General Info

File name

WannaCry.rar

Full analysis
https://app.any.run/tasks/f8b8d766-5874-4e9b-a867-ea3e5f76a0b7
Verdict
Malicious activity
Analysis date
3/14/2019, 15:55:17
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
ransomware
wannacry
wannacryptor
Indicators:

MIME:
application/x-rar
File info:
RAR archive data, v4, os: Win32
MD5

d2da608c8920265f8f959e479ad5f5f6

SHA1

5ca8b19fab7a3c918d014e22176c5ac65467c7af

SHA256

7b3851d48ac44cfca7159577d2ebbf4c4d25cb4427be016cdcad6b789b5f390b

SSDEEP

98304:ArThDpilnzgiBRZXH9mBH/8B0tnz746tE+:A3h0lkil39sG0tnHjE+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the autorun value in the registry
  • reg.exe (PID: 4044)
Application was dropped or rewritten from another process Loads the Task Scheduler COM API
  • wbengine.exe (PID: 212)
Loads dropped or rewritten executable
  • SearchProtocolHost.exe (PID: 952)
  • taskhsvc.exe (PID: 2164)
Starts BCDEDIT.EXE to disable recovery
  • cmd.exe (PID: 3384)
Deletes shadow copies
  • cmd.exe (PID: 3384)
WannaCry Ransomware was detected
  • cmd.exe (PID: 3120)
  • WannaCry.EXE (PID: 3236)
Dropped file may contain instructions of ransomware
  • WannaCry.EXE (PID: 3236)
Writes file to Word startup folder
  • WannaCry.EXE (PID: 3236)
Modifies files in Chrome extension folder
  • WannaCry.EXE (PID: 3236)
Actions looks like stealing of personal data
  • WannaCry.EXE (PID: 3236)
Uses REG.EXE to modify Windows registry
  • cmd.exe (PID: 3268)
Low-level read access rights to disk partition
  • wbengine.exe (PID: 212)
  • vds.exe (PID: 3280)
Connects to unusual port
  • taskhsvc.exe (PID: 2164)
Creates files in the Windows directory
  • wbadmin.exe (PID: 180)
Starts CMD.EXE for commands execution Creates files in the user directory
  • taskhsvc.exe (PID: 2164)
  • WannaCry.EXE (PID: 3236)
Executable content was dropped or overwritten Executes scripts
  • cmd.exe (PID: 3536)
Creates files like Ransomware instruction
  • WannaCry.EXE (PID: 3236)
Creates files in the program directory
  • WannaCry.EXE (PID: 3236)
Uses ATTRIB.EXE to modify file attributes
  • WannaCry.EXE (PID: 3236)
Uses ICACLS.EXE to modify access control list
  • WannaCry.EXE (PID: 3236)
Dropped object may contain Bitcoin addresses
  • WannaCry.EXE (PID: 3236)
  • taskhsvc.exe (PID: 2164)
Dropped object may contain URL to Tor Browser
  • WannaCry.EXE (PID: 3236)
Dropped object may contain TOR URL's
  • WannaCry.EXE (PID: 3236)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.rar
|   RAR compressed archive (v-4.x) (58.3%)
.rar
|   RAR compressed archive (gen) (41.6%)
EXIF
ZIP
CompressedSize:
3484594
UncompressedSize:
3514368
OperatingSystem:
Win32
ModifyDate:
2017:05:15 00:29:25
PackingMethod:
Normal
ArchivedFileName:
WannaCry.EXE

Screenshots

Processes

Total processes
71
Monitored processes
27
Malicious processes
6
Suspicious processes
1

Behavior graph

+
start drop and start drop and start drop and start drop and start drop and start winrar.exe no specs #WANNACRY wannacry.exe attrib.exe no specs icacls.exe no specs taskdl.exe no specs cmd.exe no specs cscript.exe no specs @[email protected] #WANNACRY cmd.exe no specs @[email protected] no specs taskhsvc.exe searchprotocolhost.exe no specs cmd.exe vssadmin.exe no specs vssvc.exe no specs wmic.exe no specs bcdedit.exe no specs bcdedit.exe no specs wbadmin.exe no specs wbengine.exe no specs vdsldr.exe no specs vds.exe no specs explorer.exe no specs taskdl.exe no specs @[email protected] no specs cmd.exe no specs reg.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
952
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\users\admin\desktop\wannacry.exe
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\users\admin\desktop\taskse.exe
c:\users\admin\desktop\taskdl.exe
c:\users\admin\desktop\@[email protected]
c:\windows\system32\notepad.exe
c:\windows\system32\linkinfo.dll
c:\users\admin\documents\@[email protected]
c:\users\admin\pictures\@[email protected]
c:\windows\ehome\ehepgres.dll
c:\users\admin\desktop\taskdata\tor\taskhsvc.exe
c:\users\admin\desktop\taskdata\tor\zlib1.dll
c:\users\admin\desktop\taskdata\tor\tor.exe
c:\users\admin\desktop\taskdata\tor\ssleay32.dll
c:\users\admin\desktop\taskdata\tor\libssp-0.dll
c:\users\admin\desktop\taskdata\tor\libgcc_s_sjlj-1.dll
c:\users\admin\desktop\taskdata\tor\libevent_extra-2-0-5.dll
c:\users\admin\desktop\taskdata\tor\libevent_core-2-0-5.dll
c:\users\admin\desktop\taskdata\tor\libevent-2-0-5.dll
c:\users\admin\desktop\taskdata\tor\libeay32.dll
c:\windows\system32\mctres.dll
c:\windows\system32\ieframe.dll
c:\program files\common files\system\wab32res.dll
c:\users\admin\downloads\@[email protected]
c:\program files\windows journal\journal.exe

PID
3020
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\WannaCry.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3236
CMD
"C:\Users\admin\Desktop\WannaCry.EXE"
Path
C:\Users\admin\Desktop\WannaCry.EXE
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
DiskPart
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\users\admin\desktop\wannacry.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\icacls.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\desktop\taskdl.exe
c:\windows\system32\ole32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\users\admin\desktop\@[email protected]

PID
2164
CMD
attrib +h .
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2300
CMD
icacls . /grant Everyone:F /T /C /Q
Path
C:\Windows\system32\icacls.exe
Indicators
No indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\icacls.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
2784
CMD
taskdl.exe
Path
C:\Users\admin\Desktop\taskdl.exe
Indicators
No indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
SQL Client Configuration Utility EXE
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\desktop\taskdl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\msvcrt.dll

PID
3536
CMD
cmd /c 95281552575347.bat
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cscript.exe

PID
640
CMD
cscript.exe //nologo m.vbs
Path
C:\Windows\system32\cscript.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Console Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\cscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\users\admin\desktop\@[email protected]
c:\windows\system32\profapi.dll
c:\windows\system32\netutils.dll

PID
2996
CMD
@[email protected] co
Path
C:\Users\admin\Desktop\@[email protected]
Indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Load PerfMon Counters
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\desktop\@[email protected]
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\users\admin\desktop\taskdata\tor\taskhsvc.exe

PID
3120
CMD
cmd.exe /c start /b @[email protected] vs
Path
C:\Windows\system32\cmd.exe
Indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\desktop\@[email protected]
c:\windows\system32\apphelp.dll

PID
4084
CMD
@[email protected] vs
Path
C:\Users\admin\Desktop\@[email protected]
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Load PerfMon Counters
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\desktop\@[email protected]
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
2164
CMD
TaskData\Tor\taskhsvc.exe
Path
C:\Users\admin\Desktop\TaskData\Tor\taskhsvc.exe
Indicators
Parent process
@[email protected]
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\users\admin\desktop\taskdata\tor\taskhsvc.exe
c:\windows\system32\kernel32.dll
c:\users\admin\desktop\taskdata\tor\libevent-2-0-5.dll
c:\users\admin\desktop\taskdata\tor\libssp-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\desktop\taskdata\tor\libgcc_s_sjlj-1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\users\admin\desktop\taskdata\tor\libeay32.dll
c:\users\admin\desktop\taskdata\tor\ssleay32.dll
c:\users\admin\desktop\taskdata\tor\zlib1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

PID
3384
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
Path
C:\Windows\System32\cmd.exe
Indicators
Parent process
@[email protected]
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\vssadmin.exe
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\wbadmin.exe

PID
2364
CMD
vssadmin delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll

PID
3144
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

PID
3340
CMD
wmic shadowcopy delete
Path
C:\Windows\System32\Wbem\WMIC.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

PID
3916
CMD
bcdedit /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
252
CMD
bcdedit /set {default} recoveryenabled no
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
180
CMD
wbadmin delete catalog -quiet
Path
C:\Windows\system32\wbadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® BLB Backup
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\credui.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\blb_ps.dll

PID
212
CMD
"C:\Windows\system32\wbengine.exe"
Path
C:\Windows\system32\wbengine.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Block Level Backup Engine Service EXE
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbengine.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\blb_ps.dll
c:\windows\system32\vds_ps.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll

PID
2432
CMD
C:\Windows\System32\vdsldr.exe -Embedding
Path
C:\Windows\System32\vdsldr.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Virtual Disk Service Loader
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vdsldr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\vdsutil.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vds_ps.dll

PID
3280
CMD
C:\Windows\System32\vds.exe
Path
C:\Windows\System32\vds.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Virtual Disk Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vds.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\osuninst.dll
c:\windows\system32\vdsutil.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uexfat.dll
c:\windows\system32\ulib.dll
c:\windows\system32\ifsutil.dll
c:\windows\system32\uudf.dll
c:\windows\system32\untfs.dll
c:\windows\system32\ufat.dll
c:\windows\system32\fmifs.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vds_ps.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\vdsdyn.dll
c:\windows\system32\vdsbas.dll
c:\windows\system32\vdsvd.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\hbaapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\iscsidsc.dll
c:\windows\system32\iscsium.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll

PID
2356
CMD
"C:\Windows\explorer.exe"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll

PID
2500
CMD
taskdl.exe
Path
C:\Users\admin\Desktop\taskdl.exe
Indicators
No indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
SQL Client Configuration Utility EXE
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\desktop\taskdl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\msvcrt.dll

PID
2200
CMD
@[email protected]
Path
C:\Users\admin\Desktop\@[email protected]
Indicators
No indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Load PerfMon Counters
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\desktop\@[email protected]
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\msls31.dll
c:\windows\system32\cryptbase.dll

PID
3268
CMD
cmd.exe /c reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "yyibsxxiapw107" /t REG_SZ /d "\"C:\Users\admin\Desktop\tasksche.exe\"" /f
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
WannaCry.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
4044
CMD
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "yyibsxxiapw107" /t REG_SZ /d "\"C:\Users\admin\Desktop\tasksche.exe\"" /f
Path
C:\Windows\system32\reg.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Registry Console Tool
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\reg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
1213
Read events
1171
Write events
42
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3020
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\WannaCry.rar
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000300101000000000039000000B40200000000000001000000
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000003201010000000000160000002A0000000000000002000000
3020
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000160102000000000016000000640000000000000003000000
3236
WannaCry.EXE
write
HKEY_CURRENT_USER\Software\WanaCrypt0r
wd
C:\Users\admin\Desktop
4084
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4084
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\eHome\ehepgres.dll,-304
Public Recorded TV
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\eHome\ehepgres.dll,-312
Sample Media
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\system32\MCTRes.dll,-200005
Websites for United States
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\System32\ieframe.dll,-12385
Favorites Bar
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Program Files\Common Files\system\wab32res.dll,-10100
Contacts
952
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Program Files\windows journal\journal.exe,-62005
Tablet PC
3916
bcdedit.exe
write
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{345b46fd-a9f9-11e7-a83c-e8a4f72b1d33}\Elements\250000e0
Element
0100000000000000
252
bcdedit.exe
write
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{345b46fd-a9f9-11e7-a83c-e8a4f72b1d33}\Elements\16000009
Element
00
4044
reg.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
yyibsxxiapw107
"C:\Users\admin\Desktop\tasksche.exe"

