Analysis Overview
SHA256
70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1
Threat Level: Known bad
The file sample was found to be: Known bad.
Malicious Activity Summary
Wannacry
Modifies WinLogon for persistence
UAC bypass
Deletes shadow copies
Disables RegEdit via registry modification
Reads user/profile data of web browsers
Drops startup file
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops desktop.ini file(s)
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 05:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 05:46
Reported
2024-02-22 06:04
Platform
win11-20240221-en
Max time kernel
997s
Max time network
998s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Wannacry
Deletes shadow copies
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDD0AC.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDD0C2.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\Downloadly = "\"C:\\Users\\Admin\\Programs\\Downloadly\\Downloadly.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sjlfnnfcj325 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_WannaCrypt0r.zip\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\Downloadly = "\"C:\\Users\\Admin\\Programs\\Downloadly\\Downloadly.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\winnt32.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
| File created | C:\Windows\winnt32.exe\:Zone.Identifier:$DATA | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\YouAreAnIdiot.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\YouAreAnIdiot.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "156" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{9CF847B0-88EA-4887-823D-18635AAE32A5} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Downloadly.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\winnt32.exe\:Zone.Identifier:$DATA | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\YouAreAnIdiot (1).zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ff8308e9758,0x7ff8308e9768,0x7ff8308e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5180 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5296 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5816 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2600 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:2
C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 484 -ip 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 1452
C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 4932 -ip 4932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 1436
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2844 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5952 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 14091708581259.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "sjlfnnfcj325" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "sjlfnnfcj325" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff841823cb8,0x7ff841823cc8,0x7ff841823cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2336 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe"
C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp" /SL5="$502F4,15784509,779776,C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Downloadly.exe
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
"C:\Users\Admin\Programs\Downloadly\Downloadly.exe" EnablePro
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Users\Admin\AppData\Local\Temp\is-0QSEL.tmp\MassiveInstaller.tmp
"C:\Users\Admin\AppData\Local\Temp\is-0QSEL.tmp\MassiveInstaller.tmp" /SL5="$30372,10474064,1082880,C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Massive.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im MassiveUI.exe
C:\Users\Admin\Programs\Massive\Massive.exe
"C:\Users\Admin\Programs\Massive\Massive.exe"
C:\Users\Admin\Programs\Massive\crashpad_handler.exe
C:\Users\Admin\Programs\Massive\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Massive\crashdumps --metrics-dir=C:\Users\Admin\AppData\Local\Massive\crashdumps --url=https://o428832.ingest.sentry.io:443/api/5375291/minidump/?sentry_client=sentry.native/0.4.9&sentry_key=5647f16acff64576af0bbfb18033c983 --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\724bc23a-1868-45b8-bcc8-4c549b4eb69b.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\724bc23a-1868-45b8-bcc8-4c549b4eb69b.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\724bc23a-1868-45b8-bcc8-4c549b4eb69b.run\__sentry-breadcrumb2 --initial-client-data=0x434,0x438,0x43c,0x410,0x440,0x7ff618692fe0,0x7ff618692fa0,0x7ff618692fb0
C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe
"C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp" /SL5="$403B6,15992205,779776,C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Users\Admin\AppData\Local\Temp\Update-9a174110-a467-4701-9b4d-55cbd1c46f5b\downloadly_installer.exe
