Malware Analysis Report

2024-12-07 02:47

Sample ID 241114-ycv7jascrj
Target alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg
SHA256 d0096ae477363291c2bd6307776c5674dfd0d6f718f0b99647f4d77d1f58117e
Tags
discovery wannacry defense_evasion execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d0096ae477363291c2bd6307776c5674dfd0d6f718f0b99647f4d77d1f58117e

Threat Level: Known bad

The file alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg was found to be: Known bad.

Malicious Activity Summary

discovery wannacry defense_evasion execution impact persistence ransomware spyware stealer worm

Wannacry

Wannacry family

Deletes shadow copies

Modifies file permissions

Checks computer location settings

Loads dropped DLL

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Sets desktop wallpaper using registry

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Modifies registry class

Enumerates system info in registry

Checks processor information in registry

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Modifies registry key

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

NTFS ADS

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 19:38

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 19:38

Reported

2024-11-14 19:40

Platform

win11-20241007-en

Max time kernel

102s

Max time network

103s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760867631954527" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4204 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed539cc40,0x7ffed539cc4c,0x7ffed539cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1764 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x21c,0x250,0x7ff60e164698,0x7ff60e1646a4,0x7ff60e1646b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5356,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3080,i,6072196339742822276,1667322062459057334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:1

Network

Country Destination Domain Proto
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp

Files

\??\pipe\crashpad_4204_BYAMCJGGSIZIRDNC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir4204_644792834\b015488a-ec02-4041-b59b-33401896ed30.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir4204_644792834\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d081623f8a1c4ea5706763b44fcf002a
SHA1 d6f5c55dd22430b0cff26deca2e64eef0c97dc46
SHA256 1691a8e9a2f6fbf7f2d7b9d6cb67f31d12b7cdd72d1390cf7810a83d7f838b63
SHA512 e737556523b24b2c98cd682745f301ec2460bfcbf8e24e63f5fcec58be8c038fc0d080b267cc3cc8ffc61c940447c94a7a4d2949092c5586d12d4f536adc0353

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b46dad88479a5ff7456f0e11fb00c91c
SHA1 07ec0bf10da665f3485bb8b8573590e661409630
SHA256 bf4d9924150de7b788f6a3d8469aa666d4a87bbc5c7a58f7158483de6bb00a90
SHA512 ed3a078ecedf8b4520158a4376fc6f84db24f678a7e458a121d4028ceb270b5840ce619cc61e511cafccf973f56ddba8594ed6ec7ed8a18632fffdb16e533a97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 731ee372cd5ade64cdce011854bbe344
SHA1 a2cb5e127173f5aa9670358004dfef9257631119
SHA256 60ccfd4426120ba1274b99ae47177d394d94a3c9887f0a751c05baeff297063f
SHA512 e29b8eeaf16638041f0af1e19125af4c092359c7f3f29da8e09df2949ab4920540b6dae8bca9627b901c0b01e238e4dad4b7fc2a8edfdf62e66ec5c6094f326a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5dd57d70f915080ecf1fb79f09ec49b9
SHA1 d29d2290d3b8ac6c1d2ea0d28040afa395273525
SHA256 47d6a1270fabc9d74ab762babffe5490c0dda33ec5d036db9e5d73d17f10f5b6
SHA512 86b719a2a42f30403dab8fffa09933db83652d8c92497ff11dc79645e70b639015335fc999a52f5180a46ba0094fabf7e2f049409dbe7276c74c1af2de37cbed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9d7e4ef17054e122e3cd5a1bbe2ba058
SHA1 153c1089295b2c2297d233ccf609d6848af73157
SHA256 af1fbec386bf9e8ba6886c3c433c5ba734d524095d1530a8625161a974ec663d
SHA512 f6751c4556ceca442b61ad8566c5adf0a11ed53061f7ea5408a1ea203b935ba63708f4cdfc5e7ae3d2f29498a72127d163f806e0baf1b6d50f695c19524fa8d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 24d825137f840bfb300a39ff7ecde355
SHA1 f3a6cc81a1a1637975d6e7524f4db79ad1a81412
SHA256 ec40eeecd68bd991fb897a39efac58dad66162f2d44096baaddef116ab6be6bd
SHA512 dd66d6c4825a52c3260b5afc428d842a7b6e1cf5f801660f3086cd726345a7e408fe70856498d48ff9eba0a90a194706c27751c4897d788d9f255e07d098c323

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 637139a61885d142de0f95748e991599
SHA1 840429047d3970e2e97e5397d45f6f3294ebe2a6
SHA256 538bb0aaf8b328d4883f6893e954f64aa4dd0dfe635a0f9ef2e0025f4b6a912c
SHA512 93232269b5c4c3e7710563c3c3994d2fa24b78813e18dfff1847f68c7924b014b531a2c587e6627f6d9cbb1ab8c2d563a122605fe8d80492b93db6812a4e7ab8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21f9fda9eee64ef602a3337e571e9f3a
SHA1 b4887ffb333848f8096ab7f917f7cf0547c2984b
SHA256 8a34788aa38e406ba55bdec286fe0dd262a361d089a43d22def40bb1b35eb369
SHA512 6b1775817335a76334531e28e980490aaf49cc7a526d253c8424844fba25f0d51b07784d62255943fb061b579b19b5eae77b8e3b6d502615d21c1ee5c71f0c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4bf2156f4031440211916308da5f019a
SHA1 62822b56f11c9983bea82091ede56cdc3b9839d7
SHA256 5049a4b25c10946d00cd4d7f4e787f147253513b6d8e960cb640a46952ef9de5
SHA512 9c2ad9e50ed0c5de58a634e5438c2c7e185a783a6af995113151f215e80d781a6070712b3decf64dbc1442d6db557945ada5a3c6d9fa96aba865f3cc489a32ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77adb201181629e3e865d27643d29ef3
SHA1 2e71daf66e7e5412d31feaa0536d11738382d1d6
SHA256 9b17e686b970368344e5397ee43852891d5018b4a8d99ce4408c8dd0cc9ec176
SHA512 3253410e5976d51cfdc38c6eff152d0e4b02533af9cb7de4028d821fecfa6fc25b91352010e86ed9a4d8b1eec069f0ccf8db7631a189b3bbc55b33e0a0e92238

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0dbe8e17cc8f690a957b81cc8440e36d
SHA1 5f47560e298f5ad74f3cacb590d14b5f31d15ec5
SHA256 135c78e7bb8ca96f0fc07946385d9ef02e5519e28f289db642f5851b4323caf8
SHA512 699a85f17e52f24c664297be767f8ff70dc22965697e4f2328e30ab3727d3cf8930364bc649bfb379c002bea7479d9fb84d9722ceaee024e55b70d819993ccf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8362450f1e107e9c81e9bbe93b5e0772
SHA1 e55a76c5c1d01763c476fca76a7bc3a41a3ad3bb
SHA256 29295cbc14ac938ab60974ef7b4b9a5cbfdbf7104bcd811a82c683df5e15eaf6
SHA512 4eac84b73835e4172625343621031d62a5f9302153b4ae28d3fe1535379f85249f7f6012e18f38e3ab1a5c5e7f40f612b883b6f5e1f5c37b6caa6d981fa40434

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 407c58690fab78bee60dd6b554440ffa
SHA1 78fba8c6b6f5ada0a0efe1f187cf51e973faed95
SHA256 9d4bb0ab6d7ef0cc281eaabef7aca1b284b050dcaf7414d7eb6b1a4ffdfe73da
SHA512 65879226dfa57e2a9d0a8f98dcd0959d397365df1b5e33c3ab0cb47ac2628cda7a213141396450338534a6726a83ae3ea8ffd1a4e346190665838439e3a74103

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f42fb96f3ba1792fbbf6cd4aab31689e
SHA1 4e7c6cad87961faeff36e1e7ec84c356380574ee
SHA256 7ac1af14d22121e7172ffa3fe35acb68d635ef9347d1850f2febf50a2d21f5f5
SHA512 bf11c3f34544dee6c09861d1345784bbe7686c8c86467a9590cf503aed2b9cb4db4003d2409e2a9788dd8063cb396ced98b089c9ac401be7657a946e355ebea2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e54ec9eb6e89214a727323386310dc5b
SHA1 18f809133c8dda1e4801b17a7f80909b970ef5db
SHA256 e2c28d1cfaa94dd6d60100d2d17857f43ab40cac88478526a8bfbb420579dd27
SHA512 bc328f0c7a6532f04b756ae8c9f4e8bf383b8253050c19d4609c0814913882581cfe6d810235af263facdfc8d37676722a70bf782c23eb67b9c663385a29ab10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1b61c6def54b95aed8bf38c5e4899e5
SHA1 189c6c96326d97c649da099061da0a78c5e1052e
SHA256 5c1565953d01afc5eaf8de7ef0f998fc8abe95bae617d1d70c914d36bd0e0f4d
SHA512 cd8411e2cfdcc06ec7d9be73f10ac4581c2b46d2edba279cdf9e786767c966a26d14449ce0b9839096cb4db696f39735881581def63e6773b4ebc95bc7384d30

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 19:38

Reported

2024-11-14 19:56

Platform

win10ltsc2021-20241023-en

Max time kernel

1049s

Max time network

1038s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg

Signatures

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1D36.tmp C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD1D1F.tmp C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\WannaCry.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe N/A
N/A N/A C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mbkyddqwyn919 = "\"C:\\Users\\Admin\\Downloads\\WannaCry-master\\WannaCry-master\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\WannaCry.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\WannaCry-master.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3652 wrote to memory of 3820 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mspaint.exe
PID 3652 wrote to memory of 3820 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mspaint.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3800 wrote to memory of 680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 4672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 2156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 2156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 2156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 2156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 2156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 2156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87a887c7-35d6-4f0f-9aff-0879076251af} 680 "\\.\pipe\gecko-crash-server-pipe.680" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2416f450-a793-4934-ace2-3379802d6bda} 680 "\\.\pipe\gecko-crash-server-pipe.680" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3020 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec6fd35-3269-44e3-a071-6008ac63fa05} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4428 -childID 2 -isForBrowser -prefsHandle 4420 -prefMapHandle 4312 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9673fe-a737-47cf-bd72-224829240c92} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4876 -prefMapHandle 4924 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4a48498-838e-48e3-b4c8-2f432f006e06} 680 "\\.\pipe\gecko-crash-server-pipe.680" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5228 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5dffcbc-b56b-414c-b25c-0fa3b90102b7} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5500 -prefMapHandle 5496 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f85385b2-f9b2-4ddf-9d07-1eb9859aaf11} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5608 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48db4e0f-3287-4d13-ae53-14868b284f2f} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1568 -childID 6 -isForBrowser -prefsHandle 6060 -prefMapHandle 6056 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9409ca8-b9b2-4b5f-a5cb-893bfe77639a} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6184 -childID 7 -isForBrowser -prefsHandle 6172 -prefMapHandle 6176 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf81886-3702-46ff-9bc0-9ddf5eddd846} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 79711731613387.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mbkyddqwyn919" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\tasksche.exe\"" /f

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mbkyddqwyn919" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\tasksche.exe\"" /f

