Analysis Overview
SHA256
9e7a8780a67bbb7153e1d0028009f4b9be9c7f7a62c2566e221bc81a57c28a05
Threat Level: Known bad
The file GlitchrollV2_UPDATED.rar was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Drops startup file
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Modifies registry class
NTFS ADS
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-30 13:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 13:27
Reported
2024-05-30 13:37
Platform
win11-20240419-en
Max time kernel
548s
Max time network
552s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD771A.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD7713.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\waznenvck896 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates physical storage devices
Program crash
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615493342472218" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{385019E7-D20D-4428-A325-BB684317C573} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\Downloads\jigsaw:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GlitchrollV2_UPDATED.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\GlitchrollV2_UPDATED.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6b3acc40,0x7ffe6b3acc4c,0x7ffe6b3acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1972 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2228 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4872 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5104,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4296 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3804,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3500,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3480 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3356,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3476,i,1639669935854072798,8333158853186545408,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe749e3cb8,0x7ffe749e3cc8,0x7ffe749e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1340 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 62981717076028.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 5492 -ip 5492
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 544
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5492 -ip 5492
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 544
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "waznenvck896" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "waznenvck896" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,3722307245800479126,5394493584085504903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\jigsaw"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\jigsaw
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2068 -parentBuildID 20240401114208 -prefsHandle 2220 -prefMapHandle 1756 -prefsLen 21730 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f47f202-2cf0-4e91-bf41-4949d939cf22} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1824 -parentBuildID 20240401114208 -prefsHandle 2568 -prefMapHandle 2564 -prefsLen 21730 -prefMapSize 243020 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ebcd401-1f4e-4cb3-8851-13424abac129} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3536 -childID 1 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 22395 -prefMapSize 243020 -jsInitHandle 1388 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af166104-9070-4461-bceb-42b5ed387ac1} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4144 -childID 2 -isForBrowser -prefsHandle 4156 -prefMapHandle 4152 -prefsLen 23684 -prefMapSize 243020 -jsInitHandle 1388 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f566aef6-a2e7-4144-86de-74baa7115dae} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4444 -childID 3 -isForBrowser -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 29248 -prefMapSize 243020 -jsInitHandle 1388 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5e35524-6594-4367-89fe-d81f2b25f699} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5188 -prefMapHandle 5180 -prefsLen 31930 -prefMapSize 243020 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a937fb06-0198-4a39-a91e-426f3f26483f} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4632 -parentBuildID 20240401114208 -prefsHandle 5408 -prefMapHandle 5404 -prefsLen 32145 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {210e613b-792f-4714-9892-4eb043936a98} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3592 -childID 4 -isForBrowser -prefsHandle 3604 -prefMapHandle 3616 -prefsLen 28235 -prefMapSize 243020 -jsInitHandle 1388 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4660338d-ed60-4bbe-9f49-b715bffa459b} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 5 -isForBrowser -prefsHandle 5628 -prefMapHandle 3620 -prefsLen 28235 -prefMapSize 243020 -jsInitHandle 1388 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b22f0a47-e11f-49cc-84a5-34d316a1f4d0} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 5924 -prefsLen 28235 -prefMapSize 243020 -jsInitHandle 1388 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0371325c-ea49-40d6-8d50-aecfbb8512d0} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" tab
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\jigsaw"
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.187.227:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | r.bing.com | tcp |
| NL | 23.62.61.75:443 | r.bing.com | tcp |