"C:\Users\Admin\AppData\Local\Temp\Update-9a174110-a467-4701-9b4d-55cbd1c46f5b\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Downloadly.exe
C:\Users\Admin\AppData\Local\Temp\is-F71EK.tmp\downloadly_installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-F71EK.tmp\downloadly_installer.tmp" /SL5="$503AE,15992205,779776,C:\Users\Admin\AppData\Local\Temp\Update-9a174110-a467-4701-9b4d-55cbd1c46f5b\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
"C:\Users\Admin\Programs\Downloadly\Downloadly.exe"
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp" /SL5="$60284,10516965,1082880,C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Massive.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im MassiveUI.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3980855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| NL | 142.251.39.110:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.39.110:443 | clients2.google.com | tcp |
| US | 104.21.46.176:443 | malwarewatch.org | tcp |
| US | 104.21.46.176:443 | malwarewatch.org | tcp |
| US | 104.21.46.176:443 | malwarewatch.org | udp |
| US | 104.16.124.175:443 | unpkg.com | tcp |
| US | 172.64.207.38:443 | use.fontawesome.com | tcp |
| NL | 172.217.168.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.193:443 | yt3.ggpht.com | tcp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 198.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:52038 | tcp | |
| DE | 81.30.158.213:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| FI | 185.100.86.100:443 | tcp | |
| ES | 82.223.21.74:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 69.162.139.9:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| FR | 212.47.237.95:9001 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| DK | 185.96.180.29:443 | tcp | |
| US | 199.254.238.52:443 | tcp | |
| RO | 176.126.252.12:8080 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| DE | 88.216.223.2:143 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 92.123.128.149:443 | www.bing.com | tcp |
| US | 172.67.168.207:80 | malwarewatch.org | tcp |
| US | 172.67.168.207:80 | malwarewatch.org | tcp |
| US | 172.67.168.207:443 | malwarewatch.org | tcp |
| US | 104.16.122.175:443 | unpkg.com | tcp |
| US | 172.64.207.38:443 | use.fontawesome.com | tcp |
| NL | 172.217.168.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 175.122.16.104.in-addr.arpa | udp |
| NL | 172.217.168.238:443 | www.youtube.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 214.168.217.172.in-addr.arpa | udp |
| NL | 142.251.36.10:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.193:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.10:443 | jnn-pa.googleapis.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 108.156.46.93:443 | api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | 93.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.joinmassive.com | udp |
| GB | 18.164.68.34:443 | downloads.joinmassive.com | tcp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.178.204.143.in-addr.arpa | udp |
| US | 172.67.68.80:443 | cdn.computewall.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| GB | 108.156.46.93:443 | api.joinmassive.com | tcp |
| GB | 108.156.46.93:443 | api.joinmassive.com | tcp |
| GB | 108.156.46.93:443 | api.joinmassive.com | tcp |
| GB | 18.164.68.34:443 | downloads.joinmassive.com | tcp |
| GB | 18.164.68.34:443 | downloads.joinmassive.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | o428832.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o428832.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | 183.67.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| GB | 108.156.46.93:443 | api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.segment.io | udp |
| US | 52.12.47.65:443 | api.segment.io | tcp |
| US | 52.202.138.245:443 | private-api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | 245.138.202.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a107623eda97f0e4d696c6c96f034477 |
| SHA1 | c4093131bd158a3f985298ac690dc9a42f641e3c |
| SHA256 | 63fe436eb6bc84aa57b6e37d3a4ac374ac2a573c3f13172c34f32e79dae1ec63 |
| SHA512 | 917d66490a3e232ed50b643043666b43f87ede5d885383cf6a10a562a18b0ab6867f38f8e20f44b7696a0b374111aa7adaabe132c7be817e9d9cc0bc36f8be87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 467961f085fb93d58eec81af6c185420 |
| SHA1 | 6a57e9a0fb0b87380c5e8874e0fd2e5f43203682 |
| SHA256 | 0b7b58cae67fa4ad232aa8fdca78ebdc371ef4ec74c08e34a78b867c9aea7152 |
| SHA512 | 370d0fee2d21dd64136beef0e9c913dc1ee316aa0aeaadb17cab08480e24da9bbab76cab4fbfae5011bb5865822d21678458f1aec7582ce71b342abcab3d5370 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a51da.TMP
| MD5 | c73a390a125e252cbf9ffd395ca40d9f |
| SHA1 | 89ed8d1ce3b8e3e7e193e58b1ea079ad3ba695ea |