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6684 -childID 8 -isForBrowser -prefsHandle 6908 -prefMapHandle 6860 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cbd673-700a-4ba8-9353-d05ac61657a6} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6872 -childID 9 -isForBrowser -prefsHandle 6876 -prefMapHandle 6956 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5afe6e7a-dcaa-48b3-ab19-d9a63d768b16} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7068 -childID 10 -isForBrowser -prefsHandle 7160 -prefMapHandle 6164 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {749a150e-1689-4fc2-8ecc-946111465a77} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\scanner\requirements.txt

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe

"C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe"

C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe

"C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_console.exe"

C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe

"C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe"

C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe

"C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master\TrustlookWannaCryToolkit-master\vaccine\tl_wannacry_no_console.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7200 -childID 11 -isForBrowser -prefsHandle 6628 -prefMapHandle 7188 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92ebc4fb-90a2-426e-8907-1347bf10ce8c} 680 "\\.\pipe\gecko-crash-server-pipe.680" tab

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 24531 -prefMapSize 245025 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f7de27a-3cfc-40b4-9e53-ab3eb147cced} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20240401114208 -prefsHandle 2276 -prefMapHandle 2264 -prefsLen 24531 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaf2f302-eb26-48e2-b9fb-b21558196fe5} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 3120 -prefsLen 25030 -prefMapSize 245025 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35a12db4-03e5-4053-b3e7-e4f71a6530d6} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3980 -childID 2 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 30263 -prefMapSize 245025 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a159556a-fe0b-4558-aa00-107ada5df3a1} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4720 -prefsLen 30317 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {730cbb9e-da34-4dcf-a03c-9c731aa6fd17} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5152 -childID 3 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72c8049f-11c0-4f62-ae36-a75b3aae2040} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 4 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {133ccd8e-eb08-465a-acb3-445662e7dcc6} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1116 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {496fef27-c188-4b76-8049-d14260afe4d7} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" tab

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

@[email protected]

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 88.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
N/A 127.0.0.1:49772 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 149.234.200.54.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.mozilla.org udp
US 151.101.1.91:443 www.mozilla.org tcp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:49784 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.49:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.49:443 csp.withgoogle.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.180.14:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.180.14:443 consent.google.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.49:443 csp.withgoogle.com udp
BR 172.217.30.67:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
BR 172.217.30.67:443 id.google.com udp
US 8.8.8.8:53 67.30.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 desktop.github.com udp
US 185.199.111.153:443 desktop.github.com tcp
US 8.8.8.8:53 github.github.io udp
US 8.8.8.8:53 github.github.io udp
US 8.8.8.8:53 153.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 images.ctfassets.net udp
FR 18.244.28.72:443 images.ctfassets.net tcp
FR 18.244.28.72:443 images.ctfassets.net tcp
FR 18.244.28.72:443 images.ctfassets.net tcp
FR 18.244.28.72:443 images.ctfassets.net tcp
FR 18.244.28.72:443 images.ctfassets.net tcp
FR 18.244.28.72:443 images.ctfassets.net tcp
US 8.8.8.8:53 d3orhvfyxudxxq.cloudfront.net udp
US 8.8.8.8:53 d3orhvfyxudxxq.cloudfront.net udp
US 8.8.8.8:53 72.28.244.18.in-addr.arpa udp
FR 18.244.28.72:443 d3orhvfyxudxxq.cloudfront.net tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
CZ 46.28.110.244:443 tcp
SE 171.25.193.9:80 tcp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52309 tcp
NL 91.132.132.100:443 tcp
US 8.8.8.8:53 100.132.132.91.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
BR 172.217.30.67:443 id.google.com udp
GB 142.250.200.49:443 csp.withgoogle.com udp
BR 172.217.30.67:443 id.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 images.ctfassets.net udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 d3orhvfyxudxxq.cloudfront.net udp
US 8.8.8.8:53 d3orhvfyxudxxq.cloudfront.net udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 images.ctfassets.net udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 d3orhvfyxudxxq.cloudfront.net udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 d3orhvfyxudxxq.cloudfront.net udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:53447 tcp
N/A 127.0.0.1:53453 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\7c179c7a-d938-49a3-8a18-81cdb66cb20b

MD5 f3da9e55be0da6e74736bc88945041cc
SHA1 3121c01ae2aeb51b00221adae2e634fff6d34751
SHA256 e7e2ba6140889a72bc9afc3a52c6fc7b66854ad402b4a1f1278fb4c1a94c0d3d
SHA512 f684cdd544d21381cb63666ef9cda1556db6a5f8878b78a9c090a7079912802a4dc35394939ee311ed5121d87c591690d093a6632fa82e950c66f9739c2cdfe4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\50af83d7-7922-4cdc-add7-d02d41355ad2

MD5 8ced2f1666016cd18bf0ad103400fe41
SHA1 925233bb279eb04e85a52f062f52c787800a73a5
SHA256 3d42f8d6276af5c6310e67e3a1dcf6e752395ad53e8f6f2cf19ccea00a85bf1e
SHA512 f2a4f33b2124a26dc313eb964035a293e47b974feaa1a68a8e9e1f3a0504a74f7d4dcb10e676b5ab10f296747d4f7bc81d6d70460b7602f21dd7ff735ba64ad4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\45784c78-a9bc-4560-93a5-55b394fb577f

MD5 0974f7dfb4b133e0690d2b8b13dcf33d
SHA1 56ca5dc7e2352586fc46378532f3e7f82ba1a891
SHA256 eaf8d0562038c980a0f25b088551a8f1a4880d0c3234a94e7d4c04388875952b
SHA512 f6d12cfb0d6bfe75cba9bb5e5a1ba6ed68fcd251ab99a4bfe6c433269f7358a9c503a36fd578df8b565be24933321022d4a9daf42aa53a23e280509ceda0612e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

MD5 06d555c8b718ff3092e48775780c3fc9
SHA1 b7f06c01e70d2b61f2906939c135f2e8e4b80287
SHA256 32758a5831185175f95691abe9a7c05e90efdf15bafd2f9a708adf1d3a44c281
SHA512 182ca194fc51cf3461523f79cbc0d4e5e7621f4c2666b46553ece6fc480061f3f3aa8beff2fcea25c6989486021d6769203559512d51d991a9619e39cf62311c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\activity-stream.discovery_stream.json

MD5 892c3d4a58e6e5b0e59e626a852f535e
SHA1 ac62cf96cf295a4f684bdeb8f33f8e64674c2e00
SHA256 60030a31dc58321fb501b47252b93011bca884e86ed224f607cb16803fdab512
SHA512 3cf86656d16b75ebf2633450103d62567d77f0440d3bf58831a42a2a9dcf8ff87ff83d0c0d3dab43419572c55ae81c8f229055b73f2bcffed0539dc3e2003974

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

MD5 67cef13fab4f2044022841bf24f002ad
SHA1 74ac5c34542045ea35f7eab30d2730a92de8e73d
SHA256 b589583208b6f2a6856b86ab04f3ce53aabb369658f54f63f3a1ab7041357cb3
SHA512 cbc36c235497c7f6b4d3d3baf300315fc5659c638b498a750b2c57e78759b5f61a65d7f363a6c7157d5958911cd5147faf5ecdf74e8fb3a177729e0281cbe225

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js

MD5 d3c3eded0aba4aae122ae8d9660147e3
SHA1 1cc19a7257d6af64d51c1c1deb7e912638d3e32a
SHA256 2dd5261a0da9afb6d1f35131d99ed66d183af246acdb857c176191d6518bf736
SHA512 a15cb381c9ab201a5a7fe1e896037147a7e71db61e309980a5a703343e31c8f86de2b2735529c76296c8c360ac01884ef790f7076a53d71f9ace5aed289da136

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\AlternateServices.bin

MD5 1f063525c00ee106f7cc0493184b6273
SHA1 4e26c639267aec60c8ea3a31cecfa58cab949700
SHA256 1c21127d1f6ad8d97996fc61d14d04f817c237fdf758bc2a277dd88a99e9f73c
SHA512 f8a95fd7c56c2937229cf0151e8e9073795a92f58b60e2ed34ecc5b604ab9e4c659f74c5a6ff17690135a70f24d3eb3ee8250ec184b297158c76d1cf214959d4

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs-1.js

MD5 887c575c76666c2258babce07c2cbf6e
SHA1 d0e5fbe1562cf44150ea5748039496a14c2727fe
SHA256 74a33dea32293ddccbec219238ee59e996d7c0ccccfbbaffaac3f478982691cb
SHA512 89aa8c6ca27e94a996251a9dd33c2efa7cf66c9f98bcb58b13be0939dbf1d9ec2829064b18f410e4287302b1388a51c343e4e8d144dd6bac099385b42e9ba351

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 24c43eb6ea5131390141fad059ec08c8
SHA1 04225cada44fb1c6479b8475fa60bb8d06530e5e
SHA256 ec9cc74b2348673d88003428f05703b1866b5936585e2d7b8ba89599effe04c4
SHA512 66955fd90aa84bba95b5c637b4c23865cad5c2db7078eb67defdb362541bfae3f10ea859531212492fc9072ca3eeb3c6c8d3bad48eb40dac0fa0636479a6d939

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\AlternateServices.bin

MD5 32ede46590e1ba876a6da72e07ac1714
SHA1 00d648c4d4c371b9c99138036e7bd4c009bfedee
SHA256 fdadde18c8a97834d71eea9e7b85a2c3deaec84a7407cec631417d84673f94aa
SHA512 c3c092bfba6834a5f544eeb499e5d423ce071e5b3c24d81ad0693f639022671b02c3ae58d7ba40dc3bc3837fa7723b787611d72be7941c363016400dc03bb482

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 d63cdf78e7f1b8e92a8a9459d2d7a988
SHA1 6159902a5d99680441381e4a07efee6322eb9e9f
SHA256 b12cc5eb9fdf9ac13ac67b55edf17080d58ddae5481cd7bdf5d957b2a0be2c14
SHA512 ae41a5c92d32e05ee54eb499e8fd246183e18adcbe36da2d3a088fcb6ac3a59a5cf27aeb6a6d3a183b70488e7d2450f4ff46c69dc8320a977aad8868cab6a0ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 d7be792e4700fe9a74019294172d93f0
SHA1 a54e47b61bb766817e9c4f6ff76af175bf0ca47c
SHA256 7842ecb1b3ada473a264936160bcbb16401743d1d43d1877396513eab6772720
SHA512 be0a1a7a007bf12ed04bec2c879dda7be9a1aca64ad7919ba08a5f31a029fd5e0fe348b71f7006de768806e73f5b54ffa7787246b59666004ad99c7b2fe6f570

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 f667efb9bb110f9373b178b20b36853d
SHA1 dc8c694a81991e48c1ce7481443a6b2b4edec77b
SHA256 63f44ac093d87fea17a7203a279eca925d4dfd92e0e7f883251ddd5a7a7fd002
SHA512 91e3f455f84d073e876156430326c14b62925502f2561ac99f5217fe25f41300df315a335fbc9be6ab68f4b5962c23d93e5cb4d269e7a4b1223a0279f3fa9e55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 1146ba4c8a2a475d4732e1bb9c63ab56
SHA1 22dc2609e81f11847a0f3873d22e67014dffa8a6
SHA256 8be97eccd97a14e95d3d531b3aae4393bc8e82289749cbf15c8955b970923824
SHA512 7175c6944b55a93724cbed147af5d040fc38655ea054d17186b3c6164347098ffdb86e1c167f379b868dcf08c8ca867fb4f2dc23628fef1c9b4ebf125958ba8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\E8BD986722565A28F40356B72AB577075CED36B9

