wannacry | 38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981

Resubmissions

02-07-2024 23:48

240702-3tl3eawdpf 10

02-07-2024 23:39

02-07-2024 23:36

02-07-2024 06:39

02-07-2024 06:28

02-07-2024 06:22

02-07-2024 06:05

02-07-2024 06:00

Analysis

max time kernel
644s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

piggy.png
Size

1.3MB
MD5

db441b970d8b070324fad09acb7ca77f
SHA1

d71a69ffc7c67b2bc338d809b2a7933d1139638a
SHA256

38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981
SHA512

49b8b422831afec6f9600f9ee03b6ff237abf548ffecb607a38992ae72c6d27820e980e79217c784b13b6df70d56482b26a06f058bb00a326e1564f7fcb1b55d
SSDEEP

24576:bNkiU39wq+8/EV7QXZyP2wWYMmxtJMdhBgf0n1BcFvnbz:bNV09wq+gECnGfJ0Bu0n1OZP

Score

10^/10

wannacry defense_evasion discovery evasion execution impact persistence privilege_escalation ransomware spyware stealer trojan upx worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

4088 netsh.exe

pid	process
4088	netsh.exe

Drops startup file 2 IoCs

Processes:

WannaCry.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD2FD7.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD2FDE.tmp	WannaCry.exe

Executes dropped EXE 21 IoCs

Processes:

CookieClickerHack.exeCookieClickerHack.exeCookieClickerHack.exeCookieClickerHack.exeCookieClickerHack.exeCookieClickerHack.exeWannaCry.exe!WannaDecryptor!.exe!WannaDecryptor!.exe!WannaDecryptor!.exeWannaCry.exe!WannaDecryptor!.exeFlashKiller.exeFlashKiller.exeWinNuke.98.exeFlashKiller.exeFlashKiller.exeCookieClickerHack.exeWinNuke.98.exeWinNuke.98 (1).exeVeryFun.exe

pid	process
3556	CookieClickerHack.exe
4708	CookieClickerHack.exe
2648	CookieClickerHack.exe
1324	CookieClickerHack.exe
464	CookieClickerHack.exe
3616	CookieClickerHack.exe
2224	WannaCry.exe
4804	!WannaDecryptor!.exe
1040	!WannaDecryptor!.exe
3604	!WannaDecryptor!.exe
4212	WannaCry.exe
4888	!WannaDecryptor!.exe
1372	FlashKiller.exe
3244	FlashKiller.exe
3148	WinNuke.98.exe
660	FlashKiller.exe
2112	FlashKiller.exe
3964	CookieClickerHack.exe
1284	WinNuke.98.exe
1648	WinNuke.98 (1).exe
3948	VeryFun.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 43 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 762440.crdownload	upx
behavioral2/memory/3948-2569-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/2648-2579-0x0000000000500000-0x000000000069C000-memory.dmp	upx
behavioral2/memory/2648-2581-0x0000000000500000-0x000000000069C000-memory.dmp	upx
behavioral2/memory/2648-2580-0x0000000000500000-0x000000000069C000-memory.dmp	upx
behavioral2/memory/1236-2582-0x0000000001300000-0x00000000013F4000-memory.dmp	upx
behavioral2/memory/1236-2584-0x0000000001300000-0x00000000013F4000-memory.dmp	upx
behavioral2/memory/1236-2583-0x0000000001300000-0x00000000013F4000-memory.dmp	upx
behavioral2/memory/2444-2591-0x0000000000B00000-0x0000000000C0C000-memory.dmp	upx
behavioral2/memory/2444-2592-0x0000000000B00000-0x0000000000C0C000-memory.dmp	upx
behavioral2/memory/2444-2593-0x0000000000B00000-0x0000000000C0C000-memory.dmp	upx
behavioral2/memory/3948-2603-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/224-2604-0x0000000001120000-0x000000000122C000-memory.dmp	upx
behavioral2/memory/224-2605-0x0000000001120000-0x000000000122C000-memory.dmp	upx
behavioral2/memory/224-2606-0x0000000001120000-0x000000000122C000-memory.dmp	upx
behavioral2/memory/3964-2607-0x0000000001170000-0x000000000127C000-memory.dmp	upx
behavioral2/memory/3964-2608-0x0000000001170000-0x000000000127C000-memory.dmp	upx
behavioral2/memory/3964-2609-0x0000000001170000-0x000000000127C000-memory.dmp	upx
behavioral2/memory/3948-2610-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/5048-2612-0x0000000000900000-0x0000000000A0C000-memory.dmp	upx
behavioral2/memory/5048-2613-0x0000000000900000-0x0000000000A0C000-memory.dmp	upx
behavioral2/memory/5048-2614-0x0000000000900000-0x0000000000A0C000-memory.dmp	upx
behavioral2/memory/3948-2615-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/4432-2618-0x0000000000DC0000-0x0000000000ECC000-memory.dmp	upx
behavioral2/memory/4432-2616-0x0000000000DC0000-0x0000000000ECC000-memory.dmp	upx
behavioral2/memory/4432-2617-0x0000000000DC0000-0x0000000000ECC000-memory.dmp	upx
behavioral2/memory/3948-2619-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/3948-2629-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/3948-2663-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/4108-2689-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/2324-2690-0x0000000000C70000-0x0000000000E0C000-memory.dmp	upx
behavioral2/memory/2324-2691-0x0000000000C70000-0x0000000000E0C000-memory.dmp	upx
behavioral2/memory/2324-2692-0x0000000000C70000-0x0000000000E0C000-memory.dmp	upx
behavioral2/memory/5064-2698-0x0000000000700000-0x00000000007F4000-memory.dmp	upx
behavioral2/memory/5064-2697-0x0000000000700000-0x00000000007F4000-memory.dmp	upx
behavioral2/memory/5064-2699-0x0000000000700000-0x00000000007F4000-memory.dmp	upx
behavioral2/memory/4712-2711-0x0000000000430000-0x000000000053C000-memory.dmp	upx
behavioral2/memory/4712-2712-0x0000000000430000-0x000000000053C000-memory.dmp	upx
behavioral2/memory/4712-2713-0x0000000000430000-0x000000000053C000-memory.dmp	upx
behavioral2/memory/3948-2714-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx
behavioral2/memory/1572-2747-0x0000000001010000-0x000000000111C000-memory.dmp	upx
behavioral2/memory/1572-2748-0x0000000001010000-0x000000000111C000-memory.dmp	upx
behavioral2/memory/4108-2786-0x00000000006D0000-0x0000000000D0D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

WannaCry.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cmd.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

158 raw.githubusercontent.com
157 raw.githubusercontent.com

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cmd.exe

flow	ioc
158	raw.githubusercontent.com
157	raw.githubusercontent.com

AutoIT Executable 18 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral2/memory/2648-2581-0x0000000000500000-0x000000000069C000-memory.dmp	autoit_exe
behavioral2/memory/1236-2584-0x0000000001300000-0x00000000013F4000-memory.dmp	autoit_exe
behavioral2/memory/2444-2593-0x0000000000B00000-0x0000000000C0C000-memory.dmp	autoit_exe
behavioral2/memory/3948-2603-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe
behavioral2/memory/224-2606-0x0000000001120000-0x000000000122C000-memory.dmp	autoit_exe
behavioral2/memory/3964-2609-0x0000000001170000-0x000000000127C000-memory.dmp	autoit_exe
behavioral2/memory/3948-2610-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe
behavioral2/memory/5048-2614-0x0000000000900000-0x0000000000A0C000-memory.dmp	autoit_exe
behavioral2/memory/3948-2615-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe
behavioral2/memory/4432-2618-0x0000000000DC0000-0x0000000000ECC000-memory.dmp	autoit_exe
behavioral2/memory/3948-2619-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe
behavioral2/memory/3948-2629-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe
behavioral2/memory/3948-2663-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe
behavioral2/memory/2324-2692-0x0000000000C70000-0x0000000000E0C000-memory.dmp	autoit_exe
behavioral2/memory/5064-2699-0x0000000000700000-0x00000000007F4000-memory.dmp	autoit_exe
behavioral2/memory/4712-2713-0x0000000000430000-0x000000000053C000-memory.dmp	autoit_exe
behavioral2/memory/3948-2714-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe
behavioral2/memory/4108-2786-0x00000000006D0000-0x0000000000D0D000-memory.dmp	autoit_exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