| SHA256 | 07bb04369a67c3906ad7ddbef5ca0654d767bbd1df0d9c6607abcc2f4e57d323 |
| SHA512 | c3e10445f88ae1cdff386466b86b47b5ecc52adbc75ecfee2b886492bf47fd61bc1a01a8ab1ee0748720a369c3b31911493ee774efd487ec52590593ac6637de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7395637569f726cf8c33c7353dd2f8c1 |
| SHA1 | 77a2f9a4d14334621a9a78fc8151d899cd015c7b |
| SHA256 | e2a1db8db6f759aa4aa56f7c8d61f1a4b1264133992eefcfdb55a1b6b525c2cf |
| SHA512 | 6bca17be53596a1b33c9a65b0bda32f11bba2b2633de9539c332e963c4f9dbec77592411b6e8d70e6d8ef21fe1bf3bb282197f07ba43e16b071531f4678f3226 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b32d947b85139959ec570264b0b63bed |
| SHA1 | 75e2a013dfbc009b7e01837f3a051fc4f5445780 |
| SHA256 | 443b7606847aaef4ca556c010314ce1870cf0bbc1a0e6323a89a59a27714e2ab |
| SHA512 | 4d4a4565ee6470062e94961603e1c1fa79935e15a77abaa8e6f472837a01a35dddbd0614720fc7a0c70c166184b86d2f8078ac60f976ac83117a225742150df0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bad58dae-9ee4-4d6c-b64a-6cad8576ee4d.tmp
| MD5 | 4985b566c6365ffc83810267317d6a4c |
| SHA1 | 0929ccd66a96944b73a6d40fbedaec39e05f2b28 |
| SHA256 | 536a42e47833dd0d3c297dd0a3ec75c27bc14de902c6a180de47acd5abda0492 |
| SHA512 | 4eea56435c2d710668be92374377912f755f02a27c73f0e82350e2c97c48f3810b7acdfc6eb52dd1781ddddca315b4fb899c9bec07f5a692b3eb82bd5a5346b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d5e741e6151b60b671cd2a480d74f2a9 |
| SHA1 | ee8904a88860cf3bc16630c7bdf7cd1162ae231a |
| SHA256 | eea1f42dc2f1b2b7a65b89d51c28a6073f0ded1f27025762954e410df5ce9261 |
| SHA512 | 6a3b676cb49b9bac799a297aaa4d594cca91b666ec435a5c0203de703ed28818cb3cedce2911bbaae436b6507cfe624a41db36a3137b9ddbdb83adbea11585c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f152380fdbc30e0f53965331aa02aa7 |
| SHA1 | b210f6ba9efe7d3859f17a6eff0caf0542cc757d |
| SHA256 | 93c748197f84489e57d5b8754544703ae65b92e1129766915d40c4643652cead |
| SHA512 | ffe61a2a5a0b7ea0d5451dcb8f6b2c40ab477ce6a9a7bfdde8ed30f6ffc80a6c8284c7d0ef9335a8f534dfc3d27d30efcc7e92d32ee254a80ef797bcc1b3dc54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 80a86b795f7799421fef4fc8ebd80dfd |
| SHA1 | c510bb60c68d780db57b5b8f9b8790fe7a1f11e0 |
| SHA256 | add9212effb290aeb55a1a85b515aa11424b8188c87d78e6ababfa12d877e2aa |
| SHA512 | 40834d6fb880dcbf49b7c111780c118a675a3618848facc431a102fcf6f2bb7a7d95aa3f8712718b7f039fca66a30abf494dd07440bd30f3be981dbdfb907588 |
C:\Users\Admin\Downloads\YouAreAnIdiot.zip
| MD5 | a7a51358ab9cdf1773b76bc2e25812d9 |
| SHA1 | 9f3befe37f5fbe58bbb9476a811869c5410ee919 |
| SHA256 | 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612 |
| SHA512 | 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d |
C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d75b354d17cfa68fd17115aceb550284 |
| SHA1 | aef3bebc33a54e9145c2d1c2f30e0f4984cd4732 |
| SHA256 | 3432e91abed8b31c61578cd199dac517ee55fddeeb49049163a1028bb40c2178 |
| SHA512 | b60eb6b711e082a09cc88ee4ca40258e9a0ba78aef664df97296596dd8ac0143f566a3d7c1eb1c3f89da6b45db07b6f4b88e8b7df36d3094b4979c8d87a69340 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2372d0aebea8c23a9aa68ade26cf3410 |
| SHA1 | 34065a70f02b9b959e71bbdc3724e15f95853aee |
| SHA256 | 6391e398fc50106e10ba07aa98e5e59dfa13797ea35f91ae7fe5bb588938daee |
| SHA512 | 6ffc00486aecf769c8a43af53bc8e9c942282de244b3cd66be72b2374d843fc6de3f2b135c90acd643e918f96bcae654fc0db471bcd8a2d6d99d590f9785218e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bb993e826c55bdd9de00f752e12a9a9e |
| SHA1 | adf4f103fc938c264573c9f6c679a43cabe2087e |
| SHA256 | 2209666ac99e64f5beffa41b300ceb762e4322e104e80469259362ef35c8d6d0 |
| SHA512 | 128b360f70247fe544857b3c35f2cdf8b5ac7d70f2cb8936bf7857a7b2815ee89faa5035e7ec2dbd2e89f31ffe637bbef411cfa4d32497675b8c5f792156ce27 |
C:\Users\Admin\Downloads\YouAreAnIdiot (1).zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b16270719f446297fef95a34a4a8f7fb |
| SHA1 | bc59a8850362fcd98f7e400d1f9c12dcc7dbfa4a |
| SHA256 | 216d2438afe42c47add9f4142d61dbd4a5b8d070d057a191d0aafa5f499aded2 |
| SHA512 | 3f45550c3735969e7f9e963bc557ee6a3fffb1f98b7ecf437a83e8575cac2162cb1028caec814c3a5a3c457b61ded7f0e2f83216a4ac4f945ac7f3494ce693ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 249c9708b6a3402f36849303816d9526 |
| SHA1 | 620616d11e48e24960e7f67a89947d28b384e71b |
| SHA256 | 637abd4c74ab6129a288d4f0e9f9498d91cac717299363782e9dab2f278df32a |
| SHA512 | 759e8aa7e3aa1a922a608ad97587d535f3c1e8906bcb3109eaf0ddd8cf97c6744c9569009e39426fef3e29434fc0a9b0853ee6e5c75bcd63e23da2e0ed74c744 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 6aed8b2a15d0834ee88d6d26695df58d |
| SHA1 | a1b8760b7334431fa163a854950b072faefb5bb4 |
| SHA256 | ad5b6785d2bd1f5f7a32952db9a9be4e9b8f79ac0ed848ba71e1e3ba95650c87 |