MD5 a67ebf5a778c5eff94f78791679fd8c6
SHA1 cb8fa838cb9efdd74f99b2e55a5ef2491e22d671
SHA256 7f7a8103fd1aa77f62cfeeb275d973249032af285a42dfef6b37d982c0d6ed56
SHA512 53687f1a80c1f0ac80ba69a3f83ef98178f50c80756e02b7ce5cd014e398a135c9b52e5cf750398c2f9330f2d53b6c85872048b42e3d11b6fc4373d97fedf4db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

MD5 264487f43b7bab0e1ead1c46452c647c
SHA1 02578596d207e5711df3f6cd31238d31f19a9fb2
SHA256 9d850f38f573f2d546eb1e3abd0cdceea8eb682a4195b9a1629a66825fb29cba
SHA512 0882bd478dab62fb301a0bc18f5e1b4b97dc663225750a43b17116ece2f97a7d7294d0f1ac48cc87cd14d044dcf8db588253cb1ce3cd66f84580a66415b72cb7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\8ADF0B8FE76015F32F4AD7D4AC02D58AE5922581

MD5 a303d66c9563c155125e28be70a51f24
SHA1 bf28a8db61fde7b62dd478f1fe804ac3299883d7
SHA256 92e637cd132e645dc542baa498341ffd797418ca0ad620a375856ee5c0a1c771
SHA512 0d7ccf7aada807bd5043a06f7f1578292b0769e6a7ea33c9bdbd71a10f9a03395e15649c94567f9552d417aaab583d116ca55a08667ef932b4d58fdb4210dfc4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 442533447673a01d23189d006f692fa6
SHA1 264643098d087a550911b414d8dc3b7093f56c2e
SHA256 6d256e9be34d9e57b70e3b4e1df1fc5a3a6aa921d953088de653563b2003a683
SHA512 e80b5f26032736e0015c8df3c2f086a9658bbc09d4e182b7c36c88109ac6a9ebde68ca133dbe092d3bc671ca3827e7fbb476f31d514eb1e7901e5cb5f321b285

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\F7B6C486855E65BCC82EA80487D23FA0EF6FD246

MD5 f6d1456cf5554da2a8eaf8e9824fd357
SHA1 614a61802aa5971c8c2e1d990e22acea64f220b1
SHA256 4bbbf5d61a2ebb6e1cacf4a85e0f441970891da68b0c130075440f53ce80546e
SHA512 2e3c18b35165353685e188da6a77b795919fc59b0556f76bf2716af10b4620e7f577850ee78fdfa0dc12627eeec8eaa2057fce179fba4e94a6255607e85193cd

C:\Users\Admin\Downloads\WannaCry-master.8QC4yMhV.zip.part

MD5 ea3091f9314b04b4247ec7e8d7b9a870
SHA1 8c4196e007e6849d007c265f51682027a96de892
SHA256 73160106225c66c2cbe4fa844479d857cf1410c7cdfdaccf486aed4645a7c1bd
SHA512 d3d4e532e0d329476b8daa98b68b1c934a9ab538f5f348205e972e1aeaebfe4ea9e13f5900342294b11a51e98c957928ee1da70e8d82e3defdde24c9f846b15f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 e85232ef10071f8cf8124df62cf0b261
SHA1 e398c8e46154d321586316b47ef415788d9f56bb
SHA256 dd07279e4accd34d75f9fcf38e0c93f4de286e01d74b59eacdc8f638ef12c1b2
SHA512 2d28974dd2b3d9ede8c0787967fb61b3ae6f3d51813a88dbfa71d3822ef950dd4e38b95553f4e5bae9c13dff25f15be2d1785cad135ad7c27c7813ff9639fbe1

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/1812-1215-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\c.wnry

MD5 8124a611153cd3aceb85a7ac58eaa25d
SHA1 c1d5cd8774261d810dca9b6a8e478d01cd4995d6
SHA256 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e
SHA512 b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_vietnamese.wnry

MD5 8419be28a0dcec3f55823620922b00fa
SHA1 2e4791f9cdfca8abf345d606f313d22b36c46b92
SHA256 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
SHA512 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\u.wnry

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskse.exe

MD5 8495400f199ac77853c53b5a3f278f3e
SHA1 be5d6279874da315e3080b06083757aad9b32c23
SHA256 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\taskdl.exe

MD5 4fef5e34143e646dbf9907c4374276f5
SHA1 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\t.wnry

MD5 5dcaac857e695a65f5c3ef1441a73a8f
SHA1 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\s.wnry

MD5 ad4c9de7c8c40813f200ba1c2fa33083
SHA1 d1af27518d455d432b62d73c6a1497d032f6120e
SHA256 e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b
SHA512 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\r.wnry

MD5 3e0020fc529b1c2a061016dd2469ba96
SHA1 c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA512 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_turkish.wnry

MD5 531ba6b1a5460fc9446946f91cc8c94b
SHA1 cc56978681bd546fd82d87926b5d9905c92a5803
SHA256 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
SHA512 ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_swedish.wnry

MD5 c7a19984eb9f37198652eaf2fd1ee25c
SHA1 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA512 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_spanish.wnry

MD5 8d61648d34cba8ae9d1e2a219019add1
SHA1 2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA512 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_slovak.wnry

MD5 c911aba4ab1da6c28cf86338ab2ab6cc
SHA1 fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256 e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA512 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_russian.wnry

MD5 452615db2336d60af7e2057481e4cab5
SHA1 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_romanian.wnry

MD5 313e0ececd24f4fa1504118a11bc7986
SHA1 e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512 c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_portuguese.wnry

MD5 fa948f7d8dfb21ceddd6794f2d56b44f
SHA1 ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256 bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_polish.wnry

MD5 e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512 e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_norwegian.wnry

MD5 ff70cc7c00951084175d12128ce02399
SHA1 75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256 cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512 f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_latvian.wnry

MD5 c33afb4ecc04ee1bcc6975bea49abe40
SHA1 fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256 a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\79711731613387.bat

MD5 40735aded2012028ec095d2292bed162
SHA1 8a034cb1333ce5ffd142d179aa59f08e9871d29c
SHA256 c6e6868173591a129bf6537b98bd5450310760898c8911cec5e93cf3b5c82f5a
SHA512 d8c4747566cd4d2cdc850913551bc78a88ddf9f47886957aa2513d938e7ad9a118da140110a2e2c833ccf53f646051e5c2523329fc59e96a73560a3cb834b31d

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\m.vbs

MD5 536db04d157232cbab84184970aecc0e
SHA1 81f2ce8e24129a8faba05ca47363fae9850be3bf
SHA256 f6db4faac7c4a9098dd0894b00d5f3801c5ad9bd064eaebaa107de014a781b21
SHA512 2bf046412382055c3c89cba93d1c70dda8e4595975d77a4735f216911b9d977b296e1dd6df9f0d3d69a76bd29f31cb8e105d6eaac72df83113da572aa391783e

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\@[email protected]

MD5 6c32be96e0d412ca1e994110c4b4ad8d
SHA1 af84a93b4f64bbdb3e3b747411748d5cb41da5cb
SHA256 f4f4a928741a2873b77b085fc0697d0f076746d476a62338c9fcc56d7935185b
SHA512 b7a6bf652b4ba17b36d8e7fdc7b6354d9444d78865c62248c7b114ab7d175b6fb3a918c4eb8f987fcdc796fcaca561f52a6819ee16ae3df287e2cdbfd5327471

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js

MD5 9ecde19c5a8b04715a07ec6f0d641349
SHA1 879a087237247a6ced80587e601eedaadcdf9def
SHA256 a7fe0c629b150e37f757d2f9b6cc07c19f967ee76029b95e556cfc6717684e19
SHA512 6a4d0c355b064c651934a650a97b8070033f550f211b8e414d4c6a20011deff97dae6d25b1bf5c0c48f2dbfd79356d17f1bbce6b61be24bea7a8b72d367a3ad6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\cert9.db

MD5 57013a0b79fb907700353ba8f6ebe69d
SHA1 a693a6a2d78379baa02efd18bfb5c4331f85c5ac
SHA256 9c49ab42656d71cb4be952fa63f381529323adb459827ec6c9ef02ae90ceced2
SHA512 b064e573addb997c208a4896e6a264731809f066aca7008952f98acdec4d33ab02751dbaafcb0faf77add30b263434c0d843cdc0d8ba409a1806e30cf4e76b73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\00000000.res

MD5 ded114c76b139f0fb3398aaeffcf827c
SHA1 105674a0ba7ce3c98ff51a1f14328d3a48816242
SHA256 06fb48b10b118b5a9c344b6ac613f51525820a5959e9aa73a2890b76ccd03695
SHA512 958972ecaa65dca38eca374ef8bd7ae53c2e22def2acc2c66fbbd57b20486e2d71c1a214ee5951a650af92d2ccc9db0ea35ecb5b735cadc41c6c9f062b37cce3

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\libevent-2-0-5.dll

MD5 90f50a285efa5dd9c7fddce786bdef25
SHA1 54213da21542e11d656bb65db724105afe8be688
SHA256 77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f
SHA512 746422be51031cfa44dd9a6f3569306c34bbe8abf9d2bd1df139d9c938d0cba095c0e05222fd08c8b6deaebef5d3f87569b08fb3261a2d123d983517fb9f43ae

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\SSLEAY32.dll

MD5 a12c2040f6fddd34e7acb42f18dd6bdc
SHA1 d7db49f1a9870a4f52e1f31812938fdea89e9444
SHA256 bd70ba598316980833f78b05f7eeaef3e0f811a7c64196bf80901d155cb647c1
SHA512 fbe0970bcdfaa23af624daad9917a030d8f0b10d38d3e9c7808a9fbc02912ee9daed293dbdea87aa90dc74470bc9b89cb6f2fe002393ecda7b565307ffb7ec00

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\libeay32.dll

MD5 6ed47014c3bb259874d673fb3eaedc85
SHA1 c9b29ba7e8a97729c46143cc59332d7a7e9c1ad8
SHA256 58be53d5012b3f45c1ca6f4897bece4773efbe1ccbf0be460061c183ee14ca19
SHA512 3bc462d21bc762f6eec3d23bb57e2baf532807ab8b46fab1fe38a841e5fde81ed446e5305a78ad0d513d85419e6ec8c4b54985da1d6b198acb793230aeecd93e

memory/5748-2474-0x0000000000DD0000-0x00000000010CE000-memory.dmp

memory/5748-2473-0x0000000073A30000-0x0000000073A52000-memory.dmp

memory/5748-2472-0x0000000073A60000-0x0000000073AE2000-memory.dmp

memory/5748-2471-0x0000000073810000-0x0000000073A2C000-memory.dmp

memory/5748-2470-0x0000000073B90000-0x0000000073C12000-memory.dmp

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\zlib1.dll

MD5 fb072e9f69afdb57179f59b512f828a4
SHA1 fe71b70173e46ee4e3796db9139f77dc32d2f846
SHA256 66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383
SHA512 9d157fece0dc18afe30097d9c4178ae147cc9d465a6f1d35778e1bff1efca4734dd096e95d35faea32da8d8b4560382338ba9c6c40f29047f1cc0954b27c64f8

