Analysis Overview
SHA256
aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002
Threat Level: Known bad
The file AutoDox.exe was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Loads dropped DLL
Drops startup file
Reads user/profile data of web browsers
Modifies file permissions
Executes dropped EXE
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
Enumerates physical storage devices
Unsigned PE
Modifies data under HKEY_USERS
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Uses Task Scheduler COM API
Modifies registry key
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-03 20:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-03 20:08
Reported
2024-07-03 20:15
Platform
win11-20240508-en
Max time kernel
411s
Max time network
414s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDB6A6.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDB6AD.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obpfgsjmrmyjcf936 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645109520452936" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\.md\ = "md_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\轺䚪ᕰ耀 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{5EEC95E8-24A2-477A-91E2-39527907810F} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\.md | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\轺䚪ᕰ耀\ = "md_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\md_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AutoDox.exe
"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdb38cab58,0x7ffdb38cab68,0x7ffdb38cab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4176 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4060 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4632 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4484 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5476 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=216 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5484 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3380 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5308 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5404 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3252 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2792 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3764 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4352 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4600 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5656 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5928 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5972 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6076 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6376 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6528 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6676 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6064 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7188 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7240 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7504 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7680 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7808 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7152 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8168 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8300 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8460 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8284 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8612 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8868 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8864 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9168 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9316 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9300 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9644 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9424 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9020 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4056 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7028 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1824,i,16844541077201086695,15312469341375111443,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\README.md"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\README.md
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.0.1613674144\1730440253" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1760 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0865e459-cdfb-43ac-b827-552f68d95c03} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 1852 1ad4500d458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.1.1279078182\1130481268" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {084ded13-d49d-45b9-b7dc-41e06d2964f3} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 2440 1ad3838c758 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.2.190899775\246744429" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 3172 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d16b39b6-8c7a-4869-af30-1b143568421c} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 3416 1ad47f6fa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.3.1336601768\1543800764" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c387f04e-5cdf-452f-bd31-1f458d478aba} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 3596 1ad4a8f3158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.4.101749447\1778531474" -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66c97a96-378b-457b-85d1-edfdb8dcee47} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 5168 1ad3837eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.5.21191911\597709242" -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 5372 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00354edf-8c8d-440e-b7e7-0d6d82e756a2} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 5356 1ad4d725358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3248.6.1021049657\1359559573" -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2167aee-5dc4-4894-96d7-425e04ed78fd} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" 5540 1ad4d726258 tab