| SHA512 | 5c7bfc421f6a2e907f1db4f4951b63ba9a355753cf6d38017d621f032149594ae054c8a53d959be790c5780e5bf684dee1944d6f676d01e7b196d15f91942963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0499e7c4553d2e0f581e73ef374d97be |
| SHA1 | ac29d220597e6d36f5dac2b59a4359d7a8d3c7e9 |
| SHA256 | bf09220b878cbd6b187e1225bcd39ec094e24b48bab63118b6f3b7d7d2a6500e |
| SHA512 | 95ca9a37c9b8cab8299b78b17614260075621f3c9f2a1a8d88f6c40d42849bbef7c4d36f77fdb08a8403a25c6450f3d4b204910b24386c128c3f3836a6b48b22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8e0519f7055d4ee05e74d34d447d11da |
| SHA1 | 6ba6da1e17b5d5d3b0328ce46191e7241b6da135 |
| SHA256 | a51b7013201f666280136d8d2672a0c6ad603de01459715e5566133c84279073 |
| SHA512 | e7d7f310844e2b699684ffc19c3459d2198df82079788e0d85eeac803d783cc044a3b9fadf7cf3eb1c99d0f3255c1ed9bb05f1aa5281e78e039955ccdd08a363 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b4a34.TMP
| MD5 | 38e5177c76e7cb381d3f748bdf619ded |
| SHA1 | 71616b68deeb2a2fb1b125368bcc87c5775da48b |
| SHA256 | 7cb8b5c79093ab54dfa585ace965c35d691b9418d2f4f969db02a8facc455c5d |
| SHA512 | 6c875704cb9da31706a8c1e4447c3e25b4553f541d2461fe0ce00669dbf8262037e888f2e2952e545fba6f5cbb502112a032ed60b9f35c847796739aaffac0a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68087cca5989fd94ea1435e5f5fa5d3e |
| SHA1 | ca16c399ba41b25fab5017279b48e7afdc692f90 |
| SHA256 | 02ed6bd7a852aba6b0368d7b2203f1b96f655d7bc7e1a573cd686edd59d2ad14 |
| SHA512 | f0b1a1acf45ce8abbc911c15611f31323e667f751fd27dca3400c74a714854441e1505577ba4bfa26e6ddafcd79a330cdbbf32749620d9c665a5bf9d2a4df74f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0876a1875a10be837ebf05700fc5922f |
| SHA1 | 7924c59dd87e44f2dd6235e674f0ad4a839fdef4 |
| SHA256 | 9ba0c427f74d4917625f3657b06e65e652d733e13db0c4bac712898a677322a3 |
| SHA512 | c2ab2e34f3a864b6218e86c542c7bdc1275eb97b3ba646d7b1bb750b8a38a8010199866e14a06eac128aae33fea8d6f1884c7a0dd49ac1bc9ed9cbef97094213 |
memory/484-620-0x00000000007A0000-0x0000000000812000-memory.dmp
memory/484-622-0x0000000005340000-0x00000000053DC000-memory.dmp
memory/484-621-0x0000000074BA0000-0x0000000075351000-memory.dmp
memory/484-623-0x0000000005990000-0x0000000005F36000-memory.dmp
memory/484-624-0x00000000053E0000-0x0000000005472000-memory.dmp
memory/484-625-0x0000000005570000-0x0000000005580000-memory.dmp
memory/484-626-0x00000000052C0000-0x00000000052CA000-memory.dmp
memory/484-627-0x0000000005580000-0x00000000055D6000-memory.dmp
memory/484-628-0x0000000005770000-0x000000000577A000-memory.dmp
memory/484-629-0x0000000074BA0000-0x0000000075351000-memory.dmp
memory/4932-630-0x0000000074C40000-0x00000000753F1000-memory.dmp
memory/4932-631-0x0000000005B20000-0x0000000005B30000-memory.dmp
memory/4932-632-0x0000000074C40000-0x00000000753F1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3674be75fd36699cf2c566223ed3ad1 |
| SHA1 | ef00736e9bf264b37614e44d14ffcde8c31ecd4c |
| SHA256 | 9f59e997acdaabfc617f5a167e9e9cad224129d1706cad5d6118434ebf7e1016 |
| SHA512 | caf33e79d9cf61f96dfc709aaeb9bc9bbb250b072d138d91f5863765c98838f598a559c079a330f976a37d1430543040e100d5a3fb42abd7af44ba0ec852ad62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e602457498afec36a29fa53329d6b932 |
| SHA1 | 2e89bde308d0c75178ad272e1b1437ec9bc94a9e |
| SHA256 | a3a9b9247034e39b64ee0fc89d0a267e2b649458693b7a67d0a23581c2e1f170 |
| SHA512 | 74951d4d3f47a819f3a604bf6ac873aca4f80e6d1babbbb6b77c735a31564ef09c427df12468f17cd762c1087b1cc39e0a24ea553b6b4121b89e64b65559d921 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 461bb56ddc222fda42b7f434dceec1a8 |
| SHA1 | 9a0b05a57112407c2fdb6a97e1ff0f7906340290 |
| SHA256 | 7e4a326427a0feb131080626cdfb98cbf7b0dc9301c066f551a0b5b8bf981ec6 |
| SHA512 | 5b2604409aab30c5b706e10efead5f407e6f8f4115350c0792953341e1451c1d26d4055b9cbbcfe9877b8a58552f8b0aaa2d80930a3f180d909ec2cf8edaff7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 10fddd1f696782aaa0e9155839547297 |
| SHA1 | 1ab7f934a636edb07e83a0e2000c56bfdb3eff06 |
| SHA256 | b9661c39b47f490c2dc459d041e9002e3f48a5ec5e4a202bf1f9ccfb3101a6a1 |
| SHA512 | 0f8f1d27d63a0fc01a7c94c6b96275c1670f50838076020434d7e3fb84ceb28e39d16aecd52b1ca4ec5a8d47d0718e29217b0a8f246348d86a941b09176e0591 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 12d6b88106d3ddabf50d9fd45f853ed6 |
| SHA1 | 19b93ea4a328715601d310d5b1946724de1f29e9 |
| SHA256 | c00b2214701ed3b4c4ac0a89e8297de318bab33a7e052c190c7f4895f13dfdb2 |
| SHA512 | 7c03f91f973771fc373a901fdf50ca32120716b320a3a1f1aaa39601f26e43b735ea985d0bfb66f10109cf5f4c5ac42e23c34e32ca187c61f16aa734cfd1754d |
C:\Users\Admin\Downloads\WannaCrypt0r.zip.crdownload
| MD5 | e58fdd8b0ce47bcb8ffd89f4499d186d |
| SHA1 | b7e2334ac6e1ad75e3744661bb590a2d1da98b03 |
| SHA256 | 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a |
| SHA512 | 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3144c1c489e762c583b152aa9d9e2c2c |
| SHA1 | 6f6dde5334bbe1721f0ddc8d5cd153a5251cc48b |