Files activity

Executable files
17
Suspicious files
510
Text files
60
Unknown types
9

Dropped files

PID
Process
Filename
Type
3236
WannaCry.EXE
C:\Users\admin\Desktop\taskdl.exe
executable
MD5: 4fef5e34143e646dbf9907c4374276f5
SHA256: 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
2996
C:\Users\admin\Desktop\TaskData\Tor\libeay32.dll
executable
MD5: 6ed47014c3bb259874d673fb3eaedc85
SHA256: 58be53d5012b3f45c1ca6f4897bece4773efbe1ccbf0be460061c183ee14ca19
3236
WannaCry.EXE
C:\Users\admin\Pictures\@[email protected]
executable
MD5: 7bf2b57f2a205768755c07f238fb32cc
SHA256: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
3236
WannaCry.EXE
C:\Users\admin\Downloads\@[email protected]
executable
MD5: 7bf2b57f2a205768755c07f238fb32cc
SHA256: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
2996
C:\Users\admin\Desktop\TaskData\Tor\ssleay32.dll
executable
MD5: a12c2040f6fddd34e7acb42f18dd6bdc
SHA256: bd70ba598316980833f78b05f7eeaef3e0f811a7c64196bf80901d155cb647c1
3236
WannaCry.EXE
C:\Users\admin\Desktop\@[email protected]
executable
MD5: 7bf2b57f2a205768755c07f238fb32cc
SHA256: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
2996
C:\Users\admin\Desktop\TaskData\Tor\tor.exe
executable
MD5: fe7eb54691ad6e6af77f8a9a0b6de26d
SHA256: e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
3236
WannaCry.EXE
C:\Users\admin\Desktop\u.wnry
executable
MD5: 7bf2b57f2a205768755c07f238fb32cc
SHA256: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
2996
C:\Users\admin\Desktop\TaskData\Tor\taskhsvc.exe
executable
MD5: fe7eb54691ad6e6af77f8a9a0b6de26d
SHA256: e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
3236
WannaCry.EXE
C:\Users\admin\Desktop\taskse.exe
executable
MD5: 8495400f199ac77853c53b5a3f278f3e
SHA256: 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
2996
C:\Users\admin\Desktop\TaskData\Tor\libevent-2-0-5.dll
executable
MD5: 90f50a285efa5dd9c7fddce786bdef25
SHA256: 77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f
2996
C:\Users\admin\Desktop\TaskData\Tor\zlib1.dll
executable
MD5: fb072e9f69afdb57179f59b512f828a4
SHA256: 66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383
2996
C:\Users\admin\Desktop\TaskData\Tor\libevent_core-2-0-5.dll
executable
MD5: e5df3824f2fcad0c75fd601fcf37ee70
SHA256: 5cd126b4f8c77bdf0c5c980761a9c84411586951122131f13b0640db83f792d8
2996
C:\Users\admin\Desktop\TaskData\Tor\libevent_extra-2-0-5.dll
executable
MD5: 6d6602388ab232ca9e8633462e683739
SHA256: 957d58061a42ca343064ec5fb0397950f52aedf0594a18867d1339d5fbb12e7e
2996
C:\Users\admin\Desktop\TaskData\Tor\libssp-0.dll
executable
MD5: 78581e243e2b41b17452da8d0b5b2a48
SHA256: f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f
2996
C:\Users\admin\Desktop\TaskData\Tor\libgcc_s_sjlj-1.dll
executable
MD5: 73d4823075762ee2837950726baa2af9
SHA256: 9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b
3236
WannaCry.EXE
C:\Users\admin\Documents\@[email protected]
executable
MD5: 7bf2b57f2a205768755c07f238fb32cc
SHA256: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 6e30ae86872e9c606a4aa2c2b283e3d0
SHA256: 9e1f0facada1f4b730d457adc89c8d954c1aac5bd10a4b1e53c2e4edc7dd80a5
2200
C:\Users\admin\Desktop\@[email protected]
image
MD5: c17170262312f3be7027bc2ca825bf0c
SHA256: d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
3236
WannaCry.EXE
C:\Users\admin\Desktop\c.wnry
abr
MD5: 1d8b6a090575815b56ec41bfe70a7a1d
SHA256: 43cda1e6ab4bdc17474ff6c663e3afc6fd539bfbba7fd86f3df68e48f67aba08
3236
WannaCry.EXE
C:\Users\admin\Desktop\00000000.res
binary
MD5: ef2114c47c37ef0573a46cee20162527
SHA256: b4f5eaa7732ead1bf0794ad2d4270d4426c7f8d3b7066afd23fa6ded0bb65237
2164
taskhsvc.exe
C:\Users\admin\AppData\Roaming\tor\cached-microdescs.new
text
MD5: 95f46ca2ee01f6a07ff30c80c43e6db0
SHA256: 05c540c86ccec5875ce889e7648607e4ba39368c237154c0616ae8f6aa1ca485
2164
taskhsvc.exe
C:\Users\admin\AppData\Roaming\tor\cached-microdescs.new
text
MD5: 093e1f18f6868141524547a3d4fb4a9c
SHA256: 6071c82936f73270a0be0e8b5e3eb9a173783ee7e0e3288820b68d5a515cf968
2164
taskhsvc.exe
C:\Users\admin\AppData\Roaming\tor\cached-microdescs.new
text
MD5: 442dc395a42221485c69f7f1923d4a91
SHA256: e68fb795d29b72b32cd48cbbb97921885b36e404c7ab7e088b8a618f734c9eaf
2164
taskhsvc.exe
C:\Users\admin\AppData\Roaming\tor\cached-microdescs.new
text
MD5: 758b385fa3f67dfd0d1a88df361b8374
SHA256: d3b3b95127b5a8053953a3f6ef9ffc6e655fedaa5c8b010e3a3eafe927c56892
2164
taskhsvc.exe
C:\Users\admin\AppData\Roaming\tor\cached-microdescs.new
text
MD5: c56d7d0fb34e509b7abafed7660bb5e0
SHA256: dbae491b883ccdcba1e283d6a96e724966c3e7c4dd99f7aae97d74f6399273b7
2164
taskhsvc.exe
C:\Users\admin\AppData\Roaming\tor\cached-microdesc-consensus
text
MD5: 2f87df5b56e8a2b2a176feb33fb3761a
SHA256: da18fb463ff1ac05b0dd6ed3696478f4bc8f39afe411427363339a287d26747d
3236
WannaCry.EXE
C:\Users\admin\Desktop\00000000.res
binary
MD5: 1b46d6ee0b83d8eb2a281b16343a84ac
SHA256: e90bf7e5df5b39cc62d16e840cfe43af3288cb8af196b128929ebdfc531587fe
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.WNCRY
binary
MD5: fb067edf354a9deafa1993caa29ccd75
SHA256: fab27c20d86bae9883c3aba17899a03704aeac61b167dbf26c9c7f17126d883d
3236
WannaCry.EXE
C:\Users\admin\Desktop\@[email protected]
image
MD5: c17170262312f3be7027bc2ca825bf0c
SHA256: d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\TRRBlacklist.txt.WNCRY
binary
MD5: 2473fba236c46b9adcf9b4ada1fcc649
SHA256: e541cccaeb963d1e09a24f219244ff5c836b75e23bf2324029dd491e9098e32e
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\TRRBlacklist.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.WNCRY
binary
MD5: 5968e23ee03b84ecc5f96da3ee3f2d73
SHA256: 7d87abafa6b2c4982f3a7449a47c556f6884b2d877695b26de165c22699f927b
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.WNCRY
binary
MD5: bc4a37783ec5970782a1c01ff3ed573a
SHA256: e6e02698490d701bd2966c530e20a023c83db5473ebcb1a34eb6c42d2c0e1f99
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SecurityPreloadState.txt.WNCRY
binary
MD5: 8b912a8ccf828a97070c5ef3bfb45949
SHA256: 83c2daa9bf8ab18e0177cf333c06c26b0c83cdd1e1b271023cfb22383a1b9c1d
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SecurityPreloadState.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt.WNCRY
binary
MD5: 44a582bfcd19526d57889f3411705c32
SHA256: 9c866b1b6d69da1a673de49f36cb9dbec85a1dd39113f9cfe9766e10a84392d3
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt.WNCRY
binary
MD5: b873cdb6d2e01c229cfb3f049138e35a
SHA256: 0f65b2a35ceb6f526709dcff406d3e2f244c8f9785c62108bca5b7eb9ffa8374
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\AlternateServices.txt.WNCRY
binary
MD5: af5611e86c85df7d7e818ed95a272145
SHA256: 6abafb77ff29ff1dfff0d7b5db6d65beb259c2162bc8b4a99186bbfd59950db0
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\AlternateServices.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt.WNCRY
binary
MD5: a8eb16fd5a82e20600af915b5ac16581
SHA256: a6c1209165656c4d84636f8a35825a306bb9a4f0e9edd98f3d663cba7719592d
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt.WNCRY
binary
MD5: 759629e241dac5630cfeede65909804c
SHA256: f2b2020898821f8dbba05ddee731088e72fbc16f6c0beef56b3ed615f744599a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Steam\widevine\win-ia32\LICENSE.txt.WNCRY
binary
MD5: 1dca0f10e6ead9977bbd4e11d7f2050e
SHA256: 107b4900452d5e08f3e8eb32dd7b0814efbb99a87ea2015717754571a2f6b57b
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: b0af47c8c18b061aea41ba09ed2a8053
SHA256: 26ed03b7f3d89cbd53f322b521c5e797a73465733749f9504c1efd2686e98109
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Steam\widevine\win-ia32\LICENSE.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 4394467f18de88d60c648e508942a76d
SHA256: fc5de00d107130351478881920428c3b83ce0d721f8e3a3d5c1602ce1dda49b1
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\ticked_not_10x10.png.WNCRY
binary
MD5: 9896e975e7cbef37dd124bedba151a60
SHA256: 26469f261e7af7e2d5c3c1117d8593acee7e0b97b0e0d2bcfaf81dfdecb4c937
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\ticked_not_10x10.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\ticked_10x10.png.WNCRY
binary
MD5: d278f7d50e1526b08de959650dfa3d90
SHA256: 71ed316d0069f19e987e3e7a1a9ddd2bcf6c2754a22aba35c71930ead9312d89
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-xbox-25x25.png.WNCRY
binary
MD5: e87be225da278ac4581c17c60c8acbeb
SHA256: 2999f3021727ee51cda48dca9a38f18068d4461feff93dff10ab2e461ec09615
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 819c65b42688e0b0e8470a0a942427d9
SHA256: 2dfdd3efa8994217ffb1d331177bd142d437113a8423e73bad9d0004f18e370d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-win-25x25.png.WNCRY
binary
MD5: 1b6fa567502945ce53e2043be1f6b807
SHA256: c7a61ecd6e834f11f70c8ec05f1c916a36a6f2eea3ce973ea3059eba4c0434b1
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\ticked_10x10.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-win-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-xbox-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-cloud-35x25.png.WNCRY
binary
MD5: ad4ee639ca9bb73849244000e1f36f35
SHA256: a000212fbba88748e0a9aae12fae69182d67d66ef31a01c9ca7e368c66d843ff
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-skype-25x25.png.WNCRY
binary
MD5: 11f5e3de2b0bbfbba09a4fbbb1751b1f
SHA256: ef706eac86fc7fedaa5ba34f6bacf20f53ba55777aeed3926737af8b976c740d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-office-25x25.png.WNCRY
binary
MD5: c4641b1486a47ea728b9ce9032cf6692
SHA256: 760836986786944b5845e6ca4c554c342bc0198c7af30b47a84bf07657b800cc
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: b992178e2447f7a1b7531fb52a0e5b84
SHA256: 594ffb426fb6781c2df215cd61a3c1811ddab92ba531229d9452083e3ef193bd
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-cloud-35x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-office-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-skype-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: f30680a9c571515532ca2cba5944c37e
SHA256: 0b5e497d103c94de5d8ff6eafb366852d007b9b22209c835056deed305041380
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\dropdown_32x32.png.WNCRY
binary
MD5: 9309c9f9f35626265fed4e1fe404d50a
SHA256: 4f7d75ca714c5cd2088fd330f952e12b9db477523816ac6e224ad871a0a68bca
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: b336e6a9ea6f1c7181a4a311b0e39250
SHA256: 90ecf161286ad02d5542d27e2902f558fb3453a27064df07d94ee4bae6d132b7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\exclamation_20x20.png.WNCRY
binary
MD5: 3ce25599e9125754eb8676d254f29a83
SHA256: 44b8e5140c294440ad323f25ea06e196dbe5adf398e765662db5949fa9ec0b82
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 57afc150e81242e124ac507f29117d4e
SHA256: 6476745d2aa6ea8f6338cb4d2521364fd5f77f04f0139028a7867f7e309ae526
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\dropdown_hover_32x32.png.WNCRY
binary
MD5: 2bc490e7446efa3d8a656b0628861b1b
SHA256: 1545f5490de67db45172e044d27cc55f4139b052d5c431528dd4e77f3160e0ec
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\dropdown_hover_32x32.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\dropdown_32x32.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\exclamation_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-middle-35x35.png.WNCRY