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 257061720037565.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "obpfgsjmrmyjcf936" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "obpfgsjmrmyjcf936" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\Downloads\LimitStop.potm"
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
"C:\Users\Admin\Downloads\@[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 173.194.183.106:443 | rr5---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.167:443 | rr2---sn-aigl6ney.googlevideo.com | tcp |
| GB | 173.194.183.106:443 | rr5---sn-aigl6nek.googlevideo.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 74.125.175.104:443 | rr3---sn-aigl6nzk.googlevideo.com | udp |
| GB | 74.125.105.137:443 | rr4---sn-aigl6nsr.googlevideo.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 142.251.179.94:443 | id.google.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 142.251.179.94:443 | id.google.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| AE | 142.250.181.67:443 | beacons2.gvt2.com | tcp |
| AE | 142.250.181.67:443 | beacons2.gvt2.com | udp |
| GB | 13.224.222.61:443 | www.geeksforgeeks.org | tcp |
| GB | 13.224.222.61:443 | www.geeksforgeeks.org | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| GB | 13.224.245.16:443 | cdnads.geeksforgeeks.org | tcp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| NL | 23.62.61.97:443 | ipv6.6sc.co | tcp |
| GB | 18.165.242.118:443 | media.geeksforgeeks.org | tcp |
| GB | 18.165.242.118:443 | media.geeksforgeeks.org | tcp |
| GB | 18.165.242.118:443 | media.geeksforgeeks.org | tcp |
| GB | 18.165.242.118:443 | media.geeksforgeeks.org | tcp |
| GB | 18.165.242.118:443 | media.geeksforgeeks.org | tcp |
| GB | 18.165.242.118:443 | media.geeksforgeeks.org | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| IE | 52.50.240.62:443 | id.crwdcntrl.net | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| GB | 54.192.139.162:443 | c.amazon-adsystem.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 44.242.72.120:443 | util.geeksforgeeks.org | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| GB | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 118.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.240.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.139.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| GB | 54.192.139.162:443 | c.amazon-adsystem.com | tcp |
| GB | 52.84.90.106:443 | config.aps.amazon-adsystem.com | tcp |
| NL | 23.62.61.89:443 | b.6sc.co | tcp |
| NL | 185.64.189.226:443 | t.pubmatic.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| SE | 23.34.233.243:443 | tg1.aniview.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 18.245.187.26:443 | utilapi.geeksforgeeks.org | tcp |
| US | 34.216.46.211:443 | gfgutil.geeksforgeeks.org | tcp |
| US | 172.240.45.75:443 | track1.aniview.com | tcp |
| SE | 2.21.96.27:443 | feed.avplayer.com | tcp |
| GB | 2.20.12.70:443 | content1.avplayer.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 70.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.46.216.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.45.240.172.in-addr.arpa | udp |
| GB | 2.20.12.70:443 | content1.avplayer.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 52.59.140.176:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.140.176:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.140.176:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.140.176:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.140.176:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.140.176:443 | btlr.sharethrough.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| US | 138.197.53.255:443 | exchange.kueezrtb.com | tcp |
| US | 138.197.53.255:443 | exchange.kueezrtb.com | tcp |
| US | 138.197.53.255:443 | exchange.kueezrtb.com | tcp |
| US | 138.197.53.255:443 | exchange.kueezrtb.com | tcp |
| US | 138.197.53.255:443 | exchange.kueezrtb.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 138.197.53.255:443 | exchange.kueezrtb.com | tcp |
| US | 15.204.46.134:443 | pbs.nextmillmedia.com | tcp |
| US | 15.204.46.134:443 | pbs.nextmillmedia.com | tcp |
| US | 15.204.46.134:443 | pbs.nextmillmedia.com | tcp |
| US | 15.204.46.134:443 | pbs.nextmillmedia.com | tcp |
| US | 15.204.46.134:443 | pbs.nextmillmedia.com | tcp |
| US | 15.204.46.134:443 | pbs.nextmillmedia.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| IE | 54.75.250.161:443 | hb.minutemedia-prebid.com | tcp |
| US | 143.244.153.245:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.245:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.245:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.245:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.245:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.245:443 | exchange.cootlogix.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| BE | 23.55.97.75:443 | a.teads.tv | tcp |
| IE | 54.77.16.92:443 | ads.servenobid.com | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 143.244.153.245:443 | exchange.cootlogix.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | 75.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.153.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.46.204.15.in-addr.arpa | udp |
| US | 54.84.92.154:443 | report2.hb.brainlyads.com | tcp |
| US | 54.84.92.154:443 | report2.hb.brainlyads.com | tcp |
| US | 54.84.92.154:443 | report2.hb.brainlyads.com | tcp |
| US | 54.84.92.154:443 | report2.hb.brainlyads.com | tcp |
| US | 54.84.92.154:443 | report2.hb.brainlyads.com | tcp |
| US | 54.84.92.154:443 | report2.hb.brainlyads.com | tcp |
| GB | 18.245.250.165:443 | aax.amazon-adsystem.com | tcp |
| GB | 52.84.90.99:443 | adapi.geeksforgeeks.org | tcp |
| GB | 172.217.169.65:443 | cdf4176312bd1ef46d3bfc2b4cb033aa.safeframe.googlesyndication.com | tcp |
| GB | 52.84.90.99:443 | adapi.geeksforgeeks.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| IE | 176.34.246.126:443 | fw.adsafeprotected.com | tcp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| GB | 52.84.90.27:443 | static.adsafeprotected.com | tcp |