| NL | 23.62.61.75:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| SE | 40.126.53.17:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | tcp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 66.43.201.23.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:52358 | tcp | |
| ES | 82.223.21.74:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| FR | 195.154.122.54:443 | tcp | |
| FR | 195.154.122.54:443 | tcp | |
| DE | 5.9.158.75:443 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| DE | 89.163.247.43:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| FI | 65.108.129.218:9993 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 92.123.128.148:443 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| NL | 52.178.17.233:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.17.178.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 52.11.19.139:443 | locprod2-elb-us-west-2.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:52820 | tcp | |
| N/A | 127.0.0.1:52826 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 139.19.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 2.18.121.72:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1.sn-aigl6n6s.gvt1.com | tcp |
| GB | 173.194.3.70:443 | r1.sn-aigl6n6s.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
Files
memory/3768-13-0x00007FFE6F1E0000-0x00007FFE6F214000-memory.dmp
memory/3768-12-0x00007FF6AFBE0000-0x00007FF6AFCD8000-memory.dmp
memory/3768-14-0x00007FFE67270000-0x00007FFE67526000-memory.dmp
memory/3768-15-0x00007FFE594B0000-0x00007FFE5A560000-memory.dmp
\??\pipe\crashpad_1520_OARYHEZEETQZFBIW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 8ec319df0134dc470e0add976274dcf3 |
| SHA1 | 12573fde4f70b052e89d49f09fab4cb5b3260a0f |
| SHA256 | 7ec5f5ea699df15b80702e492ff3a39e779c8c17a2cebb4d306743b03ad3577a |
| SHA512 | 8c1af88ee1ba624375d97c53ef63eecc28eb124404d9e6cdc313bcfa4c829a3406cba0ebb7a9430c2a4edd13a17104f483aff3fdab88997ddb4b714d2b960a0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d92ff48d7fc75915877abb076dac6bf4 |
| SHA1 | 8954132c8652b8198f15a4f659790f6ec200bfc2 |
| SHA256 | 72b4b75e238e88a3408c86e4f749d1455445d069de304bc4759c79376518be2e |
| SHA512 | 0825b8b082b2a07a2366c4c391efd131061ddb3c14949fe48c5dd7133cc242e251d0e95c8bd277a7a39937980f38349663f5692155f94c4c1c20841565059be7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb3cc192b6e538c6d95cdc3e7a39da86 |
| SHA1 | 4782e136be92441b95a68c4c7dd52db0b2ef146f |
| SHA256 | c38fc6d8c662bc8121fa4d6b23d6d24fa533f2c5f7bdf49c45f4c84153544904 |
| SHA512 | c2cac2071462f99a7087cead0039750126b5e0397cafbe3251a9e0654b2085442713a5091f1e6c0b8b061a4ed51f30e75fa4678924c3d546ed9bfe7610bb9481 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 378c2c2453da4e58f589d0f097a3de25 |
| SHA1 | 1ec158988868c225349c0f18be895110884f2215 |
| SHA256 | 6a813ed21e846359453cded7ac33fcecb032fce3a77f1d3786ec12f730d13b74 |
| SHA512 | eaf0bfb9709b6d925987d3a0ea58a3a24661b1e72f3d696ea923fdfd36f439a6924ed33f36881cd12f006daff76e74a4606c7adb77130d7d9c5873b79b5bcf2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 6bf5932f3d9f6be698312b8cce82ef4b |
| SHA1 | 4fd259b3298e0e8535b854a6c97b9099d0802c2d |
| SHA256 | e620b60a0a9469c83eb0a756e0574094126a11a8f9f17fdda1b12b0d5039a512 |
| SHA512 | 2179d3a18d050401993aa4ac2aa7297be6429911e16c0e03268e52b57b294ce9e97cc72e01f470b929a2a46441f6129869107d96880e83638da289b56028badf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10fab112dedc829700a229a22b04d24e |
| SHA1 | 11254cc337724ff0e4b2ca16ad9e8526c394d9d4 |
| SHA256 | fa74e7e7ad48e0765af3016cffec02ad517f4228cf481d21a3e3556414ee49b0 |
| SHA512 | 9fc8f8ca3fd3925deb943df9f105c4676f0ce9e0e87ae35df5dd1646877fcdc99c496b8546429d2ddfe2d6fe6cb27b9b47401210f9e77b08c3972f6dadb8a3c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae01b3b6f4bea09ebe6c8d557f59ab79 |
| SHA1 | 35387c0770dc879d7e35f93b51f30978267009ef |
| SHA256 | 61ae65eafdcfc3f4b16c2317ba2f76695f8eeb0235e658b2bfc00e15de99241e |
| SHA512 | a7854b2e75785448e4da669db628b70ac2b35745eb0f55a05c82b5acd018e6bbe75e33886923c83e6a22b6a589bebcb5fc234903671963ccf5d3661185d0a7c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2067f69bb743decb40708032ee398122 |
| SHA1 | 57d5cfc075f31c6ba5019db402bd0707477ae109 |
| SHA256 | d1fc8a5bc4263018a4b7922046234b3e8f22c9c24ec0100cedcd1319b5febf7c |
| SHA512 | 2b43715989b66d6357d75dcf04f1a5da729861bd36b0464d96727583c6afc6586c3ee934082117ae964e6a9c79336b6b615d17b7592c8050e8ad610ee0cef69d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4326179622331049f42864836fb389f6 |
| SHA1 | 0684e4a6a890a0f7d8c3e8969d326d34a386d981 |
| SHA256 | c6a0d45fb33aaf932688f80c3b67989f25b761d71fd5e8c13fca5dabcc33b5ad |
| SHA512 | 0a26b47e7f229c46aaf7910755c26f738ab9162914779dd0fd4f26abe5405d7cca37781d6beac4a9ad8eb506ddea0c826cb57975feeb442f8615735ffb69a2df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dc41422f293d724c1ee4171a46b7b458 |
| SHA1 | aec3a02fbe66c713862326a7eb08701e64b2ff1b |
| SHA256 | 9f9fd2081e21e6b8fd27374d933c2096ce272a219a3862a91746f23c9c9f6213 |
| SHA512 | 34b854d077874500a370c83c463202016c6b26f78de5f35497e294a0677517bbc23443f5f714e32553022eb70a83cbb824709f9a7b4927d89ed66864fabd2501 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6206d82710c8a4d75b552fa03a80dc51 |
| SHA1 | 1bf1fc1e6a3b07cacd02ecacbd4efa42d261d47e |
| SHA256 | 3595cb2e5687ecef06f50146767c4c9ac0e512c6eb2d2291517ef1ef12a35eaf |
| SHA512 | 4ddbe73a4692cdcb0b4226500bcdd21e0f2838bef25894345369329c560027adc6971c5870509eba70d8a82645cd0e13e2c6d49870bf9a39b6e99f324a37d0a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fa36794ea8d22b78d554e6973a86df19 |
