Malware Analysis Report

2024-09-22 12:46

Sample ID 240703-ywwmeawbnp
Target AutoDox.exe
SHA256 aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002
Tags
wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002

Threat Level: Known bad

The file AutoDox.exe was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Wannacry

Deletes shadow copies

Loads dropped DLL

Drops startup file

Reads user/profile data of web browsers

Modifies file permissions

Executes dropped EXE

Adds Run key to start application

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Sets desktop wallpaper using registry

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Uses Task Scheduler COM API

Modifies registry key

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-03 20:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-03 20:08

Reported

2024-07-03 20:15

Platform

win11-20240508-en

Max time kernel

411s

Max time network

414s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDB6A6.tmp C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDB6AD.tmp C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obpfgsjmrmyjcf936 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645109520452936" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\.md\ = "md_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\轺䚪ᕰ耀 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{5EEC95E8-24A2-477A-91E2-39527907810F} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\.md C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\轺䚪ᕰ耀\ = "md_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2068 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2068 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AutoDox.exe

"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdb38cab58,0x7ffdb38cab68,0x7ffdb38cab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4176 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4060 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4632 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4484 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5476 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=216 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5484 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3380 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5308 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5404 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3252 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2792 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3764 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4352 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4600 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5656 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5928 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5972 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6076 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6376 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6528 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6676 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6064 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7188 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7240 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7504 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7680 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7808 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7152 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8168 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8300 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8460 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8284 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8612 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8868 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8864 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9168 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9316 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9300 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9644 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9424 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9020 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4056 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7028 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\README.md"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\README.md

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.0.1613674144\1730440253" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1760 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0865e459-cdfb-43ac-b827-552f68d95c03} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 1852 1ad4500d458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.1.1279078182\1130481268" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {084ded13-d49d-45b9-b7dc-41e06d2964f3} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 2440 1ad3838c758 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.2.190899775\246744429" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 3172 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d16b39b6-8c7a-4869-af30-1b143568421c} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 3416 1ad47f6fa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.3.1336601768\1543800764" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c387f04e-5cdf-452f-bd31-1f458d478aba} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 3596 1ad4a8f3158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.4.101749447\1778531474" -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66c97a96-378b-457b-85d1-edfdb8dcee47} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 5168 1ad3837eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.5.21191911\597709242" -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 5372 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00354edf-8c8d-440e-b7e7-0d6d82e756a2} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 5356 1ad4d725358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.6.1021049657\1359559573" -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2167aee-5dc4-4894-96d7-425e04ed78fd} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 5540 1ad4d726258 tab

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 257061720037565.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected] vs

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "obpfgsjmrmyjcf936" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "obpfgsjmrmyjcf936" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\Downloads\LimitStop.potm"

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\@[email protected]

"C:\Users\Admin\Downloads\@[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe

taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

@[email protected]

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

taskdl.exe

Network

Country Destination Domain Proto
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.238:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 173.194.183.106:443 rr5---sn-aigl6nek.googlevideo.com tcp
GB 173.194.183.167:443 rr2---sn-aigl6ney.googlevideo.com tcp
GB 173.194.183.106:443 rr5---sn-aigl6nek.googlevideo.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.180.1:443 yt3.ggpht.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 74.125.175.104:443 rr3---sn-aigl6nzk.googlevideo.com udp
GB 74.125.105.137:443 rr4---sn-aigl6nsr.googlevideo.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.196:443 www.google.com udp
US 142.251.179.94:443 id.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
US 142.251.179.94:443 id.google.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
AE 142.250.181.67:443 beacons2.gvt2.com tcp
AE 142.250.181.67:443 beacons2.gvt2.com udp
GB 13.224.222.61:443 www.geeksforgeeks.org tcp
GB 13.224.222.61:443 www.geeksforgeeks.org tcp
GB 142.250.200.14:443 www.youtube.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 151.101.130.137:443 code.jquery.com tcp
GB 13.224.245.16:443 cdnads.geeksforgeeks.org tcp
SE 23.34.232.193:443 ads.pubmatic.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
NL 23.62.61.97:443 ipv6.6sc.co tcp
GB 18.165.242.118:443 media.geeksforgeeks.org tcp
GB 18.165.242.118:443 media.geeksforgeeks.org tcp
GB 18.165.242.118:443 media.geeksforgeeks.org tcp
GB 18.165.242.118:443 media.geeksforgeeks.org tcp
GB 18.165.242.118:443 media.geeksforgeeks.org tcp
GB 18.165.242.118:443 media.geeksforgeeks.org tcp
US 34.120.133.55:443 api.rlcdn.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
IE 52.50.240.62:443 id.crwdcntrl.net tcp
US 15.197.193.217:443 match.adsrvr.org tcp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 44.242.72.120:443 util.geeksforgeeks.org tcp
US 216.239.38.181:443 analytics.google.com tcp
GB 64.233.167.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 118.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 62.240.50.52.in-addr.arpa udp
US 8.8.8.8:53 162.139.192.54.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
NL 23.62.61.89:443 b.6sc.co tcp
NL 185.64.189.226:443 t.pubmatic.com tcp
GB 142.250.187.238:443 www.youtube.com udp
SE 23.34.233.243:443 tg1.aniview.com tcp
IE 209.85.203.84:443 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp
GB 18.245.187.26:443 utilapi.geeksforgeeks.org tcp
US 34.216.46.211:443 gfgutil.geeksforgeeks.org tcp
US 172.240.45.75:443 track1.aniview.com tcp
SE 2.21.96.27:443 feed.avplayer.com tcp
GB 2.20.12.70:443 content1.avplayer.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 70.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 211.46.216.34.in-addr.arpa udp
US 8.8.8.8:53 75.45.240.172.in-addr.arpa udp
GB 2.20.12.70:443 content1.avplayer.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com udp
GB 142.250.187.196:443 www.google.com udp
DE 52.59.140.176:443 btlr.sharethrough.com tcp
DE 52.59.140.176:443 btlr.sharethrough.com tcp
DE 52.59.140.176:443 btlr.sharethrough.com tcp
DE 52.59.140.176:443 btlr.sharethrough.com tcp
DE 52.59.140.176:443 btlr.sharethrough.com tcp
DE 52.59.140.176:443 btlr.sharethrough.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
US 138.197.53.255:443 exchange.kueezrtb.com tcp
US 138.197.53.255:443 exchange.kueezrtb.com tcp
US 138.197.53.255:443 exchange.kueezrtb.com tcp
US 138.197.53.255:443 exchange.kueezrtb.com tcp
US 138.197.53.255:443 exchange.kueezrtb.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 138.197.53.255:443 exchange.kueezrtb.com tcp
US 15.204.46.134:443 pbs.nextmillmedia.com tcp
US 15.204.46.134:443 pbs.nextmillmedia.com tcp
US 15.204.46.134:443 pbs.nextmillmedia.com tcp
US 15.204.46.134:443 pbs.nextmillmedia.com tcp
US 15.204.46.134:443 pbs.nextmillmedia.com tcp
US 15.204.46.134:443 pbs.nextmillmedia.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
IE 54.75.250.161:443 hb.minutemedia-prebid.com tcp
US 143.244.153.245:443 exchange.cootlogix.com tcp
US 143.244.153.245:443 exchange.cootlogix.com tcp
US 143.244.153.245:443 exchange.cootlogix.com tcp
US 143.244.153.245:443 exchange.cootlogix.com tcp
US 143.244.153.245:443 exchange.cootlogix.com tcp
US 143.244.153.245:443 exchange.cootlogix.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
BE 23.55.97.75:443 a.teads.tv tcp
IE 54.77.16.92:443 ads.servenobid.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 143.244.153.245:443 exchange.cootlogix.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 75.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 92.16.77.54.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 245.153.244.143.in-addr.arpa udp
US 8.8.8.8:53 134.46.204.15.in-addr.arpa udp
US 54.84.92.154:443 report2.hb.brainlyads.com tcp
US 54.84.92.154:443 report2.hb.brainlyads.com tcp
US 54.84.92.154:443 report2.hb.brainlyads.com tcp
US 54.84.92.154:443 report2.hb.brainlyads.com tcp
US 54.84.92.154:443 report2.hb.brainlyads.com tcp
US 54.84.92.154:443 report2.hb.brainlyads.com tcp
GB 18.245.250.165:443 aax.amazon-adsystem.com tcp
GB 52.84.90.99:443 adapi.geeksforgeeks.org tcp
GB 172.217.169.65:443 cdf4176312bd1ef46d3bfc2b4cb033aa.safeframe.googlesyndication.com tcp
GB 52.84.90.99:443 adapi.geeksforgeeks.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
IE 176.34.246.126:443 fw.adsafeprotected.com tcp
US 216.239.38.181:443 analytics.google.com udp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
GB 52.84.90.27:443 static.adsafeprotected.com tcp
GB 52.84.90.27:443 static.adsafeprotected.com tcp
BE 104.68.68.28:443 servedby.flashtalking.com tcp
US 34.231.50.241:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 tg.socdm.com udp
SE 23.34.232.19:443 cs.media.net tcp
NL 35.214.168.80:443 gtrace.mediago.io tcp
US 23.219.36.232:443 analytics.pangle-ads.com tcp
JP 124.146.153.168:443 tg.socdm.com tcp
US 35.186.193.173:443 gcm.ctnsnet.com tcp
US 20.253.0.30:443 sync.inmobi.com tcp
IE 63.33.111.171:443 ads.yieldmo.com tcp
US 34.107.214.50:443 sm1.selectmedia.asia tcp
GB 18.245.143.113:443 ajs-assets.ftstatic.com tcp
US 8.8.8.8:53 171.111.33.63.in-addr.arpa udp
US 8.8.8.8:53 19.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 241.50.231.34.in-addr.arpa udp
US 8.8.8.8:53 232.36.219.23.in-addr.arpa udp
US 8.8.8.8:53 30.0.253.20.in-addr.arpa udp
US 8.8.8.8:53 50.214.107.34.in-addr.arpa udp
JP 124.146.153.168:443 tg.socdm.com tcp
US 34.107.214.50:443 sm1.selectmedia.asia udp
US 34.117.33.6:443 track-selectmedia.com tcp
NL 45.133.44.4:443 player.adtelligent.com tcp
NL 45.133.44.4:443 player.adtelligent.com tcp
GB 13.224.245.96:443 agen-assets.ftstatic.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 45.133.44.3:443 player.adtelligent.com tcp
GB 185.83.69.58:443 sghb.hb.selectmedia.asia tcp
GB 185.83.69.58:443 sghb.hb.selectmedia.asia tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
US 104.22.75.216:443 btloader.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
BE 23.55.96.51:443 stat.flashtalking.com tcp
BE 23.55.96.51:443 stat.flashtalking.com tcp
GB 108.156.39.4:443 choices.truste.com tcp
US 34.193.46.78:443 b.videoamp.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
IE 54.194.44.12:443 ad.360yield.com tcp
US 185.184.10.30:443 prebid-us.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
IE 52.48.156.69:443 ap.lijit.com tcp
IE 52.48.156.69:443 ap.lijit.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
IE 34.252.32.189:443 bcp.crwdcntrl.net tcp
GB 3.11.159.224:443 ad-events.flashtalking.com tcp
BE 23.55.96.51:443 stat.flashtalking.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
GB 18.244.140.22:443 choices.trustarc.com tcp
GB 18.244.140.22:443 choices.trustarc.com tcp
BE 23.55.96.51:443 stat.flashtalking.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
US 151.101.193.108:443 acdn.adnxs.com tcp
GB 108.156.39.36:443 public.servenobid.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 35.244.159.8:443 geeksforgeeks-d.openx.net tcp
BE 23.55.98.169:443 eus.rubiconproject.com tcp
US 161.35.0.145:443 sync.kueezrtb.com tcp
US 35.244.159.8:443 geeksforgeeks-d.openx.net udp
US 159.89.50.93:443 sync.cootlogix.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 159.89.50.93:443 sync.cootlogix.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 51.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 4.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 12.44.194.54.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 69.156.48.52.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 78.46.193.34.in-addr.arpa udp
US 8.8.8.8:53 30.10.184.185.in-addr.arpa udp
US 8.8.8.8:53 189.32.252.34.in-addr.arpa udp
US 8.8.8.8:53 224.159.11.3.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 22.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 210.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 108.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 36.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 104.22.4.69:443 a.ad.gt tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 162.19.138.82:443 id5-sync.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
IE 54.76.184.198:443 g2.gumgum.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
IE 18.200.219.243:443 pr-bh.ybp.yahoo.com tcp
US 52.86.229.235:443 sync.srv.stackadapt.com tcp
NL 89.149.192.245:443 ssbsync.smartadserver.com tcp
GB 2.20.12.70:443 player.aniview.com tcp
US 8.8.8.8:53 243.219.200.18.in-addr.arpa udp
US 8.8.8.8:53 245.192.149.89.in-addr.arpa udp
BE 23.60.223.190:443 secure-assets.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 172.240.45.75:443 track1.aniview.com udp
US 172.240.45.81:443 go1.aniview.com tcp
US 44.196.209.172:443 cs-server-s2s.yellowblue.io tcp
US 104.18.42.227:443 cdn.dxkulture.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
IE 52.49.200.26:443 ce.lijit.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 3.230.24.182:443 ssp.disqus.com tcp
US 52.86.229.235:443 sync.srv.stackadapt.com tcp
SE 23.34.232.19:443 hbx.media.net tcp
DE 54.93.42.69:443 match.sharethrough.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 2.20.12.70:443 player.aniview.com udp
NL 46.228.164.11:443 ad.turn.com tcp
US 52.86.229.235:443 sync.srv.stackadapt.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 34.193.171.116:443 pxl.iqm.com tcp
NL 64.158.223.140:443 equativ-match.dotomi.com tcp
US 54.160.38.67:443 sync.ipredictive.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 70.42.32.255:443 b1sync.zemanta.com tcp
DK 37.157.2.228:443 c1.adform.net tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 69.42.93.54.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 140.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 116.171.193.34.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 255.32.42.70.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
FR 217.182.178.233:443 rtb-csync.smartadserver.com tcp
FR 217.182.178.233:443 rtb-csync.smartadserver.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
FR 51.68.39.188:443 dsp.nrich.ai tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 35.208.249.213:443 trace.mediago.io tcp
US 44.198.92.90:443 i.liadm.com tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
GB 216.58.204.70:443 s0.2mdn.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 70.42.32.255:443 b1sync.zemanta.com tcp
IE 52.49.131.125:443 match.prod.bidr.io tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.204.74.118:443 um.simpli.fi tcp
NL 89.207.16.201:443 triplelift-match.dotomi.com tcp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
GB 108.156.39.69:443 s.ad.smaato.net tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 69.173.146.5:443 pixel-us-east.rubiconproject.com tcp
US 52.206.64.221:443 aorta.clickagy.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
GB 143.204.176.129:443 sync.serverbid.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
IE 34.240.242.158:443 pm.w55c.net tcp
US 216.200.232.253:443 sync.mathtag.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
US 23.20.216.210:443 rtb.adentifi.com tcp
US 8.8.8.8:53 69.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 144.224.220.67.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 5.146.173.69.in-addr.arpa udp
US 8.8.8.8:53 221.64.206.52.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 129.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
GB 87.248.114.11:443 pbs.yahoo.com tcp
US 18.215.33.97:443 event.hgrtb.com tcp
NL 35.214.129.203:443 csync.loopme.me tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 69.166.1.66:443 sync.go.sonobi.com tcp
US 34.96.71.22:443 s.company-target.com tcp
SE 23.34.232.19:443 hbx.media.net udp
PL 216.58.215.99:443 csi.gstatic.com tcp
GB 216.58.204.70:443 s0.2mdn.net udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
US 45.55.126.71:443 ads.dxkulture.com tcp
NL 188.42.34.64:443 ads.betweendigital.com tcp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 99.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 71.126.55.45.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
PL 216.58.215.99:443 csi.gstatic.com udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 35.244.174.68:443 idsync.rlcdn.com udp
NL 185.89.210.122:443 secure.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 34.160.164.47:443 ugprod.geeksforgeeks.org tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 52.33.222.107:443 shavar.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net udp
N/A 127.0.0.1:51841 tcp
N/A 127.0.0.1:51847 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:53234 tcp
AT 86.59.119.83:443 tcp
AT 86.59.21.38:443 tcp
FR 91.121.84.137:4051 tcp
CA 192.160.102.164:9001 tcp
FR 212.47.237.95:9001 tcp
DE 193.23.244.244:443 tcp
DE 178.63.43.153:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:9050 tcp
GB 95.101.143.182:443 tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
AU 40.79.173.40:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 40.173.79.40.in-addr.arpa udp

Files

memory/4880-0-0x0000000000BC0000-0x0000000000BEA000-memory.dmp

\??\pipe\crashpad_2068_HWSSIBYIPLWNEXQH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f56801392307ff54c003d199ca7eade1
SHA1 5e60c43ff6b8b27ff652ce200fe40ba8ea40c959
SHA256 b9edc0818eb18963a921d48e242d4b03c32a69825b1000ba952d386ced4be78b
SHA512 c6755daefda08af396289d13c8a8ec1772d684aaf58df2357ee4f1efc3c2ac34a40b53bc2702bef527edd75b3d0e5757756cca9a1742c7a6346929cd86369580

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9392592c43ed0681023ef75a3103cebe
SHA1 c8955c0719a4799b19cdb693fb3c76c22ff31c77
SHA256 edb9d1fbb3bbcfe25dcd40a0d66245537b6c85a13907a786454b2aec3a152cf3
SHA512 7a6856a8e0d6d75bc3e88b7b531a826069ac0bfa3ef030eecb31b1d6df20d03d7b125db925b426dfaf4836fd53071e44f3e7c22c990ebe4aaccd342a7429c6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67f2122ec028390de489aea3aaf4b05f
SHA1 2a7e39aae0ce3945b6559465621949b9b86eaed8
SHA256 c70a582bac7f8ec5e3b8c66a1c7f2820e0bf874681a08a076468ebb9e21d257f
SHA512 a61ca9eb054e9eac653ddc6d5c2100700a47105bc740137dead01dbfd9326bc0146da193bb6d9203c4c4ba462ad3e62dfa09c9f948bf241714a538b8ff864936

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e27b61596491badcbd5f92c5061dc4c6
SHA1 e166906eed55cbc3f4e77ef769ba583b9efd69e3
SHA256 dc09a6126766f97b09d3fbd146a9aa1861bc21cc8468238f1042012b96d0e907
SHA512 cf6d5a23d8021b3437f3ba6503d04ad8da9b8aa27476e363e4dd42c5d48d1cfd2ef6e907e1735140ab79895aa4849eb0df46552288ba913c27d83be1bc4cee47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 adf359f20965c369fb2dcb46a178d18a
SHA1 5cb426416da5aa68d20182f44f4c0457200d0f0f
SHA256 7041e4a7c7d6f0ce38bbd9be76947311719e4337e5cb81c7ff339038780d448b
SHA512 a52cb3a0db028d9d1eb63b3688b472a28a272acd9ea7980d88256a2902aa6bf563aa8508385bf892bc055386a91873ab7fa71208eb6511909befbb8a19e88162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 221bcd46e46cd4d5ad7b8487ed2f8d58
SHA1 1d17a8bf900efb25af3e166ec64015f0c2514207
SHA256 dc2092530b124b4a285cfeeb7f383a08973ff57fc0769cc59c72d60bb2a71c0c
SHA512 c079ece5153ece6d0b800d84b508e8a4df9c8128a8c21759a9da3d0957789ac04fdd29d76ca3e619cb631b6905a0f29a92fb4a3aeac7c881c65da6d75bc8cb92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2068_635250305\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2068_1469774728\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2068_1469774728\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25277bf05f02e9a28a8034784103b5fe
SHA1 f17de3c0823ca90b21a18b851bea7ae2f82e22bf
SHA256 9429ba8a8a1a78e1bbff2136554040e7ffb11f4176ddf1f9f104ecd7ac21ec56
SHA512 e1ab287d79e9d10512394398592d1a00523c70159382a2f2cf3e707af52f4f7a5760568635eb3613ecb8c87c9a7038797e0a096e5927c22ba4972525ce0af4a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a0c938323dce284463c22516cb6731aa
SHA1 d9dc4fc336715d6db55c64f5042b4a5808bc54be
SHA256 e09713034357cc48a58388238bafa4a0c457bb80b9df30970c08dd6a6bc30975
SHA512 6ef65a71f1d4a5c92faf16e1543bfa6b69c25d7200b69005edc1277bacfe51e07f57b7ec400203a1627b769f38977b00a0d4264004c85e8769ba02610a1842b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5bc9c307aa87431055b740c4c6ca000e
SHA1 41f4368eb311b951ff5653ea9df9eca0a8e81116
SHA256 073367882eab23bcd86b87fda6adcdcf69bb1f4216e297c6eb0d53d29876ae81
SHA512 08f67058f108dfba5a30c266d1afe8385fd0f86314f642ce110e3e36b0c8fdfeae815cef03ffcc81999801ed556d1a03ccaa36bebb00f0f041141331e0a019a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f1dd7c1bf76277a9bde74d1ac5c44b56
SHA1 c1965c77de9970a59427bd6fb97413c4f8db92fa
SHA256 a4233a9ee09d9b0e14a8459057152a11a16fd3e26e9c0c14ab2cb57f1138bf33
SHA512 2a7dc07264c1b8670ab00d641020b4da1f7c10b8c7c504e1eef7875d9a9f763e13d1dfe19479942a8a8d6b4d8ad7f173a6cac29ada2a3cc428b764fc1b5ab67e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bb51.TMP

MD5 a5053e7a5b5a47decabd176435ae467b
SHA1 e1a8bb784ff101dbc1a97979d5caa0fb91357704
SHA256 b5c7f4f3c54a457851da488f69b663bc5d07953bca932ba8f502572065c6059a
SHA512 2875cd4b7a8eff807275e519d3c0c9c8dab664a389ac04ed3ef1984cc29076da2f8c117ae0360b76d8204de73cc25a8ed6d9c917dc146f3ca112edd416c803da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 74d226a5b1356be060d3fcc229073b99
SHA1 b5e5f30f8c45fd6e66f43fee093b3887b0ba9f0d
SHA256 a7898bedcfe7012bde291f43b6c435c5826105dad9cf0454f6f9a3f1dc6b2c29
SHA512 3647d1ae994b8d494df1ba714364c0e49c9475f262946f4b34d1eab9afc09c7bc2029ea870cf7c5f4402d14973e65c4c568c5c1d9dc1879c9f110bdad31ba226

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266d7f94-c8fa-42b5-b98c-dff1e4578dca\index-dir\the-real-index~RFe580105.TMP

MD5 5a0945489c8f6ea10e4034437e91ac54
SHA1 dfecc07852cc3b7ca118d1de0a4dafaeaa42af37
SHA256 5847e5cdcc16b2d607f7c1049055c6bb2bccc06d871ec12db131b7ebecb33c78
SHA512 1289bef010014f1b7025f57c150f611b6e7c914241be190c737205abe29aa80902a8aaa8f5258a87b8aa581d1d18956043583556513ccaf1a671afa594ac7e8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266d7f94-c8fa-42b5-b98c-dff1e4578dca\index-dir\the-real-index

MD5 81efd07d1107e20dc734786848f50bb3
SHA1 eaa8482112c8e5ef3060f11f1452d648cb167176
SHA256 82407c4dd3e23a622624ca68fba9dd4a161e603d1085da1063cf4c5f3f26a78a
SHA512 1ef773d09dca57b081cce42c7722382098d4dcf8c2c3e3cfb6004eed91300b9c2743a7f6479fd92b3cfe3b6721ff6fb6056d138e1984ca5bb5bc699de1dfbeca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 668a3d37936dfa259e659c7b46aceb3d
SHA1 bec1b6bad5d96869e41d515effc8b9b0d7b97ecf
SHA256 1a0f86c2965128a41c7ac826a509421074cf5129e12e804be6a888da701bb476
SHA512 7a0cd3896c4c6e6fc6151410638e30530139931f65951ba7d5c5c50bd68fa248d4afa9a53072882f64fe50dc001cc5c851f7664fc04ca77f1ac0cd0c63aef528

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266d7f94-c8fa-42b5-b98c-dff1e4578dca\index-dir\the-real-index

MD5 29b0473763307579695835ef0fbffe4e
SHA1 d14b97e9a973b3d9b9277fb72eb80000e6a0d55b
SHA256 fcc7b03bad5977ba72472a33d871ec5c385516fff9d7e7016f166390fce72f91
SHA512 b74f3c18038f8e2df9899e0a17aeec26e2d9aedce766dc918d5609fa0a8307dc2e5b2f683c479d6f0383db7fc680f553d856c5161e62ffebe59dc6fc38b519de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eb65a4e7-e3d3-4c38-81b1-5a7686fdd0aa.tmp

MD5 c172180ed2767749490e3dceb01384a6
SHA1 c1d8f1dc4745d8fae6d03bbbabeb26553be85b97
SHA256 da9d7b56f5702d093318df716ee8f2e39de62a1f4831d90390cfe6690f8093d5
SHA512 208087d9d1b042c2f2b149bde8bfc8380d925032c7ad284962fd994f724f25c701356806607903d550413e53ab889741179bfb5293eda3e22b61eb542a0ee282

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a63d0e0982b9c4e5fa2b125f061354e2
SHA1 3a7d9f5885b6df63e27b24b35a81099e53b188d4
SHA256 efaef8b9aedb4622075a8ff9fca671f8ce27c602d2d5251073f1359d9211f6e2
SHA512 4f5473e9549f3f21bd02a160234de4a9bcf0fabdce97c58012c490512df05acdca0910864d5835bc9d3d3503fc621c15d572edb528b5ada8a155e8c93a067e2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f7a12ac0667be958f2e40a12a1987ecc
SHA1 f03affd5b7e6b60af18ecf74e84edf03d2e152d3
SHA256 ed4de2956ee226e3a78045929949b9a6543fda45a1f858288b83c649b5b29a75
SHA512 f3103625e958dd5ad47a8c1797d25704d0c138f9abcfa9acb45ce120fdef0900f1b5d40602c14bcbed10d6278f451e987a5d12ec75e08c3efda779fdb20f1466

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2508ea604c213fd8f7150d5ca8eab419
SHA1 4511f7b5ebb3fd3ed08711a655b076590a7e676c
SHA256 bd422b7f0121ca8caf50a4c5cb1dd28aefa8d63a26847924df78f97c9d807d8e
SHA512 e9ae27ef826cb7325c39a30247aa7df34c0e806b7da95ebd6da895921c51ff507c3b491d6d9e7430e3b51d045c8c5c0dabf4229dcae57bc1fe51f8d28a8723df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 c71e661f482d2a7bfc565060281b324f
SHA1 4f66536e4d59091e4ce33e84207965c51330ecbb
SHA256 60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932
SHA512 7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 389bc2bf98582752a4b510949998b379
SHA1 22d770c03a3dc8f2d09a185cb54cc12539a8d5a4
SHA256 a19c339bbf0a2c72fd8a8649199a72738ba8e76592d1346d55d0caee436fd391
SHA512 164c3ae54ffd18dbdb692480ae3e028bfcfc39bf762416dab64ba6991dd40250344ad36c0c15f73074609fe0072ca770642697a666f27397d95594f843904477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 12db4747c919800260d71579c658c235
SHA1 62cd7b4d1646452e4fcf800e5c726785fb3eafbf
SHA256 1db7e1a8992d246c5f8f45ac7bdede320af040b05933ea88452b2363e7cffa5c
SHA512 cb7cb75b01d6eb46741c083de628a3a378b5a8f1c93c89fe2249fa37c37fed7f1060799a354754b365cb53da74ac270fa9e586967ea9dbb44a2bb9d9ec4d01cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 127b7a9f7009939d0ae5dd1a48386985
SHA1 f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac
SHA256 9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962
SHA512 b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 c0637a08f2ba40c56260782d2bb3ace4
SHA1 a2bf4298414a764ff1342b3f48f45b4dc1669a96
SHA256 d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e
SHA512 736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 cd3756106418d9e83a2baff9904ba221
SHA1 4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a
SHA256 57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee
SHA512 5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3e4591c5-34f2-40c5-b207-e82720ccb5c0\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 505cd159cfc240f9d4041ccfe2304d4e
SHA1 fa5aaa96acce58ee2635d178b976ebd2c377926f
SHA256 e52c4165ab5f99b9d8812037def49ee463ef69ff498f486434bf60beeff27c0d
SHA512 15b87927f02200b32b00d06d1740ec2272c3abce40b83c72135f651d3060f742b54843088c7aa1f4f578dfdf7b06f7dbe017239f96ffc1d713d1c409dc577a9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e84b1b9755426586489c76057d0fee5
SHA1 049a7ac6c035b6dd0fc14b2c5a25f96cbd474029
SHA256 aa2ab50d94334d20e47cf756462b6d8bb768ccc646b794117165264ecd33cc1e
SHA512 a2eccc2e1d12dd422214605cf3f0503d1d53a3c9051b8478c3467161a47dcd4dffbfc3f7c73fbf1bcef0d3d68220014c76b324eaff470de9df332a22c56f9b3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2d19a3f6b2e17f34f998556f20e86604
SHA1 957b30aadb2412636999c3152c3d85e826b425f3
SHA256 ad8b78a124fbe1626dce637800da9cdced56428415537b3e23b66ad8aef9c8f1
SHA512 1913cc8e53bd244c60c5d6c0c5ebcb052309fd0648283caa3b662d1fc38d338e7a0ac38eb96e3abba6396840f973fa9026984345fc072c0d767116bfcce1e807

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb6befa9305b3dd852b2d47f4184b8c9
SHA1 f3c20ac44acedc6f47afe2fb33d6ae7eec72daaf
SHA256 b00359db4ea2444bd0aa359ef08c42068a0540edb226aa57450f9108aae53ebc
SHA512 f0d045ff912629f83f3e26e57f1085e9de8ff0e6cb8b9f6af2d1b8dc9e4faf11db186314e24b0434af6acfd6f558c622bf53354db6a500e978f54b80bae4374f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b8b895135a08840a69f9d68e35563d14
SHA1 cdc464555e772e41a3df7a22b04e8be076e352af
SHA256 f2d6021c48bee4bb62e8475fa20a7185e61d0a9b05a3f41a54abf1d95c691747
SHA512 2f20a3d3ed21e2e2e31b5f401907f0a4c18dd8d7402587e5350141446ab8d7917d35b9ad081ac17c944d8214b6cf92043653d4e5a8776a7179e1f1394358838c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a3485c9f3dbaa0b042ceed92c7675da5
SHA1 8e18b7cfcb8f896eaed2602afced15c4dd0ac0db
SHA256 2f8e771d14fffd5b718bdcaf7aafd8319e6b9415f5c107040ee52fc81855c4e5
SHA512 b0f944db6781626ba9c566ea2237cc17f2484b72308daec17fb99d25698f301b20b1c62ab9d13073fa428307afa1de8f34503a14193fb524b772feebbcef0332

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 241379a911bde1dff4e08f2cb521e220
SHA1 d296b9bff172a84febde0d306294d6ce0c63ca1d
SHA256 b0bc11054a6e14544e3ef33a7492f9cd7be99cdf8dd7bf10c6d73f188436e653
SHA512 fe5f999d90254bd50284a349c3a5c9dfc28edb95ffa724f18d28f5a5758df3dea2d596c4e5ea22fa02b26723edcdf7c55057a2e35aa1d347efe7a258a6b761ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 29acbe9123a51dff777c399b93c4aae6
SHA1 5381a0c5bf2dee2b2ee03e624e342eedff732834
SHA256 999510a8eebc7a4b5b397fa15f85ad35569c4fa626db0639093f0db34357aab5
SHA512 08caeebe0787ea9d8e94d52f6e9ab2cc641befe590ace6d2bc243933d0575c74dc9c54ca32415dbd3cfd7f78078d84dbaf131877e3c18052341c6fa7d8d441aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d5bede60e9ded4548e456f45cb55c451
SHA1 cba7d58880596f5df259461bf36a120f19b429a9
SHA256 4762a635229b963e3e2b01222ac0c7f744e676475d5c3b008b428db3ed9126a2
SHA512 0fea30c0ead93c4aa88053790d8d3f42fc03f02470ad4d9c91cfb2eea4a3aad51aca4ffa929fc37368c19415eee6252c9e9c8b5018640cf177b1cbceaae2ab07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abcb207ba2c4bc796dfde3eac71bf0f0
SHA1 6667a02d6c2166e1d5fdd57f8d8187ac82d1b27f
SHA256 ea5c74af73ab15819e167a2d85c9dd108f924246c2829bc37e31122324a0c612
SHA512 a5afbea7b973b85fa5af439c72062515cc0943ce75cd34c93ae2c434870eec486d64039a67a3c983c6d591c25c97be3d71075464609c18180515624c2178c681

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d267db7ab352ddf183f8c54774f169a5
SHA1 70d051853c180062468f0e4e352f0a72259046f4
SHA256 662ad4a910ce761165ac4b4bb9310c37ae1c367f363ae8d5f44b5944a970376d
SHA512 0ddb3d116627d8f7c2834e7f2fbf1bb0b6aa1fe34ce9b9671b7a7ca866b2e3fc5a15411a2547aba34afac95b8bae2f1b6a7089782ddadd125c16b4edcb5bb802

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

MD5 d5d7675604340f99633218bbe4793104
SHA1 ca1df39b7a903dbb856a555db75770f6222e7dce
SHA256 f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6
SHA512 bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 54476cef20aa3e041c5b14de32a5ab6a
SHA1 032a1be25a46f795208b0365455d34e1e3b17760
SHA256 189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c
SHA512 0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bac79a2ba1c9df6e13b75030c9fb1cc7
SHA1 72974da8f84cdb1bbc7f7e98f4f2111b76f1c81a
SHA256 cd12df65fe297cbf3f9c1ea0673cdb4367e2a2b84884072f1abd8e43538aef3d
SHA512 d540b627bdb14cacea615fbab17c328c35af82d63507257bc9b860294b7e314e2252888a16dc0821bac4bae14e787fc5fd4f8dadd686c4dbb697884643d3a1ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cca6186d69a65cfa64ccc2d638f89d42
SHA1 11c8e48165c4e82556ca5c184bbed40f043c1faa
SHA256 c83588c0352316aa9ce9a9d956dc92eaa4309fe696983e67ef9d5a7e45bf0c1c
SHA512 7695d543511cdfdbaa7a2ede44808c7cc106c02c36a7a9caafe326e7771c0bebc51133f8e8075609ffc5f4c95787a8b4fa112398b1cce538e425decdb7d9da70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ca0c22b7dbbc72b_0

MD5 9228aa177864bde586bcbc082668c59b
SHA1 1fa099dc489ee8a961706782eaba3ae8d56a3e8b
SHA256 bc1b7ccb62a5209f921eb27b2d2a669a54dc745bd6b3239ec358112e03163d63
SHA512 f64cab5c3939f2dbe41363f8e4c64fd24e97c9311e3d2bc5cfe0e9d28c3ed73cc3f78c884239883c55fbe2333e6ca872a7252fa7abad27ff6446b5e9d74781ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5dd0ad6188a1b357_0

MD5 f2324664f7fda13eacb506e19c1242b6
SHA1 0086fb7eadff637b04f78b06c1c89c80c988ace3
SHA256 d972a68bfdfcd771b288a4d101598fdb5a21b0b9723d8329e3a9f30bb442ce5d
SHA512 007ef23de4d42dad22c559896dd1ddff8676f05b3438acbea0b4d6f8ee2a5f9fa8f6c4406ad83fcf061286f96ebfa47728782ed3fb2f0a1c30c39650b848701e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

MD5 a9583d5b156d952eb5c4f80519f6ddb4
SHA1 e68bb6ce23a2b8bb7a0afb4fa825ef73ac707d90
SHA256 3c82a6677dbf0b3bb2c531a89e29060e46c5fd3face7a8e0c304cb74e0240496
SHA512 acefc1cb75932aa386cc3fb9c0f406111a36d30c9d390d3463243626af1121555bccd248fd8999ad3d538de254b8475aff1cebcd80b98afd798403a5d5754308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5be3746e37be949e_0

MD5 201bdadaf4ade7a28066373a89e0e2e2
SHA1 dfcaee8088cd073784e5fa4fcd3f01fd5df4a3bf
SHA256 640290e747dcccfc186fbcbb36a63cc29a222dabe288bd068926d360b30a6075
SHA512 a9316c85129ced262640bee6b90c8d9972d118d73f26ff13a59914ddd5db8d832dc936a0588d306b72cb775e81ab457b7f058600d957435316050a05bcc972ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dfabe3d5fda3cc34_0

MD5 80ffe9b495e01fe5d5ac67530b6d2241
SHA1 471169744efc5d3b8d540c8a2121f89829ff4a72
SHA256 4a7c3a38baa4992042af552651c2a6572b4dae4050a34cb54456a0b80ce868e9
SHA512 d932cf12630a6722129e73e81bd4d803e8ee83c38540a62d26939578c644bf2841e27b3c1468986018663917608cef98595f889b707efbfae4013ce5e11cd767

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 13fc88ca06a64ba4430808d495214760
SHA1 366893a99466ff31fab02cd96f9e734e32f3b0dd
SHA256 489813904fc3d8affb416e3a3db1a9b155a7774ad01628ae29942f266d7bbec1
SHA512 e95055c1ca36c60449f51344a5e317509bbc6ab7604f93e6974e5e90239bb6bd3e20d1c739365952df5e4576e377bcdd77c06a41d61fd34688120db5a58d01e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a47efc500751308dace01fcb7178e4d8
SHA1 78946af04a4ec8af7479bb17c700a7a792efa6aa
SHA256 594d2cf45880b1ac92c1e244b749593c4cb70f724f6a9477f68382a1b07fd538
SHA512 60f081f24afdf0929d9ab62e5ea4980f221fc6ecbfe4cbb71778e3783ab58b8e0f8ff271f856c25cb953ad56716b78cef27de4800226bdc988eca0d5f6797950

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

MD5 ecd27289107e92f7428ea52f4a42602b
SHA1 e8463e01d0ceeedd7aa852ce8ec5efc718a40c1a
SHA256 8406f3cf10fda60f554ffd9a2840c27e9413ce0fe617f8ac7e3f2819e205de83
SHA512 d748721fba3084074fd3836c96d1deeb866f680d5fb4d8f566bfef4c3831b674e18f8b461d694626f1198769d8b19976b2c3a7f13c528fd150841bcef0fdf092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02ab0699e7868247dd21970c382052dc
SHA1 e3f4f32d1fd2a0d913e5908302aec599cc4c037e
SHA256 b8de4d24c0048ed18b53568d58b5f0c9ae25a7c931c2736b51c05a12392ec30a
SHA512 8c231f7d16c617d0228edb0a76efa3b07ca3d70d5a4b2f96b056eb5c68ca9447fe4e3e815803d5a186c02d4fab46d5d6c2bba1c76de237c311fd5d93185a20dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\87cc7470-0f52-4ed2-952c-7372b8b8f76d.tmp

MD5 5518411155ae0cfa93ba318412e85be4
SHA1 8062262ee48b5d6e3a51534813746574d252b532
SHA256 6a5b1b4cabacc60b2acfd98794ec22347b21feb4cbbe470d47f575048c2b9f7f
SHA512 cbd9ff54a135fdff05fac68de6733ea42fcb84278933022c00a624d8e580533ebe76914e3a42561371a095095bc04e1fee1f457786614fbf9b8af2880618d4d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 02ced2545d3025888b68a8dd546d40d9
SHA1 8ee767792c868ba06e709461cbe8fe4a0803b357
SHA256 506ad9e4116532ed83476dfefc3c3e2c767c836ac2bd3a78ad96a3fea17c3da4
SHA512 49903e841f3835ab1b5344466524a7c0a0d7c8aec3f04e387e58d587816cbe01725caabd47caf9d2f01a899826c0f02bf4c5ae95e7e0e57606cb5c7429b35d01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe597872.TMP

MD5 039b8c434f93fb84db76783821f2f745
SHA1 ca3f3efba543ee86a70a7d3cf2db5d67249e92cc
SHA256 4863d8784a8d4964801ea85ff64e62de6dc53807ef8dbeaa6edff94f51bcd4c8
SHA512 f8e39aa77adfc349848d603d160c1042c8e004cecff0cffd6ce7370eca41c5f860b2eba1dec7f225537822e7b139e4a0e4ff8476d1a0af416ddc48cc7dc87e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab378a65880a602c06e669962472ce5c
SHA1 f0f272518f92bdc18034d270f1930f3c2eb903d0
SHA256 8126856289cccb546fc2d3c5d7d4afb125f127cff3117a5320a7a54d66cec38d
SHA512 3048cedf107359c7a7734718b7d569b115180423bd7dc4442b33efffbe7052b1a4d749123348b095382b302f6cc9ecaa8f8efff2d03d879e21140507da978aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_cdf4176312bd1ef46d3bfc2b4cb033aa.safeframe.googlesyndication.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 b9ab0e963b6a5723f9cc97d4a5f0a71e
SHA1 4144bc4f03e0fc112e4f1c168775dae9164bc114
SHA256 125def3b53537d25b1483338532173bc2e15da23ebd3b2ddb4f76958ffb16627
SHA512 10841dca997d4594ed1567eee83cd9af38a2cf49604fb8368ca99df9a28af404158d84bb780ab171f47641f928e1383466d6f5486c9a7835c6d0277cf4c03dd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07fb86faf2707ac8c2610bb22013e213
SHA1 b4b388a85ed2a187b2551ecf5f7f1cddba1c7386
SHA256 e29d7df2def0285890393f9862c9366fabace936ca0fab33c8c7c885f484efcb
SHA512 c33afc306da404dacafe3093f47d60b1b8cba2fa32e9502df8a54a924969c51e680be62f3cf0b03d53562a3337eda47f0dc1640725afee8e1d8a344c46e6bafe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 047598e7f33162c931d16e05ebfbb6ea
SHA1 a1f5ea8705bbdef6980dd6fce326f08a286710b4
SHA256 969044663be141d5de277b31271c85887bd22481ccc7dd64377937b41e3747a2
SHA512 50eb5157b9719408a26d482810b441184d7d12f0e72e129fe6af0a29462e82da28cbdbba8b3fe885fb99e8522c5d68c4f3ee92d02c67e58a75c57ca91a557fdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cecd54bc0b33ad4b551c63c5c2d6a868
SHA1 e1bf3d1189fbdb54d2d00028febf1d58cf32eccd
SHA256 996f1ee1d18c0f2e876e7d90773d7cbb25dce3d6a41879d71c80df959e63f3cd
SHA512 bc35e2e03a4daefa500749e221696f18b45c1116605bbcb3114fbe5d6274ad869268a34f6b9ebc2b8f6ef577e88ee6467bba91f3f9f8a7a0cc3c0822bff2495a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46c2eedeae2563e4d34f122bb4622068
SHA1 d996f9e694878ec3f36a907ef01c9d4b40ea44ba
SHA256 9f77b13c2b62ac41fe117adee41d652dc6bb3b28ca800862cc60429231fb1be2
SHA512 0e44b64b0d5dfda806c5f8a3f80afc80fbd21d5b0318af5dedda8ea812c5b208daa714718d41c6213502b4efe221faf8e4a19f6266ce058ae2037c7ffbdcd7fe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip.crdownload

MD5 017f199a7a5f1e090e10bbd3e9c885ca
SHA1 4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05
SHA256 761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f
SHA512 76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ef3bb2400a60df6bcedb1170f571467
SHA1 a3051f208744444096bc9848e3a1ba8a0b8c0c72
SHA256 b7899c07d6c6873baddc4d4a9121b97c16281da6f2c7f2726529ae801b3cefb8
SHA512 247f2a07d89def6af897a699c93be9617690bdacf0840e49f01c8597e1f14d8a6235952f0d3eb1c39d31a1c5b3d5f598b7be6382d7b259375711b1493ce617a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4219500d55c19dbec485df6512130b6d
SHA1 01bf8515b76a80dd620fbfa80e5fe7c6d3f296db
SHA256 c956f296d81878c6f6274913ba1502a3817c8d21d522d84269fc19fa2558e1f9
SHA512 5c710d3d38507b1ac2d3f80a030d08343cec9cd77d80193733a6c4bf277a7efee39540624daa6dbe292dcac111e7e478b2d106a599756e692cb17945019f7988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d1c8f517d9a05f38600ed96e63df37db
SHA1 3930ff70fd6e941f93084e8b9ac42af1af0e7280
SHA256 6ec32d38509ef6c19079559c62a14a8ded22bcbe2f228a80f0768a511e933303
SHA512 75839e7c9c08f718d414638fa22862ce413e6dbcb98c8a781f5bfc5e2a3dcf1f1420e15ce9e0f3de65b147c0d5cd60f30574e921071bcf6a03f89c21448c6550

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 84508f6e18e3a9572441d06926acc616
SHA1 9021b117c045a8a5c0510a35eeadd2778af84d5e
SHA256 3c47e96eb501201c15ff8a96fa0b0b857041c152eb0f82d54aa9c153b9da5105
SHA512 badcfa8e92a4b81eac395cafad22eec4ef1cf4cc6df239aa68aa1274d9bd2a979961c6ae10054867728d20c7e2b50c366049f3fdf99bf69b481492206c181b04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bbf98efcc6c7789a806bac32c5019b32
SHA1 9955e39a8802f5b05549b70edf45c26e48e862a3
SHA256 a4bcf5a4729f3e0fe156049f0787acbebe28d4111b1d0d3fc42fd30f565085fd
SHA512 59af513618c93e123c018860ae1cb163377e6dad151b149b814a83b1487a529a88e584f33ed51f93108a20b0b1e42f1ab9d8a0090cd56a0730b2c1a1f4ea44f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\activity-stream.discovery_stream.json.tmp

MD5 6543e3060da9df92314c224b3811eabf
SHA1 5a769d0f452588136aa1ce7b22ec1e1bca0c0ec0
SHA256 b2fb226a217de3abb2ba1472b343b04dcf908f0ad158d9ca4217961912030592
SHA512 7426077c36d3746db3a5a357bd724ccd61c58f7aa54dead3dbea556611d185aa63fda2ca58905be4c2a2001aa742fe654fb902f103232eda43a1432054854a0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionstore.jsonlz4

MD5 b8a641f6147775ccbb3ae5388b42fd9a
SHA1 8208e7222e31948b28f100effa33330b204fa329
SHA256 0ce9bb5e1975ddc8f94925d1d895e98026324a87f3acf7614d119205973b1c59
SHA512 28c3db41818e97f9fe7d1af294be585ce0d6cffe91a616504ef37cacb6d69f41ee1084b6a6e83ec9781ddc0b5894487fc6f7c4b18638765b0362e8dc24724f3f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs-1.js

MD5 b045e574c04160d2365a28fcae8564d8
SHA1 5fea1fd0f8c4222420caf32644c670d99fb9a899
SHA256 f76b87e86bfd38c33c07af0768b29d17f676582ded913d8574ab76bef4867689
SHA512 769e5968a194bcd08673fcdc20b70a4b9bb872daa61a82b142910befe5ebee0979de4cd8458770d416d271cebc34b6e62d58a4db99cef35e9ba1a7f4b5a44dfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d4c2fbffd29a993bddb01af58ff783e
SHA1 caf92562166e3bd2135a704cd4f6eb73304ce526
SHA256 af3c76161a089c7f01401085d0a46ba5a482f851ae963237f9efd5d2d2322670
SHA512 61b3f018fc333c615f6d9363687d744dc1ac0ecbf0538bae5d6363f109b8edd044d4d369fa9e0507b38ba9ad8c0a19d7488ca4fbbbf4fa5a5fc54839e4373da2

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/2672-1952-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

MD5 8124a611153cd3aceb85a7ac58eaa25d
SHA1 c1d5cd8774261d810dca9b6a8e478d01cd4995d6
SHA256 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e
SHA512 b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

MD5 d74a6cb10d789a3dfe06f24fcc2f12d7
SHA1 a0e7151d6ddc3ffa8f2daeaef9762d688ca752f4
SHA256 7134c08e21a8664028a00474c0b2a7643533d717874d1392663645ddca9bd028
SHA512 72f8cfed9113129465c0c9bd17efe9ff28a012484057f82716c2d3b1d4c5a52261a44606019cf4e5caf0cdddf8bbbbf9d88aeaf9e39494d2215aee1683f98cbc

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/2844-3154-0x00000000737E0000-0x0000000073862000-memory.dmp

memory/2844-3155-0x0000000073460000-0x000000007367C000-memory.dmp

memory/2844-3157-0x0000000073710000-0x0000000073732000-memory.dmp

memory/2844-3156-0x0000000073680000-0x0000000073702000-memory.dmp

memory/2844-3158-0x0000000000300000-0x00000000005FE000-memory.dmp

memory/2844-3162-0x00000000737E0000-0x0000000073862000-memory.dmp

memory/2844-3166-0x0000000073680000-0x0000000073702000-memory.dmp

memory/2844-3165-0x0000000073710000-0x0000000073732000-memory.dmp

memory/2844-3164-0x0000000073740000-0x000000007375C000-memory.dmp

memory/2844-3163-0x0000000073760000-0x00000000737D7000-memory.dmp

memory/2844-3161-0x0000000000300000-0x00000000005FE000-memory.dmp

memory/2844-3167-0x0000000073460000-0x000000007367C000-memory.dmp

memory/2844-3169-0x0000000000300000-0x00000000005FE000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 48c4fd2809468a672f8e45ce62146a57
SHA1 51df00c1ae164b19ab8f5ebcc5f0757ddfa04fbd
SHA256 b9c26a9fed9cb486b71287acc15e1638d11177abf517e038ba93dc2523459fc1
SHA512 8984c9a671153a54e3d19ea8843298e126add731166950bdc8cfb3c55595cfd3321e83f1618e2f5a0c733a398a323a2a439784b1d85566e34cbcbc897b762e53

memory/2844-3200-0x0000000000300000-0x00000000005FE000-memory.dmp

memory/2844-3206-0x0000000073460000-0x000000007367C000-memory.dmp

memory/2844-3220-0x0000000000300000-0x00000000005FE000-memory.dmp

memory/2844-3226-0x0000000073460000-0x000000007367C000-memory.dmp

memory/5380-3227-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3228-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3229-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3230-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3231-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3232-0x00007FFD80950000-0x00007FFD80960000-memory.dmp

memory/5380-3233-0x00007FFD80950000-0x00007FFD80960000-memory.dmp

memory/2844-3248-0x0000000000300000-0x00000000005FE000-memory.dmp

memory/5380-3291-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3292-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3294-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/5380-3293-0x00007FFD83450000-0x00007FFD83460000-memory.dmp

memory/2844-3297-0x0000000000300000-0x00000000005FE000-memory.dmp

memory/2844-3303-0x0000000073460000-0x000000007367C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6de084790bb2f4e1771f5ddb86786ce9
SHA1 5f1e058133956849b90b934b326a7b4c4e2c6a5c
SHA256 cf126b863cd365835464815491358e7bb88ee138b209b07472342ea18695c99d
SHA512 31c383309e7f84c378b6f11af580dbaadc6401e5f3955de90c6198bdc5319f7a82ca1542b84aeb1fc23671f82f39ab7dc838ec703a2836cde8fde8fa1b55022e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbf21e9b8171fb4955b34c106a0b2de6
SHA1 99372f36c7643d4436abbf557c1b9a819914619a
SHA256 f1f308f759f5b06a79bbed5275ab1c90ef342704621781da92f119f60550f934
SHA512 64a001c6f061253508e9349eb1bd27f934837d7cec0c0cde707ea1d9f249cc36f689cfd0575fdf39db45b861068fa21c987c138fa5af811dc4203d2abaf8d422

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 5249e3d8ee0da53ba8cf01fe25e054b4
SHA1 1008341066b618e41a5567cb85e233e6a1af03f7
SHA256 c47b779963cbed46cdaa036b01cd1c18d2cae049a6550bfcac53d0d4889af04a
SHA512 2841c855b9f420b213ac42d8bc1853e2b373612c70937669e5cc7eccbbc297196cc16f94e9e1629d7d69843eb588621108e2d03162439cf32a7e7a9629008d06