| GB | 52.84.90.27:443 | static.adsafeprotected.com | tcp |
| BE | 104.68.68.28:443 | servedby.flashtalking.com | tcp |
| US | 34.231.50.241:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| SE | 23.34.232.19:443 | cs.media.net | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| US | 23.219.36.232:443 | analytics.pangle-ads.com | tcp |
| JP | 124.146.153.168:443 | tg.socdm.com | tcp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | tcp |
| US | 20.253.0.30:443 | sync.inmobi.com | tcp |
| IE | 63.33.111.171:443 | ads.yieldmo.com | tcp |
| US | 34.107.214.50:443 | sm1.selectmedia.asia | tcp |
| GB | 18.245.143.113:443 | ajs-assets.ftstatic.com | tcp |
| US | 8.8.8.8:53 | 171.111.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.50.231.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.36.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.0.253.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.214.107.34.in-addr.arpa | udp |
| JP | 124.146.153.168:443 | tg.socdm.com | tcp |
| US | 34.107.214.50:443 | sm1.selectmedia.asia | udp |
| US | 34.117.33.6:443 | track-selectmedia.com | tcp |
| NL | 45.133.44.4:443 | player.adtelligent.com | tcp |
| NL | 45.133.44.4:443 | player.adtelligent.com | tcp |
| GB | 13.224.245.96:443 | agen-assets.ftstatic.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| NL | 45.133.44.3:443 | player.adtelligent.com | tcp |
| GB | 185.83.69.58:443 | sghb.hb.selectmedia.asia | tcp |
| GB | 185.83.69.58:443 | sghb.hb.selectmedia.asia | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| BE | 23.55.96.51:443 | stat.flashtalking.com | tcp |
| BE | 23.55.96.51:443 | stat.flashtalking.com | tcp |
| GB | 108.156.39.4:443 | choices.truste.com | tcp |
| US | 34.193.46.78:443 | b.videoamp.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| IE | 54.194.44.12:443 | ad.360yield.com | tcp |
| US | 185.184.10.30:443 | prebid-us.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| IE | 52.48.156.69:443 | ap.lijit.com | tcp |
| IE | 52.48.156.69:443 | ap.lijit.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| IE | 34.252.32.189:443 | bcp.crwdcntrl.net | tcp |
| GB | 3.11.159.224:443 | ad-events.flashtalking.com | tcp |
| BE | 23.55.96.51:443 | stat.flashtalking.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| GB | 18.244.140.22:443 | choices.trustarc.com | tcp |
| GB | 18.244.140.22:443 | choices.trustarc.com | tcp |
| BE | 23.55.96.51:443 | stat.flashtalking.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| NL | 89.207.16.210:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| GB | 108.156.39.36:443 | public.servenobid.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 35.244.159.8:443 | geeksforgeeks-d.openx.net | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 161.35.0.145:443 | sync.kueezrtb.com | tcp |
| US | 35.244.159.8:443 | geeksforgeeks-d.openx.net | udp |
| US | 159.89.50.93:443 | sync.cootlogix.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 159.89.50.93:443 | sync.cootlogix.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.44.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.156.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.46.193.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.10.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.32.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.159.11.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| IE | 54.76.184.198:443 | g2.gumgum.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| IE | 18.200.219.243:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| NL | 89.149.192.245:443 | ssbsync.smartadserver.com | tcp |
| GB | 2.20.12.70:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | 243.219.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.192.149.89.in-addr.arpa | udp |
| BE | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 172.240.45.75:443 | track1.aniview.com | udp |
| US | 172.240.45.81:443 | go1.aniview.com | tcp |
| US | 44.196.209.172:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 104.18.42.227:443 | cdn.dxkulture.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| IE | 52.49.200.26:443 | ce.lijit.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 3.230.24.182:443 | ssp.disqus.com | tcp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| SE | 23.34.232.19:443 | hbx.media.net | tcp |
| DE | 54.93.42.69:443 | match.sharethrough.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| GB | 2.20.12.70:443 | player.aniview.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 34.193.171.116:443 | pxl.iqm.com | tcp |
| NL | 64.158.223.140:443 | equativ-match.dotomi.com | tcp |
| US | 54.160.38.67:443 | sync.ipredictive.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.93.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.171.193.34.in-addr.arpa | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.32.42.70.in-addr.arpa | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| FR | 51.68.39.188:443 | dsp.nrich.ai | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| US | 52.46.128.147:443 | s.amazon-adsystem.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 35.208.249.213:443 | trace.mediago.io | tcp |
| US | 44.198.92.90:443 | i.liadm.com | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 52.46.128.147:443 | s.amazon-adsystem.com | tcp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| IE | 52.49.131.125:443 | match.prod.bidr.io | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| NL | 89.207.16.201:443 | triplelift-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| IE | 67.220.224.144:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 67.220.224.144:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 108.156.39.69:443 | s.ad.smaato.net | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 69.173.146.5:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 52.206.64.221:443 | aorta.clickagy.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| GB | 143.204.176.129:443 | sync.serverbid.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| IE | 34.240.242.158:443 | pm.w55c.net | tcp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| US | 151.101.194.49:443 | sync-tm.everesttech.net | tcp |