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\libgcc_s_sjlj-1.dll

MD5 73d4823075762ee2837950726baa2af9
SHA1 ebce3532ed94ad1df43696632ab8cf8da8b9e221
SHA256 9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b
SHA512 8f4a65bd35ed69f331769aaf7505f76dd3c64f3fa05cf01d83431ec93a7b1331f3c818ac7008e65b6f1278d7e365ed5940c8c6b8502e77595e112f1faca558b5

C:\Users\Admin\Downloads\WannaCry-master\WannaCry-master\TaskData\Tor\libssp-0.dll

MD5 78581e243e2b41b17452da8d0b5b2a48
SHA1 eaefb59c31cf07e60a98af48c5348759586a61bb
SHA256 f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f
SHA512 332098113ce3f75cb20dc6e09f0d7ba03f13f5e26512d9f3bee3042c51fbb01a5e4426c5e9a5308f7f805b084efc94c28fc9426ce73ab8dfee16ab39b3efe02a

memory/5748-2485-0x0000000000DD0000-0x00000000010CE000-memory.dmp

memory/5748-2490-0x0000000073A60000-0x0000000073AE2000-memory.dmp

memory/5748-2491-0x0000000073810000-0x0000000073A2C000-memory.dmp

memory/5748-2489-0x0000000073A30000-0x0000000073A52000-memory.dmp

memory/5748-2488-0x0000000073AF0000-0x0000000073B67000-memory.dmp

memory/5748-2487-0x0000000073B70000-0x0000000073B8C000-memory.dmp

memory/5748-2486-0x0000000073B90000-0x0000000073C12000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 2a21717b9af412692d8d6416e21faa34
SHA1 ffa5325a3507b9e5ae462f0067f7aa5680e6f6d9
SHA256 65724277cd2986436ff5febe9fde974b09e8f19ca94e6115e51fe7d357f2004e
SHA512 2f55bd208a15d176bd6c295f6544f26fc0d8bea28ab8cd8f1f4123d448a36fe17131ed732498969dad246e80dfd5d001aa7ed7a4c60aee1292a5851adcfe141c

memory/5748-2514-0x0000000000DD0000-0x00000000010CE000-memory.dmp

memory/5748-2527-0x0000000000DD0000-0x00000000010CE000-memory.dmp

memory/5748-2539-0x0000000000DD0000-0x00000000010CE000-memory.dmp

memory/5748-2545-0x0000000073810000-0x0000000073A2C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 51eb336327b15d160ea866e5eb8a323d
SHA1 3c9b4cf4131fec06601982fe816e48ad33e09943
SHA256 45cf55fbe71a648fc48a230b84db077db39101355187746fd9d5d57b01d1778f
SHA512 b3b254d6df004ea42532252ec1b3f14f2b5d731f49dcc6c22a6889356f4f0928adc332c4e4cb51596610781071f2412ff0f92d83a67a037b0a873e1a9418337f

memory/5748-2587-0x0000000000DD0000-0x00000000010CE000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 ab48c8a395191c4d0fafe34a499d0c59
SHA1 2fbee15beae0ef840efe5893b7f7e2810032c0d2
SHA256 0d6317d8c4b28114d3e6899d4d339030351398323daf2a7efb85a9d9178be3c6
SHA512 7fc92730c62b4c2a2ddf3a94bb1bcd463ce30b2160169eebff202581a767ec199f1bd9b3145b45c4a5429e2f28a058e17bc6ca8fe4bc307be8234358ae1604ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\E997951B63F7AE96DC51949D6F6D3F51CDACA903

MD5 47554c4fb2c20c976986ca66eea3cb49
SHA1 02402ca54ce3fcf33f4dd0899b316a6b8293775d
SHA256 15340c446d50867178b40619f52ccb8920567d0da446a9d385f594c712b12233
SHA512 b9bbb58f9d6a570e840643bba8340284468f9bc5ee16f03222a9fa911015156d06ad8fb5a1d91800f02d82c9aef654e7c8aa90a9f681870764f34e1e7d4e3fa1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\51CE5584F1F0596549CA58775C68EA6DF1BADFFE

MD5 0ed7edca2c4d1cbffa80e01489762a05
SHA1 b3c9472ef3f7243ec095e66bdfbed89dd298ed2b
SHA256 01a66de37b70aff2a977e62caa7e9583da1cbc6e79735ea849ad2086b8391801
SHA512 dcc5f9dd78a270b0387f93965504dc45b18d9cd8f6b097f25e362040eb2522a13b1ceb67a2682db6334473db7ab482d290a64af6287592f63fd4c946723f78e6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\597211207C4B5E63FE3C83357258CFA46CFD23CB

MD5 e35a436bf439bc87603415ba581bc4cd
SHA1 f0ab7fc8cffa5c73018fe4339ade32ca60045042
SHA256 e667616f5c1f154dd40bcf680f6168053c178109d2559160dd8052315f263bd2
SHA512 531c9df8219e1e42b7a68ece66e322d1651d639702f2d440f8c407e58b0369e839fc45d5b6b7703bf505df2c947251477d16452c53908ed38af732c126858555

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\090C33A752B2CF29929CB40BE0A77866C92C2420

MD5 5c56a4e961f84c300acdad46fedea000
SHA1 94a537a3fedc481215325952bcd4645881420584
SHA256 c27a753b367dbeedc104009e65fb35f3bd7cbec9d6723f0596b2bf206e664bf2
SHA512 4a7762b56724224b058dd1a4a29babc60a9d6c781e264e6d0abb1fc63c87f2c12e6767aa9ca54f37eb6255fc8d4c084470e48f89e42feba6c2014681b41ac881

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\EDD42E779146D7662580E5461828C119E694A3F0

MD5 b0095b93713525cb85be44b2eccb77ca
SHA1 9b40f8fd53a618e976fa0d54de94b1a96549ee15
SHA256 d7be6d876f88b6b086bfcde07781b3c5ac587845daa536372a078031f391a7f3
SHA512 7dec1d4f22a627254a2534ee097d5356286600601b4a29c4fee740a9d4deff207075f827efa6350d6d95ec7c2e7c920626a6b1870107a6a5b93c6cccde0c8187

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\EB469AD047A8F9ACF947485E2259971BFA26CA5E

MD5 ec8ffeb9264343bf2d715b9f848bc9a0
SHA1 44aa1e6e6df4ce79abc10dc16e52976bf30c6fb3
SHA256 21e2a73e75f992eeee53f8b19bb6f3a45d02f7197219d54d466c40aec528a861
SHA512 7c335442432d6d56794643a40749d3f8bf68e482c462fc2c967fbe0c9cf5815141c29dd6d07f055da070d568593c34b066a5be4fff2ca73214cea7064d4d1434

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\73BF63B0354EA0AF954F1D693D4AD46C3F9F1A28

MD5 296bb484dac9341c472e2ccd1b2b1b2b
SHA1 9edd255bdf3fab5429131fa24c2af6b6ae346f09
SHA256 37b476ab141799207e20e097cd27a79c90fae3c89711ca310d4832fbcbda60d5
SHA512 4690ff6f4c846e7f9077498ffd7fbfc2a7a0c326f7e252e4f90a4b31df7c7e1a8762a339553a436021fc2eb0e26f22b977bccc99d127a404cfb2f3083e79d6ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\BEA4DD767DBD7BEF2D1146F1A7C7B6DBEC858F1D

MD5 700f4eb6cd8db095fd670769486ca506
SHA1 e8052fbd54603ae86409fe0934f19faa5773c9f4
SHA256 0363f2efee4583a0a8fac6ec7c78bdd52b202aced817a059b6a164d72f09bc43
SHA512 259d79b2316fcf7a3abbd3066971b6786928432e70ffbf5e73b39220a29cff710cb6ae5b6bc3c5d9c0e4382e0d0ed8a43dba6af5c3fb1b6772351418a2922f57

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\C63D2277AFB9D33AF6C3CFCCB684D58B42F37D12

MD5 40718bcc9a042e9c9da35e34e0ca4461
SHA1 19075f4c6f4e48e6a2e59cc1d9946a8f0fba299b
SHA256 1bb6c1f1d9424e2471e80c027606256b2483edf1c3ea575d0a2645e1bbaea8fb
SHA512 344a1e4128f91d4b1e6fe66ffcaab6e3fafb169a9e5e0ad091dbda928fa66669d0cdeb82b858cd950583fe362690d880cc4f28e7c801de24d290e0970b98ba33

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

MD5 e2c9945d9716064a52ef4a0801e2b01a
SHA1 72e15054bdbbcbe1341fc57017b71e2361acb27a
SHA256 e8e9eb4603845b4b433f96afc6a24454b10e5b1fbe06a3c3e33dffb1c180b4b0
SHA512 cfcf84548060efd4c17e7341c98ec55da07d5481405c31d46e8544cf8fd2468a5624ab73bf677fde0aca1f78edc189be0837e0de39c8ac096fbd32124a201a42

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\7195E941FCA64BD10F45300A01536208EE70B587

MD5 a02c95e18637b9ae7e0c9e3b5db1d6ce
SHA1 9e0b71fa3d71cf53cfb1e5be4a753e1cedff3c54
SHA256 514b4057427719ecfc4dcb510d8aa87d0f9659956fd9f7e2682becae5d3a4054
SHA512 32a920c26e6bc57ac892b37ac68ea6bc55004f40b8111bfea378100d804a2b1c78335de37cebb75e6f6166eacdba97e842a94abe481e41c8330f399b7096544f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\51B7F3E61A4958EF2CD262BAEEBBC1CF8785743E

MD5 a88b2f75408b769fd4cb7df588df0bbc
SHA1 135612ed538cd25596decab9a769a21ea84a75a5
SHA256 a0e19e166d8318ec9d52299102f3d77e75b9ae8724b55c78db05055e4a739e03
SHA512 172103f4caa4367b3219e6f1ca074d502ffec5d6744a645f7d53742960be470674012d4179079adad65a33fb724b9526daa7fb3a8295f61165f97d54af304561

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3

MD5 cfc8c266ae7db1fef11c747a08559f34
SHA1 182b783a5f5034c083502454df65304e1d7c0e2b
SHA256 431253c00a6ab6791a93efcb5de6e211834a7a3ff8ae1e21a706e4b374b92087
SHA512 c1b2049b9d5e4f0716233daede29b7f78b4738bec96a0f212af340d4d071f7bb3b5e8d3167db841f2bdc791e9f10812e3aa43ebe59292feecdc9e8c34187c6c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\1D52868987624849DB6BBFD502AADC6A5B458D0B

MD5 a752eb3fbbc7569ea84086839d6a5b41
SHA1 42f44fd782faa08e7d77336bce17be2c517e7c32
SHA256 bc28232c1b4a2297cd4302d6364790ddf1fe968287df74ff15c2c901c0c36112
SHA512 9ac7b00397f0e72d155fa430aec466067c65e0f42dd75c2e046fef5481e90fa5f03a572fd05f327ca101e49d54bec37fa5c6950a4107d08572b150758bb1d529