!WannaDecryptor!.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp"	!WannaDecryptor!.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

VeryFun.exe

description	pid	process	target process
PID 3948 set thread context of 2648	3948	VeryFun.exe	cmd.exe
PID 3948 set thread context of 1236	3948	VeryFun.exe	cmd.exe
PID 3948 set thread context of 2444	3948	VeryFun.exe	cmd.exe

Drops file in Windows directory 1 IoCs

Processes:

VeryFun.exe

description ioc process

File opened for modification C:\Windows\System.ini VeryFun.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\System.ini	VeryFun.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 2 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

cmd.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	cmd.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	cmd.exe

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1416	1372	WerFault.exe	FlashKiller.exe
660	3244	WerFault.exe	FlashKiller.exe
1652	660	WerFault.exe	FlashKiller.exe
2184	2112	WerFault.exe	FlashKiller.exe
3780	2224	WerFault.exe	WannaCry.exe
4812	4888	WerFault.exe	!WannaDecryptor!.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 5 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

3880 taskkill.exe
3320 taskkill.exe
3760 taskkill.exe
2484 taskkill.exe
1372 taskkill.exe

pid	process
3880	taskkill.exe
3320	taskkill.exe
3760	taskkill.exe
2484	taskkill.exe
1372	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644377262500797"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings chrome.exe
Runs net.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exetaskmgr.exe

pid	process
3412	chrome.exe
3412	chrome.exe
1412	chrome.exe
1412	chrome.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

4544 taskmgr.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

WannaCry.exe

pid process

2224 WannaCry.exe

pid	process
4544	taskmgr.exe

pid	process
2224	WannaCry.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe!WannaDecryptor!.exetaskmgr.exe

pid	process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
4888	!WannaDecryptor!.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

!WannaDecryptor!.exe!WannaDecryptor!.exe!WannaDecryptor!.exe!WannaDecryptor!.exe

pid	process
4804	!WannaDecryptor!.exe
4804	!WannaDecryptor!.exe
1040	!WannaDecryptor!.exe
1040	!WannaDecryptor!.exe
3604	!WannaDecryptor!.exe
3604	!WannaDecryptor!.exe
4888	!WannaDecryptor!.exe
4888	!WannaDecryptor!.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3412 wrote to memory of 4048	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4048	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2632	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 3232	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 3232	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 1672	3412	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:1716

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3460

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\piggy.png
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbabcab58,0x7fffbabcab68,0x7fffbabcab78
3⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:2
3⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2032 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3960 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2056

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
3⤵
PID:1660

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff67454ae48,0x7ff67454ae58,0x7ff67454ae68
4⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4552 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:4304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2400 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3260 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4460 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2728 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3188 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3956 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5380 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2020 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3432 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1748 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1052 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6080 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:856

C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
3⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:2224

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 249821719964495.bat
4⤵
PID:3192

C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
5⤵
PID:4636

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4804

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
4⤵
- Kills process with taskkill
PID:3880

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
4⤵
- Kills process with taskkill
PID:1372

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
4⤵
- Kills process with taskkill
PID:2484

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
4⤵
- Kills process with taskkill
PID:3760

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
4⤵
PID:3180

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3604

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
6⤵
PID:4204

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
7⤵
PID:1140

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
4⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 1080
5⤵
- Program crash
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 912
4⤵
- Program crash
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2212

C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
3⤵
- Executes dropped EXE
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4508 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1060 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1692 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6044 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3664

C:\Users\Admin\Downloads\FlashKiller.exe
"C:\Users\Admin\Downloads\FlashKiller.exe"
3⤵
- Executes dropped EXE
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
4⤵
- Program crash
PID:1416

C:\Users\Admin\Downloads\FlashKiller.exe
"C:\Users\Admin\Downloads\FlashKiller.exe"
3⤵
- Executes dropped EXE
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 204
4⤵
- Program crash
PID:660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2024

C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
3⤵
- Executes dropped EXE
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4580 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2580

C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
3⤵
- Executes dropped EXE
PID:1284

C:\Users\Admin\Downloads\WinNuke.98 (1).exe
"C:\Users\Admin\Downloads\WinNuke.98 (1).exe"
3⤵
- Executes dropped EXE
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:5052

C:\Users\Admin\Downloads\VeryFun.exe
"C:\Users\Admin\Downloads\VeryFun.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3948

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:2648

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
- Checks whether UAC is enabled
- Event Triggered Execution: Netsh Helper DLL
PID:1236

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:2444

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:224

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:3964

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:5048

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4316 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4700 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5176 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:416

C:\Users\Admin\Downloads\LoveYou.exe
"C:\Users\Admin\Downloads\LoveYou.exe"
3⤵
PID:3320

C:\Users\Admin\Downloads\VeryFun.exe
"C:\Users\Admin\Downloads\VeryFun.exe"
3⤵
PID:4108

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:2324

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:5064

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:4712

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:1572

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:3752

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:4236

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:2572

C:\Users\Admin\Downloads\LoveYou.exe
"C:\Users\Admin\Downloads\LoveYou.exe"
3⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\L0Lz.bat" "
3⤵
PID:2472

C:\Windows\system32\net.exe
net session
4⤵
PID:4684

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
5⤵
PID:1368

C:\Windows\system32\net.exe
net stop "SDRSVC"
4⤵
PID:3184

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "SDRSVC"
5⤵
PID:3908

C:\Windows\system32\net.exe
net stop "WinDefend"
4⤵
PID:2592

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WinDefend"
5⤵
PID:3556

C:\Windows\system32\taskkill.exe
taskkill /f /t /im "MSASCui.exe"
4⤵
- Kills process with taskkill
PID:3320

C:\Windows\system32\net.exe
net stop "security center"
4⤵
PID:924

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "security center"
5⤵
PID:264

C:\Windows\system32\net.exe
net stop sharedaccess
4⤵
PID:3992

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop sharedaccess
5⤵
PID:1576

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode-disable
4⤵
- Modifies Windows Firewall
PID:4088

C:\Windows\system32\net.exe
net stop "wuauserv"
4⤵
PID:3544

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wuauserv"
5⤵
PID:636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo tasklist "
4⤵
PID:3012

C:\Windows\system32\find.exe
find /I "L0Lz"
4⤵
PID:3692

C:\Windows\system32\xcopy.exe
XCOPY "BitcoinMiner.bat" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
4⤵
PID:1068

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:3836

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:1272

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:332

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:4344

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:1136

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:4692

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:2044

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:3992

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:3776

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:1348

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:2480

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:4028

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:660

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:4844

C:\Windows\system32\xcopy.exe
XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
4⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2400 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3368 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2400 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4956 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2316 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=4436 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=2412 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:3660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6200 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:8
3⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=6412 --field-trial-handle=1876,i,8673322749524829795,5721802784708773401,131072 /prefetch:1
3⤵
PID:4448