| US | 23.20.216.210:443 | rtb.adentifi.com | tcp |
| US | 8.8.8.8:53 | 69.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.224.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.146.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.64.206.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| GB | 87.248.114.11:443 | pbs.yahoo.com | tcp |
| US | 18.215.33.97:443 | event.hgrtb.com | tcp |
| NL | 35.214.129.203:443 | csync.loopme.me | tcp |
| NL | 154.57.158.116:443 | ads.stickyadstv.com | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| SE | 23.34.232.19:443 | hbx.media.net | udp |
| PL | 216.58.215.99:443 | csi.gstatic.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| NL | 188.42.34.64:443 | ads.betweendigital.com | tcp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.126.55.45.in-addr.arpa | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| PL | 216.58.215.99:443 | csi.gstatic.com | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 34.160.164.47:443 | ugprod.geeksforgeeks.org | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 52.33.222.107:443 | shavar.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:51841 | tcp | |
| N/A | 127.0.0.1:51847 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:53234 | tcp | |
| AT | 86.59.119.83:443 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| FR | 91.121.84.137:4051 | tcp | |
| CA | 192.160.102.164:9001 | tcp | |
| FR | 212.47.237.95:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| DE | 178.63.43.153:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 95.101.143.182:443 | tcp | |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| AU | 40.79.173.40:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 40.173.79.40.in-addr.arpa | udp |
Files
memory/4880-0-0x0000000000BC0000-0x0000000000BEA000-memory.dmp
\??\pipe\crashpad_2068_HWSSIBYIPLWNEXQH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f56801392307ff54c003d199ca7eade1 |
| SHA1 | 5e60c43ff6b8b27ff652ce200fe40ba8ea40c959 |
| SHA256 | b9edc0818eb18963a921d48e242d4b03c32a69825b1000ba952d386ced4be78b |
| SHA512 | c6755daefda08af396289d13c8a8ec1772d684aaf58df2357ee4f1efc3c2ac34a40b53bc2702bef527edd75b3d0e5757756cca9a1742c7a6346929cd86369580 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9392592c43ed0681023ef75a3103cebe |
| SHA1 | c8955c0719a4799b19cdb693fb3c76c22ff31c77 |
| SHA256 | edb9d1fbb3bbcfe25dcd40a0d66245537b6c85a13907a786454b2aec3a152cf3 |
| SHA512 | 7a6856a8e0d6d75bc3e88b7b531a826069ac0bfa3ef030eecb31b1d6df20d03d7b125db925b426dfaf4836fd53071e44f3e7c22c990ebe4aaccd342a7429c6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 67f2122ec028390de489aea3aaf4b05f |
| SHA1 | 2a7e39aae0ce3945b6559465621949b9b86eaed8 |
| SHA256 | c70a582bac7f8ec5e3b8c66a1c7f2820e0bf874681a08a076468ebb9e21d257f |
| SHA512 | a61ca9eb054e9eac653ddc6d5c2100700a47105bc740137dead01dbfd9326bc0146da193bb6d9203c4c4ba462ad3e62dfa09c9f948bf241714a538b8ff864936 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e27b61596491badcbd5f92c5061dc4c6 |
| SHA1 | e166906eed55cbc3f4e77ef769ba583b9efd69e3 |
| SHA256 | dc09a6126766f97b09d3fbd146a9aa1861bc21cc8468238f1042012b96d0e907 |
| SHA512 | cf6d5a23d8021b3437f3ba6503d04ad8da9b8aa27476e363e4dd42c5d48d1cfd2ef6e907e1735140ab79895aa4849eb0df46552288ba913c27d83be1bc4cee47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | adf359f20965c369fb2dcb46a178d18a |
| SHA1 | 5cb426416da5aa68d20182f44f4c0457200d0f0f |
| SHA256 | 7041e4a7c7d6f0ce38bbd9be76947311719e4337e5cb81c7ff339038780d448b |
| SHA512 | a52cb3a0db028d9d1eb63b3688b472a28a272acd9ea7980d88256a2902aa6bf563aa8508385bf892bc055386a91873ab7fa71208eb6511909befbb8a19e88162 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 221bcd46e46cd4d5ad7b8487ed2f8d58 |
| SHA1 | 1d17a8bf900efb25af3e166ec64015f0c2514207 |
| SHA256 | dc2092530b124b4a285cfeeb7f383a08973ff57fc0769cc59c72d60bb2a71c0c |
| SHA512 | c079ece5153ece6d0b800d84b508e8a4df9c8128a8c21759a9da3d0957789ac04fdd29d76ca3e619cb631b6905a0f29a92fb4a3aeac7c881c65da6d75bc8cb92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2068_635250305\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2068_1469774728\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2068_1469774728\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 25277bf05f02e9a28a8034784103b5fe |
| SHA1 | f17de3c0823ca90b21a18b851bea7ae2f82e22bf |
| SHA256 | 9429ba8a8a1a78e1bbff2136554040e7ffb11f4176ddf1f9f104ecd7ac21ec56 |
| SHA512 | e1ab287d79e9d10512394398592d1a00523c70159382a2f2cf3e707af52f4f7a5760568635eb3613ecb8c87c9a7038797e0a096e5927c22ba4972525ce0af4a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a0c938323dce284463c22516cb6731aa |
| SHA1 | d9dc4fc336715d6db55c64f5042b4a5808bc54be |
| SHA256 | e09713034357cc48a58388238bafa4a0c457bb80b9df30970c08dd6a6bc30975 |
| SHA512 | 6ef65a71f1d4a5c92faf16e1543bfa6b69c25d7200b69005edc1277bacfe51e07f57b7ec400203a1627b769f38977b00a0d4264004c85e8769ba02610a1842b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5bc9c307aa87431055b740c4c6ca000e |
| SHA1 | 41f4368eb311b951ff5653ea9df9eca0a8e81116 |
| SHA256 | 073367882eab23bcd86b87fda6adcdcf69bb1f4216e297c6eb0d53d29876ae81 |
| SHA512 | 08f67058f108dfba5a30c266d1afe8385fd0f86314f642ce110e3e36b0c8fdfeae815cef03ffcc81999801ed556d1a03ccaa36bebb00f0f041141331e0a019a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f1dd7c1bf76277a9bde74d1ac5c44b56 |
| SHA1 | c1965c77de9970a59427bd6fb97413c4f8db92fa |
| SHA256 | a4233a9ee09d9b0e14a8459057152a11a16fd3e26e9c0c14ab2cb57f1138bf33 |
| SHA512 | 2a7dc07264c1b8670ab00d641020b4da1f7c10b8c7c504e1eef7875d9a9f763e13d1dfe19479942a8a8d6b4d8ad7f173a6cac29ada2a3cc428b764fc1b5ab67e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bb51.TMP
| MD5 | a5053e7a5b5a47decabd176435ae467b |
| SHA1 | e1a8bb784ff101dbc1a97979d5caa0fb91357704 |
| SHA256 | b5c7f4f3c54a457851da488f69b663bc5d07953bca932ba8f502572065c6059a |
| SHA512 | 2875cd4b7a8eff807275e519d3c0c9c8dab664a389ac04ed3ef1984cc29076da2f8c117ae0360b76d8204de73cc25a8ed6d9c917dc146f3ca112edd416c803da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 74d226a5b1356be060d3fcc229073b99 |
| SHA1 | b5e5f30f8c45fd6e66f43fee093b3887b0ba9f0d |
| SHA256 | a7898bedcfe7012bde291f43b6c435c5826105dad9cf0454f6f9a3f1dc6b2c29 |
| SHA512 | 3647d1ae994b8d494df1ba714364c0e49c9475f262946f4b34d1eab9afc09c7bc2029ea870cf7c5f4402d14973e65c4c568c5c1d9dc1879c9f110bdad31ba226 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266d7f94-c8fa-42b5-b98c-dff1e4578dca\index-dir\the-real-index~RFe580105.TMP
| MD5 | 5a0945489c8f6ea10e4034437e91ac54 |
| SHA1 | dfecc07852cc3b7ca118d1de0a4dafaeaa42af37 |
| SHA256 | 5847e5cdcc16b2d607f7c1049055c6bb2bccc06d871ec12db131b7ebecb33c78 |
| SHA512 | 1289bef010014f1b7025f57c150f611b6e7c914241be190c737205abe29aa80902a8aaa8f5258a87b8aa581d1d18956043583556513ccaf1a671afa594ac7e8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266d7f94-c8fa-42b5-b98c-dff1e4578dca\index-dir\the-real-index
| MD5 | 81efd07d1107e20dc734786848f50bb3 |
| SHA1 | eaa8482112c8e5ef3060f11f1452d648cb167176 |
| SHA256 | 82407c4dd3e23a622624ca68fba9dd4a161e603d1085da1063cf4c5f3f26a78a |
| SHA512 | 1ef773d09dca57b081cce42c7722382098d4dcf8c2c3e3cfb6004eed91300b9c2743a7f6479fd92b3cfe3b6721ff6fb6056d138e1984ca5bb5bc699de1dfbeca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 668a3d37936dfa259e659c7b46aceb3d |
| SHA1 | bec1b6bad5d96869e41d515effc8b9b0d7b97ecf |
| SHA256 | 1a0f86c2965128a41c7ac826a509421074cf5129e12e804be6a888da701bb476 |
| SHA512 | 7a0cd3896c4c6e6fc6151410638e30530139931f65951ba7d5c5c50bd68fa248d4afa9a53072882f64fe50dc001cc5c851f7664fc04ca77f1ac0cd0c63aef528 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266d7f94-c8fa-42b5-b98c-dff1e4578dca\index-dir\the-real-index
| MD5 | 29b0473763307579695835ef0fbffe4e |
| SHA1 | d14b97e9a973b3d9b9277fb72eb80000e6a0d55b |
| SHA256 | fcc7b03bad5977ba72472a33d871ec5c385516fff9d7e7016f166390fce72f91 |
| SHA512 | b74f3c18038f8e2df9899e0a17aeec26e2d9aedce766dc918d5609fa0a8307dc2e5b2f683c479d6f0383db7fc680f553d856c5161e62ffebe59dc6fc38b519de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eb65a4e7-e3d3-4c38-81b1-5a7686fdd0aa.tmp
| MD5 | c172180ed2767749490e3dceb01384a6 |
| SHA1 | c1d8f1dc4745d8fae6d03bbbabeb26553be85b97 |
| SHA256 | da9d7b56f5702d093318df716ee8f2e39de62a1f4831d90390cfe6690f8093d5 |
| SHA512 | 208087d9d1b042c2f2b149bde8bfc8380d925032c7ad284962fd994f724f25c701356806607903d550413e53ab889741179bfb5293eda3e22b61eb542a0ee282 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a63d0e0982b9c4e5fa2b125f061354e2 |
| SHA1 | 3a7d9f5885b6df63e27b24b35a81099e53b188d4 |
| SHA256 | efaef8b9aedb4622075a8ff9fca671f8ce27c602d2d5251073f1359d9211f6e2 |
| SHA512 | 4f5473e9549f3f21bd02a160234de4a9bcf0fabdce97c58012c490512df05acdca0910864d5835bc9d3d3503fc621c15d572edb528b5ada8a155e8c93a067e2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f7a12ac0667be958f2e40a12a1987ecc |
| SHA1 | f03affd5b7e6b60af18ecf74e84edf03d2e152d3 |
| SHA256 | ed4de2956ee226e3a78045929949b9a6543fda45a1f858288b83c649b5b29a75 |
| SHA512 | f3103625e958dd5ad47a8c1797d25704d0c138f9abcfa9acb45ce120fdef0900f1b5d40602c14bcbed10d6278f451e987a5d12ec75e08c3efda779fdb20f1466 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2508ea604c213fd8f7150d5ca8eab419 |
| SHA1 | 4511f7b5ebb3fd3ed08711a655b076590a7e676c |
| SHA256 | bd422b7f0121ca8caf50a4c5cb1dd28aefa8d63a26847924df78f97c9d807d8e |
| SHA512 | e9ae27ef826cb7325c39a30247aa7df34c0e806b7da95ebd6da895921c51ff507c3b491d6d9e7430e3b51d045c8c5c0dabf4229dcae57bc1fe51f8d28a8723df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | c71e661f482d2a7bfc565060281b324f |
| SHA1 | 4f66536e4d59091e4ce33e84207965c51330ecbb |
| SHA256 | 60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932 |
| SHA512 | 7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 389bc2bf98582752a4b510949998b379 |
| SHA1 | 22d770c03a3dc8f2d09a185cb54cc12539a8d5a4 |
| SHA256 | a19c339bbf0a2c72fd8a8649199a72738ba8e76592d1346d55d0caee436fd391 |
| SHA512 | 164c3ae54ffd18dbdb692480ae3e028bfcfc39bf762416dab64ba6991dd40250344ad36c0c15f73074609fe0072ca770642697a666f27397d95594f843904477 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 12db4747c919800260d71579c658c235 |
| SHA1 | 62cd7b4d1646452e4fcf800e5c726785fb3eafbf |
| SHA256 | 1db7e1a8992d246c5f8f45ac7bdede320af040b05933ea88452b2363e7cffa5c |
| SHA512 | cb7cb75b01d6eb46741c083de628a3a378b5a8f1c93c89fe2249fa37c37fed7f1060799a354754b365cb53da74ac270fa9e586967ea9dbb44a2bb9d9ec4d01cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 127b7a9f7009939d0ae5dd1a48386985 |
| SHA1 | f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac |
| SHA256 | 9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962 |
| SHA512 | b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | c0637a08f2ba40c56260782d2bb3ace4 |
| SHA1 | a2bf4298414a764ff1342b3f48f45b4dc1669a96 |
| SHA256 | d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e |
| SHA512 | 736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | cd3756106418d9e83a2baff9904ba221 |
| SHA1 | 4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a |
| SHA256 | 57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee |
| SHA512 | 5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3e4591c5-34f2-40c5-b207-e82720ccb5c0\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 505cd159cfc240f9d4041ccfe2304d4e |
| SHA1 | fa5aaa96acce58ee2635d178b976ebd2c377926f |
| SHA256 | e52c4165ab5f99b9d8812037def49ee463ef69ff498f486434bf60beeff27c0d |
| SHA512 | 15b87927f02200b32b00d06d1740ec2272c3abce40b83c72135f651d3060f742b54843088c7aa1f4f578dfdf7b06f7dbe017239f96ffc1d713d1c409dc577a9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e84b1b9755426586489c76057d0fee5 |
| SHA1 | 049a7ac6c035b6dd0fc14b2c5a25f96cbd474029 |
| SHA256 | aa2ab50d94334d20e47cf756462b6d8bb768ccc646b794117165264ecd33cc1e |
| SHA512 | a2eccc2e1d12dd422214605cf3f0503d1d53a3c9051b8478c3467161a47dcd4dffbfc3f7c73fbf1bcef0d3d68220014c76b324eaff470de9df332a22c56f9b3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2d19a3f6b2e17f34f998556f20e86604 |
| SHA1 | 957b30aadb2412636999c3152c3d85e826b425f3 |
| SHA256 | ad8b78a124fbe1626dce637800da9cdced56428415537b3e23b66ad8aef9c8f1 |
| SHA512 | 1913cc8e53bd244c60c5d6c0c5ebcb052309fd0648283caa3b662d1fc38d338e7a0ac38eb96e3abba6396840f973fa9026984345fc072c0d767116bfcce1e807 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb6befa9305b3dd852b2d47f4184b8c9 |
| SHA1 | f3c20ac44acedc6f47afe2fb33d6ae7eec72daaf |
| SHA256 | b00359db4ea2444bd0aa359ef08c42068a0540edb226aa57450f9108aae53ebc |
| SHA512 | f0d045ff912629f83f3e26e57f1085e9de8ff0e6cb8b9f6af2d1b8dc9e4faf11db186314e24b0434af6acfd6f558c622bf53354db6a500e978f54b80bae4374f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b8b895135a08840a69f9d68e35563d14 |
| SHA1 | cdc464555e772e41a3df7a22b04e8be076e352af |
| SHA256 | f2d6021c48bee4bb62e8475fa20a7185e61d0a9b05a3f41a54abf1d95c691747 |
| SHA512 | 2f20a3d3ed21e2e2e31b5f401907f0a4c18dd8d7402587e5350141446ab8d7917d35b9ad081ac17c944d8214b6cf92043653d4e5a8776a7179e1f1394358838c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3485c9f3dbaa0b042ceed92c7675da5 |
| SHA1 | 8e18b7cfcb8f896eaed2602afced15c4dd0ac0db |
| SHA256 | 2f8e771d14fffd5b718bdcaf7aafd8319e6b9415f5c107040ee52fc81855c4e5 |
| SHA512 | b0f944db6781626ba9c566ea2237cc17f2484b72308daec17fb99d25698f301b20b1c62ab9d13073fa428307afa1de8f34503a14193fb524b772feebbcef0332 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 241379a911bde1dff4e08f2cb521e220 |
| SHA1 | d296b9bff172a84febde0d306294d6ce0c63ca1d |
| SHA256 | b0bc11054a6e14544e3ef33a7492f9cd7be99cdf8dd7bf10c6d73f188436e653 |
| SHA512 | fe5f999d90254bd50284a349c3a5c9dfc28edb95ffa724f18d28f5a5758df3dea2d596c4e5ea22fa02b26723edcdf7c55057a2e35aa1d347efe7a258a6b761ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 29acbe9123a51dff777c399b93c4aae6 |
| SHA1 | 5381a0c5bf2dee2b2ee03e624e342eedff732834 |
| SHA256 | 999510a8eebc7a4b5b397fa15f85ad35569c4fa626db0639093f0db34357aab5 |
| SHA512 | 08caeebe0787ea9d8e94d52f6e9ab2cc641befe590ace6d2bc243933d0575c74dc9c54ca32415dbd3cfd7f78078d84dbaf131877e3c18052341c6fa7d8d441aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d5bede60e9ded4548e456f45cb55c451 |
| SHA1 | cba7d58880596f5df259461bf36a120f19b429a9 |
| SHA256 | 4762a635229b963e3e2b01222ac0c7f744e676475d5c3b008b428db3ed9126a2 |
| SHA512 | 0fea30c0ead93c4aa88053790d8d3f42fc03f02470ad4d9c91cfb2eea4a3aad51aca4ffa929fc37368c19415eee6252c9e9c8b5018640cf177b1cbceaae2ab07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | abcb207ba2c4bc796dfde3eac71bf0f0 |
| SHA1 | 6667a02d6c2166e1d5fdd57f8d8187ac82d1b27f |
| SHA256 | ea5c74af73ab15819e167a2d85c9dd108f924246c2829bc37e31122324a0c612 |
| SHA512 | a5afbea7b973b85fa5af439c72062515cc0943ce75cd34c93ae2c434870eec486d64039a67a3c983c6d591c25c97be3d71075464609c18180515624c2178c681 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d267db7ab352ddf183f8c54774f169a5 |
| SHA1 | 70d051853c180062468f0e4e352f0a72259046f4 |
| SHA256 | 662ad4a910ce761165ac4b4bb9310c37ae1c367f363ae8d5f44b5944a970376d |
| SHA512 | 0ddb3d116627d8f7c2834e7f2fbf1bb0b6aa1fe34ce9b9671b7a7ca866b2e3fc5a15411a2547aba34afac95b8bae2f1b6a7089782ddadd125c16b4edcb5bb802 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054
| MD5 | d5d7675604340f99633218bbe4793104 |
| SHA1 | ca1df39b7a903dbb856a555db75770f6222e7dce |
| SHA256 | f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6 |
| SHA512 | bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | 54476cef20aa3e041c5b14de32a5ab6a |
| SHA1 | 032a1be25a46f795208b0365455d34e1e3b17760 |
| SHA256 | 189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c |
| SHA512 | 0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bac79a2ba1c9df6e13b75030c9fb1cc7 |
| SHA1 | 72974da8f84cdb1bbc7f7e98f4f2111b76f1c81a |
| SHA256 | cd12df65fe297cbf3f9c1ea0673cdb4367e2a2b84884072f1abd8e43538aef3d |
| SHA512 | d540b627bdb14cacea615fbab17c328c35af82d63507257bc9b860294b7e314e2252888a16dc0821bac4bae14e787fc5fd4f8dadd686c4dbb697884643d3a1ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cca6186d69a65cfa64ccc2d638f89d42 |
| SHA1 | 11c8e48165c4e82556ca5c184bbed40f043c1faa |
| SHA256 | c83588c0352316aa9ce9a9d956dc92eaa4309fe696983e67ef9d5a7e45bf0c1c |
| SHA512 | 7695d543511cdfdbaa7a2ede44808c7cc106c02c36a7a9caafe326e7771c0bebc51133f8e8075609ffc5f4c95787a8b4fa112398b1cce538e425decdb7d9da70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ca0c22b7dbbc72b_0
| MD5 | 9228aa177864bde586bcbc082668c59b |
| SHA1 | 1fa099dc489ee8a961706782eaba3ae8d56a3e8b |
| SHA256 | bc1b7ccb62a5209f921eb27b2d2a669a54dc745bd6b3239ec358112e03163d63 |
| SHA512 | f64cab5c3939f2dbe41363f8e4c64fd24e97c9311e3d2bc5cfe0e9d28c3ed73cc3f78c884239883c55fbe2333e6ca872a7252fa7abad27ff6446b5e9d74781ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5dd0ad6188a1b357_0
| MD5 | f2324664f7fda13eacb506e19c1242b6 |
| SHA1 | 0086fb7eadff637b04f78b06c1c89c80c988ace3 |
| SHA256 | d972a68bfdfcd771b288a4d101598fdb5a21b0b9723d8329e3a9f30bb442ce5d |
| SHA512 | 007ef23de4d42dad22c559896dd1ddff8676f05b3438acbea0b4d6f8ee2a5f9fa8f6c4406ad83fcf061286f96ebfa47728782ed3fb2f0a1c30c39650b848701e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a
| MD5 | a9583d5b156d952eb5c4f80519f6ddb4 |
| SHA1 | e68bb6ce23a2b8bb7a0afb4fa825ef73ac707d90 |
| SHA256 | 3c82a6677dbf0b3bb2c531a89e29060e46c5fd3face7a8e0c304cb74e0240496 |
| SHA512 | acefc1cb75932aa386cc3fb9c0f406111a36d30c9d390d3463243626af1121555bccd248fd8999ad3d538de254b8475aff1cebcd80b98afd798403a5d5754308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5be3746e37be949e_0
| MD5 | 201bdadaf4ade7a28066373a89e0e2e2 |
| SHA1 | dfcaee8088cd073784e5fa4fcd3f01fd5df4a3bf |
| SHA256 | 640290e747dcccfc186fbcbb36a63cc29a222dabe288bd068926d360b30a6075 |
| SHA512 | a9316c85129ced262640bee6b90c8d9972d118d73f26ff13a59914ddd5db8d832dc936a0588d306b72cb775e81ab457b7f058600d957435316050a05bcc972ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dfabe3d5fda3cc34_0
| MD5 | 80ffe9b495e01fe5d5ac67530b6d2241 |
| SHA1 | 471169744efc5d3b8d540c8a2121f89829ff4a72 |
| SHA256 | 4a7c3a38baa4992042af552651c2a6572b4dae4050a34cb54456a0b80ce868e9 |
| SHA512 | d932cf12630a6722129e73e81bd4d803e8ee83c38540a62d26939578c644bf2841e27b3c1468986018663917608cef98595f889b707efbfae4013ce5e11cd767 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 13fc88ca06a64ba4430808d495214760 |
| SHA1 | 366893a99466ff31fab02cd96f9e734e32f3b0dd |
| SHA256 | 489813904fc3d8affb416e3a3db1a9b155a7774ad01628ae29942f266d7bbec1 |
| SHA512 | e95055c1ca36c60449f51344a5e317509bbc6ab7604f93e6974e5e90239bb6bd3e20d1c739365952df5e4576e377bcdd77c06a41d61fd34688120db5a58d01e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a47efc500751308dace01fcb7178e4d8 |
| SHA1 | 78946af04a4ec8af7479bb17c700a7a792efa6aa |
| SHA256 | 594d2cf45880b1ac92c1e244b749593c4cb70f724f6a9477f68382a1b07fd538 |
| SHA512 | 60f081f24afdf0929d9ab62e5ea4980f221fc6ecbfe4cbb71778e3783ab58b8e0f8ff271f856c25cb953ad56716b78cef27de4800226bdc988eca0d5f6797950 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077
| MD5 | ecd27289107e92f7428ea52f4a42602b |
| SHA1 | e8463e01d0ceeedd7aa852ce8ec5efc718a40c1a |
| SHA256 | 8406f3cf10fda60f554ffd9a2840c27e9413ce0fe617f8ac7e3f2819e205de83 |
| SHA512 | d748721fba3084074fd3836c96d1deeb866f680d5fb4d8f566bfef4c3831b674e18f8b461d694626f1198769d8b19976b2c3a7f13c528fd150841bcef0fdf092 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 02ab0699e7868247dd21970c382052dc |
| SHA1 | e3f4f32d1fd2a0d913e5908302aec599cc4c037e |
| SHA256 | b8de4d24c0048ed18b53568d58b5f0c9ae25a7c931c2736b51c05a12392ec30a |
| SHA512 | 8c231f7d16c617d0228edb0a76efa3b07ca3d70d5a4b2f96b056eb5c68ca9447fe4e3e815803d5a186c02d4fab46d5d6c2bba1c76de237c311fd5d93185a20dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\87cc7470-0f52-4ed2-952c-7372b8b8f76d.tmp
| MD5 | 5518411155ae0cfa93ba318412e85be4 |
| SHA1 | 8062262ee48b5d6e3a51534813746574d252b532 |
| SHA256 | 6a5b1b4cabacc60b2acfd98794ec22347b21feb4cbbe470d47f575048c2b9f7f |
| SHA512 | cbd9ff54a135fdff05fac68de6733ea42fcb84278933022c00a624d8e580533ebe76914e3a42561371a095095bc04e1fee1f457786614fbf9b8af2880618d4d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 02ced2545d3025888b68a8dd546d40d9 |
| SHA1 | 8ee767792c868ba06e709461cbe8fe4a0803b357 |
| SHA256 | 506ad9e4116532ed83476dfefc3c3e2c767c836ac2bd3a78ad96a3fea17c3da4 |
| SHA512 | 49903e841f3835ab1b5344466524a7c0a0d7c8aec3f04e387e58d587816cbe01725caabd47caf9d2f01a899826c0f02bf4c5ae95e7e0e57606cb5c7429b35d01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe597872.TMP
| MD5 | 039b8c434f93fb84db76783821f2f745 |
| SHA1 | ca3f3efba543ee86a70a7d3cf2db5d67249e92cc |
| SHA256 | 4863d8784a8d4964801ea85ff64e62de6dc53807ef8dbeaa6edff94f51bcd4c8 |
| SHA512 | f8e39aa77adfc349848d603d160c1042c8e004cecff0cffd6ce7370eca41c5f860b2eba1dec7f225537822e7b139e4a0e4ff8476d1a0af416ddc48cc7dc87e0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ab378a65880a602c06e669962472ce5c |
| SHA1 | f0f272518f92bdc18034d270f1930f3c2eb903d0 |
| SHA256 | 8126856289cccb546fc2d3c5d7d4afb125f127cff3117a5320a7a54d66cec38d |
| SHA512 | 3048cedf107359c7a7734718b7d569b115180423bd7dc4442b33efffbe7052b1a4d749123348b095382b302f6cc9ecaa8f8efff2d03d879e21140507da978aad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_cdf4176312bd1ef46d3bfc2b4cb033aa.safeframe.googlesyndication.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | b9ab0e963b6a5723f9cc97d4a5f0a71e |
| SHA1 | 4144bc4f03e0fc112e4f1c168775dae9164bc114 |
| SHA256 | 125def3b53537d25b1483338532173bc2e15da23ebd3b2ddb4f76958ffb16627 |
| SHA512 | 10841dca997d4594ed1567eee83cd9af38a2cf49604fb8368ca99df9a28af404158d84bb780ab171f47641f928e1383466d6f5486c9a7835c6d0277cf4c03dd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 07fb86faf2707ac8c2610bb22013e213 |
| SHA1 | b4b388a85ed2a187b2551ecf5f7f1cddba1c7386 |
| SHA256 | e29d7df2def0285890393f9862c9366fabace936ca0fab33c8c7c885f484efcb |
| SHA512 | c33afc306da404dacafe3093f47d60b1b8cba2fa32e9502df8a54a924969c51e680be62f3cf0b03d53562a3337eda47f0dc1640725afee8e1d8a344c46e6bafe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 047598e7f33162c931d16e05ebfbb6ea |
| SHA1 | a1f5ea8705bbdef6980dd6fce326f08a286710b4 |
| SHA256 | 969044663be141d5de277b31271c85887bd22481ccc7dd64377937b41e3747a2 |
| SHA512 | 50eb5157b9719408a26d482810b441184d7d12f0e72e129fe6af0a29462e82da28cbdbba8b3fe885fb99e8522c5d68c4f3ee92d02c67e58a75c57ca91a557fdd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cecd54bc0b33ad4b551c63c5c2d6a868 |
| SHA1 | e1bf3d1189fbdb54d2d00028febf1d58cf32eccd |
| SHA256 | 996f1ee1d18c0f2e876e7d90773d7cbb25dce3d6a41879d71c80df959e63f3cd |
| SHA512 | bc35e2e03a4daefa500749e221696f18b45c1116605bbcb3114fbe5d6274ad869268a34f6b9ebc2b8f6ef577e88ee6467bba91f3f9f8a7a0cc3c0822bff2495a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46c2eedeae2563e4d34f122bb4622068 |
| SHA1 | d996f9e694878ec3f36a907ef01c9d4b40ea44ba |
| SHA256 | 9f77b13c2b62ac41fe117adee41d652dc6bb3b28ca800862cc60429231fb1be2 |
| SHA512 | 0e44b64b0d5dfda806c5f8a3f80afc80fbd21d5b0318af5dedda8ea812c5b208daa714718d41c6213502b4efe221faf8e4a19f6266ce058ae2037c7ffbdcd7fe |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip.crdownload
| MD5 | 017f199a7a5f1e090e10bbd3e9c885ca |
| SHA1 | 4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05 |
| SHA256 | 761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f |
| SHA512 | 76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22 |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5ef3bb2400a60df6bcedb1170f571467 |
| SHA1 | a3051f208744444096bc9848e3a1ba8a0b8c0c72 |
| SHA256 | b7899c07d6c6873baddc4d4a9121b97c16281da6f2c7f2726529ae801b3cefb8 |
| SHA512 | 247f2a07d89def6af897a699c93be9617690bdacf0840e49f01c8597e1f14d8a6235952f0d3eb1c39d31a1c5b3d5f598b7be6382d7b259375711b1493ce617a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4219500d55c19dbec485df6512130b6d |
| SHA1 | 01bf8515b76a80dd620fbfa80e5fe7c6d3f296db |
| SHA256 | c956f296d81878c6f6274913ba1502a3817c8d21d522d84269fc19fa2558e1f9 |
| SHA512 | 5c710d3d38507b1ac2d3f80a030d08343cec9cd77d80193733a6c4bf277a7efee39540624daa6dbe292dcac111e7e478b2d106a599756e692cb17945019f7988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d1c8f517d9a05f38600ed96e63df37db |
| SHA1 | 3930ff70fd6e941f93084e8b9ac42af1af0e7280 |
| SHA256 | 6ec32d38509ef6c19079559c62a14a8ded22bcbe2f228a80f0768a511e933303 |
| SHA512 | 75839e7c9c08f718d414638fa22862ce413e6dbcb98c8a781f5bfc5e2a3dcf1f1420e15ce9e0f3de65b147c0d5cd60f30574e921071bcf6a03f89c21448c6550 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 84508f6e18e3a9572441d06926acc616 |
| SHA1 | 9021b117c045a8a5c0510a35eeadd2778af84d5e |
| SHA256 | 3c47e96eb501201c15ff8a96fa0b0b857041c152eb0f82d54aa9c153b9da5105 |
| SHA512 | badcfa8e92a4b81eac395cafad22eec4ef1cf4cc6df239aa68aa1274d9bd2a979961c6ae10054867728d20c7e2b50c366049f3fdf99bf69b481492206c181b04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bbf98efcc6c7789a806bac32c5019b32 |
| SHA1 | 9955e39a8802f5b05549b70edf45c26e48e862a3 |
| SHA256 | a4bcf5a4729f3e0fe156049f0787acbebe28d4111b1d0d3fc42fd30f565085fd |
| SHA512 | 59af513618c93e123c018860ae1cb163377e6dad151b149b814a83b1487a529a88e584f33ed51f93108a20b0b1e42f1ab9d8a0090cd56a0730b2c1a1f4ea44f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 6543e3060da9df92314c224b3811eabf |
| SHA1 | 5a769d0f452588136aa1ce7b22ec1e1bca0c0ec0 |
| SHA256 | b2fb226a217de3abb2ba1472b343b04dcf908f0ad158d9ca4217961912030592 |
| SHA512 | 7426077c36d3746db3a5a357bd724ccd61c58f7aa54dead3dbea556611d185aa63fda2ca58905be4c2a2001aa742fe654fb902f103232eda43a1432054854a0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionstore.jsonlz4
| MD5 | b8a641f6147775ccbb3ae5388b42fd9a |
| SHA1 | 8208e7222e31948b28f100effa33330b204fa329 |
| SHA256 | 0ce9bb5e1975ddc8f94925d1d895e98026324a87f3acf7614d119205973b1c59 |
| SHA512 | 28c3db41818e97f9fe7d1af294be585ce0d6cffe91a616504ef37cacb6d69f41ee1084b6a6e83ec9781ddc0b5894487fc6f7c4b18638765b0362e8dc24724f3f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs-1.js
| MD5 | b045e574c04160d2365a28fcae8564d8 |
| SHA1 | 5fea1fd0f8c4222420caf32644c670d99fb9a899 |
| SHA256 | f76b87e86bfd38c33c07af0768b29d17f676582ded913d8574ab76bef4867689 |
| SHA512 | 769e5968a194bcd08673fcdc20b70a4b9bb872daa61a82b142910befe5ebee0979de4cd8458770d416d271cebc34b6e62d58a4db99cef35e9ba1a7f4b5a44dfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d4c2fbffd29a993bddb01af58ff783e |
| SHA1 | caf92562166e3bd2135a704cd4f6eb73304ce526 |
| SHA256 | af3c76161a089c7f01401085d0a46ba5a482f851ae963237f9efd5d2d2322670 |
| SHA512 | 61b3f018fc333c615f6d9363687d744dc1ac0ecbf0538bae5d6363f109b8edd044d4d369fa9e0507b38ba9ad8c0a19d7488ca4fbbbf4fa5a5fc54839e4373da2 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/2672-1952-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]
| MD5 | d74a6cb10d789a3dfe06f24fcc2f12d7 |
| SHA1 | a0e7151d6ddc3ffa8f2daeaef9762d688ca752f4 |
| SHA256 | 7134c08e21a8664028a00474c0b2a7643533d717874d1392663645ddca9bd028 |
| SHA512 | 72f8cfed9113129465c0c9bd17efe9ff28a012484057f82716c2d3b1d4c5a52261a44606019cf4e5caf0cdddf8bbbbf9d88aeaf9e39494d2215aee1683f98cbc |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/2844-3154-0x00000000737E0000-0x0000000073862000-memory.dmp
memory/2844-3155-0x0000000073460000-0x000000007367C000-memory.dmp
memory/2844-3157-0x0000000073710000-0x0000000073732000-memory.dmp
memory/2844-3156-0x0000000073680000-0x0000000073702000-memory.dmp
memory/2844-3158-0x0000000000300000-0x00000000005FE000-memory.dmp
memory/2844-3162-0x00000000737E0000-0x0000000073862000-memory.dmp
memory/2844-3166-0x0000000073680000-0x0000000073702000-memory.dmp
memory/2844-3165-0x0000000073710000-0x0000000073732000-memory.dmp
memory/2844-3164-0x0000000073740000-0x000000007375C000-memory.dmp
memory/2844-3163-0x0000000073760000-0x00000000737D7000-memory.dmp
memory/2844-3161-0x0000000000300000-0x00000000005FE000-memory.dmp
memory/2844-3167-0x0000000073460000-0x000000007367C000-memory.dmp
memory/2844-3169-0x0000000000300000-0x00000000005FE000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 48c4fd2809468a672f8e45ce62146a57 |
| SHA1 | 51df00c1ae164b19ab8f5ebcc5f0757ddfa04fbd |
| SHA256 | b9c26a9fed9cb486b71287acc15e1638d11177abf517e038ba93dc2523459fc1 |
| SHA512 | 8984c9a671153a54e3d19ea8843298e126add731166950bdc8cfb3c55595cfd3321e83f1618e2f5a0c733a398a323a2a439784b1d85566e34cbcbc897b762e53 |
memory/2844-3200-0x0000000000300000-0x00000000005FE000-memory.dmp
memory/2844-3206-0x0000000073460000-0x000000007367C000-memory.dmp
memory/2844-3220-0x0000000000300000-0x00000000005FE000-memory.dmp
memory/2844-3226-0x0000000073460000-0x000000007367C000-memory.dmp
memory/5380-3227-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3228-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3229-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3230-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3231-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3232-0x00007FFD80950000-0x00007FFD80960000-memory.dmp
memory/5380-3233-0x00007FFD80950000-0x00007FFD80960000-memory.dmp
memory/2844-3248-0x0000000000300000-0x00000000005FE000-memory.dmp
memory/5380-3291-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3292-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3294-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/5380-3293-0x00007FFD83450000-0x00007FFD83460000-memory.dmp
memory/2844-3297-0x0000000000300000-0x00000000005FE000-memory.dmp
memory/2844-3303-0x0000000073460000-0x000000007367C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6de084790bb2f4e1771f5ddb86786ce9 |
| SHA1 | 5f1e058133956849b90b934b326a7b4c4e2c6a5c |
| SHA256 | cf126b863cd365835464815491358e7bb88ee138b209b07472342ea18695c99d |
| SHA512 | 31c383309e7f84c378b6f11af580dbaadc6401e5f3955de90c6198bdc5319f7a82ca1542b84aeb1fc23671f82f39ab7dc838ec703a2836cde8fde8fa1b55022e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dbf21e9b8171fb4955b34c106a0b2de6 |
| SHA1 | 99372f36c7643d4436abbf557c1b9a819914619a |
| SHA256 | f1f308f759f5b06a79bbed5275ab1c90ef342704621781da92f119f60550f934 |
| SHA512 | 64a001c6f061253508e9349eb1bd27f934837d7cec0c0cde707ea1d9f249cc36f689cfd0575fdf39db45b861068fa21c987c138fa5af811dc4203d2abaf8d422 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 5249e3d8ee0da53ba8cf01fe25e054b4 |
| SHA1 | 1008341066b618e41a5567cb85e233e6a1af03f7 |
| SHA256 | c47b779963cbed46cdaa036b01cd1c18d2cae049a6550bfcac53d0d4889af04a |
| SHA512 | 2841c855b9f420b213ac42d8bc1853e2b373612c70937669e5cc7eccbbc297196cc16f94e9e1629d7d69843eb588621108e2d03162439cf32a7e7a9629008d06 |