| SHA256 | faf546e41e594cebc9a017357872ac27765c4ecf53ab51546526b9beff513c4b |
| SHA512 | 2c7a8444a7f7cc42736ca7a84f1c77d7362e55d9e31b643e137f537ac46757600fb98f7ecf98e99285e20b5bb9bc4b60e2954f4b0a249c92e705ccb26772de0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ca2a62fb-34e7-45cc-99c0-4fb65adc9dc0.tmp
| MD5 | 27cc1bc2bcb3cbe69c86cd72a3554f25 |
| SHA1 | 0dbab94c7356766a03f257ac0a5b354e7d1aa855 |
| SHA256 | fd607e7176d337e5a3301e383d2be5e63a1a22d1a6842bb2a844116c43c1d600 |
| SHA512 | 30d24097de658606d235d574f00358abb044942a8f5607306fa73991b7d412ee899803f2f6ee6ade9bbf00338751eaad798a00cccb06db410aa5de0efa1eaf08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6096aa73dde2cd9fd0bf5a05db4232a1 |
| SHA1 | 20162437a1d53704fe97c8be917d3230f067054d |
| SHA256 | 45a2b23864047f7c526df271524e6b1cb74bc5c8bed7bcdfdc24c7cb78fb052c |
| SHA512 | cbc5063c6008922db78c08416e8da2e2b3022932855371d36c8153fc54896839b8ed94aa6f9029cda02c31c0bf365b56da243cbd3877284c5be06171130c2c97 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/4624-766-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\s.wnry
| MD5 | ad4c9de7c8c40813f200ba1c2fa33083 |
| SHA1 | d1af27518d455d432b62d73c6a1497d032f6120e |
| SHA256 | e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b |
| SHA512 | 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 0e77eb5fa0b7e8dffce86dca85b12cec |
| SHA1 | 4b277651979e79b77a794e9157790c063311ef0f |
| SHA256 | a5409d16511cc1fed769215339f3995551cd575bb141cc17c8d9535ca77bef91 |
| SHA512 | a81fa129e856e4deea42fcf4e35f65fbbaf89481be3d48b398b96f88b1f39a990f03b00225c058d0447297ef3ea5929525c576f798b0ed9bce67fdffb6ae9b6b |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/1588-2222-0x0000000073D20000-0x0000000073DA2000-memory.dmp
memory/1588-2224-0x0000000073D20000-0x0000000073DA2000-memory.dmp
memory/1588-2225-0x00000000739A0000-0x0000000073A22000-memory.dmp
memory/1588-2226-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2223-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2228-0x00000000739A0000-0x0000000073A22000-memory.dmp
memory/1588-2230-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2229-0x0000000073CD0000-0x0000000073CF2000-memory.dmp
memory/1588-2227-0x0000000073CD0000-0x0000000073CF2000-memory.dmp
memory/1588-2233-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2235-0x0000000073D00000-0x0000000073D1C000-memory.dmp
memory/1588-2234-0x0000000073D20000-0x0000000073DA2000-memory.dmp
memory/1588-2237-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2238-0x0000000073C50000-0x0000000073CC7000-memory.dmp
memory/1588-2239-0x00000000739A0000-0x0000000073A22000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 9f274285cb69b93ae671f679de48999d |
| SHA1 | 45737398ee1962230a835dfffaef7a2ffb02bad4 |
| SHA256 | 65c815cbba22347a46b9355aed50cddea336290ae4d6ea3a8071f991d6613788 |
| SHA512 | 2bc175cfbcc2720b7d7c775f6d26233889ac65b8a9b68767e91f9266d52e2e02eb33a799e1f2c37f899c059fae703d4c51de8ac1f5cf0d01c38aef60fdb47ffc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f0ef44abcb5541d1e93b27a9d8abe400 |
| SHA1 | 6aa62ea7cac96c95c403b496fce1de612241135f |
| SHA256 | e7b0b33c3e646a4e80728b8c9aa077d33484484568c3dc47774d7bc74c2998c7 |
| SHA512 | 646f5175e736edebc69a8e99ab529b1935dbc398e87c73826924d641fe64c042ccd8bb93a3adaa8d0450db46119053650ea2bf5ba9215f1a81ec5533d8aac1df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0632f6745302406c03dfc5c3e5fff301 |
| SHA1 | fd2ae968200897f3f1fb31363fa327e4fbdd0a68 |
| SHA256 | 392804690ec62c57223a1bae97606e34a9790b4dc0b4b523d709b5cf02451c0c |
| SHA512 | 7bdbf86c3a209fbb12eca38b1c64244205010ba1625a9e9a4008709fa71ec4d6b4370c2c9addcdb6e0ccf9cc1efd7a6050667eee401facf38a6fa6c8d5de6050 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f4af001a40d8516e5b3988185ecf8637 |
| SHA1 | b804575192b14d0a48633b972a7da03000f280b2 |
| SHA256 | c3135201516059d80aeb31c79faca310f0254a050882ecb18e019416e60dcba2 |
| SHA512 | 280cea101e9b8973d3e39008a3e2fcabee277cd853c5c2e06e3b43a581699c75f9a846f9b0de0967d9958dda11f06299fa6bd52a91550dc5ed1c5384d889feca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e29405f36be12b4ca1d7b372f11da2e6 |
| SHA1 | dc9f48b4efb4aad521042f2000bd5534b635608e |
| SHA256 | 06492a7efa67c10ffe88ad82cca6dd66a9daeed701a1b18103dd91ade0b42606 |
| SHA512 | 821e0763fdc3fd59281047d5257460af8217414654a9e265f89c09be7326c5cf139aef1b0204f8ce2bd95688bd502f39506bd94efa37c29c5c74f6f198ea9a9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 8c230f7ea6487c87e7e5379592aac858 |
| SHA1 | 56752ec7e3456fc3172692e9f75be5e30c213eda |
| SHA256 | 63485386c06f5d1bd00777471849bec25d729862da700f2b32c06f233debc5e8 |
| SHA512 | bbb0a2b072def0ff973baabb6abe40d586c8074639ce07de45ba47a34e0b8a8e373636402178d3518bf1fbdc6715afaa44a2a5fdcd714cb0eb31a195147b95f0 |