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:3556

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:4708

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:2648

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:1324

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:464

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:3616

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4544

C:\Users\Admin\Downloads\FlashKiller.exe
"C:\Users\Admin\Downloads\FlashKiller.exe"
2⤵
- Executes dropped EXE
PID:660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 240
3⤵
- Program crash
PID:1652

C:\Users\Admin\Downloads\FlashKiller.exe
"C:\Users\Admin\Downloads\FlashKiller.exe"
2⤵
- Executes dropped EXE
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 204
3⤵
- Program crash
PID:2184

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:3964

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4192

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1372 -ip 1372
1⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3244 -ip 3244
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 660 -ip 660
1⤵
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2112 -ip 2112
1⤵
PID:4052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x4f8
1⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2224 -ip 2224
1⤵
PID:1020

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:208

C:\Windows\System32\ie4uinit.exe
"C:\Windows\System32\ie4uinit.exe" -UserConfig
2⤵
PID:488

C:\Windows\System32\ie4uinit.exe
C:\Windows\System32\ie4uinit.exe -ClearIconCache
3⤵
PID:1976

C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
4⤵
PID:4800

C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
4⤵
PID:3928

C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /FirstLogon
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6afd7ae48,0x7ff6afd7ae58,0x7ff6afd7ae68
3⤵
PID:2428

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=2 --install-level=0
3⤵
PID:2676

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6afd7ae48,0x7ff6afd7ae58,0x7ff6afd7ae68
4⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff74ff95460,0x7ff74ff95470,0x7ff74ff95480
3⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --migrate-edgeuwp-taskbar-shortcut
3⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffb74446f8,0x7fffb7444708,0x7fffb7444718
4⤵
PID:3520

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
2⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4888 -ip 4888
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\d861553c-dcc0-46c2-b4ee-e73f41dbaed7.tmp

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
396KB

MD5
13f4b868603cf0dd6c32702d1bd858c9

SHA1
a595ab75e134f5616679be5f11deefdfaae1de15

SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
8799a317113710314ba56891af94238f

SHA1
ce2aec614028b05c29ee76285001295eaa8bb63a

SHA256
43f69600ab5bcf8e0fa6a14eea89b8353a9db5bb77c37cd781b1424774ebd522

SHA512
e7a8b367f5f09070bed3282cf40cfaff795d4eb24a76fd4bd13c387a1c98948f88776350fb22bae529208b7cba27e747e57b03567ea66f8633b8c6c66a6095e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b0f28c7b40ce53e88d117d2336d8b62a

SHA1
81c91856a6165dc25f908dd4cbd3f66951320ed5

SHA256
12f116619ddfdab030ad7b9062e3b45649a190d455d0b711c08b3b4336ee2034

SHA512
8378101eaabb3499c85883cf1e829e18816fdc3de49b2bf123aa6b5bc22633c44c6c99ae8fcd63c2aa0ad2e7b188092e7ff2585ce81489543ccb5c13ab133b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1c79306d11acbc29a5bcf8cac2a5536a

SHA1
57ddb3cb980ccb95d70c60e12e291186bc8f5dc2

SHA256
bce7b04cb279ba323dc5e79bad0c042798cad2d855631f601c34baa414333cdb

SHA512
34c5ee5078e370d7fbcae189f06786da9367796e03145b877555e4f40f42b33c6f9352ccd4f25f55e95f4ce492c3cd24bd4c7690392299f8b05596cc75f0b91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f86e104559391db71cee7e547549ea31

SHA1
8e5e154552f44aaa8966acf0c0b101374aa04c1d

SHA256
ba22bfa5219ad803a7fd9ffb7d8d95af456f0ff63c1acf1a9de2503e4a5c26b3

SHA512
096147736b94a2a57c1dedc8492e9bd243fddf2d3a4058ac10657b826dceeb634d1cca2396b7397f9cb1eec29a2eba0acd4be8fea456514522940e15ebfdaa0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
026b64e8d0e10c62e6905c55b8083b3e

SHA1
fcc56b75169088dbda7b202b2e36e4b94c205e1b

SHA256
f2feff582fe2b944a0d2bf33fec53daed8bb0fe0de8f302dd15be0dcd544ff1f

SHA512
345351409344df8ce2555dd28cc28c7193a45cd60388fb9698a6827e8124c49dfeaf44e6269470a57310f80f0fca08ac94d0f52ceee3dbb246773da2399a4670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
112059d6353ccb365971e4c526e5e7da

SHA1
3c298e639fd7f0f484728b5739bc1d0b808a9cb4

SHA256
3a7632f8c8ce741192895581dc095e0da6eb29c90821b2aafa02592733dd864d

SHA512
b366c10a5c956d68dcbc01c2c100c7d742b1d61539200598c61d900a75b84497eefcc83d4698a8a7e9837c13ab37b1504c8314fed6ee9f226efa5a218489853a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4f6597c4e474a49a324c4ec76ba73964

SHA1
b34bd4d84e454d20dda46fdcdc968898ab2f4421

SHA256
3c3c5a2aec6d26299c9b946488565b7db5c28d108135dd71be5709e6e054ab04

SHA512
2bb44edc4f54b230e69db45eac6a3a7287531aa34c2c4d371ee1bb19f4deec236fc65734e9c67cf9283b43aca26701b306345fe07904bc24278e8e78a3ff0c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3bf7e4c40a1732a2a7c0834935255e96

SHA1
c6b04432d9cf098ea160a7743944b780c35c9705

SHA256
0c0af2766979c3fdb274226885d46179d90b030d41c2f0c2d0bd6e0c5adf035c

SHA512
e1b4df60711c1778e1faf12982213651f161e4b8d9239255e034b80cdaec29cecdd9c73c4eabe8bed118dc7f0cd864a7b8f46bdbadf4782b9e6d44c061891ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7bb2a0282a0262552c406eabd2e3dd54

SHA1
2d2bc85bee3b4106c6d0cf1bcd5927641b73d225

SHA256
721739c8ed8aed8465b069de08d0a49ea74d1c10bf3bb943fc3b8a841479eaa5

SHA512
fd4806e1ebd7492f1df200ab739e835dbbc92cc93129751f3b643bdcf18fec53ce3bc958768f0bd924989757549c2b3a67f950f56946081d7374ae36e99002da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c173ba0b79c5886c18674e799bdad937

SHA1
aa05de18ccf9048caa4d5e0670ef39423731ddb6

SHA256
67cbb4f8cfc0486418fbc23df3c882ef3f4bc668508f1e0404580628e793c9c6

SHA512
c5f08363e7aff53b47a84d44f977d250eb467796a454cf986f6b2d5ed0ba63c7bb4d239f97301dc07561adcc29853ad048442980f998e76a28345cf730ddf4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2ef594f28c9ecffb6b208e2858d9eb06

SHA1
f9d77de45bbcf37e5c93c3d58e68bcdf6bb26de2

SHA256
57f5bc59439f74ce0de9c07f307e3481f0335e7442d8ffc6277017ec4797c0ee

SHA512
06db26b11d7e7870779a935e2c278f0914b05aa0ad034054872d0e2320657d2f923dac3631757f7194587cd3d5e13cc3bbdbaa30bb6372b017ac61868656d74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61d7d0fb564ed7b45b95a51acfe90d8b

SHA1
3b0899c1be56191dd409276ee3e8240c1319e7a2

SHA256
72d1c6e834be4e017606db40b67af06d837920fd4ca97d901106c0b7052be2f9

SHA512
936b58399ccb824efeb9caa47bb46869e01577ded681b5f9509ec94812c08ac524e83a6a1029c45449e1e033aa0bf20f18a307d1009c4709d2b61336cfd47ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2469a2931c0e80a3326d9913b21863a