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\AA760A3DBDC90071E7345327E1D0D2D023C9E436

MD5 ef77a8782e454e787a13bf2b78d7a327
SHA1 a046576b36e8e5989f6eb25a15f047ac747d5943
SHA256 5b4268aa141b361c68b58432e3e1360466dbfabb319fa5af3a94eb8722623f51
SHA512 80dbafb57a0743c2a1ff9b55699147b608ddb05eec5a3057ca5bb457db0ed29da11c822efcf4c2bc4dd22303bba7b40faae54657eb45daf6b79205c90babe18f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\9F73202CCBC4D299254FA58CA5A84115CD3120AA

MD5 06dab11e78f7aa9ef5e8cea71f107489
SHA1 9b2dc3b9ce1c2f544476a5fb2658638e9459f2f1
SHA256 549f8d12bd98890503db986e2fb97f50fd03b7db2f499a1de72040b7f3941272
SHA512 9e6a6baf0bc123403a65c723080776fee93e4dc7d2f1dd2d81d105540e1b7b6f2f073d15c7962c6d841c8bdce1d23fff41e9d39733bbc9526aa63838fab6a1a4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\0A7E7594E69C439CD52608F096A141AF3C4BD6DD

MD5 4098cc9702edab7bddd6968cc083782f
SHA1 dfb483f86142beae2a7800790acf6206636f4a78
SHA256 268eefe010c1401d8b012dadeedcaa4ae2cf4f6bb2d212fe34ef4a897c69efda
SHA512 f7cf3e4f466dfbbcc30f7f918558f4752d01e402657d40687a89fe278a73c22ac5a1d8f878c3b60fa438bb5c40250536144ee62029645063708484a7e6049973

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\3930490DF197F2E8AA8F589EC09C30B6CF1E614F

MD5 afc07e93cc124a00126d56cfd2c923af
SHA1 ca85d428b551870314ef428e27628999241e6bd7
SHA256 001b638277d6d8a121e4a7ed4cbd7384415ac53881e2a16707cdaf40e6620b35
SHA512 6ba3313ef941d1d470da8115ba67940d540c669564b9d06b74ae474c14107fc8d7fb764e17e5ee7d44092b273224dc45a5873d38be657ff64a6632f0e6eb8af7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\2CFCC364A7B2E7A8E9AB96BD93785B6E9759AA7A

MD5 cf7967a0e270b1d362956a8a574181a3
SHA1 d2df1ba57a46bc882a57bd4339aca5d69b197ef3
SHA256 0a9b0d0b57c993561be4597a4494458e73db233e6547d21fd0a870a991a0562b
SHA512 bf693c943acfcc2090409c3f57397c11eabc4a63a2cd5a44874f75bf6cb1edffbe9ea8790b133bf9acba3a780c360258ad392978d712186eaf4b56b184b313d7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\0521CC4654678D7AAE5FA4C435BF1D1CDC8B70C8

MD5 02c7f9a90bfe7e220e464bfb69762423
SHA1 48972fa0fbefd9bd2a32273b1c2dd1b40d1bef0b
SHA256 7767a4ae43dc96071d3a83f3b7b96d9c187e982058cd49c70730e7b4f86455fc
SHA512 8d207da48ad2ffc0b885d3b2c95212c862205cdc52ebdb6f2b8fa6162138d6d23ffbec5010d2477033a8c88857e0ad6e41300ef0886370555f27804a08e885f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

MD5 eb5512b673711be81acf44f9e0c125c3
SHA1 6996e383a043908b10ea7ee4db991e2f38010d9c
SHA256 c2b921eaca5e913f3a63a4431c37a33bffb070a54ed631a49eb7171cef7dba1d
SHA512 2bf6a17efd73b64a721bf9ad230d11519d6f3be4152e6e2957aea88cc4b1fd1d3b6a48fa418b6d424a10030311099d455bc8176b77328328abc2b07de26a7a68

memory/5748-2793-0x0000000000DD0000-0x00000000010CE000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\D4A68DF35DD8C6409EF594DE2E1BBAFF3807446D

MD5 d033fa216b0bbd2d61ee95e48b553e70
SHA1 ef7688c49fecbd5f184ac7655b6151c170f90df2
SHA256 c804d925e922d424a5b77637a2ac9ff6a6db7dad5e2f9d0b1aa147fa4e9598a2
SHA512 2018ad002a935b4cf294967c1a48595aaf0a704668b25dc71145f4231067ad7dee4d2d4381ba506adae4d3fbb2cce3b6876f52edb4f8ec9ff7463cf5d72344f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\0A14640657965B8513D3F26C8B0E6802EF353192

MD5 cfe48babf5841e72d700819d50df9206
SHA1 1eab0f7b41098c640c52a00d8e12a53df215da1e
SHA256 76a9cc385e7790f62193a42084ff2bf375e1d3d4b66e87349321c9edabd55b65
SHA512 6e2cd4efcf4d6ab1a4cb2785a824a2949324a42fec453c28f72b5f31a4bfeeaa485cf9d080c3cfc2a6692d2d0ac1c3e89eb67710cec086d2a70929f57f45782d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\B19628F39F39F1124AAB76DBF53B55E92E77E2A0

MD5 890278961b41c067cb84727d051bc0e2
SHA1 34a31ad2872a3a8fff08442bc0c0b656e298090f
SHA256 6f157c3cfbed30acc60682b72b328871a70f03c3fafc8801a89a46898a5757ad
SHA512 111abc5c28138d56bfc49f189a296605e4eea2f8d2f841a63fe9f11e93beede923dcbd801286a321874b2dbbbc7a22e29bbaec1a103992cad312c41a4bd5d6e5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\3DDA16BC6DDABAD758EAAD1BB9028434BF62D323

MD5 efee9548d5269bae9f216e65c64b91f9
SHA1 40a0b46535e1294933fdcd672cbeb46b4495fb05
SHA256 fb12cde2d87c3b38a62966736107c1dfa025f3cf9c1c1a5be59c1ebfc96585eb
SHA512 df1751a7f5de2ae60914ba6feb3d0e48b885fec4da743bbebe886ab5a013f3da2ffd696b85e8c21b1c58cbc078a73fbb0893656f41c250f6a75e8dc6fc3713ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\9D7E9CBE75BB4D0216A8D7883B26F2F0AC422E4A

MD5 5f2a365914efdb7cd50cbd5df37d779f
SHA1 4ff036979f16d49c866319bf35154d7818903c6f
SHA256 aa871175072c0937a3de156e897377f989d46ec68469fbc56d4654187be17b59
SHA512 103353fdb3697f0dc6ca2e44dec7a9b92c4db4d23a40df6ed4845771f577874654d139d93b23c340fe4833171d60aca69fd03e86ce0626b5b7e79da2e3fd83ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\386EAC11CA4B921A58AF901DCD97B7FA5108EE6F

MD5 5cce8d7f16fe5e97644ec0acc71c7fe5
SHA1 5eb5a8a948e428292678a7b0c8c2b4da8a6fb134
SHA256 3302e7e5f540d94bddee547d7f5f05681018aea870c2125e0a8618dc14ae9e85
SHA512 46932d7b50184a4684cd1db2a78fb5fc5f0e02350667e36c1b1a082e368929d1fc967e6cb841ca4b84d1dec35e1ae4a8ea94504c9c0001f6f2ff1761ccc6d377

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\9C792E5A3F18C84237D8110B36749D332666CDF8

MD5 6097adecad02ddf97590c849f7d63a74
SHA1 8df3527bdc40d763b11560509becb10476b49184
SHA256 be8373948f96845713e7244b02b48b163f3f97149aea8dcc4db6c38ed2c4548a
SHA512 415972d9df027552100b54c7253900fffff6e8f1b7b1251b529f4474a82fad9070dcbb4fba1c0e2f773227df3ddd4433af56e5b02c06ec16126e068d2bdc9651

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\3281DD4C79ACB61B312FD94931181EE61FD498DC

MD5 4c0c8beab841acbb58d1d302b4d80d9d
SHA1 8dba4f137a643b37c7c6102adf312f3e6e1e5c77
SHA256 4e215a46eb74d678bfab1d774b1f573b78faab739a64f528948cf450b31d7f92
SHA512 8964f19e66a6e55a103346284ead2c317f72c90cb51f74c1aaa1505c4650af7eaf156c8da4edb80a9b5248bda5c11bc88c6d678204d10faa19c2c54db851b23e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\5A4328DD39865162DC61D5C65DE504821E18F607

MD5 216802796fcd539fd5e4cd709f6842cb
SHA1 6c6e5dec9e52f162e7842d29c76d93730fd1affb
SHA256 a855f374aa3c11085630939468bf8f7c929afda3a57d1f47274d3d54afb92761
SHA512 bd6b829bae6061c29cb0b1d8cbaef97c0536c66d407e7a8ad9b9179b1674414d5bc559cadcf60f94f10b4733a808b970ed67318b300901087a9d30db18f40891

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\4F3CCFEBDAF94E36D1384376EF18BA5473AD00AD

MD5 711fd671d35ae532abd302798e05412a
SHA1 c17a054a5b81e6e9d1fc60401e45523c72236f3a
SHA256 616cea9c5dc902b60cb51e9218731d47b3d12481008152c21082a798468036cf
SHA512 c318af2f882c95560ab3f8ea3930e9ff6de55e72abc9b8fcfd5f805ee9a492e1a7a1fed715449ef9e193fdab74b0c88ab3a1953ca192bc3f4858f68914bf52b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\7FB78C9D4678D3E57F04D54F36A2847939730A90

MD5 cf6f72de292d19668047d5cf802cb7bc
SHA1 09cabd1f832a03a49812e61b05236c091a902cc5
SHA256 c3eb9e35fcb73fe65f15c3eb168bd61cfc7b3e1dbbc20b683278e5c1f9c2d401
SHA512 9bfd66675d57ce4dc28cd49bdc38e79255e3ee9fe0f03a75dd17124694946cbee93479907e7e1123a5597e49483d2121b55a978656a1198f503b31ba1711b917

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\8E58DBA2B6132702384B07933B0AB38634C3B389

MD5 b0d98f4aefe807da83bb33ef05aaa591
SHA1 c444a8d12fccea3f1553eedba242fda0833b26aa
SHA256 2b9fb8a9edeb47950e93a6fd1c35f6ff3bc3ba46879a00a33d418f6198248bef
SHA512 407b67c2e78fbcf9a7bed9a049b7493579445019bacc704e1ef1c11ff8873fc11796626cbbe87f058554bd95211820c087c47eee3505291b6551d6c5dd87f56f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\B8342474273D37A8A890CF968C26F05C940C66F0

MD5 dbbef8cca69fd4395e906ad89487938d
SHA1 54a1511feea9cdf9ed76317270f81832786f5511
SHA256 a9a68f75e2321510ccdd3638484b68095bcba811b960404d61b44fd90ba6f659
SHA512 7a533cabf1fe11ecf60cf154d6383a0919e4203fae4f41d0f8aaf7f16c5b3eb17e758800d0d78193d57144afb6a88c267b0e016971d83a3a97dd50a58996916f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\D0AF9688BF547CD0A8E3B588F816B3FD56561337