binary
MD5: 62d9ff13845644797c0ea8e26f536ec3
SHA256: e16e3847ebbd0da7c5c1315dab020b17c00edd2e419524776910ba00409fedce
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\capslock_20x20.png.WNCRY
binary
MD5: 6a101aafcda46bed1630ea4b4cc8a87b
SHA256: 7377ca88da7aafc251b52b46406891d2a32395440fc9cd071f1d4ca2217031bf
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: d979af2b466b53563d636c564c9c4c4d
SHA256: f31ff80f5740847f112134baa05683bdb7d2b493cd6c464737d8027acb59b493
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-right-35x35.png.WNCRY
binary
MD5: 61994cccde5fd9d308a45bbf2455ca34
SHA256: c7cc0a2e46c73b767322b341e565057d83c344727e8d63907fa09a282c4bd4bc
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 776ef2f6c22853f79694545eb427f86a
SHA256: b0f60f9fb7011d7e9eea5e6580d54ba2131270394905d265c621fb6cb4c75c8a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-right-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\capslock_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-middle-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: beaa349e1ffc94637671a9ec70315998
SHA256: 8384ad5b2730ed09d20cc366bf035a1083d304b33ed8da3049e377b8896fbb37
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-left-35x35.png.WNCRY
binary
MD5: 1dfe46f397a8af48e8b52cd2397c3a0a
SHA256: 19e262d888a73975a4b194dcb53160b3c90028d4bd150736b64e57132b8465dd
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 94a9d7a30be2b621dc77df31939bb4f4
SHA256: 7470be02c4ff2de784a9704c54ccce5f744d6e142731400d920dde41edfd4faa
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\arrow_up_20x20.png.WNCRY
binary
MD5: 5c6aa0771d765bafde15ce2b3678cb9f
SHA256: 5fd76e66a48714e2d6d6fee0994bb73066680687db039a2327a939102417fc5f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\arrow_up_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-left-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 69b0dfc8a8d037630b9ead1853360423
SHA256: 60edee4702a2a8e1598cd381de705541ff12aacfb1cded3cd2a0e26bb3df16bd
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 23ae1b8c911dda870963208e582cd2b1
SHA256: 84fc516feff9a995dc8ff94c2929bc7aa99c168985eebf5441faf716d212861b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 9b6ba21ca7c5ead6e3453767d51304d7
SHA256: 89cfb43170a849b2233c2aa2596ca68f8b64f7bfeee4f60cba20d663b4761dcb
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: a9947774ff558c7d691642a3c320d5d4
SHA256: 97c29441fab4c2bf35e84f73f3c457f73e4b089eb39e5733d9e99ca2e1507388
3236
WannaCry.EXE
C:\Users\admin\Desktop\f.wnry
text
MD5: ff2a2c343726cf7d8b651374fa7e4b24
SHA256: 522769ed0b58dfdbe375613322604cd5125730d18ea8011eb5c14afe55053cd0
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 2cccc45ca3bcb0105b1d2ea8dd7fff76
SHA256: aa43df46f9a7f9ff8ffc9f9ebe6f59a9ff85e31ffb5cfdc400d6a45af46cec22
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: a2c288ba57c30fffbd04f551771c2483
SHA256: 88d947b3cf9706d65cf01fc0021b2c39b538d80a7c5d90dd5c19fec2195a812c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 30ded0be1a0e949796f73d3684992a8f
SHA256: 3191a13b5dc2e4b19a608059df05133c9011394724862123cbbae65e944b529c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: ddc4d38851e737f922f117f0e43f011c
SHA256: 3b67924d74683cbf46caa345f28f5b0bf07248302c1f56c5c90e75781698924b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: a48580265a17734a42c6d0882e044900
SHA256: 596cdbe01e75b2d76b017f1a4bb082f8877a749e3e858a7a27d11a384f14c5c4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 2e8e74abe8ecf009e49a643329baff31
SHA256: 910ebc46d7a9907476bea84728e5996e2d97e275fcc3fdd33f66a31ad22c5a10
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 60cf4d22bc09d634544c461e1882dfbc
SHA256: 2bce93f523578fde0280068d6865f29f7ced3fec124a12ab842912061bd64268
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 31c474888dbce8b0281fd4a69c384d84
SHA256: 245a6b178e1f3ebb84441c6a9ae4957267c1edfc72a58f251bd327e9192e0f10
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 69daafe084d9632025a47e897ea8af7c
SHA256: 27aac2f2223b93d0e1e2d4b96959480c352c48456294251aefb54ddc36eed117
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 16935b3983c311c63859fd2bea4e01d7
SHA256: b4591263a0ffa2349ee492a48fdf926cc200cb8e469ecb54d0e56e34e3ea58ab
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 94a0cc254c7fa4bd5af2b11b75b9425f
SHA256: fefdbe300c294b5384f805f334a25ac21148b7e26cf4b26946a2d30cc2291c96
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\ticked_not_10x10.png.WNCRY
binary
MD5: 352c8ee1b4eee5c7cadf429c92d8fb04
SHA256: 4b3adb339da16189173e899d864e81c3a94ec9553303ea8f2f60bf2cd1519872
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-win-25x25.png.WNCRY
binary
MD5: 50008f99a12ebc39ecb9c4f9fb2a900c
SHA256: 58b625b87f83e165ce0d198d141c0c763c57eecfd936847b734ff6bdfbda48da
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 4baf2948170b2a7ca29082b3de88fa1f
SHA256: 90253832dd9157837df74485ac1c97de8b91d6a59415f185b8dec7e1e3178379
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\ticked_10x10.png.WNCRY
binary
MD5: e9e459cd3a05d8129611a0fd640fcc51
SHA256: e6afeb5eef710fa17c6b9ea321655fadeae13b0de0e979dc649e33975ac00b1c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\ticked_10x10.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\ticked_not_10x10.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-win-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-office-25x25.png.WNCRY
binary
MD5: 1d6e549888b527b7ab37a2a246be6470
SHA256: 2d19896c9c3f64651ab721908d37ee4506cc2d4dfa8d832d6aeada4c6c9a8ac6
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\exclamation_20x20.png.WNCRY
binary
MD5: 710003277d30030590395507d84c7d9d
SHA256: 8a01c1651ed296a702acda12c1a96cd911be69f78c3fb01dd15c9ae220aeca0c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: c0ce6d52d30242911d700f2f2a374206
SHA256: 47c50ed6bd452706a5c446a61073efa87ee2e8ecc7dd0eb9af5d6b469b77232b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-cloud-35x25.png.WNCRY
binary
MD5: c3b29a8c2c6715a965e22e6f4a010f3f
SHA256: 4b13a3b27d635fb1db2ab647cd95dec6ba2eb2cec26e0e7e94951afdf2666e32
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 57e581a647adf28ba315b28c025d40f9
SHA256: 481a1a78466f2b4bc3bf589f19c43998a141be1d61e23dc1982f1513ad418212
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\dropdown_hover_32x32.png.WNCRY
binary
MD5: 860a40c549a0fa04a852730ac4f01090
SHA256: e61b61f09efb0110f00d26524bbcb7e997bfa1e5321326f6373e8023f8f3cc0e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\dropdown_hover_32x32.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-cloud-35x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\exclamation_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-office-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\dropdown_32x32.png.WNCRY
binary
MD5: acc30e09b94cc107c9bfa1ef9b9827dc
SHA256: 4c89e260b88bd84c97ef62572a9e384ab68f3b0ccaeb58d7de4b7ee010070608
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\capslock_20x20.png.WNCRY
binary
MD5: 6eeba9dc6d4927ed840174161865f0b2
SHA256: dfec7b24c4e330cd3e3247e88f5585bcc51601d39d2f66d2ed30319d93f64eae
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\caret_left.png.WNCRY
binary
MD5: f5e9dba2c9210dc404c2a6f082958c96
SHA256: 34d3696e4b61c876b7604183beea051aca122ea6fb5894ee0b04d08f9f0c3f43
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 8e6eb643d127deb5b6446692e374d97b
SHA256: f063a84829feddd6110fb9c1775b78aea0064dc91c2b0da173c4b09ec63f029c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\caret_right.png.WNCRY
binary
MD5: 3f005d15c51c9fbda4b176245e48520f
SHA256: 4bdba6fef21c5605a0aec694a5a8fe3d5627d1db8a0cf2953b692e2956836079
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\caret_left.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\capslock_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\caret_right.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\dropdown_32x32.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 220ec7e3c14acf18cf6950e0cc5b2fdc
SHA256: 67cbc2965f26270e3e302584630d02aee869b7db2939379592351c45dd6f0f70
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 36eb509953fabe42431c44225aeb6a50
SHA256: a9d7bc1f7613a28f1550f711792708559604cd29cd319d2261b41f46a69bd1c7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-right-35x35.png.WNCRY
binary
MD5: 108e8eabf8b9e132dfa0a87278a43838
SHA256: 3b289fbe2efc253562a7f4372c3e04334ab54a5c7c8179c9f81a8cc57bb9b18f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-middle-35x35.png.WNCRY
binary
MD5: f3000d355d9db0f413455ec568c0df11
SHA256: b43e0c9375c70a0965d54cea644042ff50ba2d0673189fc0a996e2126c7c9b37
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-right-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 6dbd45f5815499344d32110a52024af4
SHA256: 15b17f2bf731c757f85f11d56beb6a890d6248b64ff192c942ba8986531ced2f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-left-35x35.png.WNCRY
binary
MD5: 6155f4471f83ecdef933c8f9c723b501
SHA256: 6520c1da7cb9898e7c836d54fb4927f72adf033b1f9ee7bd347c78db488717b5
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-left-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-middle-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: be5cfa8a7f3581c06d8d57accbccd913
SHA256: bc08ab3eff3fee2a1c07f130534a9347005e6a65802b660a1e5a2152c2a8674b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-right-35x35.png.WNCRY
binary
MD5: 840a3f6b723c818c7b472fc6bfd288d9
SHA256: ff83d50e683641f38d09f5414886fc430faa65e46b6dfc2de12581759ad58642
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-right-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: c8832d0841a2e52ff1ce8183a1d6e946
SHA256: 3aaaed205df62b0fe62500c99fa3788c420dc8706998153e4e6676520a897831
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-middle-35x35.png.WNCRY
binary
MD5: 53177ffd8bf411da62b07b1aa133bb60
SHA256: 57b14a50cc0aae80f901b26754d60cdbb3728abd6315d9e298c24331576d3b1b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: b73467815a31ff55d8f54bcabc31fe21
SHA256: 9d740d10a18bc35045c69905b7bf0b006dfb4af12f4513f6d7116130b4e0c300
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-middle-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-left-35x35.png.WNCRY
binary
MD5: 733dedc5048084db56dd3d754c9d245d
SHA256: f6a94edfad4e610c0aadfb7746b3de7db65e664cbd6bac4c4a2cf8af3e789282
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 32ea2b69aa103476357665abfe515369
SHA256: c857e5286113f642bb70719d40c1c3c4942619462e5d2945b642144f147799d7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-left-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\back_20x20.png.WNCRY
binary
MD5: 6db6e4a3885e5cd16194af9a0e0e448f
SHA256: cd54ce5a65430e205933087bb99caa65c0c408ac95caf0a69c494206ca251b9e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\arrow_up_20x20_8bit.png.WNCRY
binary
MD5: 7985779d4a52b7e65897ef7939ce7519
SHA256: cf4cabad10eb147185ee0f8ba2728c200a98eb61f9d197d3a8e3732a666aefdb
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\back_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\arrow_up_20x20_8bit.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\arrow_up_20x20.png.WNCRY