SHA1
08f58c5163384b9fd7b424a53c4b6bb8cb3d8969

SHA256
f05b201d2dc896abd6b9e91ea2e82d164d09202ca9fcdcbe5e721efe4ddb268a

SHA512
741a90d7b3f434ebc8b1638afa497bd78faad5459bf9a35b662dd1af7eb32a459608169f326445adc68102a7908a3a9b0c8a371bdc9cd3dad4dff4f09e2909df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
85a40107a315bdd0a8d8b19f2c06f1c5

SHA1
79bcd5a96ab01994d89211bdefca0b28b01981ba

SHA256
3ef8b67e9e6d1cf91bbd81a1808c87830d0fcc60cc19dedd816fa38c97f4d231

SHA512
6d05c49f47fc12b6acfda906731ac803c5165ccb39bdfd3e5f1569050f6e2dee01f71db732dcef0cbe5337f046a6449141d26ee08d2a2f503b4e0cf97a5a4dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e5f98a4d7fe222e4beeed1aa28f611a5

SHA1
682a6c481745189377969612cfe97530bfab9c73

SHA256
5b065f7f92dd64a648b166f95e1aad0912c890f5a0c39c5f1a6ddcde52a84abd

SHA512
b157102722058737d85212a50488e2f1f67f61864e84dc4c6b032da1b3d1a3c261193bc2fde61d48e780bff62cebd974c5d54b6c748a2ff1f5e06a5bd0492639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6c7b9088684794188ec8e5f12c250e2

SHA1
73f034e4da0a69e8ceeb3764de65dde21c574801

SHA256
a9e37e7c77cddb9ba8888c7a62ff481bd0e8f172ec2e5fcd117691d82217fa91

SHA512
0cdb3735fc4bc215dd137f1cc8882d4bb71ad36c100b6a4dd2b6e8a81529ab49ac4b58821f86830417e7719bbcc54c17cd84ed5ca46ea4317c1e5b4f25c7a53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
569f347343786c49a2dc187c636e6d7b

SHA1
325e9ed3d0b948b39ed4df1dce1f01b568dc6ca7

SHA256
b4b932412856dc2e46e478505f740b62885e10e9383945ffe9d2bac74794c490

SHA512
b6dc40a9ba614a41529398d20b977e0d8d13f221d36aef320aae3d5c47f61779fe38659434cfc0ebbea8ce86f113799b1d295c488019a73a9f225c142f7b8961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f19baf0f9a702ae57b34f7528737679

SHA1
8cb9b14108700c0f3564bd66856d41d9f35c1236

SHA256
9331c2ab901ee6798482aaa117a5cbb12f546e566ce6bb520fe9917f4df0dd77

SHA512
85819e04cf41e1c7bd54cfe7fbb8fcd3b317d8ffdf5bfda083f616850ebee608c5a9f21571dc67293b6f7325bb1a1288be6f4555aef6c2ffdb5385ce846de74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b51ddb3825cd83f1030a78d4b1a189b

SHA1
344c8b9dba047b085f9691232218bdb0f913442e

SHA256
17137f1098f406488fbd7653992e69edaf8d32aea4a18b1a990a9da0a0d0b4f8

SHA512
a915f0cda992097313c1cf3e13086542a7e0c77b6d781704340be2a8d14553ad477639b60ff4826c427f309cf743fcccb0df95a543c07bfbf4ee45b579f9f33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5574d039bbef5a4d57dff9f02e60cb6

SHA1
c40372834e42fb715cb2d72dc526f219323af74b

SHA256
e488c04ee6d326e6a7588c510ecc83412029f98c2dd4cb8ceaf0f8e91ecf191f

SHA512
a19368cbd6de1b33285f38f1d07f01d7efb21cf495d0fc5113614c6b97b97ad8dc11c194d1e6fbac6772c9bc2d60454630e6fd2fb468ea00124bd36e4303a5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
604f6fb2f134f410083c859fbeeed4d0

SHA1
d07c9bc9eb6ccf3fd18450eb9345b09651c4d429

SHA256
6c5c819dd0e745f68b9c14a4ae7c777c6a45fce6dee048d94aee5e293c1c9598

SHA512
b03d8cb1726b02ad75e2565a93a7452e455aa80e025f100556f51caa7dd23a5e931d84e516389c3bedd09d54e4b0ca058a96c521c14c8a9b152a3e7cfd868507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffe9fbe64f37c3fd2e27bd292a1e1685

SHA1
b532b0d486b0788e37d33fad3897e1b779f4ab07

SHA256
a0755d2ce55533ef661ea3be8a3c6e04487d8e7db2011f712efe1beb221451f7

SHA512
b1276537f396538b49068241ad7eba0eb9aec5a25de1ed7c34c343bc040193c4dfeeda9636fe988956eaa235a842011e140d4fb0410e392a184ed019e602de57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc351971639747e9844d340e29fdbc92

SHA1
d71cabc2c5098d177736e117f1d3d9dbb2a99a2e

SHA256
d0ec0e0b473f1d0e9d71d4afd00a83a28ca6a723ee56c253f6aea8704b6d5fd9

SHA512
01f640750e36e2249847722e18d0327eb195db6bcaaa21bf88df041d2f00742c6fc18ce1f8f7c582c1f8f6b38911a69c5a3fd25e29f47b453757a938ae053f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c4d13d0b0162e1097f79a308f24a071

SHA1
07aa8bb03d49c8741dc07f0cf89408277fd90a52

SHA256
380eb5a0180a3f0de5a4fec0f1021f3d94d96b70d64268075168f63942cf3966

SHA512
2c4eecb685c7d5dd6029d3bdfcb75eb0487076854f5f9764522f4669ab68bd7b00f081beeb3d086906d7c257487362ef90f6d941d795b41446103da12c2d3eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ff77fcc0158fbd3bfd7717c8eaa7007

SHA1
72227cdffd83ec716ff7820190962a475858cf31

SHA256
9fba2d972d9ca1fa3350fd73e62e20d22dae03f5808bc08c243d6fc242023741

SHA512
3ed835654d25468595a08eb69be1953d8d0a928c33b98f41385b643406f096cc46759e59756238a2c69b9f8500cb88b1e68d8616904f63bbcaea96290b148ca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
1b33afab452499cccba42bbb9e43c10f

SHA1
be79080a68c2115039f6986e86ca87406f20a068

SHA256
0c9069a7349596f238bbae506455cfc7982c9dc0b74b146ad5bd1c895853ceba

SHA512
bc34597d982cad9ffe7304f2e4816167d707e3ae09fcb39ec0d144477b840039677793f21b65bd32e753fa10ea40543f88010fb65ab6c3951984e823f23d85cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b43ea050f676688e736f4e32c68b6606

SHA1
5099e154a37bb3da6f67fe2370babbdaab87b4a4

SHA256
3eb230f4fe5be4aa7027264da0931cab9744176f462577fd2b86f423feeb46ac

SHA512
4bf9572e6a7e9470ff7ba5cdc46312f4d866490ea8579485ec15452295dff136426d02cbf46c510e2ea0221ba552186d3aaf51a397b12cf0913be8523fe907b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
346314d1173fe036b6069dbde1c7270f