memory/1588-2370-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2374-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2377-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2378-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2382-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2386-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2390-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2393-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2397-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2442-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2446-0x0000000073A30000-0x0000000073C4C000-memory.dmp
memory/1588-2452-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2459-0x0000000000570000-0x000000000086E000-memory.dmp
memory/1588-2463-0x0000000073A30000-0x0000000073C4C000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 09bcce93901bf97045eb0aa5ebcd54f8 |
| SHA1 | e4c868fa12430f3641db0645870e408ca2fac407 |
| SHA256 | 6b5f1ebd6b2da70d286d8c6631520d00b586f7fe7369c08810a9ee38213ccb28 |
| SHA512 | 2f86a34854dbe3d93176b7e8ccddee897d08fcef6d3bfe915e9d5027e98f55cddd4184218f6ade20a762d3a3136a0135be061b4ee5a2a35ee2e822d3305c19d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 656bb397c72d15efa159441f116440a6 |
| SHA1 | 5b57747d6fdd99160af6d3e580114dbbd351921f |
| SHA256 | 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab |
| SHA512 | 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d459a8c16562fb3f4b1d7cadaca620aa |
| SHA1 | 7810bf83e8c362e0c69298e8c16964ed48a90d3a |
| SHA256 | fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a |
| SHA512 | 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40bd4adb0b17e472757794b9ea9f01e7 |
| SHA1 | 9fbfb25cfe1392fcb111f99781db4b44e4f232ee |
| SHA256 | fa7a5a025473f890dfa5a266d9588b1097cdecb2a0fcd9ed46e8cf17e908109f |
| SHA512 | e8d5a2e267216c5798314bcf9bf2ccf0fe15913fea3299010d358e7ba05b59bd0e1d3edbb33d471976a2f56b3f380c2bd1ab2ff9f267c82bda265cadf801dcf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b03c632be28aff844b8a5816bb003737 |
| SHA1 | 68318b5e50da1f5f758d37e7fda4c6051c1fd120 |
| SHA256 | 9c7f6c5ac49c505f6a2bf9faaa4e5b01ba4e58e9765b269baa024a0b57d556d8 |
| SHA512 | 97128c3081d62706138520f28d8c7b406961d905179921512c34398bc7a8e61cbb9e142970307e182d5edacc2e527ba4493391cceda0f2bb4a5b10292add7f7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 4b4947c20d0989be322a003596b94bdc |
| SHA1 | f24db7a83eb52ecbd99c35c2af513e85a5a06dda |
| SHA256 | 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180 |
| SHA512 | 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 8d1ef1b5e990728dc58e4540990abb3c |
| SHA1 | 79528be717f3be27ac2ff928512f21044273de31 |
| SHA256 | 3bdb20d0034f62ebaa1b4f32de53ea7b5fd1a631923439ab0a24a31bccde86d9 |
| SHA512 | cd425e0469fdba5e508d08100c2e533ef095eeacf068f16b508b3467684a784755b1944b55eb054bbd21201ba4ce6247f459cc414029c7b0eb44bdb58c33ff14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 657ed1b9ac0c74717ea560e6c23eae3e |
| SHA1 | 6d20c145f3aff13693c61aaac2efbc93066476ef |
| SHA256 | ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570 |
| SHA512 | 60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | bcf8a9566c19c82f4bdb43f53a912bab |
| SHA1 | aedbcfb45eed11b7ad362b53ff32bacec9f932ee |
| SHA256 | 52c97dd2602b4d9ac70b61c3dd9b0f9869c5c211e2a4b52e94eda5e150349ae7 |
| SHA512 | cfec8603b3eecc261735ddb3d9f292f47e5e34761d73c33b8a1fa1efcf8e07b9b5595a28eac3b238842cf1f63a155b0376840f42ab22ad3186390bcfbc62adfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 9ddefb34cdc7433e68d58cfc54afd013 |
| SHA1 | 2a74522efe35efe4956828eb2172a4f9a0e7499e |
| SHA256 | a198b75825125d7755c874913ec2305b557810db78fc3ffabc6ed85b2fedf079 |
| SHA512 | 7b27c3e6dd1653e1d526f1c070906f119816cfab7dcddd6f12e5367a652713a08c20c9e709f121893d7c2044eb60aa87fbf3dbb1533638e576819473ca469700 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 668b709219a3bc003ac35038ad55daa8 |
| SHA1 | 65d4bd0e7a79f6717d00656d3774c9cddce8c536 |
| SHA256 | 075482464634359e34d7d49320b08882ce1f8c742904910caddcae0db6d86989 |
| SHA512 | 6bf60d57cd41c555f4f2a205994690882d44da5617de36a144219983f71f6e06112d15816b138cbd7bd37b29b9802f009c3503204c7e2b8b0354b3b3ac16b941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f58e8855c08e01efc18a3580d8fdf61 |
| SHA1 | 2a8384a25091699f978bd6d678d090e89f3df49a |
| SHA256 | 9aa5e80d255c9e49e9f95dec73533248f5a7fe3a8632a2cb780ef084adbb734b |
| SHA512 | 1da1b7d7b3e1f4c7a49ffe22f70cd79688d8c467e5e4e127a490386582437a17bbc294ae7adf210c780d7ce450bb640139268258912c61f54a80b8ab47131933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | bc4836b104a72b46dcfc30b7164850f8 |
| SHA1 | 390981a02ebaac911f5119d0fbca40838387b005 |
| SHA256 | 0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929 |
| SHA512 | e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 2f3c7b5f9221520efbdb40dc21658819 |