binary
MD5: 2a9de8bdc5fff734f91da2ada819d9ee
SHA256: c1d8877114893b3eba018b40e7828e492300ac8107a60997b6314277eab923d9
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\ticked_not_10x10.png.WNCRY
binary
MD5: f0fba00d31860ab5ed449bad7503b711
SHA256: 9ce4dadd38003fee2fd659d4583c7863a727483865cf42aa0f4cf8254f6e28c0
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 11d52d015666725efdfecc681f752aa8
SHA256: 5b9c71e36171f8592d29d913abdc4b15d5156ead15d1b27a946d99b8e8408e1f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 6d7d750fd9ba1f03af80b30463d5d90d
SHA256: cf0fc8249495712a2a898376e33b80185b5420f883fe3e8e19c12303217002e4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\ticked_not_10x10.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\arrow_up_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-xbox-25x25.png.WNCRY
binary
MD5: 566084e3ec26b04c44714e0a8886d85a
SHA256: fb8dc80a107b7e95912ffbddbb5e06b1558ae1fdd3cedc35a2433b948e2ba25b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: fc1d62dd21797e7ab9d784679714f857
SHA256: fc58bbb091196e02eee272e6660230aeaa1ca0708361f25b2cd8da7589fdfbc3
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-win-25x25.png.WNCRY
binary
MD5: 9569a6dd6d58adac95d5d794349e5607
SHA256: de30e983853cfcd0194cf6637d824f22cfaafd961f18fb81d1db6b2205da4bb4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\ticked_10x10.png.WNCRY
binary
MD5: f80b1eaf57dd0e43d7d13174d64414a0
SHA256: af8c91515318f17501b2bcbebb950b9d9256267a5c1f2ecf4f6ec2d4fc73b922
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 872ca3ab594dcedf0d49cef2d2dba1af
SHA256: 476d08fc0ef0fa903a985632c08e7a6ba45d45aa133b6eaa52af562f9a5c7a94
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-win-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-xbox-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\ticked_10x10.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-office-25x25.png.WNCRY
binary
MD5: 24969015bb5ee88db6e11caeb8ff3106
SHA256: d29ce04e46b9ee4844b44615513f7380ac82426cd8bd8916d8f45cc1323729fa
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\exclamation_20x20.png.WNCRY
binary
MD5: 5787e334b0a94904903de3ed964c9611
SHA256: e0aa5f03b801a38d0bc79267e58ae07e817d2a1193644f7b0d42c18ef4ec38a8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 934205e95c564d2b5c8d72a8fef86f81
SHA256: 6e2db1d60d90d1463eb26bfb483db32bdc33e9db9a0c402b18fa607ebafae57e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-skype-25x25.png.WNCRY
binary
MD5: 24a282030b20225d70118b3b3208ab2a
SHA256: 54010c7c79f014bfe868755b62892161aba07842852d92c4b270c218844d0bf4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: f4b57e061cb5fb217618c06f552fdb29
SHA256: 01bf03f43b43298e0590c76fdb8a6773eecd08f19f2dfc78525dbd32fff97710
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-cloud-35x25.png.WNCRY
binary
MD5: cb2e19a60b8b7e5c53ddf42619bb1362
SHA256: fb9a77070cd94d711db07ae61d9261564c3dfe4429b43f50030bf39389b8bf23
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-office-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-cloud-35x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\exclamation_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-skype-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: e6c70c38a24130173ce1dd66895a2b4d
SHA256: bd011f5651cd1ba1d9c9e1c23cef6eca712e47a61eb93646ad3855db0d4a3d0d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 1bb516ec01544a00680c171417cc715a
SHA256: 20b7937124dc475d9f093280021f31177b1270404fdc840e443581f8339657c7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\dropdown_32x32.png.WNCRY
binary
MD5: e1d5e95aed811aae0e4369bf20d6c05b
SHA256: cb0aeb1c4f0186b1eed7b09369ff43010224957b56c7614b7430105b88ea6762
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 2cdf461f21023e4db35b8bb1a384c55a
SHA256: 0d2d35a24c06e680d7b682a2e031bf0a17df7ee590212b7f87f6c5b5324be6cd
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\capslock_20x20.png.WNCRY
binary
MD5: d723d408535389a201eb6ace6b9d7428
SHA256: 205832e5bbd30f7dd34b323adf038dd54e580c09242989489adda7a435e94e47
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\dropdown_hover_32x32.png.WNCRY
binary
MD5: d4a0225c32c4e4c6e767f7ad30e27aad
SHA256: 217ea9b2a85def5f91f20582d6e2de96e85bdef8fcdd9d5962d138db8c31dbf3
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-right-35x35.png.WNCRY
binary
MD5: 94df888e496449a4ac00232f4db42b5e
SHA256: d7808ea40bce3fa27bc3879cc89eb1ebf8cad0d396a5e631e17e2e0cbc067cb9
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: d6ff75a0398f86ff1cf0418466607e91
SHA256: 9d3be8b970afe98fcc4b79f051dcb8fb13b891d3388515dc5c0b5c1ead38ae7e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-right-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\dropdown_32x32.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\dropdown_hover_32x32.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\capslock_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-middle-35x35.png.WNCRY
binary
MD5: 7b15457c83013911c2e1b79120b3b670
SHA256: 548c06858dafa765ae20e473cc3e993b16c3146f85d96aa92ee950727dc55f38
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 7d072685337b05f8f6972a0996c1e280
SHA256: efb72e9ffafb5d920620507dd929593cd620e142b24a3f9e836046136f148d55
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-left-35x35.png.WNCRY
binary
MD5: 0709186555a17c4ddf59fab6e171b436
SHA256: b898235f7c1d008a3a649fcd1c27e36b68466e04e39649926642f35c149db6c2
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-middle-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-left-35x35.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\back_20x20.png.WNCRY
binary
MD5: 0028e0239c0bffec292287fc66888c94
SHA256: be52cf311abf76656d39de26ec8b19943fb65d93d4d91301f760ddbd54d7b45d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: fab2f45389449aee0680daf096af6f68
SHA256: 924b0a478a1880912c1557e541d8da1526dc8b0372c18e57ca2f5bcddd30bf8c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 9e26b54741ac9300aae0ad390851c26c
SHA256: e9e87115071bf899a20a4085c6f3612e6a0a001500195b1bf7554cc804e1a5cd
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\arrow_up_20x20.png.WNCRY
binary
MD5: 1bd72b394067f87b3252b1491db30a80
SHA256: f855cb0732fa16aa4f0977f16620cbb002a5bb6ef7d4613fe6f13352e427015b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\back_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\arrow_up_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skype.png.WNCRY
binary
MD5: 06ac473d429db3189e2cc5eef8d339be
SHA256: 0b5171667551b4d5ac9b773addcbbc949468bc5cc20acbd02adda88702245e37
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skypeicon.png.WNCRY
binary
MD5: 188bfab009ec6e8222eee6ed0efeb9ce
SHA256: b4d475fc59563e4b93d21c579ac3136f4d385eb31fd032a860d56c98a0be4506
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\plus.png.WNCRY
binary
MD5: 6ae00f2b20c756948cea2bfc2dff8bbb
SHA256: 7be3c3b084a4e95c321bee11c08f90fecf89da48a0df95521d3198c21fadd461
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccountOverlay.png.WNCRY
binary
MD5: 12d07f567fb2162ad8f636142448e38d
SHA256: a656f833f762d18eeadc1bb2a0f0aca170571d427ddbccabacb275cbf0350c45
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skypeicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\plus.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skype.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccountOverlay.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageBottom.png.WNCRY
binary
MD5: bbf5fe534d624da97dfa687f11027dcb
SHA256: c26858bb6de9219a6bb10d9a37fee5ec5f0e65462cfb094379d1f3ad57ebdcf1
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageTopShort.png.WNCRY
binary
MD5: 7a9507b05e0b34707faa65083bb4f202
SHA256: bc5fc83354f9abc91e148e4001164110d667f81ec7f01d0bce9ea9d9375f8d3c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccountColour.png.WNCRY
binary
MD5: 4e6c9ed821c7d3dcf4923d1f21481e6c
SHA256: 8a82c2700948c0708c10f08c1c1768fff728b52a977036365b6317a32b3d16ca
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccount.png.WNCRY
binary
MD5: f62a907a8311deab96fb8a6588847207
SHA256: 00a5969d06eebe70546b16d2dd60051d10b565aeddc552a615bc80092b12f399
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageBottomShort.png.WNCRY
binary
MD5: e3a4caa165ec19e7de285e51a1cc15da
SHA256: 8b207a0963133937cedda28371c8d673c279cef57dc2044ca6bc5215ffa1aaf6
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageTop.png.WNCRY
binary
MD5: c60e919412d3e6837c8a26827c93f0e8
SHA256: 1a25d9569428f8b2dbe0eb2fefec7b87a09e37d27512ddea63fbc4104f5b8a1c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccountColour.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccount.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageTopShort.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageTop.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageBottomShort.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\checkbox.png.WNCRY
binary
MD5: af6b41b9a4b3ab03bacaa5c1dba5481a
SHA256: 07d2ebe4f43b7e6b8f34f120304fded5d3364accd9997ebb526d2cccdecd509a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\connection.png.WNCRY
binary
MD5: 5a8ad0456e69ef8940723eee1047d5c0
SHA256: 125fbdf0b2657ecf10625008037cc2295f4965500d9fd16729c950b9c80c3424
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login.js.WNCRY
binary
MD5: 33b2bf6b403e0050d4234ec5a89fcde6
SHA256: e352ac585cd74c53db1b0099bcb9e761a3bb05dd63dfb938d84e86a658985050
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fxing%2Ffavicon.png.WNCRY
binary
MD5: 71285dfdee103b30b1ad3584a3c33354
SHA256: c11f497d5cbc01139582b3ee33711e765b7304b7057a4b5a9cba410c8eee4805
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\facebook.png.WNCRY
binary
MD5: 2448a30c168653254dccb7b40083c86a
SHA256: a1e1a49a2737c461b4846e05cb1226116ebbf546af4d41eb7e2c446dd9ce66e8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\checkbox.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageBottom.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\facebook.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\connection.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fwikipedia%2Ffavicon.png.WNCRY
binary
MD5: 252220ddbbe930c5bfba316c2ada931c
SHA256: c565cc7125b11b9e6aeb1f6d0187ee7d9cdea857b3b65c2e1ef2156744cc1b9a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fwikipedia%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fxing%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fsuperdry%2Ffavicon.png.WNCRY
binary
MD5: c58d5332dce5b2d34a07e554127acc07
SHA256: a9653bf3325d36f79ea6976673086ce2b40eb2e241cf978e4e3a697694127b8f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fsportscheck%2Ffavicon.png.WNCRY
binary
MD5: 2640a7422286b11c42c2f256587efb5c
SHA256: be6bfe2eeea58201a755d078063049491b54769c9e0584a80e68f1ffbcee7ccb
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Ftravel%2Fde%2Ffavicon.png.WNCRY
binary
MD5: 75e30150cba9a80c3cc5d809802b3875
SHA256: 56f4f98bfa6843487b389b91923d240d2ac1a8c0564ac774e5e28ab8719fc5da