| SHA1 | 55e0bad4be29898ffc4f0df95f6a609ff9cd07cd |
| SHA256 | 0ae82acd5a31ec779dcc6c2e9341bcd70fe2ca53054c929e3730d885e4332499 |
| SHA512 | 113101dfb31e66fc3c89bce3fc44685b735d43a57bfb9f51747b6762efd20ffcf2634c0cbb3bcfb5cc08111b62f7120945d4195f9e7d502aaa4759acc8ce86a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 95464b11227a98b45ed8ab9e97538caa |
| SHA1 | e608d5d3c5e58c38ff3cdd94d165b7edad095bd5 |
| SHA256 | a75061da798f27f4997edaf6d93c9dad0cae8159aed7a1cd3b6d48ddc7a0d28b |
| SHA512 | 1adb7b7ff1cfd391a4c981502e04e7adc90d7faf692dac90c7500a6aecbe5e39e439b7c0708e5a1f8cd9e9e5108294945cfc6cc1ebb77817d75955038349a743 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 884ccd8617b38c75f72b6c00fdd86e4a |
| SHA1 | 4b8c01e469bd0a0fcf34075334d0fd3521a7432e |
| SHA256 | 2c373a4b9ae955dba633021204cea0baaf6ce8ecad497ee83e7e015028829141 |
| SHA512 | 92cde082b37fcc476895d9c8db58e7d8ea3e19bee8c9494e7d74d164d5e8ca33eff36e2142a59db48527f8f17f42de017bb83668e51602021103644db2632371 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3fbbeb2834ef783e417c88c89d8c06f7 |
| SHA1 | ba0dc577c885270cd7c42f723b95d4b9af93b5ab |
| SHA256 | 134d476b3afc255a8b7738deeaefca3cf74c59359c92eafd658ce671346b3027 |
| SHA512 | 465d3edd458cd8b61fd3badae22c28c213b0585afbaa3b99a5827a2d91e8509a60b9e0dd5bce2ae7752d4d11714b3ddcee433c926e32a450274595b897318e63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12f3d77155c1f255c68f555fed15d413 |
| SHA1 | 236dd2c487d0ecef4f9098ecfda003118727fdef |
| SHA256 | 044a3676b5ac7369a86987351834541f2dee98c97eaebea0d27e076472f338ce |
| SHA512 | cc1ea05ebd34e408fd21987e6879de68fd20c928fa918e48de04558b3a3f15a698b550efa185100aa75ef3b8f2563feb08f336ce8b86975026f35ccb5047a4d3 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | acb099f208f9322145eebdab1723d417 |
| SHA1 | 53d9bac6ccb8e1040cb9a39225b568da1f566806 |
| SHA256 | f431e9db8e2c457af7b4ef109709bd694bd8055fa6306b16ff46b041360a05d7 |
| SHA512 | c7adafaecc88c1b32424359185f367f1cdcf73cc944fc869a8fdcbd437cb7e9766cb0f5cff4cb750c65f9bf33e9c2427058e11056b49e0e7a5a8a0034668c808 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa6d1de8d2c3321a71025b19120e5fa7 |
| SHA1 | cc2cb5ddb97b60a34d1fd60e4b596766d56abac3 |
| SHA256 | d2f73194c25570d73abcb3a1219dad47bfb7a656b3b9a563b6b72da4ca9225bd |
| SHA512 | b21ee2cbbfb996cee421e6fe5cd087954542e583676ab6b5eac2d0746d1c4436e23383032b78eb0fbb77cbf67544602b077bf8fa2aa5483b8c3339602d4630de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cab1faecd241a97da9186675afc6e896 |
| SHA1 | b2bf49c584fa9f1967f8581a46bf7f952651256d |
| SHA256 | 39ee24b9f93f87793e94551a38d0c268369cc701ff5c7befe86b00c13de7d2af |
| SHA512 | 1fc69143ffed2ef6dbced9a049ff0e28542f88c21214dd80a94c2f50050d8a8585e657b1163c73b7fa42f052236ee44d95fe72f1c6b4f2a433f4fc479a663870 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8be0e4a9d98608a38cbf6234286d64c0 |
| SHA1 | 699e7b88a78abdc05aad56062aaac337727c51d5 |
| SHA256 | 90b6debe5e3f9c4d388353368390c91dd0275c8e597c6c233eae6e464a41e62a |
| SHA512 | 74138b008f42a417dd55d271cb11da84af2b5f07f799b1d62b94cefad785c29358b0a7e9e530f72cf7ba1113f2a055d67226d5725a3a2ed86d78b55c7e36478e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d0f84c55517d34a91f12cccf1d3af583 |
| SHA1 | 52bd01e6ab1037d31106f8bf6e2552617c201cea |
| SHA256 | 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c |
| SHA512 | 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ade01a8cdbbf61f66497f88012a684d1 |
| SHA1 | 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f |
| SHA256 | f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5 |
| SHA512 | fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f857e26ccd9565329dd22bc1c5fa3eb |
| SHA1 | cac093a4ea39c518a22076eb2e6c58cc5b66b0d3 |
| SHA256 | 4b6020a6cf585beeaa7f9e6c815ebab0d632afe9a8ade8a7d47756b4db3c5321 |
| SHA512 | 2e9333680b5b9dd8e197da493e8017f9ee5cfd346c98d000835230f729a22def50fac4fde1f47c850bcc4739db42150cc0988d8ab8f311c381870211be4100b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9095689f7d57c9ad88ca4473d6e664a |
| SHA1 | bfeddddc78b8f94d59cc795663deac0ebcffd319 |
| SHA256 | ce7861fc0960517ed181d6e5efda7781b0c2805ebd22cfbf58c0d995c4ce7a60 |
| SHA512 | 70150e5381b78c4b04315a2b3eccb8b2a4463251674f7a8d52204d4fccdd7381c8c5425111dd73be6efaf02771acba462344a6eb55ac79d50ad17d90db593d4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97344e7f2b2ec6c6dd4bf72e10079d4d |
| SHA1 | db56c1923456e568464142ff4d63d8b0870a09af |
| SHA256 | 70a1c7a4184f4ea518b40de5602587beca6fa18990216cd42b47d4418cc743f7 |
| SHA512 | 96b9d8c8700c4d083cd3ea61601316693dae2661613d44ac90e33a32125102295ab852ca2f48325e7a7e71db3afadd5a7aab0f9e25f78d8a1751298bdf76e3f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84fe6a1e54cf74276c268a530924deea |
| SHA1 | 3ef2ca269c6d4620cd22307deb094821a639ade9 |
| SHA256 | 881dabe77b66bc57c4ffd592cce600bac0e9e77508f4fe7f15d6d5e3df47d09b |
| SHA512 | 1b2d5444e141a2c31ca637ffc107705f039201afc690797e6a8106a00f3fbffe56a371342bfbfbbdba7f22f618862397e95e4d6e09baa367c2d9b602407a1535 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1d8e6dd8b5c1ffd10482eb14a2a22f48 |
| SHA1 | 1586a3711639569a4b5cd96991f8d05cb19f3c26 |
| SHA256 | b5a60bf5280ee6ee9b18d22ef7d227045cff3bc783e522e3950a9fc0c181fd58 |
| SHA512 | 7fa792357dc2a55eca9563f4cb36614076632966ed7b088c47b329aafb08d50c5094741f0137cc060e926d1536bed92591a86561fac31a87736e3083d098045c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a78b55eaf548e9a10529436c9dc0f72f |