MD5 e66aa07747b6301b9d1ffd5289ebcc86
SHA1 eed270a7082c87628a589019ee59b97b88f9303f
SHA256 bf4890ca22e2f3b3616457ced53f49e9213e2e93ed368e1cb9b7ad277ec728e8
SHA512 9b0a19efc4e53c88619813fd9a3a9147fa8e9e7dcad419e2953911df47f7dc5a26fd087884b53c4c195b9cec074e1a6e0bb2630d9fcced38da25326e5b708ba9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\30AC9E9C28EC1FE2B05598F46EBAED7EC52CEEF8

MD5 8ad26bda4830e6ecd65cd61d14fd570c
SHA1 1a3a44d98667e63eb988013a9cc5fc90340ee7be
SHA256 98f8f987a652db24a3af1b2f5066f0cdd25f7a24cce6364c6e830b0fc997a96e
SHA512 a759d5aecf765b98df610dfca05ce2fbaff47d179932edcad07dec3d541f4e0f947d480b34754db20e319ca53475e3e3557ab22fec19582a9a3f5116b3644374

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\2D8DC8A9FD7C7378A6F1E4A22F6614D2F586BC6A

MD5 3c868eb8e52844ac6a45f6014e517d90
SHA1 def9ca366e05b266b4462406be68c4e36cef1085
SHA256 3e6723710ece0fe483228720ee032cd13750e9799377802f645f64a3ef66e187
SHA512 faf334043570d747f101f9262020292efcafb5c01a998844892e6bdadb2bd5046c129c5176fe91377f624fa6c11f377f61cc0ee900a66a6f4415adb684142e5e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\29A0D4C5DF568AB7B8ECE5545C463A02732496D2

MD5 aeba8240337da2971866b94a2fb62585
SHA1 a14990da4bf12ad0b7ee701bd22dc04762572117
SHA256 aa48753e8daed55ac38a39e70ab192fe7229c246daf749215f1bf791a1efc122
SHA512 6e7328dbbd28e379dd14700c9a5486d9a4f7614c11647fafd1eed45d352aec45c8d7146798bfafc5289df8e7b97b2c779c0af0a9f4662028041169a98ace61b5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\C137593A6AC2C888ECA6F4CFDBB4AB562172A494

MD5 29c693fbb4ba51f792bfcb2e36e868c3
SHA1 920677c953478457ead3f09e59a32465e3a55b7c
SHA256 ad4e99c276de6c527e4cf744558e6fd4dd821a136eb4edcfbc628c76abcd2312
SHA512 20ec193eec569ef60c7f073f6b30a15bfe311328d08b8c679110613707f490a42c6f0fd80e5cfed90b2ef009c7a9433c9fc86acb8507c7343b4ad5b4129429c9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\790CEE194F6BEB3DEAB304CAE478E69DEF115B99

MD5 c8ba80b455304fdebfb8b45eaa34ff08
SHA1 6c888abf69b35deffe196f341b100f0e08a82c39
SHA256 d1199a8eca3235e336447f023f7ad95c772e3aa44cda030369286129a3388f25
SHA512 39fd759e1588e24358a52d0119fd4c314a1b144c4e7309eea261fa3c7a733bfa82e2c8f904766be6da3aa16ca6777d929532d3ed46d79be0da3be0c1f42913de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\52E2B2D145D174DD26CB222B3A6D4F0253F5EFD2

MD5 2fe33cd6fe2e2fc1bdbc3c9046b2562d
SHA1 0e5404dac87ca18576417166777fbd29ac3e9d2e
SHA256 64553d7d9eb5af83273a36c189e7cf02dacada8d538d1f32bf421c8c453c0783
SHA512 5e0f186f856926cf2ae727366a9ecfac28676b34f05e880e830555c2386ea1e4a2f87195ea36012556d9d5f0583378298c95332150de208f5d023d29d31565c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\25E61D0F193C12CBBBE09A429B66070577263AAA

MD5 15bbae1f96329fd63e1d448e974f3a6a
SHA1 bf6a1de011f62c2574d595a2e2959bb654a79ea5
SHA256 2c14e3bb2908eae034fceb9aff3d6680b981dcfca98bfeb9d61ede2e02c38dda
SHA512 c906041897907d07bcd2078ba34ce979b83efa8c699c17f52d44f67ee2847d69eb1ca9aa634dadc5f6700f7f6c66e750ddfd4a2ec891044ce76e215ee4b85f77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 041617dcd4675b238ea51b9f179b90cb
SHA1 1a7d043a7d15750449861b4d0910f14c76c5a8a8
SHA256 6b94cbe6a9598110909e1c9a93dc6f1ae75441ca1acf104327c5197350c78b34
SHA512 dd9b6711d0200ed3b22980da3e1a85e03e2be1b2c1558ca90635dbb8795fa78e286c04c9630f19eb04ae824ba10f7472310057a700bb9e0275d697a6e470c740

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\doomed\24754

MD5 48538582f4fdb6414df33245240e886b
SHA1 f0968ffa01b85cacf9928d3d09f78daa1916a728
SHA256 53a8997ea74242d01c85fe87600820b78b55d791ca2521a03ecf4c2d548de1b6
SHA512 6ef9f0d739d80ea9064c024c209a051c88ac6395f040c1988c29fe6ff7a4815e9b13657695d8dab10166f8acad00c458d09ac3e17e411c782b97b54efa5d726d

memory/5748-3098-0x0000000000DD0000-0x00000000010CE000-memory.dmp

memory/5748-3104-0x0000000073810000-0x0000000073A2C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 a17fda5333ab9635888651cde72eff50
SHA1 fdc3ff6c7d000bdee4c574d59e2a59e5b12ad8a9
SHA256 83b22214b4d349cfc084bc96de8d9e86c1d2d898401eab5ff1f91ddfd7bf52c4
SHA512 1b5b592f41d69bd1804c851f79fbee15c481846b15f338e1328a904a95aec860071a2fb55b7e1680444022cbe5c4ea6aa76000de7ade1adc16713d168c7bb70d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\2E240B0A9691C87FC2F73B2C4A022668D4146AE0

MD5 a585ffd5fd8b38f7611b673d397b6358
SHA1 4cfd2b088868b384fc49c53f29d65347964675a7
SHA256 559d07dd46776b0be7c2db10fb1108876fd027ac58418b24470c982ad307099b
SHA512 b500a3a08eb38cd2f8dd033dd359568b1bbf0b3d4e87c3de9bf880e11e274b03710ab44a082dc9225b87a015b5e09d71da68e4a246240c79b4ec964049abe6a4

memory/5748-3144-0x0000000000DD0000-0x00000000010CE000-memory.dmp

C:\Users\Admin\Downloads\TrustlookWannaCryToolkit-master.l8Z_iER6.zip.part

MD5 b4ebfcec9bb654b2c74e54fab720a84f
SHA1 6bfe45bcef8461df440af8df62066cbcb09c6f35
SHA256 2d392ff43fabefb2efb313899bb73483fa316f644dbf9921bcef6ca4b1b68bd8
SHA512 56b7ca0373a0709eff58b73df4d8613e02d7fb4e72447099b4c797d77d69a07485ec318e190d164110d9489f84d62aa85c924866f8374206d443263ca3f2c642

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

MD5 5130a727dcd59a11dc8e361f6b6afd35
SHA1 b7c1ff3ad6961bb0c7554268bf20f7c3421726dd
SHA256 4af8174cf0a0d00fbddad6fd4cbeb09d39647336b5a8252e9e10bee8195d394b
SHA512 f7a136ed36bb06fc2e26d684d82331cff66d2bc5c858885797794b73698ddba532ab65969d6cc41a3a6a87a9807caee392058cd32ff9798f496c7a66cf512de3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 da1d041b8b02d2dfffa14c179f8fd13a
SHA1 28e429fdf5686beab909da3d62b9b403c6519e65
SHA256 fb7fa2fc58f54ddb62a92122928e11849dfa2c6c88af8a8edef647dae437cfb3
SHA512 a27c28070b94f0e5648d5feb7a2a74b5930617a264e38c4b9103f5fc2262d4d9ced4fa6e6a504725a57fa421a6a7caccffbd4383318d49419d1581202d0f97e8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6c960ba88b5b144c1b813938bd3b82dd
SHA1 894465d6fa12031530fa5163c9c3caf69d4d2907
SHA256 0b51068d97f3ce72cddd2fa6abdf184871d912aa81c64ba30b93b272ea816af4
SHA512 720b08f82a26d68aa8166eb4aa691768d887e7e7cd82df7fe616c63dc222cfe300ae6ff2ea147a0d0c5e31df5a94ce0a357263f1444a75dac6dd23177b2d53cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\jumpListCache\uXFumCr+b64DefvuzIpBPMV1iGjp4oA311+6tOxIjGk=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\jumpListCache\zdGwxD2Ki46UjwYbo1sk3G+U_tGycT6dFr1MiUp1XpY=.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\events\events

MD5 f84f5dab02fc180b886ce156501000b4
SHA1 b25aa341234f5ccca965590a6a07f7fa4f97f705
SHA256 a367035bdc8d337cd04bdf3b82cf604d940d67067d86654d4333b04c16d9dbbb
SHA512 5fc6a8c79ff1b362a9a42f8e4b0ed18442c139e54ec3beeb8fc1c7438e94de4c575cbfa37c9e18b6b54aa67d4f700d6f7e341c33022af2babab75b80e8ba5129

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\C406801C49E8CED264A5129E0DACD8EAEBC5A43E

MD5 8b1f88f2888c380c65a31e92d4afb10c
SHA1 b72fe1b10a72ac0e1f87da695c77cc9947623148
SHA256 df57fe10d57762b8c9de37bdbe3eb89e2ec443f851230634e51dc138d86daf7a
SHA512 9c03167eca9ab3760d1a9674686de83e01a63d79faf09400f019b75eda71e06b489eb9843b093f153a9f961b5b5e43c0e4aa3b2508f2f022abb3758cd1af8c10

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\423716A53B278F0D19155081F89DE40B534D9D69

MD5 f1cc52e9f985e7a2e8027a4b1e6418f7
SHA1 29304d6e156188daedc9a414604c6fb91ec0c77a
SHA256 a32bf734c23356869af8b7cd5399614863909a70a7bb0a34bf132d9445165dcb
SHA512 539da6131228482e80fce7fb3f2aff195afb9e4cff0cc3269a478f3393147aa75853f605c7bdcb16ad3c7d0f4e16a5528062907ba29768701441eb2e39192a14

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\0401C1A73233D82355172C153E4983CD5CECCF82

MD5 57d2dd54ee7550d0f33ddf37473f72c6
SHA1 fa02c3cd009fbc42ab30c3c7eda8b825eb46680f
SHA256 fcc09206fd8df0071a172bf0441a8cea6d3ab55579e8386d085039c98c0c3b59
SHA512 6cf9ec2aa6e9923db0b66c223e76ce2b67854f88dedb7f0d21dc4d9ea2a6c8e14742554c2af8167875e040fb3e67e271c59a4501b4bae5b8c813a2894f652157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\D8ECE89E27BFEC5305071D6112647E8AFD3CA519