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fsportscheck%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fsuperdry%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Ftravel%2Fde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping3%2Fde%2Ffavicon.png.WNCRY
binary
MD5: 626b5b97ae27a69183ffddb0e14ecfe1
SHA256: c24825cca33a4de1141105c4fc78207feaeac58ceadfcc07d6a12f3cc04461e7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping5%2Fde%2Ffavicon.png.WNCRY
binary
MD5: bb79b9e9168a6daabcaf577cc0277313
SHA256: f1e1fd5b6c676feeae987f8604ee0069b99564914f4edddc94910449dd08ef3d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping4%2Fde%2Ffavicon.png.WNCRY
binary
MD5: c0cbb56e7eef9d8824e4195f04639d55
SHA256: cc1d6e2efb5d00df91e2b7cd911b59edd595ee4539d6c6a632a191e4852881eb
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping5%2Fde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping4%2Fde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping3%2Fde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fproperty%2Fde%2Ffavicon.png.WNCRY
binary
MD5: ca17c491a00d3fa38d227b67ece272d4
SHA256: e78fbe7796a32ea861fc89d4b76c21642b20bb395d2cf3fca6f6b6d7656dc2b9
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fmeingutscheincode%2Ffavicon.png.WNCRY
binary
MD5: 263aca1b691cedbcfb85e866af2697a7
SHA256: 9aefc4e6749b6698f2275a7056a39c8fd63a713bc05d9dcc150562859c9c5241
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fpreisvergleichde%2Ffavicon.png.WNCRY
binary
MD5: f3630cffaf1e20d651ea1e090334b1a6
SHA256: 632de7c50c7c7f8effa991001542fbb783c0ba70041e04f008bcb6bb6ba9af72
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fopera.sports.com%2Ffavicon.png.WNCRY
binary
MD5: 1639a8b320be840ae6dde4f33ccea4bf
SHA256: 618e36d7bb50ea2ca26b806061db4a17c5d595a456ddc4c6a00e14e9e4985fde
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fpreisvergleichde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fopera.sports.com%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fmeingutscheincode%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fproperty%2Fde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fidealo%2Ffavicon.png.WNCRY
binary
MD5: 8ee486e8b4b880d24bbefbe3f8261134
SHA256: 73d9f3975626fb0f223048add248e703ae2c92c425ec812ba39abffca31034cc
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fhotels.com%2Ffavicon.png.WNCRY
binary
MD5: db11dcef1e2cdc0c28815418b5cc763f
SHA256: 917f4ef68cef44402157033753c649179b14c7efdca14fccaf74070e751c577b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fjavari%2Ffavicon.png.WNCRY
binary
MD5: c7365051ed751b2810d33ece02a8cc7a
SHA256: 6c386213939d4aef56fa7154997ce65a93b64b61e44feeb0cc2d3db8f7e14dfe
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fjavari%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fidealo%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fhawesko%2Ffavicon.png.WNCRY
binary
MD5: 1f04feb7fbf27a322dbbd3959f1a4951
SHA256: 15320d3700e1831680f3c20cec8a3bcf21615bac0f78d0da94f19ec1c4663ef9
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fhotels.com%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fhawesko%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Ffastmail%2Ffavicon.png.WNCRY
binary
MD5: a854e16f29202158b03654cd002b9f8b
SHA256: f99ecf2c66ec36591332caf1a571ffc69e2f929e6e67cf3ff116db9c4c119a90
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fexpedia%2Ffavicon.png.WNCRY
binary
MD5: 532698fd90c3c93c0c6e10cba42ef0e7
SHA256: 0843c3b7a5ff124cebab6439e678a484b0d7b2bf65fd817aea4b2a716a897a6b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Febay%2Ffavicon.png.WNCRY
binary
MD5: aabadde7f6e2eb62a48d1bd462d3f613
SHA256: 81b8be6c08fb878651658ba921d7c6ceb0c51c1b8b5a960445b5606e9780e191
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fgame%2Fde%2Ffavicon.png.WNCRY
binary
MD5: 1f10bfc52f53c25a2a4e8cfff1a797e0
SHA256: 79dd1ed3c20fde9647e9559d40104644e717339ffe1e2a8b61b39b105c4f3fed
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fdownloadcom%2Ffavicon.png.WNCRY
binary
MD5: 50c3db42c5b0afd6d879450c3296d501
SHA256: 362111ce5ca17b5b4743b74b88f72d3b9edc54bdd1f07167206c1cd7b42099a5
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fexpedia%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Febay%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fdownloadcom%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fgame%2Fde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Ffastmail%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbuecher%2Ffavicon.png.WNCRY
binary
MD5: 4e83115ef522a0110cd6fbbc87eaf955
SHA256: 7f276ca394d004fbf132438706731a099e65e4dd0c7b624869c16e0b3b9d814c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbuecher%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbing%2Ffavicon.png.WNCRY
binary
MD5: a1c7ee7e43ffc1cc5881431966fd2cff
SHA256: cb9187fc9ad18fb992f95a46cadd643455e4791f71fc3f9724c3a8ae765dc55b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Falternate%2Ffavicon.png.WNCRY
binary
MD5: c984fe3833f2a05bc53c3cd344b953bc
SHA256: 7d40ab4ea6bf1be77824e3bb30757afed4aa76fd9924f0601418fa86e3e4d1bd
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Famazon%2Ffavicon.png.WNCRY
binary
MD5: a16a433519e8862c35b157726e5ca508
SHA256: a3817d79e0c5075123a8d4ff81f9484877a5b57b404c64c9951aa0955a94baa7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbigpoint%2Ffavicon.png.WNCRY
binary
MD5: a8d264714b97129b095a0db7d1427a16
SHA256: 64583887a8b2304a3dc82c6e422cb396130c8f3c28cbfda15bb6c3863763c14e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Falternate%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Famazon%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbing%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbigpoint%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2F%2Ftravel1%2Fde%2Ffavicon.png.WNCRY
binary
MD5: f18c40589fce03c9c4173c9fd220ca25
SHA256: 2429740fac99da87e9c8320913e6559bb959f976f1be2abfc05ee71c0cfd8782
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2F%2Ftravel1%2Fde%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.yandex.net%2Fi%2Ffavicon.png.WNCRY
binary
MD5: fbe1dd81786381865fe8e73ec067d07c
SHA256: 1d86c3782cee599e76c4e1e8ac78eac8ab5170bb37c588403908aa80c3f9c521
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\thumbnails\ad5a4453bea49203135688a7b8db842d.png.WNCRY
binary
MD5: 49b2d3a3721eeffe62eb373b13f54ae1
SHA256: a557a9047382c8cf77e41cf74cb17350ef33f64e64788ddcdfb2dc70d09f62ec
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.imgsmail.ru%2Fr%2Ffavicon.png.WNCRY
binary
MD5: c0607257a9e90ecf002d91af00ce7212
SHA256: c03db32e9f69d004f2a12d68ac61a4bd5861499a4d3abd04aecb80c5458496f0
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.imgsmail.ru%2Fr%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\thumbnails\ad5a4453bea49203135688a7b8db842d.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.yandex.net%2Fi%2Ffavicon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\a4f6c176-53e1-47b9-8fe4-8bb920684ff3.png.WNCRY
binary
MD5: 4a287e8898a10895d96dc47c4f5aacba
SHA256: 962f5339b2c8f4ec645d9fc16e1de5ac3bb29d1fc149fe79013ca61e4b46d205
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db.WNCRY
binary
MD5: d5de25d1e74ad49d1d94e2c261b52099
SHA256: f561bc3ef4ed1f00916e0bea6bdd7cec0c2654208aba2ab408d91dfd4bf4dde5
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db.WNCRY
binary
MD5: 3265baf5adb8e881392ec91d5bf7ac5d
SHA256: 9a8bdb8ea0ef8e9174b9f4965072897c906c27bd6e25d11efedcf2a7e415a3de
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\a4f6c176-53e1-47b9-8fe4-8bb920684ff3.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.WNCRY
binary
MD5: f34c970032bc0162612456dbffc87e7d
SHA256: 081bdebdf1bce288633f27363c1ce89c9765cdb0d61189c6fbedf9607a57d5c3
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\3506c6f4-6090-46ec-9fb3-0e2963361ba0.png.WNCRY
binary
MD5: 50b768be7ce81edf8a3aea3de6ba2799
SHA256: 9f37c780d1b2c0aed37e006a5efd7f3090337e665b6588f789e3e538a4e01663
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\index.txt.WNCRY
binary
MD5: 38a5fb47a1acf7129e7ef999c9eacf5d
SHA256: b1a779ecd9da9d19964dc838bf504abe6af2aa908f637753145fcb5c97df593c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\3506c6f4-6090-46ec-9fb3-0e2963361ba0.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_pressed.png.WNCRY
binary
MD5: 8ad44652e5769916a5422e8b376fff7d
SHA256: 92310a7653a5bc88650aeac1214d1f6a87c2a25c243f8e3316aa3a2586f2c846
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_hover.png.WNCRY
binary
MD5: 8f9f237a5f103eb7b6bac87224a0a016
SHA256: 6167437b6881d4ab91b0a5e475838cf9406626a6436696bc47235cf78558c9a7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6818.528.0.0_0\cast_setup\cast_app_redirect.js.WNCRY
binary
MD5: a128f6f372b16fe58242e57000a55681
SHA256: e0f6936f0ad84a6808d2ce4cd287a77925b8746155b6f6c18e4a2e60a50cdb9e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_maximize.png.WNCRY
binary
MD5: b02240d4ef98a187eeaee1a55b965b77
SHA256: 02163744bfbb124fa184be144741f0216874ccf04fbd604a4678885affe45165
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_close.png.WNCRY
binary
MD5: 72891b410e51ec355742a73e4f734b71
SHA256: d66a3883f628f30b2e7f7cbe3f1504f537efebf8a426dcca6bea17e0c624330e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_hover.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\index.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_maximize.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6818.528.0.0_0\cast_setup\cast_app_redirect.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_pressed.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\offlineIcon.png.WNCRY
binary
MD5: c7dc39df40d7af0dde6e7c82b6c45e73
SHA256: b400778931a6f6cb598504be313d3e9aedf2fb9e65a62be51960bc2843bc6f40
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\sheets.png.WNCRY
binary
MD5: 1b9d207f50bc6f9466714417b984ff71
SHA256: 78ae4b7b2099d1523e5f2a6c36028979eb7f11e7a5b3b05b1e60619bb31f8022
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\icon_16.png.WNCRY
binary
MD5: 5ebc7a6011d89a9ebffd188afcf13ee6
SHA256: 2c730fb856a51ecb8876f2ab0724c5a1cbfa4cb222ea871984b1b551b4ac8c33
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\slides.png.WNCRY
binary
MD5: 5a133f11b0708f72a20e81e8f3280e2a
SHA256: 9ae867a48d1e9eedf58bafdf5baadf6d21a8f9b8c4599b6c4b56bcdc487f14a1
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\questionMark.png.WNCRY
binary
MD5: e03dc6156ca439bf520491ec4507028d
SHA256: 1bbfd5dc884f55bbc0365fa36495f8c0df007a342818f872b5b2e488bca3f1bf
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\docs.png.WNCRY
binary
MD5: 10decc58a07363d36a4f1325cbe11be2
SHA256: 7e5c6720614dde0365b3eacc574e74939d0dd4250549b0d1371f7fee637b651f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button.png.WNCRY
binary
MD5: 3c4013303b8d6f20f970c5943a7136f4
SHA256: ca1344442279cf8ea611e7627a5714f4cbc6fd502fbfe4936f7a4ea9ae3f372f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\icon_16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\slides.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\questionMark.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\docs.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\sheets.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\images\topbar_floating_button_close.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\offlineIcon.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\page_embed_script.js.WNCRY