| SHA1 | df12f010d51fe1214d9aca86b0b95fa5832af5fd |
| SHA256 | 3ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99 |
| SHA512 | d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | e80a1089da3f589b77b09cbe69e869da |
| SHA1 | 7a42bfa54718a4b4530a69bb6da757b93d2a70ec |
| SHA256 | 9f0e7b008e969ff0d42092795510889b1a7b4816fa2533a32353a2f35c12042d |
| SHA512 | 24a09fcfcf796d948a21c5d6b7646c1eec7f62bbae5eabc23b0d86cda5c10ced12ae4dbcc3ef6ac9c98eeacc83129609fc45e685ca923f3aae2f2882203e811c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d79b363d68b088a423507b949ba750d5 |
| SHA1 | 8e4211d6123d17a1ccf0be6a5a86c0c3e6923227 |
| SHA256 | a52056df4561763db2230d87187c3fd05273df99930682fdba5ca8f5c845798b |
| SHA512 | a03a555e9d163635aca8a0aa5bca79aad6f5a6969154f7ba4baae77452f77d3be8eeff70b5c41cbeaac2a7da33ad616b763ecf2fcd1ed41f1fa791af3e6dbedd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e7901515e88e44a0f726bfe401ebf07 |
| SHA1 | ca3ac6e45b7869701b6433e5c13d471f37c70459 |
| SHA256 | 80380027d00a5a1e0011332f0dd9dec3bb3dbe886f190c3637d08e7f8fed98b2 |
| SHA512 | bcfc4e7fd7764877cf54fa79eddf222df364653fd5b888904467ada188d9eae3624561aafaad12d135a86c5f9d169128e3ace061be5fe3c87c8c25294b5930e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe620f3d.TMP
| MD5 | 5e657520a5ea6ee4749bd712e13106a0 |
| SHA1 | cef4cb28b18a48a67b06a5ec4e03ea1b01c5687b |
| SHA256 | bb98354c6934b6f6abea0ad9630c54abecf42c3b0be39583e2a1fc81efebbe33 |
| SHA512 | e7f268f41102a7fb1e9484951c074eadfdf3acd795a73587acf7508866b0b1a865322aa7e338251b116d58970eb505b917eee7f1f29e22375dea7a3bbdd5b7a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d65244bd727fe31b90f0c2eab2588142 |
| SHA1 | 0830bbbc8e015888c05f1a181a2f8743fa246131 |
| SHA256 | 0afa2e55729178e771909ceed8894ba686549f91ef0cd7d0ef7ed7d71ae9d744 |
| SHA512 | 0d974de88d0eb1a0df303774ad3ee533c47c9e22711679628f6b710bc75e75285d3629f8a5435a98a869b916c08cd2e5cedbbf5ccdb06930e6dacc232f7055f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d6968e1ce16e2c4e9f068df0c77b4c6 |
| SHA1 | d25f0bf7be515e1b0bd0a4b93585e49306c8bc3f |
| SHA256 | 0ca7be8d64426cf26bf50a307c7d0f42b5ee4940aea4471eece69961b0031cbf |
| SHA512 | b655705834ba5f7aa1fd6ff1f230966282e2c055149e0d56d3baeeae51ae7bd3db2b6de855833f5390f0817b9f96561d7928faee3a18d430871bb1194491c3fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a835eacc418e80d4407f3767cb7a98f6 |
| SHA1 | 8ab45616dcd729a3f395c71bb3e4525f009fc146 |
| SHA256 | 746d1e9c6b48d2ff4c7fa5cacfb2053833b5b7eda1140c445322545c1f2533d2 |
| SHA512 | 4865b4174b954885bff3a6d696b78cc4ab62a3429ffcecb8b9a0f800164e66b94aa42e5807bb061596bed44db2059c6b52fc8fb549ca195aae0908cbfc311d71 |
C:\Users\Admin\Downloads\Downloadly.zip
| MD5 | 0a0f5d4bbd7f1f262b515c241eaa6f23 |
| SHA1 | 030a19704c38ea2235766b72769d39f78b9a8eec |
| SHA256 | 9d7dadfe03e2dd2225cd3c379e828fb61acc61bdfb1a2f5e39fe208e202ae921 |
| SHA512 | fc311a7ee859871f34205981084257f2b3e11074f11105bd7f67e25546319fb0cedf86c580458ab57793ccdf36f0bcdd732b6c95c4e3fc3e243e5961b2820b60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ac2b5197a59995303629b881143a6b35 |
| SHA1 | b546789601cd8138b4f8ce771eb24b788b0945a5 |
| SHA256 | 3ae39e6309941be6a423b66a38898bc1dcc1fafc26f39657c6fd55d48e720091 |
| SHA512 | 55a52bc07996d1d3b53f2cb4307d4c1fb3975fcb8d6c8d1a8e3c0fda0b09181d6e7feecaf209ab303bbb20068b357f0ebd5d8a59649869b89b670ec372aed451 |
memory/3048-3197-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58d5f9c7ecf8325a05a996baea0b59de |
| SHA1 | ba39eb58e1ba71606b39fb05733f8ed58791d546 |
| SHA256 | 494861d4afbdf435bb07b13540ea29cdeb839c23213d38ac3e1cdc866bb58d0f |
| SHA512 | 738192a66bd7ea1a0afad6d8356a29bf510e092f750517452b41edde25fb718c0164763a0450ca1287e76afb45b229e2e93266f810772ea84659cd5f4680217b |
memory/2408-3209-0x0000000002560000-0x0000000002561000-memory.dmp
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
| MD5 | c64463e64b12c0362c622176c404b6af |
| SHA1 | 7002acb1bc1f23af70a473f1394d51e77b2835e4 |
| SHA256 | 140dcfc3bde8405d26cfe50e08de2a084fb3be7cf33894463a182e12001f5ce7 |
| SHA512 | facd1c639196d36981c89048c4e9ccf5f4e2a57b37efc4404af6cafb3ec98954fe5695b0d3a3ee200b849d45d3718b52cce0af48efba7c23b1f4613bcaa35c0a |
memory/1740-3339-0x0000018BA59F0000-0x0000018BA5A74000-memory.dmp
memory/1740-3340-0x00007FF82C860000-0x00007FF82D322000-memory.dmp
memory/1740-3341-0x0000018BA76A0000-0x0000018BA76E6000-memory.dmp
memory/1740-3342-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp
memory/1740-3343-0x0000018BC02D0000-0x0000018BC02E0000-memory.dmp
memory/3048-3349-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/1740-3350-0x0000018BC1530000-0x0000018BC15E0000-memory.dmp
memory/1740-3351-0x0000018BC14D0000-0x0000018BC14F2000-memory.dmp
memory/1740-3353-0x0000018BC1490000-0x0000018BC1498000-memory.dmp