MD5 1e87e51207eb54041f10083c5b4c32b8
SHA1 9b39ed18880a82bcd032a3fe795392630dba7786
SHA256 0b864f34cf6488adb8f0f11270b65e737f55b790623a4805014b8013c76976c8
SHA512 8a6aa39900e1d296ebc7a6a4d420d8f19d7b5c357016f6e4fdde20cf483fbad29c7f29af84b6923b32232917b955182e78a422dc071b7807b851aaef258cd265

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\8009EA3E872CD2F5A90A2930AFA0C69CEB78FCD3

MD5 ffbb41abb0ca38ffd46a8e71c45b0f73
SHA1 89116962730a79de67a8358a5d9ceea22d6c75a0
SHA256 9d4bce16a514b91d809e8ecb7a8e76a85d5247e46fe13386e9352d70db453752
SHA512 4d133ac92e92157fccc027d8316ead1cf4aa185c6be6558bbbe98c5edb79a1f935ac4102931ad288e82f85302eaead6129999f4995454b4d9c6abacc8edc7e11

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\53E2264D03946D0F71472AED48B98967D82607D5

MD5 b8c60635fbe244b1f5a0156bf035bd1b
SHA1 a336c4069829c68eafe64bfe94293c7eb08c7570
SHA256 f0bcc6ef4c37cb6a622fa6a968ab64ec6f76a07806b1745aa0972eac7aec4b6f
SHA512 fbe99fbbd50991355ea2e2334e77e599649dd9209540266ce55274d0991c1d7ecf13e1dc60462882e76e43fcc55deec77b4128df9557bc5eee62a96571241d23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\CD6435525970BA8ADEDC2AA6428894A80AAAC1A0

MD5 146c4e7c18c5e822acf5909fe10d8662
SHA1 6e08a58c816148623518b602b27765d7addab571
SHA256 0ee06d63a55ac5fb0b459e694cc37df92cdecc9b85069d1d3ff44088fedf5d6a
SHA512 97a774c5d537edbf83391204b5c4fa2dbad4e59c6a52f23f8b58d1c715e9ca1aa659fe1e87f17daf97dd45bf53fb6f795c5b5fcf9465fdf2f5ab97d8967ae517

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\CC06E1495B5949D45480004C8EA86FE3A5E38352

MD5 8545aa0d12b8d956404a46a5751a3fd6
SHA1 0e97df8868450cc7a0740f004f4602e3bcfc7f9a
SHA256 bdae4aff978e8d14046c5bdf06e2df2654c965412d2e490ea6e33419d2900f02
SHA512 4f19407ff986d96f2260cd6eb9b2150e64da90d1c72fea06d661405fe17046086de84b1d70a85e7cbc289a1adbe40df4ce067594a988e3de6ff46d2d12e836a7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\D0AFD97D280D42B47043E942A6113C75F053C8FC

MD5 597e027369e3bb5249ca55d63bae607f
SHA1 4eda66a4db09ceea9875b0c08e2adb9dbaacc1ec
SHA256 819de0a3905cfcd392cd0443bf2b247049589d737f27115cc81c79fa516a4c46
SHA512 fc5632fcd02b08b6bcf6d2daed9f55a1c2f45c64e570e6552dc12a843cd5ad8c4e29f8aed1ed183a6df8bf521d4fff803b2207c1dd351b4f27d1db643ee90381

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\A0C82CC780DA8CF70AA2FCA6F4E65E8431A2D368

MD5 bfa5d79aa0ea7d1d3158edd2dfc6685a
SHA1 7adf38bfa0aad8ef4f1002dbd5829a39d01a4b78
SHA256 7faf26cc190d9d7d2d1048ced9f3d7bba65fadfafab7aaf10817d19e1f6fa62a
SHA512 67ca321baa70b76c516011c30b7e505525679cd05c9fc8e56e64763a25b261208366c6e9706bb25511ad58f1e8af4a96d2a61d22d51a72a3d808f77d52e5975d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\219D30F33B6133D46B4EAA5E5E25EF65F09279BC

MD5 09367f8848be3f392ce8f39983f544fb
SHA1 a293140b4b63a9da22f0f5bf02d91dfdc890b327
SHA256 9175f149c34233d2b80eb017e0e999427c7a34900be9110b2275da997613fe8a
SHA512 d1966ad336b08bfacc3b4da6f1f7499df1cfcdbd13468bf3f83bb3923ad5ef882795a082cf78bf2eb5c5cac9131b62d26019cedcb142e119a8986ec1c4bf7add

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\852260C0D42C84F6CA337BACDCA61CA899E1B417

MD5 87520566d948c84b1fc57f206a215caa
SHA1 b1c10affa2b50d9038c91a63e60e022d1860b791
SHA256 f2e7928edf7746f72d134e712f6ed13286e5e28d5aefecdd2909f1e5e0342215
SHA512 723e727824fedbe9bbaee8dff277b46135684bf0fbfb534a77b684f3d7b719facd19131333fa63b9a434d23b37891f1072e3b09b7a7054f92bc5845956982542

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\5D8194AD5A0E69C8D5A4A5B4E3F2CFFC1493D2D6

MD5 c31c7c9aa9ce8192e6da63b7c560fe25
SHA1 57cb2ac442b3db4880d083c7592652b344431d83
SHA256 e0584a6353307035a9b8dae25f6ab9ec9224540ebb68c767ce54adb77aa83d17
SHA512 c4751bd7ff6dcff41428a82aafa695e40da6d2ede49644f30908423b63332fe7db7aae6a1e3102721182ae59ce2e0b2c747ac4c7e2f1947c468414573d884eb2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\057C1333DC628F967582E9B128DACDAF1994F084

MD5 4545e087c90aaab86a45c1ab1ebd0431
SHA1 4e1560edf0e7e30ac9ea6962f7f8bc3a9ff26c1b
SHA256 f54b00149225dd46d17a6412d994a4ddfeb36931f0323b748116e395eea9134c
SHA512 31b800a0aa6482754b7a95d4abb91af87d510af27f5d4e14b919eccd299427a08cdb47a431056b0608b8a3150c4b409e20fe155c94055145e7ba382ab6939f94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\818B96CEE3F4B0119E8CF8972A4035708BC9F136

MD5 ca487dd023d739cda6f33a60cf2f6764
SHA1 c961ba4514163a3d680c6f626bec756df72a770c
SHA256 96df7da9b7585fb80b53508ccd9d5db0eccdb55e15f337c18760d7e63390e469
SHA512 2636029b8d3ed54d074b855d603ca0af4fcc3a61f18a0a2203c8136b27fa4fb61b1c8f406a1dfe36b50164dc4ee696d009cdb9224adc8d1b233c503ff643263e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\81EC6C1C952C9B69019B0101287C103BB1192909

MD5 2bbdc99c872b5c1b7f3d47a8b6c14a89
SHA1 d57307f7eeed486a498f6257a07562e39d5eef09
SHA256 ee61350b7460122d00e4532c66da92410f1a20814834066da1456c5cc8cde974
SHA512 4742e2b5c582a8af3474ed6c17ae9aa85927418c92c76154a5ec8b7b3756f27e22ee4d3d19a9931edf8016094f37d55c529d2ecb496f418b0b136629b87c096b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\78FB1882E3C788A5D7A6AD94CD03786590B04212

MD5 5f9f9249cab43b74539dbd6de302219f
SHA1 ea68e3a0e793310f5b1074ec351e64a50513a67d
SHA256 f3717f96744aea3982b70a45381312024aa9c77077574f7b6239f30a7d8bc66e
SHA512 71961dafb45415c484bb8614951488b857f839e8e082f7e285ce1fc9993d949864787d978dc6539f0ef5c23a8c4d688ad1826e943e350e720166d2bc675d8957

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\71BF779DFBCE1307F42244F92E6190F178BC7120

MD5 929e0ffe59acaf72c45417181e6c5932
SHA1 8b880b95f6fc96e82519c43248b696fe35f37f13
SHA256 b5c54e1be56b861e8c0a36b5b3799c5b0811ea9eaffeb2d39626fd2ca80c3518
SHA512 c115b437195c0805ffd7c5fe63342a407c2210e9862bbd9de1710c3abdbcea8dd2bdfe968cf9b9e0d93c84bad93c7f938a0d1e1273efc7706a3e70daf332bff1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\CB72DAFE855F7B4F0795CC0393AAF90DE979ADAC

MD5 72ad2d0bde7b556d1e32383823abbcd7
SHA1 5a04263481445433aa4295f030da03eb7d8820da
SHA256 83f75dd0430220abd08d1bf54e5e929d8ac9bd1d85e221e3cd5b8779d160e22b
SHA512 926d34531c6afa8bb0dc33dc97c07379457df30537cbfbd8bfa8d39617437b3824fc01b9daaaf6e76537a68effa40d8297248fda2d5f874738d5d30e8b210d55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\54310bd8-d054-4144-8c89-b17db7e9eb6e

MD5 705ffeea30e0fa0e767fe0843eaeb38e
SHA1 6e230e053aac769474d419c18b60ddca2091b0e4
SHA256 ef2741e0f38ab1e033676cfba7c2839928b60dec54840fab460bfafcbac689bd
SHA512 ae271d6064d7570f871f6b6bd8c651ae4a3ef56a51283ad0ab64ec8a361a18ab41357ec1b5cc11cfcdf4884cc14a2424f3409686ea710ab621728f5c812d8ce2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

MD5 eaaad58c015f0345ae67851e4cd83648
SHA1 20dfebe106b94432500d06977b8f954e3e7d1a64
SHA256 272231f0d0f52ca1db65f3120c7e15d630e5e7170d0138b909a3e78e5f199d04
SHA512 98426519fd3ecade92df4d932d366f6ae6d9ec508202220e79e70618e7fa77e2cdd71bedae2e6a441a75272aa67e9e6f8b326746280aeed690c6ea8ae452eeb8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js

MD5 86448f31f42fdfc410c78839162f6b9d
SHA1 46f053de1d36bf861dcd5c9d2710384b63368e3d
SHA256 d5439641466de5c744d8d44123f70387a807f73bc2e28f43d38968de12b5c073
SHA512 fd392d0cbc82b6a87f40236d3d93fb7b4b0414bd13391bb51cc35f069b36dcd3fced2472ef53ad1347233b624d708df391de00cc82276b52c6603352c434fd56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

MD5 ad93c1676b6c247fc2d2631e1acc9a73
SHA1 53a4390a4c373adef561b21a1d3aab4a3ce92edd
SHA256 c4603376b88ba69712efc8c8351f67ae6abc0882f71801936794c08674cd72db
SHA512 89f42b84fce7248bf1c3b575d844b169f4494da742ec1328de27c5fba7cf1fbdc06a74ae7b543bebba8d751bd5d8316587f7431df0b55d1201d8ad5700d88550

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\fe353b8d-ad5d-4918-9026-1fc0194ec648

MD5 83d9e46b9dabdae02e99fff780375098
SHA1 3f037eae6f3390a2c34232661bb8f351bcd23ace
SHA256 50436fa448306900c63704e53fe29eb016fa0ac246c3a7942b0d9e1de0674aec
SHA512 b07455a36528a513d51b13199cafc5742ecd5d0401988512d3cfb124e1eaee8804bfcc7c1d9bcae57816f9166c9c9e3a0c5bb2d3fbba36a44781bc140f64101e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\9937df97-b669-4d46-b4f4-aefd8503da17