binary
MD5: 948c66e311ddaf470bc4536660a6cb40
SHA256: ee299c206600ae9c28874de42c8a041f57b993f588b947bc40e5a152216798fa
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\arrowUp.png.WNCRY
binary
MD5: ac5a5088e9506e6dcc784403fcd4a36d
SHA256: 70f017b633babfc3c0d7a307d2a98a82d5fbdde6211e225a820e1b9c40e85fa2
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\icon_16.png.WNCRY
binary
MD5: a888784727b5605964411a29b0cb9630
SHA256: 0dba1ac51a88a3fb84ae79aad3df3cf6c274eea5fc904319ae0f5e6b020f4dc6
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js.WNCRY
binary
MD5: 98e1c6d9b60c263d9c51bb490ba3c483
SHA256: a2dfa40a9814834d878726184e4f394a2dc3a8e8fd9dfab33eac6703523a6cec
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js.WNCRY
binary
MD5: 7c8c4eed2dd4a44a728e8e8a39b5de33
SHA256: 11522ba3c35d7a9978bf16993c6cc752ded6dbaf51b9e1970188b81194f352df
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js.WNCRY
binary
MD5: 27044f5db6c6ecae2b0c5bfed82084ec
SHA256: fe67d7090d180485a6bf956e566e5bcf922077f799379ce1ba4ecd652e6a0438
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\icon_16.png.WNCRY
binary
MD5: ebc1876cb9c7b6243a4cf1da2831c5ae
SHA256: 79457584ed00a084643e089ab4fffe507238125180cb95b570d5850909fb1ac5
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\icon_16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\icon_16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\page_embed_script.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\resources\arrowUp.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt.WNCRY
binary
MD5: e3ca59805b4f2ea9b6227783fa6af566
SHA256: b06944399904d2433e31423b80d46ac3b3f8aa3d4b2b899d556b6c1d431c05e9
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\icon_16.png.WNCRY
binary
MD5: b662ee578462209f8ab098622d3e9e20
SHA256: f075eb24f0e7ca088de0f7287cfcd2743bc679ee9660e364079b33a947e94a4f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_synchronize20x20.png.WNCRY
binary
MD5: 62127b50348e839918eed96957a00df7
SHA256: 941c8dcb0272d9a937f28733bafcc9ead6ab16d3f8864ee9be8f662f291bbe9e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_speedlimits16x16.png.WNCRY
binary
MD5: 2c74a604992c722f4a66107cf564e519
SHA256: a6273ecc1845312a39d56cbb450576f1a15c7a6e59b37ced5e11a3759bc4efe4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\icon_16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_synchronize20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_sitemanager20x20.png.WNCRY
binary
MD5: fa989db4c8f4a7d2ff05d7ce264c1d78
SHA256: a83155cf0a9e740f52d242a3288629cd1034dd5e017562fe9844b0d6fadbddfa
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_server16x16.png.WNCRY
binary
MD5: d9562a7216d4b3bd622b2d1ffd3a5785
SHA256: bb3cc17bee74af298192fa00c19f6de8d6c34eb99714c6707f34de721535f96a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_server16x16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_speedlimits16x16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_sitemanager20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_refresh20x20.png.WNCRY
binary
MD5: 0b04dad3ae780df5776e5280a83223ed
SHA256: bd74a3e0332971fd9ca796a51fbf61504b8635e0918021ca0642df6828f3e3f6
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_remotetreeview20x20.png.WNCRY
binary
MD5: 5a3b39a4de0383776d83eadcd25e4156
SHA256: 813758a02948fc8878223787f0543c1af5e4672a93f680190025532d08dc8a2c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_remotetreeview20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_reconnect20x20.png.WNCRY
binary
MD5: 37c77d4958eb298b0f561567838e80ce
SHA256: ee38ec649a0549991d73199e65b242476396cacf53524810c04444f8da6bb876
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_refresh20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_queueview20x20.png.WNCRY
binary
MD5: c3bb1ac34c2a382eb620d779e0d5b58e
SHA256: dc36b8db9940576ee29d0c0b2f64e2312dc9d28eed31f7ef702de9e46363810f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_reconnect20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_queueview20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_processqueue20x20.png.WNCRY
binary
MD5: ecc752dbb8b64fd8356fbfb5826ccfb4
SHA256: f699da49dcc5918a870f08c35bebf030c0b6975c8283fad71e4094d78dceb275
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_processqueue20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_logview20x20.png.WNCRY
binary
MD5: 88d413a0d85a74eb9d065d1d2f86d7f4
SHA256: 7d6206a0a404544aac013bca1d948ce8c0bd3e6f6670dec3b4ba1efd67fb92f2
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_logview20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_find20x20.png.WNCRY
binary
MD5: d115c6800ce4d82568811e4d1c39b0e2
SHA256: 224ff73ee5b4dc8d357eff9c28413ad38e3909187145970eb2ab8a53e9ebe7a3
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_filter20x20.png.WNCRY
binary
MD5: ba3b626d52ca28331e4a91d72e971e9e
SHA256: cc11cf723f67126f45be9d50d0a4db269c93532160745888a28abbd5d057c71d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_file16x16.png.WNCRY
binary
MD5: 65a989739ab3b732b4f73d758333e5dd
SHA256: dae4d5b19c7a181f1bf50c9fa9745104dc67be371b6fbc879c6237b70b9c176b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_folder16x16.png.WNCRY
binary
MD5: a1f0e57d533c7d175f2cd66c5e6ffe1b
SHA256: cb18f3c71d2665df7972bfe9db651c819b53bf733026f527c6a43c1ab3e25ff0
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_localtreeview20x20.png.WNCRY
binary
MD5: 090a293c07902068615a5890f6bf1808
SHA256: e9c0df2dd5c5b86a2b35205878f2b4ba3aa164de4e126b246bce7168e9e19724
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_find20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_filter20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_folder16x16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_localtreeview20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_file16x16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_disconnect20x20.png.WNCRY
binary
MD5: 05f7fe39f6145014b4db9b5688c6b1b4
SHA256: 1e943a297d2ae0ff21b85c73313c625664e4d6c3c9ff3b2a3f9be04553d729fa
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_dropdown12x12.png.WNCRY
binary
MD5: ee48405985affa5f789bc8b84fbb2a97
SHA256: f469380daefd21db6ddca62ed3a103394cfc912c7d716218ae1b482178453865
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_dropdown12x12.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_compare20x20.png.WNCRY
binary
MD5: 0530b6f4a9f0ccefa82782e07fd94dd0
SHA256: 8560b368478c34cd5c9022d87cbbb06e1e547cf3ead3b391c8f50d72c3b0c015
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_close12x12.png.WNCRY
binary
MD5: 49041e1084caf4e9609e79237a5dd048
SHA256: 4a34e21dc1fc51cdddddc37220af4b90bb5dba10e487d6c2b1cac3a69af69675
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_cancel20x20.png.WNCRY
binary
MD5: f0df3fbbb55004e930d5a2e1de64f785
SHA256: fb5e7e2fafe5e630b914c7b5834e1925434468ce746c855a055a7693f8fd18b0
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_cancel24x24.png.WNCRY
binary
MD5: dfa2a1d5d194c6477ba3cc6d8273b197
SHA256: 3aa7df536731900ee3adecf275a9dd1342fbc89948f63c42d4fb5523b5e542f1
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_compare20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_disconnect20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_cancel24x24.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_cancel20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_close12x12.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_auto16x16.png.WNCRY
binary
MD5: 896e87b1a0c6f5a90b89ac369b1d22c9
SHA256: 16708e28aa75e295cb678bbef15476ac728d01c75cdb234511cd3e0dd8ef2123
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\FileZilla\default_auto16x16.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.WNCRY
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.WNCRY
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.WNCRY
binary
MD5: a9092b2d6237b8b1c69f42047e4aabf0
SHA256: cc098196f5728a7515d5518cfe53eb7644337bc405a98038094f71247a027d6f
3236
WannaCry.EXE
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\Public\Music\Sample Music\Kalimba.mp3.WNCRY
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\Public\Music\Sample Music\Kalimba.mp3.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\Pictures\numberresolution.png.WNCRY
binary
MD5: 356951519ce354eb936a7f35c4ea4879
SHA256: bd978a46938ebd0523b5f491e0f37f363f49619f2df1efe975c2ea372c3238d7
3236
WannaCry.EXE
C:\Users\admin\Downloads\nckingdom.png.WNCRY
binary
MD5: 76d4950a882da5c92ac081eb525e29c7
SHA256: c943c832257c4a47dd18107b10007fff66485288e56ab906c3c3597113a870cd
3236
WannaCry.EXE
C:\Users\admin\Pictures\conferencelives.png.WNCRY
binary
MD5: 9b7577451ba1087f5328f22e846b5a02
SHA256: a6f2a30a2b213b857a10421193c91ec308d1a51d00ad9dbf47faf8faed7f0eb5
3236
WannaCry.EXE
C:\Users\admin\Pictures\conferencelives.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\Downloads\nckingdom.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\Pictures\numberresolution.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.WNCRY
binary
MD5: 90bd3b9cd9f46f37885adac94612b21c
SHA256: 1779ea399f26f5d143f6f0c4df7b6d6cd7a86886a726490d16fcb2ca5bb41232
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.WNCRY
binary
MD5: 01f76859e988ea1b4ab9af9aecbedd7e
SHA256: 29251d1dc859b8890a65e5394ddb5671e671bef961de79281d7a9f25446bf327
3236
WannaCry.EXE
C:\Users\admin\Downloads\categoriesprices.png.WNCRY
binary
MD5: fc5681fc5cf99771e27246787b5a3a6d
SHA256: 46e4146ce8a3fde5214baf53b420b66f541e007ca6a217dbfa0187a37eb89588
3236
WannaCry.EXE
C:\Users\admin\Downloads\categoriesprices.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.WNCRY
binary
MD5: 08abb999039dcd431cb085875715792e
SHA256: fc8ddb476e06104d3106639603e4fdcb5a0e69b63f42937989a0d18a99c188d0
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.WNCRY
binary
MD5: 0f5668cfc8432beeace45ff592f08664
SHA256: ed3f91d48aaae600914cef4b3a806ab62135b0be1bafd62e1aafaae5c49cc41b
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.WNCRY
binary
MD5: f122755c4991a6370b760285c8e845f6
SHA256: ef01996d48f61fa852cf9fdc92620f4b751703eab7fbf5fc041604d36a7e5ca4
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.WNCRY
binary
MD5: c40faab36d2b527ae63b797a4504160d
SHA256: 89ce0cfb2876656007f65703617c6f6fe0e5e211f1af8d96ff0e377623199b3d
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.WNCRY
binary
MD5: 86cb9b710a2c2ca422c78a2204bcb354
SHA256: 3ea2ff7178983c9548c466bd1c0429f72dc27400709b16e9c93764b15453b263
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.WNCRY
binary
MD5: 2c3e496c7dc0c659e7eb90e6e4b4e0af
SHA256: 12c674cf7484d8f54dc4b198bfa1def870a2305cd90f2a6d368f79576ebdfddc
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.WNCRY
binary
MD5: 2dea52bb249feb322a77efc76571afed
SHA256: ba33b6ac0ac75c1ad99b33086cb1255ecc34b3a655d6b4a6d92c628d1d8ce1b8
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.WNCRY
binary