| SHA1 | ac160e10109b38e4c0d3335cb8de735ae0fde773 |
| SHA256 | 6fc4dc1a13e94af99f3e1610f1fe9bc16f27987e1914bc8e9fe319552ea76a16 |
| SHA512 | df05836d6d6103ceea0793418552166bc961ff68e6a2dce432e0f1ce1fcfdd97bece9130080b54cf938d752e7d39eed669beee68a12f6db65c725fe37fc0c387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7ebe9e24-87f3-494d-8b44-b66fb3ab635c.tmp
| MD5 | dad5e9cee269ae34a46e1a2726cd91ce |
| SHA1 | 6db11bc15807f47ed186dfbdfa8c4668742efd51 |
| SHA256 | b6ab033bb5331ffa3ce59ade745860463e1ef6a8c07555a33182f9487f170ee1 |
| SHA512 | 419397c2944e6d8cb3b4872fce72531a35d9d91d02ab029b9820c5b6f5c61dd0729a8d86bbfab438c2da1206ac2384b5b78fbed5c659369858d60546473f086b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 0f2b395cc63db1bd8a5d093e558cbdd1 |
| SHA1 | 833d0657cb836d456c251473ed16dfb7d25e6ebe |
| SHA256 | f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d |
| SHA512 | e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 13c12dd8035a11f88f36de3b9dc964a4 |
| SHA1 | 25fb02df3f77368d59eac2e7a1c59fabfe9ac9b6 |
| SHA256 | f58cce418d2df873187a718cd5a0d609c711405480c1b56f004d304107c87171 |
| SHA512 | 7944f16894141495458ea9957172ab4ede54eafc76c50280075ce55f9eca941ffe7c876f2ae2536d7492da0cb340aa8094681929b96a428bf9fedfa47c8dad86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 47e0f4248c634be5cedb46bed6d81ae6 |
| SHA1 | bdc8fa7b22229a0fdceced553dad64bdf2364bd1 |
| SHA256 | bb6129dcb4e1ec91c91116293af9545c4550a78792cebbc74216a193b239bf40 |
| SHA512 | 7f7352b98d26648d532b1ca8c21df9306070a7e30791bf19c9b525e2046b48d06c6cd02e70db0c48ce29e3938f3f993d9881d0421fba0232d9d46f5cd9e0146a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 4bc7fdb1eed64d29f27a427feea007b5 |
| SHA1 | 62b5f0e1731484517796e3d512c5529d0af2666b |
| SHA256 | 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6 |
| SHA512 | 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 0b1dfab8142eadfeffb0a3efd0067e64 |
| SHA1 | 219f95edd8b49ec2ba7aa5f8984a273cdaf50e6c |
| SHA256 | 8e2ee8d51cfcc41a6a3bfa07361573142d949903c29f75de5b4d68f81a1ae954 |
| SHA512 | 6d1104fd4cfe086a55a0dd3104c44c4dba9b7f01e2d620804cf62c3753a74c56b5eae4c1dc87c74664e44f58a966ba10600de74fb5557b3c6c438e52cc4decdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | ed7409f5149f77e94bcb0a582b457736 |
| SHA1 | 4976bf44742d5064c3a53f3efc0bdaa90c99935f |
| SHA256 | a50ba71d4cc17eb6fd7e5a8ceabd52e42988670597bec425a239d5986ccb7245 |
| SHA512 | bbb0c7d8ae2ce405c2c24fda26d16e8d4675e4c7371649f834cf91263e386f40989316e8b07b7d8e5442cacb1f893d3738687294c370633c16d51f30a935a849 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 98dacda0e5963458ebc5e1eaf24fc8bf |
| SHA1 | 7e806b57843268dd74d704db9170dd2b46603afa |
| SHA256 | a114ae14eb4aef4aed440fe33d9451670164f0090c4717db5c49f64c6e99272b |
| SHA512 | 5dac472b86d19a61a63444a94b3c081d9282a5e7851e357aa0d627ec7a75ea4999b8610473a2928b73c93643797d46f0a84edf36f4903839768fc6363002af9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 8e7b638bfec7451db22d5f6d54662360 |
| SHA1 | 22c4f81a1216d4b1b48b5f66bbe6aeb7c7bee595 |
| SHA256 | 9ca11ec635e88ea63b7ba633594f5323cfb61ee4499c42b90f3d9968accffc6e |
| SHA512 | 024db23141f04f898cb434c7624d23265c3c1dd702f15e40b793060f38cd4be3416bafdee02a72027e41dd2c5fba47ae8765a0e62c17665e8287eb782eed1373 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 59dfcefee51a4dd57ded710359d817f5 |
| SHA1 | 9632956e9245bebf64700b732959fce49dd3a76d |
| SHA256 | 5418f707b574424786d703da58ec72b9754c723dd78d5dfe74dce19190223d69 |
| SHA512 | db800f7c7a4e26588f361901c4cb10f41c96bb868e9737952e4d86541342ea26cbcbbe2c58ba281b26babdc465d228959a4746ecc38f0979f9e9966946a05e97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56de223a8d5a4e4bb4e59165e87ee6c1 |
| SHA1 | d4569454d0c726ea92ae58e71308afb6e7c4c10e |
| SHA256 | f2bc4d36c327bd95401506ae9850b6b0e369dbf897a9c23480c07b726896c501 |
| SHA512 | ba0a48cb2144c8760fe3e6a20068d25c8b346c481fcea9af22029b23b95009160ec7ea035cced922c6c02beae4e96f2f1a5b0fb8277a642f8fe3a84740cac652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b287fe3d689e33fbff7ff50b39e60d65 |
| SHA1 | 2178f1b2ed355d6db5f2c47bf0da64f7cd8506f6 |
| SHA256 | 183a1109a91ee49ff889a6d8f0895fc99858699a89a3f548e0c70784e1db32e4 |
| SHA512 | e7a55088e57a8b649f46307c1d1496f49e711f5fb5d56a140b08bb661caad45608ff4fa49bf2586575961eb9aac921afbfc2ebb013d930aaff124801c6fcbcc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 023a2be0a5c8bd16d3478991f5ed0a9a |
| SHA1 | 9dda6e0e64240f18c2c19673499d35d765cc0971 |
| SHA256 | 0a7d52803e9bba27be3227a2458ec28be1c478126a93e82e1543ad7bdaa043f4 |
| SHA512 | 54a64b6df316a20da52128c63ac328575f869e88526ab18e3b5228704f05fcbe51ce93b8a079a730a30b812d05c6fcc60b14a28d27c4037cc1a772c86de2dfa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2969792a8abb09e1c91067cdb0b7b386 |
| SHA1 | 39dd1867402a6b55f4132b091db2fb16facd2d56 |
| SHA256 | 84e446f47feec03fb03ca2f4cadb059ea4ebf4f3725f64f8d27883b23cb5630a |
| SHA512 | d8303a78d2bc0568fd4201bc4280de292c510f09035d27d3b7f06a1aa40f293c6d6c344c77e77ccf3a6c6023636898fe2042a52ef0f5771d3ae9f3abd2699eb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 40f2326315f8672fa2917a235b1e06e2 |
| SHA1 | cc05b19ec8019816da41889d0a430a4b8fd79d1c |
| SHA256 | 263282f44765baacea02b6b783c27fdcf7d471fcbdfbb07dcbbe2c66de80fa53 |
| SHA512 | 89d5489eafdbc72eec500c1b91699b4f1dcc09e5309bb71bf5a02140395bd9ca290f59fed8e002f91aa75f4072191508bbedaf9caa9bf55524c869bdcf7711af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b0fac.TMP