MD5 a858a6d25c5c9016f49e032af4d9e716
SHA1 fbc8fa6049b523c4d28a6bbae0b1a3f22ff4f6bb
SHA256 b5a246ed771afec01a26f3f04008e127bee616d2ed32d3adaeac3ea80d2b9b6e
SHA512 dae2abdfd398901789a0706e850d47f4863a1890c9ca2485aae66ecbc165feba629e5592f149e944a6b9903cd6a82bfce00d424e0914baeee33871ce3cceac29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\03a32ea0-b827-493f-b913-34319685e2e0

MD5 320422ee69494561076075c78556988f
SHA1 a624a0223a2e4f09ce32c0bf6e55d1ff92788779
SHA256 9224022ce3181117ba9b0b5cd6f901368c89fa0d8f1b33f3df7ae2bc28c234b7
SHA512 4d00de584c993c57e3079fde5a0d4f14f8d3a0503643a12437881959e2a5abac6b44c979c0ef6ce6d3fa3426760a6f7eb17b284f9c7e7669b63f58fa283529db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

MD5 3b2df7d5601d15222dcc480b59478333
SHA1 ccc137ce2f0028f8123bf7e6ebd246921594390c
SHA256 ca243f935de1419c21153bb1d482a3bf209232e9db67b4af4b3337b1d4a81cb7
SHA512 3a5c0864f14793db9a84202fcd6b55b86c9a5a0915bdfdcfd7ecd715d7d5a7dd0467c239cddba5df3ae061bc12ae40c781fe7dce742e722f9e2c4a056c36365f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js

MD5 9cc751fffe5b0d3d78b527ac2317c527
SHA1 037671711a77b2526dd4d4b05bdd1946721bcda2
SHA256 10864e1114e7924644e9116892cf79fc2a6306d7faeca890b412868bc66467c4
SHA512 791926db771ddb45c69d9a1168e28950949e0e7dfe90d9221fb4c3c1e015fd7dd200981920bc936f00477082bb383fde7b0c5de752743fa8a42603f5620306e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\startupCache\webext.sc.lz4

MD5 22bc6590a6b6c6280d18700ad2654f94
SHA1 c835060a7faf966a00efaf65c5fb42aeacb39b2f
SHA256 c7757a61371db126473ce934b82d93a4275afeed128b0ba76d5e17eb23b8e88b
SHA512 2779c4ee6e18a7ac39c11f7741a1dd9b2bd88bb59d81c255189c443f701949e280c4b7247e0b07f0cf12f99d1712be56624b311113c0935ab59da974f46bc058

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\crashes\store.json.mozlz4

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

MD5 f90da21adf8cc2ad0c8d36bf224ca7dd
SHA1 c7cc215f9f0290409ee39c009da824694d857be2
SHA256 f32a4fbb94a773e73fc98ffb7aff4e612daef81781006402ce5fc92d3942605e
SHA512 257c89e4dca7870ae0a9a4377328199aea256b9f7edf6e56d3fd06d7cd9fd79208ac139670ce715b8a5e090570eca72da7909201a0b8268663a4ba9ea22a32cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs-1.js

MD5 effa20e27dc5071919fda42d9896dcc5
SHA1 8e8fa4fdd266703083e4329495a65a3412c91c31
SHA256 6a22a564f6857a9d3aa3270141442aa0b89831d78c93db39a0cbc9dc99f3b2f1
SHA512 9b370179c9b1dbc3d4dd35d5fdb18f052ce53938edd54b03c27f678fa9a2a4fb76c7a227d07ccaadd7aa0455e6b2b45c39ab64fcfce90c3ba13164135c3f31c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

MD5 0db98dc84fa9048ff3ed59e5375d9025
SHA1 1ec44185a35b13f157a2a5e1d1591373a3ba1921
SHA256 5abb3bacfce9fee711cfda0bc961f21b84452bcb7f01e4a3a89f35a3afcbaa9a
SHA512 b25d7d34eb9291256d9eb7355e7d099581b9b3ad725e6016a79d1e32bf952749a19e8618d716abf18ed18a681798e9b8cca2b64df55d49053f8979fc141d06c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99

MD5 30f47d7226b0f7ad3afe2948700ad495
SHA1 d6ddfd7cd74e32898ddd3e0156763350523f4105
SHA256 72565b324279d74f6287ce9b1ab3ebf46fdbb1625f35542dc2083f48e41482cb
SHA512 372459272ef38c4177d81787b52c49acab7d0b0c7605e612ae8499dfc57f2018eabd34d5f293ce8f7cc51e600d754dba47eb2b91490b79def011c8ed7326f75b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

MD5 9272c196aee8c52213bb3a413ae32651
SHA1 9fc0c7807b8fa74d2ec9a74c350451da21d6959a
SHA256 a27be0e522aa77e7a876d6dc4e163ad5bbaa2a9b6c988c4a713fddb22d263e51
SHA512 6a2fcf03542f70a72c50cdd08c6f32e3810630c69468dd248f4c153a8d82c95845917cd88cdcfce152d4052d2093c9f5b8ee5d0ee53ed1a5838cd5ba7e1a78a0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 50b3b82838aa2f0d96ecae841c36e26e
SHA1 681dc9348e28d9875b5b0ce38c0cc273f3f7b5fc
SHA256 1b4ba41ba36f707b43f0bff73c03ad3163cbf43a2321cdf665f790672c9b8271
SHA512 a0d8771346210a9c84a602fbbe0b5a79619451c64a986f22a4fde1a5569d89662a73414c9a276cde8b1335078f4b4e0efedba16567634b6a5a359c1db1a5760b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\recipe_attachment.json

MD5 be3d0f91b7957bbbf8a20859fd32d417
SHA1 fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10
SHA256 fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7
SHA512 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_sports.json

MD5 ce4e75385300f9c03fdd52420e0f822f
SHA1 85c34648c253e4c88161d09dd1e25439b763628c
SHA256 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14
SHA512 d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

MD5 6ccd943214682ac8c4ec08b7ec6dbcbd
SHA1 18417647f7c76581d79b537a70bf64f614f60fa2
SHA256 ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b
SHA512 e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_science.json

MD5 7a8fd079bb1aeb4710a285ec909c62b9
SHA1 8429335e5866c7c21d752a11f57f76399e5634b6
SHA256 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32
SHA512 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

MD5 2d69892acde24ad6383082243efa3d37
SHA1 d8edc1c15739e34232012bb255872991edb72bc7
SHA256 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a
SHA512 da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_real_estate.json

MD5 9899942e9cd28bcb9bf5074800eae2d0
SHA1 15e5071e5ed58001011652befc224aed06ee068f
SHA256 efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a
SHA512 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_shopping.json

MD5 97d4a0fd003e123df601b5fd205e97f8
SHA1 a802a515d04442b6bde60614e3d515d2983d4c00
SHA256 bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6
SHA512 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

MD5 b1bd26cf5575ebb7ca511a05ea13fbd2
SHA1 e83d7f64b2884ea73357b4a15d25902517e51da8
SHA256 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0
SHA512 edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

MD5 39b73a66581c5a481a64f4dedf5b4f5c
SHA1 90e4a0883bb3f050dba2fee218450390d46f35e2
SHA256 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17
SHA512 cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

MD5 36689de6804ca5af92224681ee9ea137
SHA1 729d590068e9c891939fc17921930630cd4938dd
SHA256 e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52
SHA512 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

MD5 5b26aca80818dd92509f6a9013c4c662
SHA1 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f
SHA256 dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671
SHA512 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_online_communities.json

MD5 37a74ab20e8447abd6ca918b6b39bb04
SHA1 b50986e6bb542f5eca8b805328be51eaa77e6c39
SHA256 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f
SHA512 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

MD5 df96946198f092c029fd6880e5e6c6ec
SHA1 9aee90b66b8f9656063f9476ff7b87d2d267dcda
SHA256 df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996
SHA512 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_games.json

MD5 4182a69a05463f9c388527a7db4201de
SHA1 5a0044aed787086c0b79ff0f51368d78c36f76bc
SHA256 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85
SHA512 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

MD5 0ed0473b23b5a9e7d1116e8d4d5ca567
SHA1 4eb5e948ac28453c4b90607e223f9e7d901301c4
SHA256 eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b
SHA512 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_finance.json

MD5 e95c2d2fc654b87e77b0a8a37aaa7fcf
SHA1 b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc
SHA256 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e
SHA512 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

MD5 6c651609d367b10d1b25ef4c5f2b3318
SHA1 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4
SHA256 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9
SHA512 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

MD5 80c49b0f2d195f702e5707ba632ae188
SHA1 e65161da245318d1f6fdc001e8b97b4fd0bc50e7
SHA256 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63
SHA512 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_health.json

MD5 11711337d2acc6c6a10e2fb79ac90187
SHA1 5583047c473c8045324519a4a432d06643de055d
SHA256 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565
SHA512 c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

MD5 a92a0fffc831e6c20431b070a7d16d5a
SHA1 da5bbe65f10e5385cbe09db3630ae636413b4e39
SHA256 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c
SHA512 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

MD5 70ba02dedd216430894d29940fc627c2
SHA1 f0c9aa816c6b0e171525a984fd844d3a8cabd505
SHA256 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34
SHA512 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_reference.json

MD5 567eaa19be0963b28b000826e8dd6c77
SHA1 7e4524c36113bbbafee34e38367b919964649583
SHA256 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49
SHA512 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

MD5 250acc54f92176775d6bdd8412432d9f
SHA1 a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65
SHA256 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54
SHA512 a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

MD5 c82700fcfcd9b5117176362d25f3e6f6
SHA1 a7ad40b40c7e8e5e11878f4702952a4014c5d22a
SHA256 c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780
SHA512 d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

MD5 bb45971231bd3501aba1cd07715e4c95
SHA1 ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a
SHA256 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d
SHA512 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\personality-provider\nb_model_build_attachment_travel.json

MD5 48139e5ba1c595568f59fe880d6e4e83
SHA1 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78
SHA256 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa
SHA512 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\bookmarkbackups\bookmarks-2024-11-14_11_vOM1VdUT+qREIZ1Ij4Ba5w==.jsonlz4

MD5 32c60277b80f4575e325e277ff3910e5
SHA1 b70a820bde0cdd7a1996c61a5b78c2099c97e892
SHA256 dd2c97285c6ea289db34ca3b0b4777f9e0b9f3336eb8573b6061dff5f7fd0355
SHA512 78c18e66d4582e4188e672089c9b49852ec88d6992759168bcf6af6c2c5f7de6876691d15b7dfcd88fe3251b26c980d6b3c7c6f84ed9f28b3cca53483c140b1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

MD5 cd40d3fedf07f3c506a3a5400f1fdcf7
SHA1 b89bd151ceccaec618e05833befb3ad36865019a
SHA256 cf92e130d689ccda0f32b6218d19f1c9df6f95c4efc82d857046ce2c0831ee4c
SHA512 2e58c595bb2390a570063d8d7cfd1c715814bbca6969d80c99e89ed6f66467eda072c1eebbbaee887e2b95c914b5240d5647d697074b06c2c3cd17cc62e5cf7d