MD5: d5e6f4560fb30ec6a09e24cde994665d
SHA256: dba04adf28427aa943825ab92ba4976b02a657ed573a59ec8a77c112b916b0c1
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.WNCRY
binary
MD5: 8ba27dc6fb8c9a50d1fda9fc11644ed7
SHA256: b79e4ca18ca866fe64890760b3f739be89e2eeb557b3df76d6a5cd1b5c09802e
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.WNCRY
binary
MD5: 1ce587819469c0d23312706fb58a1f1a
SHA256: ad8e6636108f732dba03caccdc1b664bc1c6fb0fcc23b92afda2238f3bbcea04
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.WNCRY
binary
MD5: 8dc37215c9b8812cd759ca97ca274da2
SHA256: 4bc918f37527858a3307c73a7cc4e0e976c82c88d5f35ffae95c69876fe51cb4
3236
WannaCry.EXE
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\zh-hant.js.WNCRY
binary
MD5: 586790bee6cd6a718879477bec99c0d6
SHA256: 57bfc8594682ef19bae31c601ccd2addc5886a39b1dafe3ed3d50a80b8c618a8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\zh-hant.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\vi.js.WNCRY
binary
MD5: 2abc3418a68b442140a64c54300e1fb7
SHA256: 09b153efa478025e5dff263fb0ecf15e094b20a53efbd874e6c21eea89627f58
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\zh-hans.js.WNCRY
binary
MD5: a310abefffbd19e8efb402947bada773
SHA256: ecf56d7b8f17ffd26d652dcefc979808606668d0f640031490b9722e7c098b8b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\vi.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\zh-hans.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\uk.js.WNCRY
binary
MD5: 87a538a7c9ede07923b9f27bb59f9137
SHA256: a999cd07fa71fb315b73ee7bdb81ca9064d26dabd75f2c7ee7f024cdb6a2b148
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\uk.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\tr.js.WNCRY
binary
MD5: 0c571a4dd423a62018766e2afffca933
SHA256: 11c1c3908b573511eb612b7b7d2b69be7365c30ca9e2235171ab36fa02ab7d91
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\tr.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\th.js.WNCRY
binary
MD5: c786c5dfbce54e8cc8f49374829810e4
SHA256: 00157216ada982d807a4b6770f7b41367b102a86a17109554f8f1f1f9004b199
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\th.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sv.js.WNCRY
binary
MD5: 0aeaf7c4661da59d62eeacf6ffefb6fe
SHA256: 72cda398cb6bf5ea356093e1e71ec2de37245047f40b605d6c20906a5522b05d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sv.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sr-latn.js.WNCRY
binary
MD5: 6e850331c88ac1940376290a1673a59e
SHA256: 058dd8bb4d9bfa77e73a0ddf1494498fbb2c4beb05069f48531b33210fdbe4f2
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sr-latn.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sl.js.WNCRY
binary
MD5: af43a5b8e5f544cee386cb91e191dde2
SHA256: d673c4c518af4fb6698a2e67882b1df0230f0a91c94cfaaa5036e2faa3271d09
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sl.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sk.js.WNCRY
binary
MD5: 99acf0dacde770726e247f784357f45c
SHA256: acf1f15c32df528b5b64430cf063bc9582ae1c9cbd1f8e45d7a220c18085e4e8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sk.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ru.js.WNCRY
binary
MD5: 997c1b0fc0bc38d38bc263f97028a372
SHA256: 21b5974cf6a1a2ae44a670429efbfd642acdeb7b40c8dfc0bb5603850e3bad53
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ro.js.WNCRY
binary
MD5: d632427ef2724d7d1179482eaa41fea6
SHA256: bf46d77b44b0d824d015107ca8034e587008dc3876eef216feb86a8b5469e0b8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ro.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ru.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pt.js.WNCRY
binary
MD5: 67b65163379785558ca82685d823cc36
SHA256: c60f4c93bca7066529a8377a83e7313994cc0ecb63bc546f767f11929034959b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pt.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pt-br.js.WNCRY
binary
MD5: db46c4ea704415e9556b4083f7099bd3
SHA256: 2b0f473227d10b52b0a05ccff13c1aceda4b28aa5dc6230a19f26e22a72acedf
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pl.js.WNCRY
binary
MD5: 9d14de702cf93e591f1cc3358696380d
SHA256: 00a09a611f7a28a8325c4a2d2c5544bf193fa66350da4ddcca11361aa994a06c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pl.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pt-br.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\nl.js.WNCRY
binary
MD5: 14fcd72dfadc83da325655b0dd27b63e
SHA256: 5ae2570dd3df34a6a1a3a89b50685bc2322317da9ffca400108d5f8c3b272e7f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\no.js.WNCRY
binary
MD5: 4ee2340e5bfb0802ac175baeba01818b
SHA256: eb89fc83853bf238ac5ed4bef385ef370be65a91dbd734ce7c127a5041fcbf88
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\nl.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\no.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\lv.js.WNCRY
binary
MD5: 4f83cba3c5fcc07c889e24843ecff6e0
SHA256: 9f6e717de946d4086ff4a8a7c19868b9c6306bed734756788c0f6b9ba5d7ed62
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ko.js.WNCRY
binary
MD5: b8728b9a31882ea0139048e8870b9002
SHA256: 3aab233b3a84051548f8893043686c9633fae23f2b6848583c43485a7a199485
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\lt.js.WNCRY
binary
MD5: 1728da8897c5d8d01927571aa2a648e7
SHA256: 857ac1e9418f81d0c0e557bb562db8950ea69424cd88cec949702ac22c0a88a4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ja.js.WNCRY
binary
MD5: b7458e861374f9a1020eba39f8c810be
SHA256: 46ff1217e7ad60995023342cd931c363e23717dae2832118f31ea716fef0b1c8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\lv.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ja.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ko.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\lt.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\it.js.WNCRY
binary
MD5: 7315857214ea316ce064727a8e195ff8
SHA256: 871c4ee233abc838c686318b39656fdc32d86bc761e2c500037fd915ea2809b7
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\id.js.WNCRY
binary
MD5: 086efc6c32847a82070ec31558be5bf1
SHA256: 261743a55c020dc22a7631efaa5e34428465daf14c26615c0f73494ecd1de109
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\hu.js.WNCRY
binary
MD5: 96b61122bb8a6d78dfbf3f468b487d78
SHA256: 04c5c9a36ea3b13653a4a2cf22e17d88e701b25844867e143278f189aae9bd68
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\he.js.WNCRY
binary
MD5: a10093f5fa4ba0a560b298dc3903f600
SHA256: 716fbc054e13b8f58defa0a464789539798f770e46b30c2fa3fcfdf0d93862fd
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\fr.js.WNCRY
binary
MD5: a62b32cef02b90dacbdc497504066b51
SHA256: b8b5926b59279ef35925d67a226fc2ab0941d360a002543ca4bda5c2358c6e87
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\hr.js.WNCRY
binary
MD5: 25e979091f3e1fe0a3a6a92cb98ea486
SHA256: 131a53a0ced43f27bc00e1ba8343fa49b24fbc8c740810fab8f3a7a66da61f16
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\he.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\id.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\it.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\hu.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\fr.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\hr.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\et.js.WNCRY
binary
MD5: 3462af7d329e6d0463eff17d24b87956
SHA256: dbcb205fdd144a221cde2938176aa76b0c4c95c7f5016340b1b4225ab35e1394
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\el.js.WNCRY
binary
MD5: 7a76705d9e2d9830180e6583ac837ae6
SHA256: c6e68bd32cd5fcad5cedf3cf7a30f4fb9de30990473c0fd34bf68340e472c935
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\en.js.WNCRY
binary
MD5: 64e2547ea5a688ceb717b9bf8773dd90
SHA256: 928f233df06595d087c5214dbaf747ec648d6dca771d90c68414b6325dbf0193
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\es.js.WNCRY
binary
MD5: d6713f896f3232316aea4f40b82d5321
SHA256: 96755d3c00ca70bfdccd36fbd083d939b2c8be0f74dd245465051f31cd19acf0
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\fi.js.WNCRY
binary
MD5: 9b0ef975ed5d8c222f4c71e2151a9499
SHA256: df5b95758fcf53b5b5be9370f8891897679a3e79e949f257fa7a5f637d1af316
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\el.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\es.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\et.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\en.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\fi.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ca.js.WNCRY
binary
MD5: c84d1fe85c659665ada0c0dd5dba4804
SHA256: 45abab4be730db856ec14145f6493e4e019b3c16ca27ec1423ab7d5850a16191
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\de.js.WNCRY
binary
MD5: 7720e68fd48676baf6a453ea9ea9a5a3
SHA256: bd2e50ab6c539ad7679867b9ebe88a6f6fe4f0c658a814d88f1a1d2ff2376ea1
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\da.js.WNCRY
binary
MD5: 6d7ee58ad1f1a1b24f0c78f9f877fef8
SHA256: e78b5c0897520721b5cef1bb3e018e5942f44e6ad8aadbe20e067baed2fa7a86
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ar.js.WNCRY
binary
MD5: 2d5a83cf13e3e28ffd11e03085e2378d
SHA256: 0181249bbb95775b229aad09f0f4e20a328c3c0431396e03a37038df23121b57
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\cs.js.WNCRY
binary
MD5: 01aad8483585c93fb79762d86e01d255
SHA256: 2995353966d98b8e7408dc8bbe1364bad0ddde8a705aa207bd391df04f31cd8b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\bg.js.WNCRY
binary
MD5: 7522429b2a54d372af8aaaada8f995a9
SHA256: f53afaec891705d3735257800d4050a42cac81352f99cd8d6f58b780018501d3
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\de.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\cs.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\da.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ar.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ca.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\bg.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\skype-logo-136x60.png.WNCRY
binary
MD5: c5b91e88e1b2c7d6686cfe3de2047f4c
SHA256: 591cc0e4d4ec5ec1727947fbe8f0e91e0787cb6e2d7fd7e22226dd11c8922e8d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\js\login.js.WNCRY
binary
MD5: 8e6afa90663de7931fec6118b6392ca7
SHA256: 3d5d46506a02d621259275cee924b7c228ae2202d0e2b48afdbb801a181df84f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: f930b5782615524115050fba1e33f906
SHA256: c0f15d4a3d4dcaa322b154a2e2f3de184756a9b2717b07cab1c62206b505c11a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 2d61bdb85286b0b3fc84383d2c412651
SHA256: 57c19db001308ff3093a3810eafb90a5db76fe826558b5fb63ebf434c8b536f3
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\msa-logos-135x25.png.WNCRY
binary
MD5: 74799ed9f3b3209d4837fc047149716b
SHA256: 567cb19fe0b5d0c025700e0d9451aa59ca7db24cc2eb62f1d2ea8a6dcd762a9e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\skype-logo-136x60.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\js\login.js.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\msa-logos-135x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 6fcb72bed45f474cab5c4552712d05ba
SHA256: cfaaf5c1ea3cb8fbde819ae1180082a827de5de1624e614235b424d3b52d12d4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 4f74dff2e35fc3e3ea6c7095c5ee927d