SHA1
b786195f3ca5c01931a98bda25f7a6581f098bcf

SHA256
58a9ad0d948aa123a569d23f461a02b511a8a1fb4396c09d6ced3187aac55984

SHA512
ec3321f3c46bdf21a08e44bf13065f88659d7baece2bd7fd3dfd44e53dc53433d85f07aa94b8039494d993bdbe88278c957d9ef831239d3e5ae09f596798ba45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
19c819c1ecda5d8c5b26330f1ac03878

SHA1
27802cec3d34f0e970f769f4d1981f86bb948d61

SHA256
87c1c1eca6a4785350fa7820485f24f434a751bb72c398f6caa618ea15789e97

SHA512
e190560bbcd6fb4a16b5a102d8f8386f6e7a644269a6d13fe85c8a52c146fca245c6db80cebbae5367e949763dc3deb7f0b939584ebd707e7c64796d2e58a9c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb1a2b3b17da34097b4111ff38a937e7

SHA1
38d479a4f27feaa150acf079628baffc9f89beda

SHA256
35f9d32f119e07de59c4fc1500e868aa0a3272d5c0fd8884e03a7cc7df2d77ca

SHA512
c56e5235407080b4ea58d89e23dabf95fd754c205c45cba0c91d7472692443ee81b146fab3111aac3663a18eb71455eb76f4ebf56633f8e8ebcd163cad9c0f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4aed9c5173d57cc33e0458bac0594903

SHA1
08499bfb40812fb92d58e0f6528166015f0d77ba

SHA256
7b396d7db42e467005499a4d3a6abc1e155469be1e6510f0aa6da136f1e1dab8

SHA512
40e436b4b8e90ade7d2d3ab8b65cd24edce9e821e042f5590ebf3431a53fde50b10bd590b1954b092d5ba80ede898c97d9893887b84da1961914ed6ce6db99b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dfa02c4e02f02bff55004f38243766fc

SHA1
aa95f551853a7fbeb91a24d243562690f3b2945d

SHA256
f336306eba8d77d95e8d2117ff3dfd3ffb1a3ea2ec458c12e6221e5f5720413a

SHA512
f12bb94b759bd23d9d1ffc2161a5388959a39b737370db0828235f18901e45334978deef221b9bf210dab6b054a244487f547013f12ad86cc9b3cec7f18bd875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2c809592bc4876063b6113408cb0e28f

SHA1
acf3298ad6d2ff9c26e91c62cf0a0ddbe5d9cb0e

SHA256
d5684e75be5ef9d767c09b5516314dfb82ab468540003a60790f80ac420b7388

SHA512
e3a87f74d87fcb6108a46774094012df50dc280c6cb32973f4b714b8166ce64d897cc2e9ae428e0e5511b3fc2d7b826ece4a07e6ffbb0c4ffadc37e045697ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8add6572bf75b6ebc39c53941afc5dbb

SHA1
154de095522b25371680e5aa00c3ed96fdbaa3cf

SHA256
57868facd43f41981bf1698b29daa8d32dcc5dfad462cb3f0ed791ee80e4299c

SHA512
cd3820f9141301d801dce55d9e85724c5a3049efbd80017d16f55245054262b43ccc3dc36efe961cf3d3cc997d0c8dd30b1b373fcd66e285274ddbba6f6dd7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a0e8c27c2136e399043770d83bc73a7

SHA1
bd7f03e8dc607be582e6a697de15854fae015fc2

SHA256
0b2cb63de200f52a1e42cbf6733bb53a93cf840002b132c40c1a41b6aa034ea1

SHA512
f45263cf1748b83338c6308cc82e638223150b5857635d7073508b668944d70d233e7459ce6f3532f03f7ba3dadd32577f70b9c6c0f81893bef25143af7f7f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae30de153257b921a43a540f1eebb0ce

SHA1
e5aa4b2f0d81b4f72bda4818e2022cc5aa868b0f

SHA256
ffe2e442bbe54aa4046f033f58ffa439c1a1fbba1834cf4efc8744963fef74cd

SHA512
696983b7215e203e99cd915144a61f07f7bc42d58138cae1011cabf3644ee2a05ab326f26f17a9b23739fdcf5be1861c79667c5e11afcd58daa0e82ee0bfd168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5a5bc7c974aa971d7abbee7dfcec7194

SHA1
fdcb9be84c58df97dc14eb8347d1263b2b8f2b19

SHA256
c63901b5898ac3148495d1b71051962c3c78a5d2ed8167460f5cc5c22109fc60

SHA512
aa16937bbae33fd8f6dba1f8d3dd832326ddc875ed28b897029e1e54f3ebf129a0e3136a86da858967e12d9acc660c657a41479217cbc4c7f1a12ac4f2b63f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8e29e034b9e92cd87a497f1007b1fcd1

SHA1
09cb9ac1108fd3abdd93ac112d98b18c706595fb

SHA256
5a6ffdec853f23093e77ea776da9c15cab9223854a9395ce4bd9e456a6eee87d

SHA512
a99d460e64598aa84619631fadc6b59299c0e824528c3dabfba3d61f866c11619aa2d2e7d86464ff3c7ad205118bac655144db95401356ce5fcbc5f951ef3d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ce6b3af42e0ba2f7dd8aa8e828bd9b02

SHA1
174006f1cba015f6a092f999f2e44e1866754415

SHA256
6deb194e452940ff1eb2e1d40b6b49052e792cd5f544eb3c7fa3eafcd16e5c76

SHA512
e83dfd67f9d9b21f63b753dd0a651047ff370ffd18bf18610e8abf891d71253c41bcc3124ddcf52feb7c1014c8e31ad65e19ccb3c9072fb85ca8677c5bea52b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
11b828483c488791470e608df24c23f0

SHA1
56fbb0f21be251ef42d5bca6934dac46d04366e7

SHA256
4cfc749d82958fec1e25b2b20cc6a23df0f8356678a15fceed6cbf6f1b70e5a3

SHA512
1cd0df0429ec43adf02ab028b178d16be14ee69f9fdba1c6a4577f00993bf688ad849bc537254d50c0e8b29d290f5dbf0ec063a3a042567023d71ae214422c01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
917e0c2ea92aa7aba599e954d3f19169

SHA1
e0e3b4a760b7261d1d24b89542f4bedb5fece7b1

SHA256
a163d4c53e281c580415290c29048bce270de573946862794392986310aa7699

SHA512
36ab636514c81db3864139d6a6153e28a5b68f5708e5649e60c92f30f5ec3b575c0c23545e83fb1cca5f57da19050cd1a29b2a597b0bd778f604b7f5808fb907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2bfc2ef2324ace71145a693f3f1449fb

SHA1
bdf82e76b9695d97fdfe1b2b04af4c9c87c0ffcc

SHA256
08a51014892dd307b503240a99399a851de6eaf8703156984127659ff42f4f3a

SHA512
4e581bae6bc631b109f97b89e8c34d5bd15c50dfc2e409c80705aa9e3b2dbd05a0a74e99b986a26dbc2c64c6f3d3e7d3a03aed151a095a0f37e81d1e4ab9d2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d1886fe5e92885c5cd5fbec36fd1558f

SHA1
f1fe9a6eb493866f1fd452de9fd2595fd67a4818

SHA256
ac624a30a8c7f4a4675a75958c68cfb7b0a295e104239b4f93498c6b0f9bfd34

SHA512
3bdcea91dfd506120adf3ddca610febfb224067e4943e473fa26ecff4454a762c14bee80bfac23946281a6e3049163d8cedb93712010421cec56a9016c93ceb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
57de218db7681e72a426569912271538

SHA1
66bc3ffdf1a57f483109fc5cf9f487d0729e4a41

SHA256
b30ad8ac44eb68a111b751e210f49305f6e16c29cdce9fb04720fdb70d3e0dc7

SHA512
2ac3470a5b7b95f07472ff1e89e0eafc4222121fe5589ed09748c29e4ef140b4bf3585919979da8cbd098897a855ea943835f19fc2fda1e136679bc4a90a1bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
106660fd870edc124a9d8c58f565b147

SHA1
191391550a8d5749e0e70105ee1f06da064604c3

SHA256
5b401b9204cc00e0f36294481f3afb19ac26e1a2f6d1c900da8de546317e9e9e

SHA512
5e8e23dcf647b646102fcf8719d683d7b8229afe5e3c8fbdb64c7269cbc61dbaa2ea4e4b3a3171c41d32408da953c302c4406404eb65ff8214dcebeda9284138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
83b921fd30b8dbbcdd8ff9ecb1dfae03

SHA1
d105878551e7224ba3653ac8bfdf81fa7bd8bc09

SHA256
80d862136d60b9c93763bdba1455e3415b7b6a7240b3a514b8666d7d3456154a

SHA512
72f75a61722e892d82b7e379793221a12758859bbb9a63678d85bcdf1db166bd90387b31e9d6024053dac1c1e61d9ea8744374eae87b0b0b615aae228c9a0571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
13537778c0c1d1e5ec01c0f872dad524

SHA1
c24423076c9fe54b03d48b3228bdd814d62785f7

SHA256
ad1b4ef9a72a477fe411378851498ba058462bf19b46491d616eefb9c2b040ed

SHA512
fdba181c3be99320ff5379071a0443b58b85d0d1f6af15643491cdbf72e0fc3045de7da647409c527ee6b364aaef7648dfc3050782fe08558b5816fb80e7e04b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1e3f5f612e238601ef56b93305e32575

SHA1
bdf5a92c0d4ef3cf742c0456723c4b06e6a3f6a6

SHA256
8ddd69faf60f5e34d6bfaa35db75ecbd04f1ff55dfce9ce71488d9fd734a2dc8

SHA512
a56307c4a18c851a43ccbd8abf7580bb73d58888eca39f89ae423bd18e3b1c7af2c5256ad25372361362cd77327d86a97cbd6b1275475e506f056e0728460d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
101fb742268cba689b8e7480b1ed2649

SHA1
5f817e4654fdb6cecb2578d8254935b75c5baef5

SHA256
754ba620e06ac2ef7a3caea06a12a566c0f2187813273638c207fd0c67c0af20

SHA512
0d47c14992308f699520e7cbf973662f5c11200cd4cba08dc268d7de2d5d93e583fc78dc07f62a5496d7fe25503695fbbb9fcb75c800ecaf36d5685522ea131c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7953b1876f9e0c2a9fd8c1b7240d41b4

SHA1
276a0ab7e6c65ef54cecc81310bd81b1ef24c7dd

SHA256
e2214743f6c434787196e636e67820debb72f8b6cad53f2322fc9691edd631a4

SHA512
2f2d98d0afdaf1d25a3beb3241612481883ed61c8f6dcae829365598c486ad3787f32fef804712665cbd55c3ecfbd3a7477affe7ace1e7d2b9806d268cd46007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4ee0cecd68a504df91fbd30174bc756e

SHA1
707fb67e32b8dae943a38f63140110274899aa66

SHA256
32fa5091a013a745bc97d28d4f2164acb52db9922515597d5dd9bf7c45825222

SHA512
987fa8d5349fae08745136c3845a79f4d7c11d5ff0e174e5faae0ee37ad6f2b33f1b40cdcb4c7e7a3b4500cfd854aa344c42bc16119a8b1564eb9b39624d0b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
971967e2bd5ea8c4802b81c4ef43ba25

SHA1
4747ddc589430903dfc2d4e630b74a962beb31cf

SHA256
95cb75eab3882b1ef306addd874e5b27cbcf9f2e05ea8c41edf9307ba0ce7bbb

SHA512
8d7ce86768c717101ab71a1710d9c427600c47ff5bf836d30e69b8a52166e1a8bc8478b1ee276e80a29fffa64bff2e1302f6575c518300f0324a401c2c1acfc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58deb3.TMP

Filesize
120B

MD5
89f8471ae1bf6f797b2da2e364aea626

SHA1
39ddf54ecf75a35d6684d4751c0b710df9444e33

SHA256
c817ff9f4c85204b24181bf3d127cb84b5763349d90280aaf6192b3cfd4f39e4

SHA512
af035d163c7151aa0122639fe0f0fec3f548b37cfcc7be9d8d162978c4f78024d3076c93c971231e34b8b18d14b1e26e4c896e0c909be1251125d0636350bc8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db

Filesize
28KB

MD5
08d4f43e04ab1e087c609fb887b0e62d

SHA1
aae6ead0125dbb8fc6e149c4dcb1d2440b6b5df6

SHA256
673f6ce180d2396da8c014ceee7ca9d8ad770fa8849baae54ee85a7b8f5dee6e

SHA512
94883ecd101409f36dc3203adb3c688c819dd15b0091df2a4e583513bf411f1f8f6874c99a92b4190a98c1cddd69856cd5e8711f32768f0cdde9125cdfdbe8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
f628603fbf4e3e45657c0a441c6c6c0a

SHA1
2a5b8133f7139f912f6b794f56254317707a344d

SHA256
2ed270ea4662e2b66b22c5c75801e424ea7e67ddbe5da63ffd1fb1ce731e6cad

SHA512
87bbdb08988a0fb1abf1ecc64f6b8e38620496e0ef6f550e5e1ed696a06e0ca54f888ce4df292dc75487eb79dab6ab369dbe01799000c09c03046557d5d599be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
16c7e162dfc9ed11a4e275c3972a0e4e

SHA1
c604485afc6747b233744c29fc502916542719ba

SHA256
d8c74426d73d85e4ee99ff8a61ea2e8b87e54318097ba86faf98227097ef4e83

SHA512
7ce924294207daf17a4acb4e5d91dd3410be5373c90193f2b3f61ab81bc42503ada19514cd39b723f521f7b134cde884e9e0f954469c8cfe94a05083d1c922dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
75214b47c58b89ceff04e7dc8f471b7f

SHA1
577580504532e5d1d6eed45b27cf18e94f4f64d7

SHA256
77ad6f22ba830c6d634c0a3d7d76109b38c1bfac205b9d493821556189078fff

SHA512
1d8dcac8d809bc5f81f55efba466c1033bfd2d3e52e142bf621ec635f17da03adbf178c6243f37abb599470887777cf38406671b8d639854747595613de9e3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
4a2c9a4816b9468799122b9c3f6611b5

SHA1
e772968d58fe27bd33b58258c809695a1a478895

SHA256
a57111fe9673325468c842a31685c8839c0bbb0b398d91ac0bf44ade7dbf5332

SHA512
722ad6f3a05588e12629a4d71f2c28902f3798cfb69402a9ff1f27cf73658c0039699724e027780f455a59903e4650b265f048bd4190f53414a91716e70476a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
7273731bf46975c518c083e38255e69b

SHA1
31492d6c5c652bced42c7a154c89a8c93b15ea63

SHA256
05218e757fd9156bc720cb7b5550763bbd13131aa93e62b32620e919b7fec2c6

SHA512
dde4522fd85a0ea2fcb035defa52dce254997ed3bbbd68e6181730342bf3799ff1a9c6ce1962d833bca971b161c86082a5772af24310f8f8f94d75a690504e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
a0a89dcd938f599ffb30dca637949aa3