| MD5 | 2bf3f878f7a982855908467be11a2f41 |
| SHA1 | 3d4444fed0f675daa37c2e2b89297898ad98b03f |
| SHA256 | 61d5ad7de2cc892a2457f524358fcfbeaede07bcd0224e2773835b62b7f39066 |
| SHA512 | d969c9725606ff1dbc5839640820fca3257983a9251afe08cfb2c8584b5a2ce8dc70398e13da964769a7878dfdfa76c319cc022fe9a4251020562aa74c182967 |
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip
| MD5 | efe76bf09daba2c594d2bc173d9b5cf0 |
| SHA1 | ba5de52939cb809eae10fdbb7fac47095a9599a7 |
| SHA256 | 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a |
| SHA512 | 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029 |
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 709147f98dbd8b066112ede499a5ca13 |
| SHA1 | 492d007ec72c07f55a4206622011d4117354f2f2 |
| SHA256 | 25164eb75cca6bbdd8e125131307cf5ca2dfabe160a3608e56d95f76739a6285 |
| SHA512 | fae4403b87ad09f85c0bb780dced1183f04601c8e41b3d9dbeb0440839ed56629845709a5d15dd49188d1a245177358bc19e1d3d8f2667301ab5b7032f10f4a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9b7b93e5e5eb7a8dd50e2b78b789016c |
| SHA1 | 5151c308aaab7b431232909c77914aecf66f6b5c |
| SHA256 | e777d02419c9ded87d09ba3672b37cd3cb8714d0ad2c166da2f1807dc53c6ee4 |
| SHA512 | 347a373624d070653bc5ffdd11eb15a003648fc68d606115603f0f4750b42808ae1051190db19db305f77aecc9ceac0a4d2380378fe2713aa7ff9356a20b8df6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e56640dfbe40a67fb2e5aaa45768c0f4 |
| SHA1 | 272bad7eeab5006a0d2c76cd863583a129d332a5 |
| SHA256 | 4781c3d7b5c44f5d5e7085a92ada0b788142be6f196f5b1f9ccce10fe53ff47c |
| SHA512 | afd37b7ec535f6ae3c77f6d117c289d23691e10452e26dde69c85f6514c9bc278fc1357c3cd09570a5b36660fc439a6bb52313f43ebb42df74f15226b52a2665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bcae183f5248d98f3fdac27f4e9d1728 |
| SHA1 | 961142fd79a0c59281d7fffe68bd83a7de06a8c9 |
| SHA256 | 286a1ec54ffca0ea013749704192bb830b50fb315d12c758b927f5e7556f0565 |
| SHA512 | f33a055165767e1437796fb0e94031b402e793c7e51192167ac70500a8ee4565af20bf58438aafc7b7dee9b55067796e35486ec50912834bade734821da6df89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a17801c51ad9e7faa6498af188abc2aa |
| SHA1 | efc549437cec79fa46cbcd9c118156224731009a |
| SHA256 | 937bcbcc0a3471520017aa606043f5bdb37b597a94942d4f70e6908939b50801 |
| SHA512 | df89a2b69a637542eebd7017ccff357b26b5359a2e10f3601f502ca709ddf950f1ff8ca6b97c8f7f2115fd9bfa49fe115fb687ef2b442f099e260a0b108e66fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 164cb1b8365db0f2fb711c9fe7cc68c7 |
| SHA1 | 5608299a99b9c9f021b62f20d5cd0abe9186604e |
| SHA256 | 8ce3bdfbf022078f6a17c78e0c8013ab884df93dd0f2d3ddfd6cde704a85aab6 |
| SHA512 | ec647ee17513700fc38f06558f9969af18e0f6527ee6a920b0a5964e2b2fca7c393b8e99f19ade9ee195d3f727b3fb439593096335417ea2bcfbe486bb96c963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80db58d409381891e8faa8e93a3e962c |
| SHA1 | 9465e2c2c48b96991e1def9f0742a69653c9691e |
| SHA256 | 5dd3001b635daff8abefef7ac16a33e3c9af803d3ea75cbd5e3768ca71eebb92 |
| SHA512 | 69551284f8e0a88076507823d122145336b252f66da35921c457701dd94f66bec4e4ffc626c8ff1f01ef80b9215deef63195823be686fd45f94750f4020e2e09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39e2e3e553724656ed83032b3ac610d1 |
| SHA1 | 646f4b060bb49454857a3e4bff52b51dbce87289 |
| SHA256 | 714ad394f6a75cf70156c7849a3e94241e8004539bc5c119546889eedbc4a4d9 |
| SHA512 | 94a0491ebaa7bf5a39f34be34719a275cc79ee0e6a8ea30cccc7c162c77767e0c916ee280500652110b7c896eead4227a79b6bff70bb10a52a538e63915a37d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9ccd9ac3a483e925ef8b95bd7841cac6 |
| SHA1 | e0df3804aec8185bc27c2c166ef91b423145b5e8 |
| SHA256 | 54b1c24a8691b131292ff5b2728a87f10894b515600a3017d41e47bbc549df7c |
| SHA512 | 52cb15567fc80cfa185be86b65a51009411343765e93d832a54c3f588b330ef5bb710a2075a0a59bc8d0dfee0d431a42da7ec814706ce9b0ad76e1753210840d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0c5699bcceaa6df6c2a5f4c7c3c23e8 |
| SHA1 | 8084e937e3f42eca79c97765fdfcf66fdf25367a |
| SHA256 | 10261ca0a87a0e0972f6338ccaebf3d1c181e2ac92852594094bcdf6e973b2cd |
| SHA512 | 0cbabe77a17b06d0d5fd7cd1a6830f0eac5f495ec73ccbc9dadba7760e66054918ccec128730271fa2fb63f552fb88fcad180c72006cd2c5c27c59f867b2b695 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f04898dd05f8321871866b1c97ca7f6a |
| SHA1 | 6e6575bcecdcf6c58744434d409cbc5044942108 |
| SHA256 | 2b0af68f0890882f8899b7d5028f6b6a446d7eab46d748e07d046f10c8722305 |
| SHA512 | 76cda6bee8281613654abaff2516367071319bba37a1dd14861eb80d90e94e9bcc6df317ca2f8700dfec6b5d50f86cb6b52a56b7e641345c05aedd7322558dc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 924cf177ae8a0f1bbe232ca6da950c26 |
| SHA1 | 224a7e03e34c9a9474b0850bec02f5d32968f45e |
| SHA256 | bd7f1017ac9e64f78a81bd2ec35d5d59346083815e545df9e9f58c8d6c51a17d |
| SHA512 | 6ea3afadb0d5041d2b7e720de5398fb845f69f3bddc82d50f4e3c114c2d3f68b9acaa1c8b525d980b0111c2261f3197e7e68eb8ada3b1d556ad1b2488ee6252e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cba9a3c08b40121fc17e8ee6e3128938 |
| SHA1 | f9d2f0f09c6b136f974329760d460a396ae50d61 |
| SHA256 | fc50dca169a13f9f8849c75904a3bcfac2925ee38214c968bd7e19873d5cb96f |
| SHA512 | caaf6fa447ff76d268af44f851334d3107376b7de6702ac585ea74924a3cd34ef057eb02371b17c25b6e62663572add16a3c7808a4c209e28d59088263450833 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d439e9a6715d93b5549ee0709321f720 |
| SHA1 | f5c1c6a6a892b24484724149bdfd3583ae86b2e8 |
| SHA256 | b84c895ea919a3b8acecb3e2986f1c9e96cea5157ab345dda44839f3de47f754 |
| SHA512 | e715db5764d16b06313fbd6e98177591ec9f7ccc95ad174b60cbbec198d5363c1942a9d0943a6abd573e0e5d1c5f5f9d49b5fdf264457265197dbe7688c0611a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3b1d73752cd48b28bbc2347b3faf3b0f |
| SHA1 | 0806386404dc9b977d0e2d859e6589f5371ee549 |
| SHA256 | ea8d77e1f8d7b202bcd69e5d799a60d6da784285ce2f0d1def9ba3b47a802762 |
| SHA512 | feff7cef5de19e81b96acf96f2b472c9a42e4eedff19d32c42f0c09ceaf02a6683d14a346522d4edb2969f8791f08e0a3d3b589668de34317890a8129311ff2b |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/4820-1327-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 261d1e83fe6a24cdbddb515829753c6b |
| SHA1 | ef9dce1f42c5c1f39fdcee32df1fdb22c0bb709a |
| SHA256 | 5f6369cfb52f75cf0f6386de559e5d51ddd8d854e4d68fa892a73c8c7e202850 |
| SHA512 | 1515b4d4f9d2cb48f4398065e0d7ab7dcd6a86814f3ad78ebc9895e321ec3cb3ecbb1de3562a625d8f1a0560bf7841e2f67a8db8c3c11244a3e37db023e17482 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e0adc18cb708e21ba78286239b0c0530 |
| SHA1 | ef1fa765471cde6a2f1385509f2ebd60c5d10e40 |
| SHA256 | 3654562396a6102fd8d8e18ff8ec503b1d942625cbbd98d3d4f3cc5cc5a86587 |
| SHA512 | 0128eddd555dff1b49fb041299e9870f0a6fd21dfedf222e6ea7728dd78bf722c0ee1afe447090e47b9dd31ba7ab04d88c9315e8e8be4ab629101189d5b701e7 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/5604-2522-0x0000000073B90000-0x0000000073BB2000-memory.dmp
memory/5604-2523-0x00000000002B0000-0x00000000005AE000-memory.dmp
memory/5604-2520-0x00000000738E0000-0x0000000073AFC000-memory.dmp
memory/5604-2521-0x0000000073B00000-0x0000000073B82000-memory.dmp
memory/5604-2519-0x0000000073C40000-0x0000000073CC2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3fddfecbf74f3b2f374cdf42f0aa5516 |
| SHA1 | 259c28d63a7027b236093464590ffa0260f63f30 |
| SHA256 | 00906192aecb22a5ff1a5cd0297356e4e247defa14a9da89fb00562b3e2d5364 |
| SHA512 | 5d7563b94243275bbfae8fb21d7afb02267d8e8b93df9c40b1857b2815bf61d28c721f18ca0b75a27883783a9233911564ccfe618dfcee09d1edf7ac4b798e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f3ef2a604b42f030bcd5cf12c895235d |
| SHA1 | f105a1eea02e9889e52db7f3e83dcb1ffc0d5023 |
| SHA256 | 6c31ee2e8f54069c07334a4039607767435b760774c921d9f9ea2d6771f44b7f |
| SHA512 | 8a343b0e2f8006f090371e1962a5ef4798e9e955bdeec6461293a29fdbd7006bf17d4a7090ec912e06870d8fa52f82573acdce7d30b693a1b04ed7fa82b7a865 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 772df7d08d05cfe0586f3c7999f99770 |
| SHA1 | 3d6cabdf061b27d2189b8d101ce06e0125a398e6 |
| SHA256 | 2740c5b6aa574dffd9acd2047655dfd624ea334a586a60919d69dd2249e40922 |
| SHA512 | 145dd3692c22b7ddeb92fcd0af1e630402dd581bf6d9ec12ff1a59da9683d0ae5a3988c90726c2cd8f580b9422d53c22d3587c7537cb3274466a5178b5908d87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 97c1b31d924ebda06d0dc1b907bca903 |
| SHA1 | f05b8bd55cca1728f6bbd4a401eae73f3152c0d5 |
| SHA256 | f9b7bd838daf24f248065f4680e558e2a3e15eb78bf7c6372b6dfd899c7b7735 |
| SHA512 | 12aefdfd66b33fd69be3778d221865a151d7c70a7dc1ccefde6a1f46b307c4d616b090e750cb705228936581e516f29cbd5100bb87714e372f58dbe495e3a228 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e53ba817dfc177142cfef6d838914938 |
| SHA1 | af83de0e8beaf3b20730289e793093e1daa8c3e1 |
| SHA256 | 85209fa8441e25f70ab27070c9ed9e25e11d18e31997b704b6609d548f3c50ab |
| SHA512 | d3728f681332b48595e303b33fa7fa635febaeac702c392ef94d81248f3342316e2ef822f373e952411e01e77de9865ea3cf8d8936c689d841ba8a42ba6ea37e |
memory/5604-2573-0x0000000073C40000-0x0000000073CC2000-memory.dmp
memory/5604-2577-0x00000000738E0000-0x0000000073AFC000-memory.dmp
memory/5604-2576-0x0000000073B00000-0x0000000073B82000-memory.dmp
memory/5604-2575-0x0000000073B90000-0x0000000073BB2000-memory.dmp
memory/5604-2574-0x0000000073BC0000-0x0000000073C37000-memory.dmp
memory/5604-2571-0x00000000002B0000-0x00000000005AE000-memory.dmp
memory/5604-2572-0x0000000073CD0000-0x0000000073CEC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d2ed19618acbf94b243c5baf3eacc37 |
| SHA1 | 923e3f6cadaff8f6171a958a1327a322b3dcc0b6 |
| SHA256 | 1c5e73224c00bc6c3cdb3afed3678873543d7eb804e140e83ad64948661a8365 |
| SHA512 | 1c3c4db3dfaf5217b4a7bbf559292b5335dff765e2ea601659df9976f11ec73aef6654529f42b5993cb7f51f462167fea0136304d989a23cfe3326c69a9113e6 |
memory/5604-2590-0x00000000002B0000-0x00000000005AE000-memory.dmp
memory/5604-2596-0x00000000738E0000-0x0000000073AFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 97f653579fa62a72dc37521fcacf33ad |
| SHA1 | 8efc34d29ea8389bee91d29bab4c8509bcc0024d |
| SHA256 | de5da478dc09d5418240cf64027a13d81dfd1fa87e59f4c8cf1dede7192172b7 |
| SHA512 | e9c3008e46c948d2d0dac33eac3660ff4dbe6655d8b3d91eb119c2f37396735f9bf79c29814da73014ceecd4096d8ba1ee90a0554e80812140dc09e408baa243 |
memory/5604-2628-0x00000000738E0000-0x0000000073AFC000-memory.dmp
memory/5604-2622-0x00000000002B0000-0x00000000005AE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 645011f493982dbda675cd5b0b51bfff |
| SHA1 | fa88fe34fba2b306b88f3385c9add8a9f08a34d1 |
| SHA256 | 982b8a3bd0c7c5bdf2cdaf43b3ed599862eae289e9d05a2e427bc832f4f37811 |
| SHA512 | 313b59c06e68d37c005837ae0d5bec04068b09179ed44b6ac3aeef5701f4687c61bae5f24a22e05f662bd9a4206aa98afcad731f7bdae4e7922e0f1716a0c3a6 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 2dfb5139de4fb852bb67cdaef936cc2d |
| SHA1 | b01aa35012f83d03999313a8c4444ae30606be98 |
| SHA256 | e740c75d8a4ef3bad1f10b22481803297174f761475caa12f948b25653901b84 |
| SHA512 | 76f21c9220a3e4e585036658d966b15ec7b05c6056d273bf284fe3c76bc01a996c8eed457b915a12b8d1fac94e1ce731e81dff710f13233200721cd43f23431c |
memory/5604-2654-0x00000000002B0000-0x00000000005AE000-memory.dmp
memory/5604-2660-0x00000000738E0000-0x0000000073AFC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a978d8b745bee65715d882e6b01c3c7 |
| SHA1 | 72105aae8af391036b5ef3424618a11be2fb92d7 |
| SHA256 | a820f3cf03fd01ba411d5295c1bc934562b9d7304c7ab867b4b9a3ba583dd47f |
| SHA512 | ba36b0be2feb5ca3c123cbf5c779375268bdad5deb00f8bb7329faabe15b9a85df9191f6b35e46649479a434efb4482b63975e38cfe42a4602670c774c3025bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab10db7c6542ddd3321ce625b1f142dd |
| SHA1 | ee6c730c5a493282f49b29602b62c1a031efcc95 |
| SHA256 | 9a506326f808f8240a2ac63d0b2c054267a97e488db93ec4acf93b715c80ab89 |
| SHA512 | 5aa72e78864c84260c59f0cf543ab0cdbc71494f409c51da2fdf94c99a0de209d14faf4857b03f83ee6a1edc53e601bbea2b3f537658e497c5d3ca00253cbf17 |
memory/5604-2708-0x00000000002B0000-0x00000000005AE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e11064c908bcdbb0a44480b6994224db |
| SHA1 | 0210b349f9ef7adfefe253c13b3f3ff1caa106f5 |
| SHA256 | 38c55370b22c1159011eac0d0be96cb778decdab3640e38dfd75e733e9727489 |
| SHA512 | 2b8be1645a2d20b5847d57dfb18411ade3401cb3996d0776e20e5fe53167a042c05901dddb2a8367933e033352de19ec193c506995fbbd80727116e815f40535 |
memory/5604-2738-0x00000000002B0000-0x00000000005AE000-memory.dmp
memory/5604-2746-0x00000000002B0000-0x00000000005AE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 518cad07949b39c23f77bff2ef5f629f |
| SHA1 | 90f61d6ef203b1eae0146e2220737080b3d50303 |
| SHA256 | 88937c682de77f6f998a96c10adafbd9885931a0f1eb95b8e4355d607b62aa17 |
| SHA512 | b15bf1d0f7c00af2063eadcb120eb8f0a3e48a77dbed20245d5747c7050808a3135d30ac5eb7d4234970aeed5ccf40b2e08b369d813c06dfa17ed004d9aa897e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56459fe33cbde962c1d252e364ddc16e |
| SHA1 | 8444dac2af33230a66a4f89bd5d8d0892b758fdf |
| SHA256 | cbd5f3ad03a67abb94c456359da4c0c0c86fcaa3cb1fcae434e973629c956659 |
| SHA512 | fa95903223fa30273aca3d0fe7098fd8d6d16df2d111a1aac9019b5868c687f01aada562500e41f18792fb3efb46bfdd54896bb85d641803d47d5fe20408b9a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a496a2d57e0c5d2edc0f6e63ea3a861a |
| SHA1 | ab5c0ebc34565bff71cb90258e27ed9a0a000e7b |
| SHA256 | 3a2a01c5541de2244bc3858e2e2847ec4dc18e57825a25ba741a0eff05eb3c32 |
| SHA512 | 28d4e58e027a00d1ff658f9a0d6af4127cd4d0106868ef50edc159b4dd1df3b8afcb513cffb8c4672c98ff2eea6e9578094b645d6369f90d54b46fd9e1c80c5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 46a71020b75dbe7a3d0865bb5a78dd5a |
| SHA1 | da1af8222d364872e4d7ab390458950798b41237 |
| SHA256 | 59a446e906c29068e3648e1dfc2e4a5fece4cfbacc0c7537414ecd2fdf577f6c |
| SHA512 | dd7cf5aa185108f31629cddd63011fc7dc936add45a94bc1f4f2c23c028a8e5c1b38a8746390aa4f0b6b7f7073cd8e1a1434c9079956d74f4e29a773a1ac8e9a |
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip
| MD5 | 3ad6374a3558149d09d74e6af72344e3 |
| SHA1 | e7be9f22578027fc0b6ddb94c09b245ee8ce1620 |
| SHA256 | 86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff |
| SHA512 | 21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d1fad3ccd8b343d61126f55d91b7d68 |
| SHA1 | 74ff9a78f4e34514a940d97f829a5daa9855901e |
| SHA256 | 508ada620f3877b1fbac64932366bd134ac61ec18801a62436b43190095d24ee |
| SHA512 | 8f96cedfb2d7aa1d1180c6bbb6d2699b01bb1f56071d614d81a7aeb3b297268737c330f74d6664759d1f705ac1f8634fd8a465daa0ccdf3c211a66889a83c459 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d7e18950634fcda23f97cb2c82a5c9de |
| SHA1 | 65de6cf54a8eed6793fc55cf923e7450144d6988 |
| SHA256 | 96c6a582e0a751c54b581c89e95a2f36a5a69b7c45d31138139ac0ca0d6012b7 |
| SHA512 | dfcace6dff5ae7b99024e08f3ac2bdb0d0ab81e18dfcbc580e694b133504e1e33f921e314f15a78eff710f925e87f4e59d5f673dedb09dc3154490b9cb40e5a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9bab8ecbac5ccafbe0ad0781e81140da |
| SHA1 | fa930fb924449be5238d7e747fad53c995600041 |
| SHA256 | 498b4ae71e733f082b4a4d9f3d7dffbc8b87769250c9db6250f7f340005f6959 |
| SHA512 | 094781607ce319bff193143ae010bc28b72a307f1a2f07bfd21de0a43eec5c252ef35d50b4af362fe0cd090a5b2c7a2ef2550d0917b3c533f8f4ccef5f115b1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afe857fc9142cff43d137cc4f6076684 |
| SHA1 | 5f664dcc810b3c2d48a5cce299c0369186f03922 |
| SHA256 | 7e528980eb3a56454e5405e3d6485b5e595e2509d0355853bd2578e54c013260 |
| SHA512 | 770915da2514573099251d3738373ff8fb3a3282e6f7ffde3ae0a9da49a9afbeeca5aa2660f68a9b3dda9e106215f808ecfaf6b508a1539ecd38f7f501adad96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb0237533e6c357b45d6c3c790cf2d2e |
| SHA1 | eab716ae64eee5826ee9fa8d8ffe0d44f07ce1de |
| SHA256 | 417074ddd167e4f593189278187b39404eec748446fa4d456686427be34d9615 |
| SHA512 | cd84903855bee826009f52c2ac7e4522609af47ee4c5bd5bc6e04941d898eda2421558e3682030355bf1f061cdb0be76bebb1902d1d7723f398559aba109a2af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f3ebd86477af793bef3640eb7e618fa7 |
| SHA1 | 83f44156612eaf8890d5624714686e337dec2505 |
| SHA256 | 0ce4bcf609eeea3b425f2c50be1fb89f18a9a6b04f35ae5a2399f2c49a2804ed |
| SHA512 | 1dd00b8de2057c9c0efe44d96b3285c5a760f1e0fdb7e603c526e87645711dcbfee2cf048ddcad0885850cd8a736ed7af386abf1264abb90787c817e5175c7dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | 33d60cb713de68749ae3f0348e9b18f9 |
| SHA1 | f608c46c094691da89c1e1738c2bc77293fe0b42 |
| SHA256 | d559c6cca72cc2ca9c1a9d1e1ab5f72e8100e3964666286e35f9c186e1b2544d |
| SHA512 | ef77083e40072d4c8ea9545a1e5357ecc3ee21c579b46388aa8075a00b9736791e6ad2473c6e1f2741e176d85222ccfe5711dc435e394fc31bd46dbb1f28c65e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\d1560aa6-d324-4cd8-a7f7-35ec21414664
| MD5 | 11f38f32f9b6c029c0ff00fd8681dae8 |
| SHA1 | a0f04a7a96aa5afa0560d9e791359bf8d47a8115 |
| SHA256 | 05f59d35cbf90a86f8d16a58b7874cff9790f8dfdfae00f193f4c955e0b3be28 |
| SHA512 | e9fbcc337bc8614394bc461bbe44d0fb960c52a94184ed3f966fea3503a699df41453b4b58bb235f0f29ec6d680e7393a374152780b2e2b65b2a62dbd8602484 |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
| MD5 | 7d1d7e1db5d8d862de24415d9ec9aca4 |
| SHA1 | f4cdc5511c299005e775dc602e611b9c67a97c78 |
| SHA256 | ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda |
| SHA512 | 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\9e1d377f-d15d-4327-95bd-9bcadec16bc2
| MD5 | 0d709a181c9e78f0bbad790555d26822 |
| SHA1 | 57bbb7eab95093f575ea515fbe62ba3b3bfeb06a |
| SHA256 | ace6c2e89cbcbd75fedb12dc6c23e126d490d8dbab41d9bf3ec1fcb33de49af5 |
| SHA512 | b19b0bea2aaccb9a3e191227e81d3cc759472f2c8879443c0d1f4d1ab0a23feb03a3b5cda1d9ab16f4929ddee0a55c5f9bf4cf52ee0cad1a68d9ae7026a3e389 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\9fa9f882-040a-4d44-9ac1-54bc045e872d
| MD5 | 349ef963b314d06eb8c92c24a19d1d5e |
| SHA1 | 7e4a593ab0f491793d52d01934295820b820e646 |
| SHA256 | 071fdad201f3cd76ce66a5a027fbc4b45fbf8945d8bb7a96ff1850d8dcdb406a |
| SHA512 | ccce005cd9da48311e0c9008e6708f3703836d04dabe5362b5c35a2241e34e2293e0be3237caa4b1cd446facfddd1cf709d9135996595032de58bdc1f23c0e5f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f6f0bccd14b96d4fda868a2c797675b5 |
| SHA1 | f52b83f6b30a666fa79c4d12b5637ffe04ec0ef6 |
| SHA256 | a59ae61069612e1c6466100359abda63dc4dc65285a53df3bedc918229fb4820 |
| SHA512 | 5031f4349b05685f5016baf9265f09450cc1f1ed15f25668bbd32eccc6326b6a390b3528de30a12d0b16a62ade70bf2c69815dc7e5e9a23f6efdd32d0d4f4860 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | ababddc4e1115438ee301d5405fc3357 |
| SHA1 | ea61f4c1f4bbc66d370bc4f99b4e6fd82c1051a9 |
| SHA256 | 060fc4e58b67ac9e2f51014ecd8ed02d16b98a8194f1ea8fe70f6f3bd7204754 |
| SHA512 | 6bcf0532ed2e8f7e04aac675a4bed96338ec53fab1edab1ca5607a5684c86096f6842826df0cd0dd683e2fe2f0f2867bf1f0e058648a668c24a82c8df4847277 |
C:\Users\Admin\Downloads\jigsaw
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2ddf12b50e1f33cf1f5475682e4be8c |
| SHA1 | e0599b637d509f7d96f2da66dd230b304f07ab11 |
| SHA256 | 532ea8cfd9fae852c98bb22356dfb68aef2e9c5fcca6a3770864b347fb8859c8 |
| SHA512 | 1ff3def3373287309251482e7e3346163234aa2653ba0dac90901756ba3a1a22ab76115065f0ce020c93cbfb25a32d7e4794fe4e4c810a53408229ece079b285 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a805b43e8e95802af95024e9214a3544 |
| SHA1 | 6a3221c68d027c7b8e3f9a4eea67110baafb1c76 |
| SHA256 | da34f0b82d32390daa68dc132f4c2876af4eae93ee6177c9ad7db9591191abb4 |
| SHA512 | 128b2d7c355c0c024f9f5810b47353d45ff4dbe2c3099b8f44cd14c89fb018b7c72f792258d483d8bbcab23f27a2a2698f6af827f2976c2f7f4b9ccbcf5c391d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\extensions.json
| MD5 | 05fb6416c031a1dc85998a3e6b9f8e3e |
| SHA1 | 58d45f592317280898ce821407be6520ebe87981 |
| SHA256 | fa25114d3604682b1f2d0b78a4f34a50c32cdb1fbd4e9dfd81110d627e1d04e1 |
| SHA512 | 9292e6a904ef9ddba3a995a35217580adde3270d3a1ec69334e2ee004b4fb4f7c86d9341463a58af238b68fce961576176f0a48a599e2148a86aaf0119b12850 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 47b78e16d4c1ef61fbc8791fb96cfbb3 |
| SHA1 | 77e54166246ff20769ab2aad96240781ef713bcd |
| SHA256 | 6d8e136a685af6114b479d148459a48464b357e5d87caa00c168875bfe3378bb |
| SHA512 | aea87ef1c13496c49d060ec141d5e098ed72253e3ac7fd3035217613f92f01e3106619ab78c5481a37459661d7033f2580d22a7e1f51cad66f392d78c82ac114 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
| MD5 | 7c54ec2c4b89dd0000fd6373e0db923d |
| SHA1 | c0aaca28a2b30efac5d2fdace4c8060ec3a73fef |
| SHA256 | c006f8db4e78037e860b47395e40d53946c67d198fa822ec6f073f3835bfbaef |
| SHA512 | 322d467ef82cca950cb29dc841594919a7e270eb383da2b59ff840639d3cd46a80e2a8345e16fe4dd06f49e7763a1fc83988196ba149c2fd130f78758834dd9f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | 4bd87919f95d72fde754f4f183708df4 |
| SHA1 | 61a54015fdcea8b0c655c514d0defd316e5a5cc9 |
| SHA256 | 3458babfb3c5a5e2520f697b7b7f15bf8766c358303bb9aab78bc2a9ffe011fe |
| SHA512 | 2ef7026492c81e0d26ddc96ccb1d456bbb06c684f251c454101befd08a21d7d78641d719fe405610f6a9d4f4c9645392721bd3360b87e20e8917011541331422 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | 73c0077fafd54c1ea7991a5f97d5fa2e |
| SHA1 | 1e4e2773c48117fb83fc23edf1c7d11d8724c147 |
| SHA256 | 0e8be53823f59d0d4c73f617c0c10db96212c5e8d16f77df744657b2b8d2bdf6 |
| SHA512 | b86abe88a458a8864798192befc95ea3f00d286137f81ea21f805c3807de50743d925f364b0c5e5821d5670a7480af7d777c56897de72b68915faf976ad0e3c1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp6432
| MD5 | 781602441469750c3219c8c38b515ed4 |
| SHA1 | e885acd1cbd0b897ebcedbb145bef1c330f80595 |
| SHA256 | 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d |
| SHA512 | 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5053fbb3c86ad6da6bdefbf4c2661e8 |
| SHA1 | bb0a9ee9e87a276a24f9ed96d800d360d5cc8dba |
| SHA256 | 39a3b29f9d386b4db85c3e0440cfea6eefce2f9c2ffd12c31ff39a1775595c86 |
| SHA512 | 7a3f2f5f0d06f0e9968db072c95899676830d30857da8b3c6e1c97883951da5a33be9b1f050e3919a3c7776e3d9143688627cad4371984f8c856e38f54684076 |