory.dmp
memory/2616-3027-0x0000000074460000-0x0000000074482000-memory.dmp
memory/2616-3037-0x0000000000E90000-0x000000000118E000-memory.dmp
memory/2616-3044-0x0000000000E90000-0x000000000118E000-memory.dmp
memory/2616-3055-0x0000000000E90000-0x000000000118E000-memory.dmp
memory/2616-3061-0x00000000740A0000-0x00000000742BC000-memory.dmp
memory/2616-3096-0x0000000000E90000-0x000000000118E000-memory.dmp
memory/2616-3103-0x0000000000E90000-0x000000000118E000-memory.dmp
memory/2616-3113-0x0000000000E90000-0x000000000118E000-memory.dmp
memory/2616-3119-0x00000000740A0000-0x00000000742BC000-memory.dmp
memory/2616-3120-0x0000000000E90000-0x000000000118E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-15 08:35
Reported
2024-09-15 08:40
Platform
win10v2004-20240802-en
Max time kernel
93s
Max time network
205s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe
"C:\Users\Admin\AppData\Local\Temp\wanakiwi.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |