Analysis Overview
Threat Level: Known bad
The file https://github.com/chronosmiki/RANSOMWARE-WANNACRY-2.0 was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Modifies file permissions
Drops startup file
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Enumerates physical storage devices
Modifies registry key
Views/modifies file attributes
Interacts with shadow copies
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-25 01:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-25 01:07
Reported
2024-03-25 01:14
Platform
win7-20240221-en
Max time kernel
380s
Max time network
381s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD526C.tmp | C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\jfaipnfbp319 = "\"C:\\Users\\Admin\\Downloads\\Ransomware.WannaCry\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/chronosmiki/RANSOMWARE-WANNACRY-2.0"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/chronosmiki/RANSOMWARE-WANNACRY-2.0
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.0.729851781\1796695860" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1196 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2916fdd9-305a-4655-a7d5-7119ce453292} 300 "\\.\pipe\gecko-crash-server-pipe.300" 1292 10db1758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.1.1181955896\1148128941" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dbb9e70-6db3-4e69-8f78-384763dfbca7} 300 "\\.\pipe\gecko-crash-server-pipe.300" 1508 f8f9258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.2.279107316\243252357" -childID 1 -isForBrowser -prefsHandle 1860 -prefMapHandle 1792 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6534e8e-f93b-4b37-a3a9-0de3b10dd3b5} 300 "\\.\pipe\gecko-crash-server-pipe.300" 1736 19dae658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.3.1394386799\129361129" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2816 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d756d127-0ab3-4c87-99fa-e91303ed25cf} 300 "\\.\pipe\gecko-crash-server-pipe.300" 2836 1ccbd658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.4.307832755\2018573735" -childID 3 -isForBrowser -prefsHandle 3612 -prefMapHandle 3464 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e938cce1-8248-4064-8f8b-bddd364dadd2} 300 "\\.\pipe\gecko-crash-server-pipe.300" 3624 1ecc9e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.5.1313166653\917025160" -childID 4 -isForBrowser -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f1e47d1-55fb-4de3-8d2a-11128098413b} 300 "\\.\pipe\gecko-crash-server-pipe.300" 3720 1fdc7758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.6.774869236\1186233408" -childID 5 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40757406-6178-437c-8858-a949b1086f4b} 300 "\\.\pipe\gecko-crash-server-pipe.300" 3884 1fdc7a58 tab
C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c 248731711329072.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "jfaipnfbp319" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "jfaipnfbp319" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49186 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 44.230.91.85:443 | shavar.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:49193 | tcp | |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.114.22:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 140.82.114.22:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 140.82.114.22:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 140.82.114.22:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 5.199.142.236:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| FR | 163.172.35.247:443 | tcp | |
| N/A | 127.0.0.1:50550 | tcp | |
| CZ | 31.31.78.49:443 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| DE | 146.0.36.87:9005 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-5hnekn76.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| NL | 209.85.226.10:443 | r5---sn-5hnekn76.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-5hnekn76.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-5hnekn76.gvt1.com | udp |
| NL | 209.85.226.10:443 | r5.sn-5hnekn76.gvt1.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\datareporting\glean\pending_pings\e80a409c-48ff-427d-ae57-4e1cafa23baf
| MD5 | 5aead7d5a2b0184fdef64e6243895523 |
| SHA1 | 68eaaf450c7b9708628eda55bc2a33779cfcf547 |
| SHA256 | 0cbef827ab85d4045854cfcee2718fd20b32f5ed02e06a5365fcad4822d0998c |
| SHA512 | 5fd800b564f7ad781ea542eed4c4ae408a41cb388411d88965659c6847d432e704f7868a06117c319ff92680a0f5ec1829753ba11656aee170634984e5422f6d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\datareporting\glean\db\data.safe.bin
| MD5 | bb568dc8b809c471ef1c296db4157216 |
| SHA1 | 41152a14ed9abd9631c8f9ff1a44e97f0886a634 |
| SHA256 | 6d06fe6f3c2d0e3e25937da0372df3b9096ea67306376a147d2983fef4176ab6 |
| SHA512 | 440521bcb2b0c86548e3745b51db1ab9d8afafb6c78b20fe354ad5fcb999ee815649a263d8e491215894423bc7e5a4ef6497f42224e55b3a71352adb6120a127 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 08bc7216948b4f8d9ac9a2c7d24c05bc |
| SHA1 | 22a60e549dfb0af87644a6d2942cd6a3a87503bc |
| SHA256 | 442eb57c31d28f879947de918e6be263155deebbf6197ae3bfc57aee75ad568b |
| SHA512 | 8a03e3e2f345a3e4c09f3cc8412dba4ee72b259aaf99d0a3326cf07215fba804b4f0e55237548881e33a195c79aaee462ab6e06ca8b6f5e3a9d6b9e7262e991b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\prefs-1.js
| MD5 | 86870e2b22a5b76b483c8c5d1c9443d3 |
| SHA1 | 6b11e5fb32b35af3371163cfe3da7b7e97a392c2 |
| SHA256 | 5e7f345aac9b0450b6d8ff6648fb393e0f7a105bca6a13a01b20a0f3a0e0d5af |
| SHA512 | a37c3df01bc42647a94b33d41b7751edc440e811d9766db4ff4492bd9ffa13877a4c7b4bfe39e974a9869cff1633834a00db0589a490c4b104d503622b2b87d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a8de8d534d41a068e7918d872c721414 |
| SHA1 | 5b102e367a95c4333b8f64de46340ab1fb8305f2 |
| SHA256 | cc8f23e0e958352abba89949e933f86b7acf9ff7bd5efdd739e4b11f203c9da9 |
| SHA512 | 123aa40ec69bccb1bf1858d1eadc890d725ce70bd51baadbb7add9de97483779e8d791af39c32695c54c72f4780816585215163478678e6d6de9d9c15ee3d074 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\prefs-1.js
| MD5 | ad6581bce25c68aa5490310426d886b2 |
| SHA1 | e831f4f652ceed624b89a994805441e916258264 |
| SHA256 | f15d7667e0073a6a8797fab6d6de48f5c770d2229674ce251f6c175ab07f8511 |
| SHA512 | 8efcfe36e84c505fee3adeeceab39f3e3480eaaaff0a1493548770547e1ca001b5df22c7309e8888c13effac856e33054ba459e184697bb150e9eb9d9136d701 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4d97ba96a3dc173a77e152aa81d7361f |
| SHA1 | 83f2b8f4e50deba9d79cb5d23c63eedcd5c3b601 |
| SHA256 | 715c2e81697d925a83ec26e98dfad9fbd4c577acf7f66d430a02d6d5b8126c27 |
| SHA512 | 4d65bde064be4502a587a9cd15b58dde9eec7caeee2c5fbe9b07088fecf91a6530503d431c754acb0126e8764dd3212c30c6692b67ce72467c21919f8ae6632e |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | efe76bf09daba2c594d2bc173d9b5cf0 |
| SHA1 | ba5de52939cb809eae10fdbb7fac47095a9599a7 |
| SHA256 | 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a |
| SHA512 | 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a98e1f459c473db3656a3f0c1e50e867 |
| SHA1 | bc69df544b02f69eeb1a1d1fc23942f3c6dbc612 |
| SHA256 | 6725167ef55148b256582626e05be5461a536a451a41727095eb6b1e30f4e737 |
| SHA512 | 88775647172091335d986ca7290d8ea1fce2ac01da24b410adbe291f42b25ef1d22f0e82f5fb6c94f1bb42b11eb36151379e9772ccfaf3525f9fa8af49d7ef1e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 412b6c4e1e47f6568e3873cb7bdd8fee |
| SHA1 | e951ddac1a8db23e08aebb6079d3059973837efd |
| SHA256 | a0f2b23ed99578bcbb1f8a0fdea37763baf4779dce7665a9a2a5c2833fe04453 |
| SHA512 | b3a893712fcced29329bd8e91eb86f7dfaf3a38f70baaa95b2255c2be5bd090e5e56c9611ffea9cd9490a6445f2dd7042c66a1da772a9e9f8a5116d0eb1a1973 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\12690
| MD5 | 880741e99c11eae303f703d21852e530 |
| SHA1 | 7eb704ce47f9447be5e78a1877640533756312a2 |
| SHA256 | c29c77a2988fd73817d469c8958ecabdf49e89d9f56baef3c8f975d1b3ed235b |
| SHA512 | 13daa17285739c607b1d172fe7d4d19297f5ee59dca17304f43e87e9481f81604fa9cc85d4c4f919e0aef29fc0747b1429cec918cff547029d96ab0a038e02be |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\13846
| MD5 | bc3d47f86d4d0937070c9e498564d483 |
| SHA1 | 2407219467cf6bd798a0cb63ce5b382db6406e05 |
| SHA256 | 49c4c4cb61f487a463738fca087aff2ae6af1e0cced5248f34a23a134f0fe057 |
| SHA512 | 523f0e18f4efdf87664b91b96ae45b44490e6027ecbab3e821c0b3a9f21824a5620d822d72ab7bb5092db2943fd1d962487ff19a5f289cc9c2e468a70e44b05d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\13622
| MD5 | 27e18d90155c548ced7ff925663415a9 |
| SHA1 | 5460c620e25343e0f6a672cffecdba935dcfb398 |
| SHA256 | fa8713b08812d24e45ba7139692d6d853b888bad26efa428a1b143ba1a34efed |
| SHA512 | 51660c526805007018ff0e8fa976edf8cb881d8a30834d804f5ba1f5816d4e62b99bd36fe2b88303024beecce158e8fadca053beb1b63c69037e780c07cc50e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\30025
| MD5 | b4b169f15e62366fd9efe67e6447fc2b |
| SHA1 | 4f20cd3a3eebf4b5cd5b737d1a6b976b565c0a4d |
| SHA256 | dd14acf1dafece219966358225696a62a4d9181495c079bded25be44306614f5 |
| SHA512 | c29f29bd6215ec2c67bb5b61a261bda7ec8e341885e3c34e824256c3f6ba47665f69ac0d970d853c628e4b3796e21a5c0d91c7db2269b1dd2ba367b73ff10c1e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\12724
| MD5 | 06f9ec5c2948c966d8081dac038e2e38 |
| SHA1 | 0ec8bd6a7a34985428d45f41b45601e86f91a67e |
| SHA256 | 79c4e1979c614a0c7d4f38fb5c672b815bf3bbbda650e17d21690264818978f2 |
| SHA512 | fcff95099085cf7fb6f173f7bc0a13f98dc2e29cc98b64ae39d7b40eea1d626e0f589dc16bebdf3e7801957ab7c0a98629eb9b1fdc5dadf5ba31bc152d7f3fdf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\24776
| MD5 | 434bc15424c94a67d08d85914eb7d64e |
| SHA1 | 07f697c98b07b636e30cb8960afbf39a3fabe804 |
| SHA256 | 65cacc19c3a0457168957bce14c96fc182d589cd01ee197627fda505a19d8a48 |
| SHA512 | 6bb1760fd5fbf3aa963f2c8469e5ceb9fca6b522c8cc610ddece8207206cc705bf5bfdcbbcc5cdf09ed958edcdcd7a2efb88d740af1fa18fd43329b8a568bfe0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\12276
| MD5 | d8e7077a9f3b5652a9fe1ea70b65c860 |
| SHA1 | 1e8d99e46b8abfe9cc6ed16f5ac6eabbe8ad488b |
| SHA256 | bcd019003b6fb8ac71b56c653c64017c9aec6b196612d7a109742e21c5c295d3 |
| SHA512 | ad7ad05b561272b7bf53a61092856ac71107ab6504a4f279a58c516980b5717f40c71afd94c1a0523dd4e22c03231a3a966c60c5407044a839a6f82767b684f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a9d15c7421749f0194460376e5aef926 |
| SHA1 | 6183ec58cb0b29239983e106a76d60b3363b6bc2 |
| SHA256 | 1913a94fc3dca1aa427c0b6566e43d1c3aa5f405fe982af7cdbb5fd36ccf9f41 |
| SHA512 | 50f4c11e90601021beb466b7fbf1807c028f22b626c1e51466f87c88a31afdbeb9071a8ddada42eddfa19dab0bd2d75942e0ade432733a49d152145d92e7c6b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 073915eeae61179904b5710a0f141ee1 |
| SHA1 | 69640ec5f7995d0861a74581afb1cf7927aad435 |
| SHA256 | a55dbdef4c17c300d6b015ccceda2d05ab91b0326a8537cc31f3a7c293f1c044 |
| SHA512 | c1a5333b75f8abf948b56388278183174565e78b128d7eb58ff34d8ea844f378264517a975f296c23258e59fc75a8af93ec0c8b18b87815a93aa34ef7f301e4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ed33f83ab8742e20946936397dd75472 |
| SHA1 | 2e2c17cad852acc9f6a1500274e6a49f699c4d56 |
| SHA256 | 9c0d8327db86c8679df580a6a6407b8f398bf114a0189254169dc00bd7481ba8 |
| SHA512 | 5dd2694103f375fa1f7e8019bdb01bb19634e2f7a3ff14592d8f03ed37895658618101b22d048059441d4c3c88ed54d5ca77b7243ea453266a05c5291dd8c3bb |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\s.wnry
| MD5 | 9825f4747e1cacb9d205666b4c1d386e |
| SHA1 | a22245b29937135633a6e4892b0a10f14c342963 |
| SHA256 | 0d9d13fc8777b214a40551f4f2f99766f2f0bb3d89371b221c9341c6af5e0f4c |
| SHA512 | 1ef9afe9369023ae0e0488fec14b91ec0736a50dcb950fa1ddb74e2f95a69e9a6191aefe1c186e69dca3778a294f4c6111161eb5049883994aa6127505c3612d |
C:\Users\Admin\Downloads\Ransomware.WannaCry\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
memory/1988-518-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\Ransomware.WannaCry\248731711329072.bat
| MD5 | fe9561e52b9a2cad33eaa33fbdaee8f4 |
| SHA1 | 2bc1b267837017ec84edec64e2ed5ab787a59793 |
| SHA256 | 6cf7e177e05490a3326a71f20a6640edef1d92936601969df22b0ea5261b1d44 |
| SHA512 | e734e185a32b0d2109cb666c8bf217096fffb9804578b97d8b108a7edae01ab129c7e6bf20174faf67c5ec493e9ce0e98d85381017fd3b879fe7232a36430261 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\m.vbs
| MD5 | cb8af050def8bd8ff07b6fece0b09530 |
| SHA1 | 8faf2a240203f7dc8739952672c788a0fb2df973 |
| SHA256 | c97d8fc0de558b033cbf088ef69122addd364e65a49111aec218465549bf1227 |
| SHA512 | 5ccb09d7e199f31e4a9a92621755c6514e8aae6187b6bef8aba2b6644834776941401188646dbf552639a13124285de15b18e6ff12acb57f91cb7d204cafdd57 |
C:\Users\Admin\Documents\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
| MD5 | 4af193142a23d7a5cf8b879fe225c5c2 |
| SHA1 | 1efb5aaa85d26b73cc1395cf193fa15e02cca88c |
| SHA256 | ac4d77f7d4f0ac9b960ac7508a62ab09f4cfa981987c94af1153b63889a13a4f |
| SHA512 | c48ce4bb3ddfc2b1d503862572fdd002e93c3d9f13cbd6b2a1f5c153b521878d73d6a58d72241094cfd9c61fe91136e30d3cfaf14358b00d45a16e296134e62f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cert9.db
| MD5 | 5827ef10225df2b81f4529690fff3ef0 |
| SHA1 | 1e90b9715b8deeac41aca334c1dc05ff0c57fc4c |
| SHA256 | 0dd4ae9df70a48874d9831ef467855a34a73d8b231b184ff309666113a6f9a80 |
| SHA512 | 599a413b57c2f7ce8cdea1270638067c008d4fcec2cc73e77cecea18d2718baf325f73471ddf283cd4dbc73482407311ff4a769878f218167ac34c43a52c5411 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\prefs.js
| MD5 | 5de3fb57d774bc3ffad3efcbe63736d9 |
| SHA1 | 313a626c4216bc63ba96a31f8916cad958b87d72 |
| SHA256 | f680132407aa454ebe7e4f86b776a8edf0e1e6b86b6abf1b63a877e13bae3d2d |
| SHA512 | 73eaddb48d452f33a86d242edbe6304676ccbc21e1307cb896f7be4417beee30f43983820b7ea8cabe7e1be58603c6b5ce41144c213fd6ea655a74d5f3f020e3 |
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip
| MD5 | 124a6daa8f12ae60361f07e2d775632c |
| SHA1 | 18c77dc913c9a772d716095745474ace2a942062 |
| SHA256 | cd50b6bbf4c4b7da4f8ab126c70115d1457f582502a2cf92c33a77d4e00c326a |
| SHA512 | ab102cf8ed40e56c7b2d37a7ff2902eed134a31e413f319810031b07f46ba3edb67d7b2fe5610d9f07b89ff2c423f7e5b76fea51d0b80c5cb54789c68ee2f084 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | 53fb1d62714701be9d91f4dc81adb5ee |
| SHA1 | e8f89fe3d8d4334fb9885e8f3b3020df6637f822 |
| SHA256 | 81e8e90c50c419b13344f973331066f86cb461ce15d551a353f9ab52f5533efc |
| SHA512 | 5dc31512e1c0fb41ae9202c1efbaacf72a43c1c0892b0c93b2c503ba8035ae285d66c0b17c0d3873e64057957b52ac0554c57fb60483a1cef19546e4a609d8ff |
C:\Users\Admin\Downloads\Ransomware.WannaCry\00000000.res
| MD5 | 98619914cc3541360ae009df574f732a |
| SHA1 | 31257b52df1404db3baafd580664ba5bb6011492 |
| SHA256 | 73f067ddeb0e4d0424e44ae5dd0bd201acd0732d62ede377824ccae33943f208 |
| SHA512 | 147c9b935f02909b53ac3802916b802e4a395c668b1f198009f7702c91658a193732b2ea4bad83383fa73e90bde53d439c4e28f4896df8e7dc9a01883e14a7cf |
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
| MD5 | 11aa1716f7f0628978ada7c005fc8dfc |
| SHA1 | c09e6269690670929f52ded956297a88c0059acc |
| SHA256 | 11f8e105ce8531d59d1be155644da43eb34f2a2d4dfaf19517eb73ef77236b42 |
| SHA512 | 2deab0fc5791d44188adf6ed9ba9fa930d3bab9eb471c43b6322f07f0040278366b8a814a04ff8102c195efcf67c8092c138a18b297ee3ce862282181be2c899 |
\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
| MD5 | e8296d4dd0793727d417719c73a0832e |
| SHA1 | 09705b13cf6af5f8563f29f9663ce33a55a63b12 |
| SHA256 | e97c8dfe162ceabfb6cf13a88035ec98d589aaf5fbcf69297ed0fb0c72f461a4 |
| SHA512 | 609face3d63d6c8b2c089f7c7e7e30533d67649af2e7983df833a6da136e6fae222c1e99b01c750546a495ba9de932e1c5bac9b800711789ffb073d58d1d9928 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
| MD5 | 17877328d73cddfdfd7aaf753c627f40 |
| SHA1 | a2b093d15d58e334b5197484dfe23487ea26b5da |
| SHA256 | c516c9d3e7115ad3a23625011c3abc7f27e994092d29a094467c9c2f2d867d07 |
| SHA512 | a575c8270eb475dfe40458e39a4cd1b4b68f0213a0bd070653139dc2466d72e2df99ae89e1f3dff076e060a4fbdf6d667411f538652adf00069268fb81a18b68 |
\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
| MD5 | bc9939f81052ae53cee66bc618611310 |
| SHA1 | 9942aa44c078931c88ad9d7b0f1bab4edb956ad3 |
| SHA256 | a869d61e86f8998f025b71df375d1bdbc65414875c30ba6bb8c9d4b535020aaf |
| SHA512 | f71ea69b54514765fa30608d3312724aa3ba55535f49afbb96a476ddcdb4c396ba1f1da9870c67fdb8e803451a7d25c803dfcbead339dee0f9768fb5bb0cc49a |
\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\libevent-2-0-5.dll
| MD5 | 980c120721a389d5930df56cf8c5067f |
| SHA1 | e7a259accc3cb2d47b202fbd4ab6e73fe9d9f162 |
| SHA256 | 7b9ec817e163211c46edb8af15aa2c55206af9edd7c1384e58873c2d67dadd5a |
| SHA512 | a184a43151b69a5c7c8204c6b58d9b9644bdb7dc422141c2c5896cfb029c46fbe85a1d419a908674e1d73add2800aa29080476f3ee58e16bf0b9b528417a5ad8 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\libssp-0.dll
| MD5 | 78581e243e2b41b17452da8d0b5b2a48 |
| SHA1 | eaefb59c31cf07e60a98af48c5348759586a61bb |
| SHA256 | f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f |
| SHA512 | 332098113ce3f75cb20dc6e09f0d7ba03f13f5e26512d9f3bee3042c51fbb01a5e4426c5e9a5308f7f805b084efc94c28fc9426ce73ab8dfee16ab39b3efe02a |
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\libevent-2-0-5.dll
| MD5 | 923b06e11b9e9c6d1a28ce219f3799b6 |
| SHA1 | fd554180ecc577c72232168739580018b955bb56 |
| SHA256 | d98393f29e499002d9796a7d997482c4372d55550c1775ff09b760319e89020e |
| SHA512 | fc9a21e03104a1522a298ca0a9f0ad71caabd8c308eccb14a558adf07043b38a6b4d87432c951d5bf505bfa00342ce15d6f77f2cacfa4c1b029e507403744711 |
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\libgcc_s_sjlj-1.dll
| MD5 | 8ec06c38c0ee8d0751043294b35a9114 |
| SHA1 | f1b1aec09f46ca2817faeeb38ae3cd702841e2b5 |
| SHA256 | fea85715a4e5f7fccb91cda2f70458c099eddf6a2d910e0395d6da345e35886d |
| SHA512 | 72f22bda1ac7eb3a225858115103629627c042c2a7aafb0e2ef9d43bde5bef41464562cc6d4a374131eb36fb53845a7d5cea5d2da7e9ff771f84bc7426e624dc |
\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\libeay32.dll
| MD5 | 1173c3db7874f5fc6cc7e90ead714aa5 |
| SHA1 | 2dcff41dedce2e4fcee5e665aa5981f3a331d442 |
| SHA256 | 83fd1a2803bc34c7ef02615c5dad42049fd1f3c753d47f5fedacefa57fbcfac4 |
| SHA512 | 973e8caabe90eb163ca6c327f347578504451f028cc2331fb7e48e484600b2a9f5497acd489aa80df4edd9b31fff839ebedacb835df3726bdc1035f431b5fe8b |
memory/872-1336-0x0000000074DE0000-0x0000000074E62000-memory.dmp
memory/872-1339-0x00000000748C0000-0x0000000074942000-memory.dmp
memory/872-1341-0x0000000074D90000-0x0000000074DB2000-memory.dmp
memory/872-1342-0x00000000748C0000-0x0000000074942000-memory.dmp
memory/872-1344-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1338-0x0000000074950000-0x0000000074B6C000-memory.dmp
memory/872-1348-0x0000000074DE0000-0x0000000074E62000-memory.dmp
memory/872-1351-0x0000000074DC0000-0x0000000074DDC000-memory.dmp
memory/872-1353-0x0000000074950000-0x0000000074B6C000-memory.dmp
memory/872-1355-0x0000000074D90000-0x0000000074DB2000-memory.dmp
memory/872-1354-0x00000000748C0000-0x0000000074942000-memory.dmp
memory/872-1352-0x0000000074B70000-0x0000000074BE7000-memory.dmp
memory/872-1349-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1363-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1365-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1369-0x0000000074950000-0x0000000074B6C000-memory.dmp
memory/872-1375-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1379-0x0000000074950000-0x0000000074B6C000-memory.dmp
memory/872-1383-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1387-0x0000000074950000-0x0000000074B6C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | b3dd3402142a081b75c73efa4da6919e |
| SHA1 | 7cb59ec3cca45ce4179870ae34308b8fa9fd419f |
| SHA256 | 7beac8cc4e40ee20b5ceb01c204b18ce8a9af3196a4dca53ded020ddbe7aafaf |
| SHA512 | 2d1d585824564a0e8e20b5459e5743945885653b46ecd4271c96978b345ed68081eea38548fc79b06e6f3c3a24bbd43bbb231d3184033f538475fc0c49e4e057 |
memory/872-1402-0x0000000000E60000-0x000000000115E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\prefs.js
| MD5 | 9d5bed5fc6935af25783020426705326 |
| SHA1 | 28e88ade2b0224f800796e4d4859397448b5e180 |
| SHA256 | 81f718c94f42939089c1e57e12d17012882e36a13c7c90f3d1e73234fbb3011a |
| SHA512 | 42ea22676e7a8b5fe7c5c7b4737d7fca2663b63c0bee3b474c2787c4baa831590e09d97e6f8d5501772f52781201aa3c611ec43f35e2badb5f9aadb829aa0d84 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
memory/872-1478-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1482-0x0000000074950000-0x0000000074B6C000-memory.dmp
memory/872-1488-0x0000000000E60000-0x000000000115E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 7bc3d9b646b4ec6edad14f9964ba1e6e |
| SHA1 | 4732c0dd274cabf227a87d8fc28f0b9aaf718eba |
| SHA256 | c62d7ebd51a2c04c05ded64f1ad33b5552ffe3f209d68b8b3e4655c277638f55 |
| SHA512 | 3a3ed10b992a0b118d499905b2d230ffde3885705a0ea0630649cfd95ddc1520a46c483aa125efe5df78bd82490fe96babd4cad26839c2a67d75f540f9755dc6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 2d8d4d9d7a77caaea2ce4393ceab9f02 |
| SHA1 | 1b52e95584f524aadc614036b647eadcb1ce7c87 |
| SHA256 | 3c2bd9e46acfebde2018355a887b100427f942d6d951fcb369492551353bcb3b |
| SHA512 | 155506c2524bdde165864328a258d7035484aab0ea7b745b35b45f79391afcf2aef2c27a522f1bc8c1064f49a6a09605210dcb05c3fdc404c23f3f213a123400 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/872-1535-0x0000000000E60000-0x000000000115E000-memory.dmp
memory/872-1539-0x0000000074950000-0x0000000074B6C000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u2bjtpec.default-release\cache2\doomed\3468
| MD5 | ccd42fe20a3f0bfa47b059051c95d1d6 |
| SHA1 | 2d67b1755972d9a178589e7fc64d948cf288be5b |
| SHA256 | d11840130fd3539146311e653a2ff265ec62c8090186f4fd906f69e9ee8dcd83 |
| SHA512 | 1b20f5b218e5ec63acabc2d79cee3b216b4bdb170d6622f0c8304d08618e600f78ed89a650cf3f2e423b9805a3909ea438116b91c3f985cbf1622f16247fdb1d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 84c8057adbeaacd9cdb5362e9f31f31e |
| SHA1 | 0c8163237286a53cf3a083915bb0bd54c9ce5082 |
| SHA256 | 8ba1be7b2b0f6b1aad94b2c0715fad6104ae74fc87fa9e6e3e7448194569474b |
| SHA512 | 230ad7a5cddd210625d9dcb779011c2c9816351f3f47b88f5e4662eccc3a45652620ef7ad4e0924c2a7fc5b9a218998c418e900bde4b950561dcc0e2d94b19c8 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | f5e762738acd46549178c195e958bdfb |
| SHA1 | 65a32c5c16bb296aee252206e219e4fafad444ed |
| SHA256 | 13f24d0cb69849410b45850f1ca422e702fe06d1347b178d815c42f8f986c5f1 |
| SHA512 | 739f9faf223dac5ba9eab0bb3979d35f48a6f257b6f7a84f43375a8dbbc60d55d96ed6f52c8c143018b95aa936bd5acd1116af1f54dc88ad1bff953bd8ea02d4 |