SHA1
3f7ea9ee6e433f631bcc847f7f3ea0cbf0d98b0d

SHA256
6312079c539c6a932cd92ce42ca9da27a5576033556903f5036b9cf037274058

SHA512
5b30cb753b7f05947e9dbb8fea042ee44c9a1ba5992d7870fde5e62bce1cf79ee1342ce528c36b40f34f7bf5431126f0c07bbd849675960a56426861fdfc4414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a090a.TMP

Filesize
89KB

MD5
1e65cd78e2fdfa4f9379cbaf3976b35f

SHA1
206e15cc442e03ef4672602ed41b2cbf00d1c3f1

SHA256
291a9b708d3ff5c83e5ba9e4698f75915b241e16830bc7c0b5dfc3bd3d84275f

SHA512
841b03c7e7c3c118e7be5d1b258dcc44ca89f12dd03e221ddc46f3290d8cc24271f2d878028fdd663c04970b7f8602e04c4948611f486665a46af14e39ddebfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
ff30e7746e47af33b937fa198d36fae0

SHA1
33b830e7f230af85c08106cd5b502f66a50b32fb

SHA256
b1805cdfb462b04836cab518b542cd2079abcf171fc4fe17b3874e25e35b1353

SHA512
a01cf2a90b548cdcc5af5d3f44773be1b9739cdca9a4daeae2c7f21003c53e8ee30449e6c462c6051a66f6d9292a67094fbc48b492356070b9a03cedfce1776e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d2eeeca3-b42f-45cc-af34-e0204dcb7402.dmp

Filesize
5.1MB

MD5
027980167075112fe2a7e848ae8bbed8

SHA1
bbde562b6e25aa4128c08fb269ee40299b080406

SHA256
69e24711f0dfda20ea0a9383f5950fd659d3fcbd965cd67a8eb0d827387bd046

SHA512
d48385c2b20a9a045158172592bd655cefd2a45eb523d1d82202beff8ddefd38b53dc650a8ad81521d94cf391b72abb42191bb6281a82a6c07abbf41fd4b1167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RGI598.tmp

Filesize
24KB

MD5
dd4f5026aa316d4aec4a9d789e63e67b

SHA1
fe41b70acbcba7aa0b8a606fe82bcfde9a7bf153

SHA256
8d7e6cee70d6035c066b93143461d5f636e144373f5c46bc10a8935d306e0737

SHA512
3f18e86d8d5119df6df0d914ebf43c1a6dadb3fdeff8002940a02d0a3d763e779068a682ee6bafe650b6c371d4be2e51e01759ec5b950eef99db5499e3a6c568

Download Submit
C:\Users\Admin\AppData\Local\Temp\RGI5BB.tmp

Filesize
3KB

MD5
a828b8c496779bdb61fce06ba0d57c39

SHA1
2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda

SHA256
c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d

SHA512
effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt

Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnk

Filesize
590B

MD5
0d45f12d2f0daebe8c5eede34c19e37b

SHA1
795f3cf5572b26f9e26687842004a098dec70e34

SHA256
80c2e9c6983a877e1860d8e9c37c85dad2ddc2cf3506cb49162214aad4091ca2

SHA512
2de835b0a6172e9f07cecfb3362b1dd0413a0b58c14cbf755b8b1cc0b49c4decc8c55bd5c4f5ff6acd66c8a0b6479413b1fdb8da376c6dc88e84be063a721070

Download Submit
C:\Users\Admin\Downloads\00000000.res

Filesize
136B

MD5
1a9e68c4c3a388b9697f418050c17c6b

SHA1
117e3f2efe252eb7a8cbdb6b50771c06fcde4aae

SHA256
57e89dc97a68ac16b856c4f24b91290283585d3609a3fbcf197488a33b7ec888

SHA512
ee1e0d08832e1d7e752fc6e65ace71ffc37d4e2e84c0a8166abe69404c546bc59381ce7e9219c17d22c609e3469133f068ff2c8ef2b2e30ffd15d76331cb74ab

Download Submit
C:\Users\Admin\Downloads\00000000.res

Filesize
136B

MD5
c55be3b688814008835498456669e2ff

SHA1
1dfc7f188b0b2387f4c7d2b93f52f0832b650fee

SHA256
5afcbe4f86c7bff516493e9fc06c6ca50d7d3ecd2215db96de28b68e8d65614a

SHA512
e049d8594d8582d2d5eaed39f90a68b0b224f853f978384d5f03168e4ca34f82902cdd613b380fb62fd0b4d5907f5a735a6d944d602fb4e66d6fee2e3bfbb13d

Download Submit
C:\Users\Admin\Downloads\00000000.res

Filesize
136B

MD5
978647db6dd342c7874ca73914620734

SHA1
6cddad5e8e4a98df86b2461e6ab100a2c0c466ee

SHA256
932628a1beceac4438dd9e72b0918de67cdd9047696954ce17b2ec4d84838be6

SHA512
10bd5bfcbb35488ae018090d9baf223717b2a1463126f2e2d06b45f80e913c4163542255fb1f59774f158e5ddccd3576ee540293187bfa1e903009a1e5a011c3

Download Submit
C:\Users\Admin\Downloads\249821719964495.bat

Filesize
318B

MD5
a261428b490a45438c0d55781a9c6e75

SHA1
e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e

SHA256
4288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44

SHA512
304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40

Download Submit
C:\Users\Admin\Downloads\BitcoinMiner.bat

Filesize
262B

MD5
1b95e04dbd98deeabacd15b8cd17d161

SHA1
223280d1efaa506d6910fa8f0e954bf362b2c705

SHA256
76a32e2efb8b97a8c226bcb8bc5b113b4b6fce1077de6513405955bc6d74b169

SHA512
e2be3706491c1cdb9654d0720805dd96536c66f48bd7d8a4d781b5daeebfd22655cdb2d84ea1a1ec5c0d963b0f3982735975f032373c9083986cd1c01d379e70

Download Submit
C:\Users\Admin\Downloads\ColorBug.exe

Filesize
53KB

MD5
6536b10e5a713803d034c607d2de19e3

SHA1
a6000c05f565a36d2250bdab2ce78f505ca624b7

SHA256
775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de

SHA512
61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018

Download Submit
C:\Users\Admin\Downloads\CookieClickerHack.exe

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\FlashKiller.exe

Filesize
4KB

MD5
331973644859575a72f7b08ba0447f2a

SHA1
869a4f0c48ed46b8fe107c0368d5206bc8b2efb5

SHA256
353df4f186c06a626373b0978d15ec6357510fd0d4ac54b63217b37142ab52d3

SHA512
402662eb4d47af234b3e5fbba10c6d77bdfdb9ff8ecfdd9d204f0264b64ea97fc3b5c54469f537173a26c72b3733550854749649d649bc0153c8fe3faacc50a1

Download Submit
C:\Users\Admin\Downloads\L0Lz.bat

Filesize
6KB

MD5
74f8a282848b8a26ceafe1f438e358e0

SHA1
007b350c49b71b47dfc8dff003980d5f8da32b3a

SHA256
fc94130b45112bdf7fe64713eb807f4958cdcdb758c25605ad9318cd5a8e17ae

SHA512
3f73c734432b7999116452e673d734aa3f5fe9005efa7285c76d28a98b4c5d2620e772f421e030401ad223abbb07c6d0e79b91aa97b7464cb21e3dc0b49c5a81

Download Submit
C:\Users\Admin\Downloads\LoveYou.exe

Filesize
22KB

MD5
31420227141ade98a5a5228bf8e6a97d

SHA1
19329845635ebbc5c4026e111650d3ef42ab05ac

SHA256
1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71

SHA512
cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 762440.crdownload

Filesize
3.0MB

MD5
ef7b3c31bc127e64627edd8b89b2ae54

SHA1
310d606ec2f130013cc9d2f38a9cc13a2a34794a

SHA256
8b04fda4bee1806587657da6c6147d3e949aa7d11be1eefb8cd6ef0dba76d387

SHA512
a11eadf40024faeb2cc111b8feee1b855701b3b3f3c828d2da0ae93880897c70c15a0ee3aeb91874e5829b1100e0abafec020e0bf1e82f2b8235e9cc3d289be5

Download Submit
C:\Users\Admin\Downloads\WannaCry.exe

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\c.vbs

Filesize
201B

MD5
02b937ceef5da308c5689fcdb3fb12e9

SHA1
fa5490ea513c1b0ee01038c18cb641a51f459507

SHA256
5d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1

SHA512
843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653

Download Submit
C:\Users\Admin\Downloads\c.wry

Filesize
628B

MD5
b7e645e672a55a11c54a9ba2ba19bef5

SHA1
0eba71e37ec69dc922bfa9eaf454efb9c5e42cf0

SHA256
352a8741fc5989b5807a37ddcaa207096afc757be69c780e376e9a8218a32aed

SHA512
4aa34e7441b9f0a1f74f4675cbe4ad65ad3313ea9fd7ebfb2dcd626bcfc3599b9811a832e6aebcd406547a104893a59e4eb5e3335a5b8feffb7ff3f882fe3454

Download Submit
C:\Users\Admin\Downloads\m.wry

Filesize
42KB

MD5
980b08bac152aff3f9b0136b616affa5

SHA1
2a9c9601ea038f790cc29379c79407356a3d25a3

SHA256
402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9

SHA512
100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496

Download Submit
C:\Users\Admin\Downloads\r.wry

Filesize
729B

MD5
880e6a619106b3def7e1255f67cb8099

SHA1
8b3a90b2103a92d9facbfb1f64cb0841d97b4de7

SHA256
c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35

SHA512
c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243

Download Submit
C:\Users\Admin\Downloads\t.wry

Filesize
68KB

MD5
5557ee73699322602d9ae8294e64ce10

SHA1
1759643cf8bfd0fb8447fd31c5b616397c27be96

SHA256
a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825

SHA512
77740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e

Download Submit
C:\Users\Admin\Downloads\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
\??\pipe\crashpad_3412_FLPHTIGNOFHSVXRM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/224-2606-0x0000000001120000-0x000000000122C000-memory.dmp

Filesize
1.0MB

Download
memory/224-2605-0x0000000001120000-0x000000000122C000-memory.dmp

Filesize
1.0MB

Download
memory/224-2604-0x0000000001120000-0x000000000122C000-memory.dmp

Filesize
1.0MB

Download
memory/1236-2582-0x0000000001300000-0x00000000013F4000-memory.dmp

Filesize
976KB

Download
memory/1236-2584-0x0000000001300000-0x00000000013F4000-memory.dmp

Filesize
976KB

Download
memory/1236-2583-0x0000000001300000-0x00000000013F4000-memory.dmp

Filesize
976KB

Download
memory/1372-2380-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/1572-2748-0x0000000001010000-0x000000000111C000-memory.dmp

Filesize
1.0MB

Download
memory/1572-2747-0x0000000001010000-0x000000000111C000-memory.dmp

Filesize
1.0MB

Download
memory/2224-759-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2324-2695-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2324-2696-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2324-2692-0x0000000000C70000-0x0000000000E0C000-memory.dmp

Filesize
1.6MB

Download
memory/2324-2691-0x0000000000C70000-0x0000000000E0C000-memory.dmp

Filesize
1.6MB

Download
memory/2324-2690-0x0000000000C70000-0x0000000000E0C000-memory.dmp

Filesize
1.6MB

Download
memory/2444-2591-0x0000000000B00000-0x0000000000C0C000-memory.dmp

Filesize
1.0MB

Download
memory/2444-2593-0x0000000000B00000-0x0000000000C0C000-memory.dmp

Filesize
1.0MB

Download
memory/2444-2592-0x0000000000B00000-0x0000000000C0C000-memory.dmp

Filesize
1.0MB

Download
memory/2648-2589-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2648-2587-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2648-2579-0x0000000000500000-0x000000000069C000-memory.dmp

Filesize
1.6MB

Download
memory/2648-2581-0x0000000000500000-0x000000000069C000-memory.dmp

Filesize
1.6MB

Download
memory/2648-2580-0x0000000000500000-0x000000000069C000-memory.dmp

Filesize
1.6MB

Download
memory/2648-2590-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3556-678-0x000000001BEA0000-0x000000001BF46000-memory.dmp

Filesize
664KB

Download
memory/3556-679-0x000000001C570000-0x000000001CA3E000-memory.dmp

Filesize
4.8MB

Download
memory/3556-680-0x000000001CA40000-0x000000001CADC000-memory.dmp

Filesize
624KB

Download
memory/3556-681-0x0000000001B40000-0x0000000001B48000-memory.dmp

Filesize
32KB

Download
memory/3556-682-0x000000001CBA0000-0x000000001CBEC000-memory.dmp

Filesize
304KB

Download
memory/3948-2603-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3948-2714-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3948-2615-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3948-2569-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3948-2619-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3948-2629-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3948-2610-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3948-2663-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/3964-2607-0x0000000001170000-0x000000000127C000-memory.dmp

Filesize
1.0MB

Download
memory/3964-2608-0x0000000001170000-0x000000000127C000-memory.dmp

Filesize
1.0MB

Download
memory/3964-2609-0x0000000001170000-0x000000000127C000-memory.dmp

Filesize
1.0MB

Download
memory/4108-2786-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/4108-2689-0x00000000006D0000-0x0000000000D0D000-memory.dmp

Filesize
6.2MB

Download
memory/4432-2618-0x0000000000DC0000-0x0000000000ECC000-memory.dmp

Filesize
1.0MB

Download
memory/4432-2616-0x0000000000DC0000-0x0000000000ECC000-memory.dmp

Filesize
1.0MB

Download
memory/4432-2617-0x0000000000DC0000-0x0000000000ECC000-memory.dmp

Filesize
1.0MB

Download
memory/4544-2299-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2288-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2290-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2289-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2294-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2295-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2296-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2297-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2298-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4544-2300-0x0000028793DB0000-0x0000028793DB1000-memory.dmp

Filesize
4KB

Download
memory/4712-2713-0x0000000000430000-0x000000000053C000-memory.dmp

Filesize
1.0MB

Download
memory/4712-2712-0x0000000000430000-0x000000000053C000-memory.dmp

Filesize
1.0MB

Download
memory/4712-2711-0x0000000000430000-0x000000000053C000-memory.dmp

Filesize
1.0MB

Download
memory/5048-2612-0x0000000000900000-0x0000000000A0C000-memory.dmp

Filesize
1.0MB

Download
memory/5048-2613-0x0000000000900000-0x0000000000A0C000-memory.dmp

Filesize
1.0MB

Download
memory/5048-2614-0x0000000000900000-0x0000000000A0C000-memory.dmp

Filesize
1.0MB

Download
memory/5064-2699-0x0000000000700000-0x00000000007F4000-memory.dmp

Filesize
976KB

Download
memory/5064-2697-0x0000000000700000-0x00000000007F4000-memory.dmp

Filesize
976KB

Download
memory/5064-2698-0x0000000000700000-0x00000000007F4000-memory.dmp

Filesize
976KB

Download