SHA256: 0099b6f7be4f2c176d0a4a65a8019f0e6dcfbfee05856ca480196f72783b3aae
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: d514e713105acc441e577fc221c507fd
SHA256: a343cdfb4c7194597910a052e3101b2c805c729e48e2bc76c240cc36595908b5
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 63aa612ac95d8373bcb9c039d40b3dce
SHA256: 6da8a44b2dbe9d2a37b1263ba6fee7db0aff43edbb76eb7309dd5d6cf06c113b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 64b56552c821632f2193d18acb91b439
SHA256: acd37959534ccdfda9446fd09f6dab69168422cfe51c4376947eb2a91421f410
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 9944d4a6e973e5f0542c2162a3981036
SHA256: 623715b19aa597fefd8b4277adafbb1161b6cff28fd483f95a5c928380f8ba13
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 5442b366a3c96e34a9f2428a8d4915bb
SHA256: 3790bc995f185a73d3aa9efe8b9c95bb3dfbbca62591e15c64dae575b2e4d000
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\back_20x20.png.WNCRY
binary
MD5: 87500ed7772d91ef9a918fd3e93f169e
SHA256: 97163d65bd614e629ce1fda3184973e1f7e8226d33d46591d21ea1cae4b9f940
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\back_20x20-inverted.png.WNCRY
binary
MD5: 2eb80396001546a185b3c74a91c94b2f
SHA256: ca1069f58042fc9159e9c24650cd4a1e981c2042f66772fea7d8771504248d6d
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: e11ad9177da68462a302b48336373ad1
SHA256: 26c577ade05acd264d8673982a2d81d7e58fadaee1a9a7eeb4ec5a7225ee27ce
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\back_20x20-inverted.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\back_20x20.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 291abdcae83b2709fd74436360688f2c
SHA256: 155cff7ad0eb1cddcf87b3d302643f06227bf21144e7cd819d664a4c242a4abb
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: a2be4668668a8f51c6031d82530a9735
SHA256: 55bf38233604969bd0b5b5e1c836aca7df00a139e449c5f9da4b9005d3b0e5a2
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 5f7b4a33f86afb60629d9f1ba3e65509
SHA256: 2ee0f78a7ca219e261ea5a476106afe0e89012c88affb4f9ab4b15d87e9ad9c5
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 40ec1733ece1e0dd1fa10ef7f854db10
SHA256: 56e637b35e48d15c30a68bc1443032b8cb6105ce8011f49ae572624db034d297
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 03476fa80b7d069a335479d39502ad66
SHA256: a2fe12482d214583d2a1f96dc8999fc5e698add68c084a560f970f1d93b6eca8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 0a6a472b5008b167acc5e48c054b168f
SHA256: 5bb2076353779fe1b5f6343e2474cb527fd8301f69f3d80f4a0bc437bfa979e4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: e923fe66f6573351172f7a5419be3b8d
SHA256: aeffbd2d8ac3be3bbe525a5dbe47ae38a2b2f143cf3f86d17a1221d8e846f3d9
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: e76930d08c2a89e0335dddd90a041cb3
SHA256: 67df678c450ede92aef2effa3c58b1966a342aad94553ee9f72cbb86af3ecb2b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: f098648c21e79e0645e9a2fd4514caf1
SHA256: d57db1151834ba2a6c77fb2360f8c91a0915a5a783dadae8c78c4a0ad308cf7c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\skype-logo-136x60.png.WNCRY
binary
MD5: bf79190ed671871f8f58879808212986
SHA256: ec67816931eb0eb61676dfa122eda0a13b3250418385f67cea51ee05633e723f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 125ecb863201420f189e97b6f05a79b2
SHA256: 66194809d4cb8ef1fe4664a60b9f45bf33c75ba259d2dd506af2182dc4d23e40
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-xbox-25x25.png.WNCRY
binary
MD5: b3a9fcfdbcb819c1da5756ec9e6cdf8b
SHA256: b43d7bd750762a0d6d2142ee54fe42f2da1ec92492841817573ca932416c7088
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\msa-logos-135x25.png.WNCRY
binary
MD5: 03a517dbee6822bf91d1ccf1e0be16e1
SHA256: 7ebacf0ebf671b4937b0192cf59b68fd84f179518c18eb5208c546080d29e95f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 3f2d172657bdfc4404259ea357c2709e
SHA256: 1a029d5514f62d66e450b6dc95247f1beefa4daf20cb6b11458981a2a4d65575
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\msa-logos-135x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-xbox-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\skype-logo-136x60.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-skype-25x25.png.WNCRY
binary
MD5: 7fb2a3f4591986e5c6d69e66dcdad3ac
SHA256: 901ec90aa618a99c6c6280b5e2d2a24b4730e1891f46368150c119b6bf3f000c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-skype-25x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 7be0fce8db981bb3b15a21e9ceeb3efc
SHA256: eb1dc5bfaf4551d6464a7309b5c8c408fc2810b208e8292d15011cca3c49e51c
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: a2ffd6554afced7efc812c277980f230
SHA256: d0a0ade4d54cfb75495ae8b00c842f2d2a29edb78b8ec64920dbb437dcd4b9eb
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif.WNCRY
binary
MD5: 318178fc0f7cc4f6169634c5117abde0
SHA256: 213dddcfce1bad156226f9fa0953763852d22dd9a9320456fe83c52e7fe986ed
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif.WNCRY
binary
MD5: 8e098cf11d0baf4886564127101ca17f
SHA256: abddf199f34cce202d71376d2d00e3878a63c7be2d370c6f818bc584ecc823b8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 7988fb53a1b838a418cabfcfe0b6605b
SHA256: 804830be48fe2a75a9bdf187e9ccf5c1cdc5cc28b8beeae7da5a559c6c6e974f
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: f76860f577f439cc09b1a06f4d77ca26
SHA256: bd3c9a2d94925803524c40331ff7c6c26e44b3bfea7c7cc896a109d22041a29a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\back_20x20-inverted.png.WNCRY
binary
MD5: 819dedc7597077dbd8813482dbf79435
SHA256: 715b3e20db7e306ebd25ed0ec5f58d8682ede8c5c3df39897b69d6ac7186afaa
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\back_20x20-inverted.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 49e7b814ab77fd0082ea73e342948532
SHA256: 026fee9ea7a95c30c9697db8f5742280af6acd7632a040271b0bb237ba9a38cb
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\skype-logo-136x60.png.WNCRY
binary
MD5: d32e0052d87cfcda7ccebdec5a01dcf3
SHA256: 008c3e6904f44487f6d057318090d960372df9e5daad42d61104ab5c25a0cbf5
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\skype-logo-136x60.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 7ad5ed88baa3f40c2561d745e842d205
SHA256: 1ef428916e0fa11262a0799e02009370816dd5d62905c6659510943a143aa84e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\msa-logos-135x25.png.WNCRY
binary
MD5: 8ef5ad6fa15db566fb316b8d0f003e4f
SHA256: 44f3b95930b5ca17e8b936e83fb347fbfcd16dcb1fa7a2a41706423879060d79
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 06abe2f1833e8802ad874d780232fa0d
SHA256: ab54373fce3a584d400aac5f0cfb97c03bca9a02fbf3e3001511a90d9101e0db
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\msa-logos-135x25.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: b20246e7829a33dea366ae229dfd0728
SHA256: 4042b803564807f86850201f4ba25fea6d441664f1eafdb6bbff0552c3a31738
3020
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3020.34388\WannaCry.EXE
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 56357e857c0f15416b7b0f8f633b5a35
SHA256: 2a1f9fefc2590615b6155963f0537b7a9eec9706f7d02f4f23473326b64ec24b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\caret_right.png.WNCRY
binary
MD5: c19313f1f5bf05f0c031d17e028fa3ce
SHA256: 0f7b77df7d7c2bb249a681f69fa5748063bbae78c59a3f206404879cceb16f9e
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\caret_left.png.WNCRY
binary
MD5: 42c1d952c2f3a2f3fbbd9af3e153f6bc
SHA256: 22051e3d20eb4e53f913d2693aba86a9182c4d45be026cdc5ecf5a7df1484da2
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\caret_left.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\caret_right.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 76f27cf576f61128a11f58621f699e7f
SHA256: ab40b86181ba999b3951dc703653809c0f62f540e4ad6f0318142c2ebe4406a0
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skypelogo.png.WNCRY
binary
MD5: 9d89c11cf9099f39166ffc4a421e0cce
SHA256: 7ae7eb5906277c72b9147b1c503f1d51871a283a3831d6c8102baa818ce3a446
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\back_20x20-inverted.png.WNCRY
binary
MD5: c225736f58bd499e91e159b9fdf8e897
SHA256: 2e834db3474f90945ca0b58352d58e8bf00b7f921fe823b78b5352d633bc9094
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\back_20x20-inverted.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skypelogo.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msDefaultPicture.png.WNCRY
binary
MD5: 14f8d6786108061c0c2607e45010ca41
SHA256: d697ab3871e2be1169fdeb867022c2e4ab6f04bde7a841f9c1744f0d14ba6837
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\logoanim.gif.WNCRY
binary
MD5: 1713f913e05c5ec696f5808b6dab9d80
SHA256: 3f225ab37b8f9a94d3ca3d37ba05dabe92ea4ab88cc52734ac3af6f4b8212595
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\logoanim.gif.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msDefaultPicture.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\loader.gif.WNCRY
binary
MD5: e502a924f383889cdf77a94b4e11d7df
SHA256: b753c3b64cc74e26eca7bc0fca245e512097f2c6625d19020e8ea12ad4909980
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\loader.png.WNCRY
binary
MD5: 2b08cfa424cbf069005ae5e148a3c31e
SHA256: 974fd8bb76b1bd073d0e97f02e0ecd4f07c1c2c8f3e904e525245dfd29012487
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\loader.gif.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\loader.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\inputfields.png.WNCRY
binary
MD5: bde797777cf7bc56ba0ca80edd4f010c
SHA256: c453b4f0e7c1ac5e652863a0da1971bb0fee3485056eeb71a6daa56cb26c70b8
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\dropdown.png.WNCRY
binary
MD5: 4c8d25cef509c520f18fdabd5c069db7
SHA256: 2c892cd90c9742c1d12ed526b3af943da7513c7dafada74eb9eeec847a11fea4
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\icons.png.WNCRY
binary
MD5: 956a3694dda66a6db5e785ebaabfa7c0
SHA256: 474abf8e03abf500d631f120a8b30d76217d6a7ec5e7163a8c76a7645e3f478b
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\icons.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\inputfields.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\dropdown.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\capsLockShort.png.WNCRY
binary
MD5: 4fc7d454a26184efafcecdfb209b71b5
SHA256: 2eadc23972127cf1ad8a1c662c6a0b7df6a27dd490c2d6b753a4cd95af16dda1
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\capsLockShort.png.WNCRYT
––
MD5:  ––
SHA256:  ––
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\background.png.WNCRY
binary
MD5: 389cd850a431e4d1cdbfd2fbfe50354c
SHA256: 072a8623ea90393c1a4362c337fa8970d7e3204c9ddf4f90f1375faa6e425f1a
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\capsLock.png.WNCRY
binary
MD5: 2c238098c143e6ae52f05cbd3eb99e6a
SHA256: 692619fae1c2d067315fea976caf56159276baf02b0e13bc7d44e9ae4350a654
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\buttons.png.WNCRY
binary
MD5: ab3c6ebd8089c41e288d40d543b3fedf
SHA256: e894f40d54f0edc8d3acda5374a2380b49790b44217944cc048b97d83111dd65
3236
WannaCry.EXE
C:\Users\admin\AppData\Local\Skype\Apps\login\images\backgroundNoCloud.png.WNCRY
binary
MD5: 2d291f5a35789845c49f72e6b1d56ac1
SHA256: c0867160e861a5f0b7404f5389eef271bcd8c7fbc94f80f23fac093028456687