memory/1740-3354-0x0000018BC1620000-0x0000018BC1658000-memory.dmp
memory/1740-3355-0x0000018BC14A0000-0x0000018BC14AE000-memory.dmp
memory/1740-3368-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp
memory/2796-3371-0x0000000000400000-0x0000000000516000-memory.dmp
memory/1740-3369-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp
memory/4592-3374-0x00000000025E0000-0x00000000025E1000-memory.dmp
C:\Users\Admin\AppData\Local\Massive\usage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Massive\usage\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/1740-3454-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp
memory/2796-3456-0x0000000000400000-0x0000000000516000-memory.dmp
memory/1740-3457-0x0000018BC0D80000-0x0000018BC0D88000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe
| MD5 | ce8239c6118c4cf509b85848e6d85094 |
| SHA1 | 696085331c75e328ef6e8785e302a39e713429cc |
| SHA256 | 2d3262cbc35e3b6be149d1534696d757066b961e531f391363a2aa2912784880 |
| SHA512 | ae97f3213272724c697d5788be2ca8f1d0b10bb5a467ce3969eac59d18117abebe9972a416187f54516bf67fbb0ae75811648a101f668543e3264b1b099509b4 |
memory/3104-3471-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/4388-3475-0x0000000002490000-0x0000000002491000-memory.dmp
memory/1740-3488-0x0000018BC0C80000-0x0000018BC0C92000-memory.dmp
memory/3276-3489-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/1740-3491-0x0000018BC0C70000-0x0000018BC0C7A000-memory.dmp
memory/1740-3492-0x0000018BC0CA0000-0x0000018BC0CA8000-memory.dmp
memory/1740-3494-0x0000018BC0CB0000-0x0000018BC0CB8000-memory.dmp
memory/2096-3498-0x00000000025C0000-0x00000000025C1000-memory.dmp
memory/1740-3497-0x00007FF82C860000-0x00007FF82D322000-memory.dmp
C:\Users\Admin\Programs\Downloadly\is-6T07P.tmp
| MD5 | 8097152e93a43ead7dc59cc88ea73017 |
| SHA1 | b21d9f73ecf57174ce8ec5091e60c3a653f97ecd |
| SHA256 | 5a522e16c4b9be7d757585c811e2b7b4eab6592aed1fbc807d4154974b7bb98f |
| SHA512 | d885a2ecba46c324c05d63b5482d604429556fe864202b1127866f2798ead67228390fb730d44ccef205c8103129d89d88a9541a4657d55c01373f8db50f7b23 |
memory/3276-3514-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
| MD5 | 9e1e1786225710dc73f330cc7f711603 |
| SHA1 | b9214d56f15254ca24706d71c1e003440067fd8c |
| SHA256 | bd19ac814c4ff0e67a9e40e35df8abd7f12ffaa6ebefaa83344d553d7f007166 |
| SHA512 | 6398a6a14c57210dc61ed1b79ead4898df2eb9cea00e431c39fc4fb9a5442c2dc83272a22ca1d0c7819c9b3a12316f08e09e93c2594d51d7e7e257f587a04bef |
memory/240-3641-0x00000288F24C0000-0x00000288F2548000-memory.dmp
memory/240-3640-0x00007FF82C860000-0x00007FF82D322000-memory.dmp
memory/240-3642-0x00000288F4160000-0x00000288F41A6000-memory.dmp
memory/240-3643-0x00000288F4C80000-0x00000288F4C90000-memory.dmp
memory/240-3644-0x00000288F4C80000-0x00000288F4C90000-memory.dmp
memory/240-3645-0x00000288F41F0000-0x00000288F4200000-memory.dmp
memory/3104-3650-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/240-3651-0x00000288F60B0000-0x00000288F6160000-memory.dmp
memory/240-3665-0x00000288F4C80000-0x00000288F4C90000-memory.dmp
memory/240-3664-0x00000288F4C80000-0x00000288F4C90000-memory.dmp
memory/3400-3666-0x0000000000400000-0x0000000000516000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-D8DE2.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
memory/2096-3669-0x0000000002600000-0x0000000002601000-memory.dmp
memory/240-3685-0x00000288F4C80000-0x00000288F4C90000-memory.dmp
memory/240-3684-0x00007FF82C860000-0x00007FF82D322000-memory.dmp
memory/240-3687-0x00000288F4C80000-0x00000288F4C90000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6157fb0435b890a958e7e1adac862b1 |
| SHA1 | b579b9fc8597ddbf1457797fefb70755df22a158 |
| SHA256 | dd7465d82fbf55d768013169a2e58d9d4638c5b38097e1038996b4362081fc2c |
| SHA512 | 0017407b90fab796298af2a762425dc3ba370326a2d1da310ff353ef93fb39f25a49c31a60eee2c46d8b85a6600fcccaefba8c4411cba1ff9c069b217d4f0000 |
memory/240-3706-0x00000288F4C80000-0x00000288F4C90000-memory.dmp
C:\Users\Admin\Downloads\NoEscape.zip
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6696a99-c74a-4613-85ac-40b737efb044.tmp
| MD5 | f3f4f23d8800acf13b4a81290665190e |
| SHA1 | 36ebed332c279faefbad32e1c9ff0c3e34b95f34 |
| SHA256 | 47449584139e3d5e7534564a251317f24d20b84b3520c6b8071b613f99af9130 |
| SHA512 | e00574e06400203156e13f2ed290b367628e5c28f1ba6c56acf078749bdda0d0fcfddf1a1dc43233985a833a83006b422aedadb99b75ca57760cf8648e39c2ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 94bfc41916b70a8ccd5cd4003e14f80d |
| SHA1 | a5e37e037e35b90a7ab0bb3f6e439fcf649f9b58 |
| SHA256 | 897f1d5b45255182209c4cfb0555d1ec0ad74952d486cf65fc176766bebb9b10 |
| SHA512 | 269a1128de7cd121481db977146f6ac0baf1d478a1086e1ae017619c050edb65d68110c90c9fd11da850659d61e4b32b74681426b31a698e716472dc0b9eb60d |
C:\Users\Public\Desktop\ᔒ⭘༑ⲽ؞ᛎዐᖋᒩエ⊒ᴠ൨ᲢଈὭ⪦௪✢
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |