Malware Analysis Report

2024-10-23 19:55

Sample ID 240705-11bh5szbpa
Target public
SHA256 c86abdb6fa03504b009abf140c95c137c935e1f7b3eb7740f0da34dc0e801b72
Tags
wannacry defense_evasion discovery execution impact persistence ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c86abdb6fa03504b009abf140c95c137c935e1f7b3eb7740f0da34dc0e801b72

Threat Level: Known bad

The file public was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact persistence ransomware worm

Wannacry

Deletes shadow copies

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Drops startup file

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Sets desktop wallpaper using registry

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry key

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Checks processor information in registry

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-05 22:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 22:06

Reported

2024-07-05 22:11

Platform

win7-20240704-en

Max time kernel

107s

Max time network

251s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\public.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2540 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\public.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefab09758,0x7fefab09768,0x7fefab09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1228,i,14695337822948881982,5725219453238606622,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1228,i,14695337822948881982,5725219453238606622,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1228,i,14695337822948881982,5725219453238606622,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1228,i,14695337822948881982,5725219453238606622,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1228,i,14695337822948881982,5725219453238606622,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1236 --field-trial-handle=1228,i,14695337822948881982,5725219453238606622,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1228,i,14695337822948881982,5725219453238606622,131072 /prefetch:8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

\??\pipe\crashpad_2540_NEKNVMZQRGKJZVID

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9738afc54c223035c21c8e0b69867b0
SHA1 351bb487532756686bc5db08dd3b68d6ad373346
SHA256 d53afd8af7009c7ca450072f18e6d99a08ba33a24f8c489b37c6aeb8959362d8
SHA512 5509ab125a173aac4b3a65e225b21f89687cfc5b97b21237e598012cb6e6516fcd4a14c56a6b80211489bba418c13edeb6f127d3983c42bdebb08e31c4080e10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 478944cf38097f58e1f078142cf295a2
SHA1 ee4cb33cbe0d03c35bcb52713b8dd30aa1c83a3a
SHA256 d264677ea5a0cd5b7c337acbfc08c76ff0325e6c33c3bc0eb3b9b700fefd4301
SHA512 b5411b3773288d47317b20a599c7e074a0e0a8b17a84022cb3bac7f15f69bdd5e3cef092e612385c85b632b91cc3f1d14ab3622fb27bbbee9138c79ffdd6d1c5

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-05 22:06

Reported

2024-07-05 22:11

Platform

win10v2004-20240704-en

Max time kernel

299s

Max time network

301s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\public.html

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDD2F4.tmp C:\Users\Admin\Desktop\super important.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDD2FB.tmp C:\Users\Admin\Desktop\super important.EXE N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tjyfimyzrbju033 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\super important.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\@[email protected] N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646908089445164" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4716 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 1300 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 1300 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4716 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\public.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaefdab58,0x7ffaaefdab68,0x7ffaaefdab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1736,i,13730579022925070852,15089177900886836505,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1736,i,13730579022925070852,15089177900886836505,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1736,i,13730579022925070852,15089177900886836505,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1736,i,13730579022925070852,15089177900886836505,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1736,i,13730579022925070852,15089177900886836505,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1736,i,13730579022925070852,15089177900886836505,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1736,i,13730579022925070852,15089177900886836505,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.0.1196740216\904101444" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f3e48d3-30c2-4088-b43b-769571648caf} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 1868 1be13a24f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.1.132021820\686040253" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05f9ae3f-c8cb-4283-807a-50ad8e08dbf1} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 2436 1be06c8a258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.2.1976427220\713106168" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {466c4f08-4848-4151-98ec-f898c3551bda} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 3012 1be161edb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.3.19476822\523191445" -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b824190-48b5-46b6-a0a0-e0671786c9f8} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 3784 1be1893c558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaefdab58,0x7ffaaefdab68,0x7ffaaefdab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1988,i,12709828241232714274,10671400315386902086,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1988,i,12709828241232714274,10671400315386902086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1988,i,12709828241232714274,10671400315386902086,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.4.1502523692\149524505" -childID 3 -isForBrowser -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4efb82b8-f177-46ff-a322-c850db0e1ef7} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 4828 1be1ae18058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.5.106191504\2054371597" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4388a86a-d8fe-472f-a95b-631c19b9f12e} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 5164 1be1ae18658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1916.6.1249207127\816210887" -childID 5 -isForBrowser -prefsHandle 5444 -prefMapHandle 5440 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55cec8ec-1d73-4b73-a85d-26955ecba448} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" 5452 1be1ae18c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1988,i,12709828241232714274,10671400315386902086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1988,i,12709828241232714274,10671400315386902086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaefdab58,0x7ffaaefdab68,0x7ffaaefdab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1960 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4996 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1996 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4128 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4984 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2880 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4480 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry-main.zip\WannaCry-main\LICENSE

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\super important\supraconfidanctialpassword.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4552 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\super important\supraconfidanctialpassword.txt

C:\Users\Admin\Desktop\super important.EXE

"C:\Users\Admin\Desktop\super important.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 314321720217358.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Desktop\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Desktop\@[email protected]

@[email protected] vs

C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\super important\supraconfidanctialpassword.txt

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tjyfimyzrbju033" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tjyfimyzrbju033" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\super important\supraconfidanctialpassword.txt.WNCRY

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\super important\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

"C:\Users\Admin\Desktop\@[email protected]"

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3284 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5044 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5632 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:8

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5004 --field-trial-handle=2308,i,12971353123124032290,13396825438417893462,131072 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffaaea246f8,0x7ffaaea24708,0x7ffaaea24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaaea246f8,0x7ffaaea24708,0x7ffaaea24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11129828203165355625,17403939978590037269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
N/A 127.0.0.1:51212 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 52.33.222.107:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
N/A 127.0.0.1:51218 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:53605 tcp
CH 46.28.207.19:443 tcp
AT 86.59.21.38:443 tcp
FR 163.172.194.53:9001 tcp
FR 5.35.251.247:9001 tcp
SE 171.25.193.9:80 tcp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
FI 65.109.67.140:443 tcp
US 8.8.8.8:53 140.67.109.65.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
N/A 127.0.0.1:9050 tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 login.wikimedia.org udp
US 8.8.8.8:53 meta.wikimedia.org udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 8.8.8.8:53 224.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 240.59.15.185.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

\??\pipe\crashpad_4716_BSBVILAKDTOHGAWU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b716dc02b525407ed645222bcab8de35
SHA1 8eebba8bd6856db2893de00abed1e48188942f27
SHA256 d005df24e24b020393f36c1ab886ad6f6d68ee44e6f710ed4f0f8abefeea0c35
SHA512 0f31e3122bdcc47fac4afbe1556cb06d58ef3d44a31c1e0ddc03c422dbd687ad25b40df0b336fbcf1e157ed8a4df2e5965346b7e599d6b116fc70f972c6733ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9d273f25-6b33-49e0-8bc6-c7d2e5b24518.tmp

MD5 ebe382d1184978dcdec38f33a6f76ec0
SHA1 298f037dea8ae1d234949e36787c3d7fcea44be6
SHA256 8d93303c3830cf08993cc25cec77c21d2e5e4ff742a833e773f6d0d2d0b11b8f
SHA512 447311f7993cca64e4ca34bb72cf79b0782646bb0b3b3c55163234f07215c2dc15df375e96a35239c8eacc364a1718968edb02ad90b7bf7d4e2345d1a31a15ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51f863d16f1476028b7449693e512633
SHA1 26c2d1b19bc0add29df2795ba7797251190b7cc5
SHA256 29d72b4a3626b03ec5a1dfcccdf1de957e8f180a0ed9f9db273b036d84df9dd4
SHA512 7ef82384c3176beb646c477c92551962748fa80e313b8695aa2c133c50e93f935451a569d312d101cd31a78d8d66f5461cf9d98cd3890e4ab445f50f7a1529a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d4ff3603ae1515f18f286a39197cea53
SHA1 93cc9863a19d881501cc056f7d8ea709a8efe4a9
SHA256 26e8881dd0ec0b294ee2bc487c7205ac460f7d85c3d9944337c2d3762ab32d7a
SHA512 cf8f42798e6aff6952cbc49bfc928179d88035c9c29d52149ec918d4393bdfa94450dc7134bcef5e32bf5878098584e1da0dbb60432352c5c13c1f2dbbe4c4cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q38sqp1f.default-release\activity-stream.discovery_stream.json.tmp

MD5 b8f3bf2d10a67b38067b66880c60235c
SHA1 6643baac74f8c04f34cf1dc4e41e10bb86a2d5f5
SHA256 7100c7e5b20dcc7f80c14d5e36e7e3590105626190d8d4d80d5459d8bc69afc9
SHA512 ef40fe51385109b710f7b3cff822f1a6b7e6ca2906cfea137458d99b9782476bfa9cadc8d8c2f9cac90d5ed9bbc27960d68d8e0b390b7f0aadfedd5ec0413975

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 54acb7258683d765959dbe4790a0c6fc
SHA1 1a454c57dcd901a8e144967d1f0397c3fabdae8b
SHA256 5da9ceaeb8f2936a6cc32ab5940d9df0e02e8aae322bb6a2fa39e8319d3e4b92
SHA512 aa90c3c057317f4c62c7ade4b68b2227473841f7e11c57eabd74a8e3e49ef3a560536d5a71068f98419c7ae5b1c6c9d282cbe5386da7e60aa8f26d8beaff258f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364690812306870

MD5 b1aaaf4f8abb6e4c2fd64949265eb1c3
SHA1 db0de52ebd1d4d968ad85abf4490521d92e202e8
SHA256 8a6ab67950d46031625eeb68a8c12cb6ff856ce739cba979e3d1175d789589a8
SHA512 1dcc324d988dd0492df5bcce161dd278896fac2237dbd997408eb3df5aae9b9a12e5949ddfec7934635ea63aec409b5861b6e9f1b54688b059c470effd3f5d04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 b059bf13016b3bf5bcf019db5d293948
SHA1 173e7fb050461ca37fce19a772959aaafbf8d07b
SHA256 98ba155794ccbac52b21bdc0b5d795f06f56faee3fa1843fc841b78a6f9d2de3
SHA512 21272491fad9c1ce50958ab70bc6aa6da19b78758cbac2ac91510425b9ccafaafa708d5e1c814a3df3bb4a62c78c14278fedd7f0ba8a19ca9b8f93baa71e60a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\prefs.js

MD5 0ab2d2d9c66d0cf38cb1228fb21fd157
SHA1 83384fa81991165a6649afb6bbe23112080c3e02
SHA256 24538de4a5b57092b1a0ada89241900d55099da84f4d0c58a3461fbd692bd70f
SHA512 c7ef3438a2e045cca652408226b5b6206ab9afeede26b9a8b9051a0d8584b6873d44092fd0bd82a518947a750c0fe4157dcd7e60271d440d3abadce44e2b8252

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 8a30a1fdd0459d9ea8b1e78a8e636856
SHA1 9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20
SHA256 88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33
SHA512 b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

MD5 d1e39f7c9a082c55f6500aa93c96eb19
SHA1 329145fa75bc1c308cfb4d4706f1b6d9cfa5049c
SHA256 d9495e69b184b9f5a556f91a4a961a2619d45bfd83bd8733db833a64f71ba6b8
SHA512 3e099ae7eb2139bf7da40dea4e95721cd0b4184241e8984ba61241132b6d2d194cca3ade560448798636c0664e37c3f84bbca4449204dabb27b5e0accfd614cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

MD5 5799bd5b06d8f42a1a57e271549154b3
SHA1 84545ffe49033afd5277cb79d650cde467e8d9a3
SHA256 2f4495d1348faca6c50ca064196bbf9e7eb2fa5e2ae4bb107c2d35553e8a7abf
SHA512 e0fd7f544427aa8f53ad750a96939395303b5b786b59e4be077865a6d98067585a210cba8474f9465d64f69e74c0dc8b758e82e01605a4bd4f8bedd8ae67b346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

MD5 56bb7c4cd6a5a69d6f4e7dc357090ebb
SHA1 2c48155fab7a266afb8704a4b9d30b74f5991307
SHA256 806ca19f02a9066e31b821d3b28397e835dbbd202805e19d41e98e947331ba82
SHA512 4fc1fec4a07b0b37592c4c031ee58aa4b21897b728bf87f65c0119e75999c6da1fd94829790dc79b687ec955a10c7623a66c085778d1fa0b4379d530a54640b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13364690809084870

MD5 19c154e664ccdbbe6b8a7413eb67fe45
SHA1 e6f9b518a9fce380dcf7fd5db9d9b310fa63b2de
SHA256 8caf715850b29603fe78998a98acc7227ee9f28ee40d7b0c506ebf14d7da5be4
SHA512 80e102c179c662cfaa8e476b40cad64e3c882c7f6d9bfb7ee4c727f1156913570e441eb6a955b70b5b25748e1fa93f9705e10adaf2f28121f3b6a58be3cb8ab4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 03b4bdab1ec3e58c32382aded77153b9
SHA1 f4ec9db02a683c049a2807ee2d96010e1984d443
SHA256 cf372b7230f1befbc0327352fda4508fa6bb417579d22e3b6bae78190851d173
SHA512 928a7fa82640f0a2c82389e2258617ed8d271090f4b36a6a85091f6a891b89e54d328c3c8616d642d2ec7b4e3e6879aadbfb51a55beb02af47c751facbefa575

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 f88bc53366160f364601c1b203eb9ac8
SHA1 1fda32632eaff6ff41227c83c916db0d3be7f51c
SHA256 579063d5ad4f1734036e83c36acd0be43e8163e6c12047248785fa8a9367a5e9
SHA512 321b742278feb87b741f42a6b06987d61db86bfc140c5bfeaf77fc5ca013ec8788424746671607d07d5ce615d12be61cd937d22a3b2aa9fdefadf890b8aae6d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3fc70682c7b7514dfea7ff0fd28e50d8
SHA1 04f5f7b56cfd05681af7bed80d95cea3cda05caf
SHA256 f36d9a86781140fe2218b79306e3826086d53cd1883d66cd0ccd6b02756009b2
SHA512 abd692f0ad2f222fdac334d64930532d014493b5a406242b7e4a69c8acea2fca7ecd42bc55fec9c07a1923413eb1601547458b35db098618f9199c739d4ae651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 19551ebe32e1641fbd9943edf2765cbb
SHA1 c677f2cbcfb2b380c1fa1a55fa98bfd4005bc201
SHA256 38307a42ebefc2cd33a082d3de0cc47f7ce47c25101f498c65d8ced5aa12b1d2
SHA512 42f0477bde4ee20ad1419ad2d513ab87076fed025f1972e3e6b5543e947419471b745c2d766c44278a3475d4e9e9721a1aef7f973483df6f910ec20fee71f13b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a24e002104ec97786c9fe88b65c9f843
SHA1 06cdb7fcb16c957ab022f86ed5a76e04b1a65430
SHA256 1c2ab7e5d4d823f3c452e017cf05f65540c912f08e074c7ad32faba4933239c9
SHA512 d82911a8d1ff47af727b7faf4ad70ad6d8df818e58b8092337d468827c6bb0960cc44de93c2cf52fe4c16fa40e104a137d20ccbf35478f53edc722a70e8fe8ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 01575e1867748f1c7b5fd6907137d53f
SHA1 d9a8bd4d1e92d729295df84da13de3f252905c9e
SHA256 c6daa37e448730e8b57d13865a70007698c255cee84df672114fbcc60cdb0965
SHA512 00e995f72b81bc05e6c4b08bd7f755fd369a5ea8d5945ab778defe42626a3667c5b52f389eadee3c3a3db2e596e73204e023162e7867542eb09ed4ed1eb355ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 0b7fc8f3e9a7c412b9782bba0148d1c9
SHA1 f8bd8066154211e705808856a2f41b867e475775
SHA256 c75f4ea81ce69ac6c8f2e37d4f9a206582e3132542bb51049e1b73f6516ca485
SHA512 fb46928b653e001fa03ff27750421abf06ac7e3f61692f4a1dd12ae277f1fa9f18c6edb7e6f731f78868bc88855f42245f117315e4d095855ffa5916a2b76e78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 d3f2386bcadbb7be7d542a362a259252
SHA1 d38dda28bc2fb00146b94565a67bcc9671587bea
SHA256 2bb7e4b348d77d6b95193973357e660c40e768863f7bc3ddffadc86fd08f635a
SHA512 956fdc56c8481576a9d95853ab965303727386a878bb7c54c0f18b330f07df03bbb3b22a1fbae96ac583814182a315a311b0660f1a3d9c144755989f344613e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 f30e46df371ffa369bc4c4d2384d336f
SHA1 f06cbaad33ff97702e316a878a9f8004fd7b9daa
SHA256 572064deb9c5258faa2a59f421107736913969092e5d9a205c31b1629477833d
SHA512 668e0b6d620e10edecec55616840e1d7a465479481e5db414b577035211b493657c49ac160d5c1aecd995160fdc9670a52f6c4e6070a6baef56b597118c88ef5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 f8f45ea1b05412d0f346c6ec1d133dd7
SHA1 0eaab29bd2838065792d4e700af2d8fd38f3e32f
SHA256 3802b384d4cffd8ece890fcd601192347185254e38701b472f8706da22470c62
SHA512 82a4ee8b7765f1efea1c039c663cf3f03fbc5fe156342ec1c3575b84e1006dac08e81900ef7a23443dbf7e2754aa6d9ce304290394da3e07b80c6df7e58194f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

MD5 2be353f1023d74bc863e296e3fbda5e0
SHA1 09eaf8f1bbab650a9dc3e29b494fc5d6425ca44d
SHA256 bc0bf38b562073a04d69ef890b3b2e9130f96daa8b59636aeb1628777a6dadbf
SHA512 21263dda1fee76be8fcb9d3d14a3c35d50e8b1c46b2b11734b3b9340d1f03d97b4a10f763416278ca8ce97cb8980dc552497681006032fbb789ee60bc7beb6f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 bc7f95a27e01fe8d87df6d004b562409
SHA1 6df651d367926f789a6ef807fa69efff811a78d8
SHA256 282890e6793cce3cf9087c538dba2d41f483bf9be85cbd2c8c4bab5ae04cc782
SHA512 2c3a356e54c799d4dee88945b1e591a1b3abe13b5d219d345f8b6c2a8f5ea6ccf9d98def7b2858286b54e9284452e9f1e23eed404f686bf068bb8a2fe058e03e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 ff4bf4772a08a46d9d0a774803de84d3
SHA1 97ec2a938f5cfc4c613af94751883fdc163be46b
SHA256 423195823095c2cccbdd42c55365ffa8d8ce931a18f3e2f5d683c2ac83122881
SHA512 1b2c211d81b1225a1b2d03e01dd54a775ce117c31fed81963b0c81eda067614813857d383781995075369e04aa487a771a6420961abd23a8c8c12041d860063b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q38sqp1f.default-release\activity-stream.discovery_stream.json.tmp

MD5 2378e2ff92020698511b12c6502a77c6
SHA1 01fb18d4d79ec12342ba6e10fcc855b835db5b4a
SHA256 9e01826914f5089587f7d08e2f7cfb11be4128d73267612a121f4aef324d8cf0
SHA512 b0ed0eda01e40d33f24023e55d0dd19c560faccf821cab26b44a8ab415a7f290f33622073378106aca3ce5c4aba2a04c5bac623b0b2a4700bbd73c84d522f143

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 29e52a28bf69d192fac3e9d1fa82f647
SHA1 0c79fb523063ad728c52cc87d0303629643a9fca
SHA256 818f2a1b65808b5f19c80b6efd601bca44d36411b22f5babfdf6d5238bdd839f
SHA512 6490278955b64f128e944903a43ebe9d2e121e6f7a7638a21bf756e48fe399a0a121dd44e044df6ccd1d89e50e918203f8bd0b8278bf8b3b541611fa2435b98a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 141b3295d997f4b331da33da7fd7c20e
SHA1 602d1c5bbe466d38da4a501a2013f3a682a38cca
SHA256 b3ebb285831d6b62c7fa2f6d4060d1486acd32bb7e564808303db960e8cee1b5
SHA512 e0030983e7ed86d2db676ccfdee3d00dceadf2bee248d6941182a6963dd258b6b612360face9bf36d5f375f82cb4ea73324387c6922374d87f03ca9fc0428f3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 06217c01844b91f31a7372b97f4ff3e9
SHA1 c5d8a27136af9836613694a413d445fcd0783ba3
SHA256 7d2193f1edcb7d5449c961cccf7e6fdc37d579a2f3e88816a37e552ddd8c514a
SHA512 6309d43b394ba31f7581fa010695a3d037bbfc88e391b787a86d9503621d15e8f6d5dd530825a94d98002939aee869fe8fea3c7e225629f7ac7ed946f7474d2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 8c2d8952f3961f631e5e75a47ad36a2a
SHA1 025ba5561c508a3e1c41aeb465fa637c595db33a
SHA256 2ea2d930f7bcd556d5a525c111b7b1eed7d0d1b5aa8fe72fde96f2e5409f6fc6
SHA512 a21f614741e44fda64184dc5cbaa7961286ed5addad07cec0a67f3521d8317b4c516a80663e98993163608d8f04cb7d34cd96d57688e2e002c54483ef70c8ec5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 9dd4a94d8bb2192fe0bc93e80d296b38
SHA1 9f891e6a3ab135ee2b471c3c344ce466a064635c
SHA256 696c6eec1081743f76cbbb17b06235f005bd67ecf24d7386341b44382a0047c9
SHA512 8a8175d7835e2044499113ec5316cd106823cab4489f887db7e090ef3ebcae4eaef868e51942cfa80d98ac8b74934d2177661ddeaf847b4cefa9b1adeb9ded71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

MD5 b4c70fa28632fe3bf4c24140e554294c
SHA1 637c8e0101812665c50c4f5bd7798fdfc65b7f12
SHA256 0063bed9a5c361a01081dce72450f5726d3df8d5dcf177769a765435a4f8d7bf
SHA512 41c9614ebe5c55d215959554a4e1e174fd3b39c2cb4765c8b1dd704ca6b782eec26711372ac30b4d3a18d574c50cfee9843596a354fd1edfe2e68e1fb56fe97e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\prefs-1.js

MD5 b5a222f511f4bfae619b598bcb00717a
SHA1 af7ecf01cfbd1f6898c6b2863549b1a5b43efaf9
SHA256 84df65bd8a6fc4827ad6647407eba082c7bec063042eafe5a11bddd7005eae9f
SHA512 4747cf67678f4a59d6ece5b26558631b4cf38e8b82d4ec3a5deb9d310ffd3dea7bdc8b39f8313f8468feb944e8fd4ff8f420a3dceabe323f9d53ea805713faee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\sessionstore.jsonlz4

MD5 7870250c6572e054cebde2094b7cd33f
SHA1 585d88ca3b01c5c551d2cc44a3fd5691d33e9249
SHA256 cfad39c46cc6a7aa54abd7f77aef5bd8dee15d15a0b6bb0f607e678d8551bf70
SHA512 6e09aaaa0c24560dad5d625759dea943db5ced5591435b1150f2f1e617b6febfe1d3d1efb469426e66c497390ac72fc7a15d5019e2240a31c23e520ac12de13a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364690817416957

MD5 f1e34ef7e4e21f36fd1cbbcb19a6dc8c
SHA1 eaef7d5149ce65e12634ef66fdcc3176b13a3ed0
SHA256 028d48ece85abe9acca4787baa1e3db944054ba6bdcb68bd5a1319ffc9e34df4
SHA512 e591ffee70ba41ad82f25c426cee076094a55a5e9b2c6d58322a869b58ceeeb9e932feebaa1e2a8d3d54c1d4d4df898f567ba2b1f667dbeb81b726449db9791f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\15e1f256-059d-4348-ac05-5b010ee4a33d.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 19ec284928199f1f304b2fd63ba15912
SHA1 9ebea389c1c256d34d96d10fe02a93f0319ffba2
SHA256 fd5a4c1e24c955399f36990f6237c006490176986ac8747734c769006b312df2
SHA512 d06ea6d85a348d0a0e60db91a80fdb3e03ace965d947ddf692f2d877d927d96655ab373aca530b12ba41d9d62d7ee7f9250a23b9df8a51ab0377cc28c8326b6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 e84b5b9b6fcd74e4fe12b763e899340e
SHA1 03e6b3d7997bfba1f4f4180cf266ce29d25eebc8
SHA256 9028cd8a7386a86378d849f3da27e2607e7c301a5fbd211a2926255054e25a9e
SHA512 1c3f4ad0eebb69966f565b3d0cff0292300134c3207062077ea475cae9b4d12bc5be244bb3085cbf6b159aeae971c388f07466f2422e615bb503653ae996eb8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 6cdb8ad8c365f7e253319a1ccd0cc667
SHA1 0a3752a15ac3ddb15ed11cd9ccc34eb12bc08de6
SHA256 453740ad2181cb51c9dbc7c17274184b5a742d463cab3a484b0774ffe7df18a1
SHA512 af80a91f87ed71d78f520b4726df4995edcb531e9dff6199380be5168054a48197e777431668da55e6e2731383ac25d5dde6102293288bdb0e390d424e3a032f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 9ed7edb93615df19366fe4c75bf12be5
SHA1 4b9426a6e86044582d64989adb8024c4c437a655
SHA256 9d7602892113fe81baebe9d77cb98f1d25444e5d726c700ccedfc14b659e335b
SHA512 24695417d0c74065c2cd728cf52b655a3a7b3bab789bff65261b46a931266fd2b1c4f519dd85a479a07125131bcfbb209aaf2b381b9fcc397efac3c5176c260a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

MD5 f80ebaafcf17f1f699b40f9bb181e79f
SHA1 5f90e6bc3694de5d5a11e38343208c0e59335366
SHA256 37da4255b58e8aff4a3eca9f70f21fdfcb13c34894bddda05f9d01220238beb3
SHA512 f34e6614018b2bb887608537956bfb6bfbc09b4f0df3ae4134a9d160bc9261693daf31ea375e8c27001071ec75136fc632786524d13b90fdde1dfb54b9c65815

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 b7e0c2efc72f8e63c1b33a156e842802
SHA1 01cc4442d0da5cd89c52534cad7ce8c8946c0f4e
SHA256 fa41cfd4e7530e351f512acde5ec1a18733eb77e8c39d468d49da584916cdeb7
SHA512 fce401076abb895d09292da04132c760ea07f08ece88aa865024af4f8f8d0a17b76eac7887476b64562f5e0e8489d8203e7a68c9168460528b54b4de7afc5ac2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 98c041db2fb4c557ecae67c64505b234
SHA1 4378de3210768e985e62829ee5445860f16abe7f
SHA256 7a1dd700cfd950c69df312d0ce80cb78019179ead6c4e55662069b8bb3ad958a
SHA512 343bb4c44a4d5242add59ee9f5a587c0f4a261694f70131d7b2f83fbb834d88de8aceefe9244e5f1658e4aba565b6bdea3084c0d6f19306ea8b4afee1c1f4e3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a7b0affe16f851ab42f7bd25a85f1bf
SHA1 32880f57217f112da9ba4923800d9fd55c0073a2
SHA256 6efef630ea8c35fb23530074c0abed4c458a95a78fa3eebf2266e66bd05fa8a1
SHA512 df7c14a9f48152076de12832335923606f954a809a87884bcb9f5ef700e9f7d6e0f066a4ce1e6df8653050b61e3c87bfa2258ebe8d9e2313623cf8d894eebfd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 53987d5b6de40600b066de972e3c626e
SHA1 74c2ead6b8c96b30384506f8a6d6b5e05435b2e6
SHA256 58e2d3c999238a30119d865646efe40bdc1a7446a6a5617e5b4963d1be9fc472
SHA512 7bb664b24642e99b7947e8a3f4cab5fd095afba1308f736669921d7d9ce9647e7d89a1bbadbb0d94942c9581b8f7234878d39da3b1881b8b245a5a29f91cc7b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 eb1309d0170ca044b3f95c49c71e688b
SHA1 a5ad554b339d4c78f9f3a8cdbf40b3fda94a088f
SHA256 f6571283b6ef831cdf0ba5e1f89980aeb91dfcf884684a48a9735a5265213ef2
SHA512 2b4b570cb8a5756bda1ed36b94a9aef9b7d00fd220e25c06dd9feaaefbd84125cb15986d5cd34ae73ceb28d47de0746033e1ab96e4324423793efa50373603a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6ef44826572bc59918b29f1bd6f0640
SHA1 026695309596a41334cfc2929392676faf268dd3
SHA256 ce847b97fa569c9e7e390b0be1ecca317b2c17ac611c83fb148c47dfef3abb77
SHA512 d4cc25752a42bcca15a56552637b1f1e28af1182edc5f43715c2a6792e566a4190ccdba4e3706191602feeefb5d1c4f32d34bcf785c984474e50a844ac1e38b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3de572a64289846f40d6891178b9e5a
SHA1 98a5f633674b2d4d2e10dbe89dcada4b3fa82bd7
SHA256 838fc505607e01c4eb426762c7753596f37cfab6ae21321bf3c2d69c4edc1377
SHA512 97d9d7718203388c1e073fdd37704b723e153c81389e02150ded6964286c6708a3a3de9d3573f51e825e9fa3d80cef8c65c6549de7950f8d3f9bffafc765f9cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a4862f6aa8c43f7be7939694c0b64642
SHA1 2cb35185c026adc8db58a92de6cb7eafc8bba236
SHA256 41bc8c60d92a9f3cf80b49a5b33335e35c856e96e67b52c54024775ce1f57a17
SHA512 f3fc78851fcc06075024ac4502e37670123c73d0b343112b09360e9e589d25516b63712db192d74d132af29b7a2f8a718a60d280cd993dbf45a4c5f8e52b58a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1d747f48df9ff68b30b9726cfe4de5ac
SHA1 c7d295f3809a6bc90450f0e2a0226a6b881bcb0a
SHA256 312e6ee511d3a348b35da7ac735811d55296e45ae2ef529c1f14bdee31a33298
SHA512 81c17277304e9f09ff3e02c5b904b07735ae645cf7a030e7832a1a218ff349a62b80a5c4f64c671c50b062d0f362a9aac81b7d88849dc72dbafb05c60f459144

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1f95dbce8b221c0bdde383925fc49f7
SHA1 1c78cd133c2e2fafbc0c21995d1249d42d8343ea
SHA256 effc386c8016cb027e67e5dde473967d278c43ab2f28596fbaad4080f7e8fe53
SHA512 e44eb7f3a838fca69de5e656342e5ed940cb76b3141d17ea0a37234b37ded62e497f7185df4451284ec80237b2b7973e8b6eb78bfd4cea0cde869a3fc21d3de1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8138d2be1e10df241cd8388dacd69ad6
SHA1 c4d35e0388cb411e4b2b44473b5084676ec945f4
SHA256 d988d15b85e8a1b20dbbb1eeb0e82db59627d14d9f6597ab11f1d4094e62c271
SHA512 fa2244482971d303035fb756a758be0feeca2e32b8f1fac5cc7562c2d088e506aab72768bc6cf2d0e38fa173fbefac36fbfaa3f7afe89e07ef0d0b7772c26332

C:\Users\Admin\Downloads\WannaCry-main.zip.crdownload

MD5 3c7861d067e5409eae5c08fd28a5bea2
SHA1 44e4b61278544a6a7b8094a0615d3339a8e75259
SHA256 07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635
SHA512 c2968e30212707acf8a146b25bb29c9f5d779792df88582b03431a0034dc82599f58d61fc9494324cc06873e5943f8c29bffd0272ca682d13c0bb10482d79fc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 72da9d0a9d40bf68696532ccadc77664
SHA1 38fa8ad1e0de7da5f50541ceeaf95b8e41ff9536
SHA256 278ba092eda4883beb4e3d46a8d90b697e309b2949b4787d3533c79fad99838a
SHA512 ed75b72830810c26f4a751de2a04029853952c89b110e1cc4e6b47b263fbf1491a0733f26c9436ed2bdea8c95009b9c1085673873a8f4af5992a03e709062b63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 385f69a9547938f6bbf7e5102f2a17af
SHA1 9c460bb4fa0d74ffcc5bc4e404b12311a950f7a7
SHA256 eaf9815cda2aadfb7be31993c97594e4e601e69ffdfe0bab2b025a5bda8812c4
SHA512 0472875609d01c053f5063e87957c165c0794e4e6ee98fe72988908f50825d810720630dd4c0350b61748646b2c8820d629424f86a22f63f36d50edca1d23bd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 461301066e34c05624da9bb26ed30457
SHA1 6503987fcd558c72c0f9f431151f97ff975a4db9
SHA256 b29b6e72db0a1b609445776aa89dd6deacf34dc20c5a0913c87ee94eee95064d
SHA512 55f5b55070dab972933f1f86712e9217dd4145a3eaa966413cfca06444f17c6211969e8f88b5cb4d6e73fc1740ec59727d8d07a8488cada3969aefe42847e20b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d454bac69bbf9032ba05ef3489d89172
SHA1 966f1748e6f69855b2f7c24262940be8dccafab6
SHA256 684b799b9a4f26fc0574d6d00ce4bc84e78cad625bfd24ba89660463bbe6e537
SHA512 3b3bbddb87325acb4486b0ffd66be2b535d2c752d631c178bec5ef1f34d75610ea8c5e571457db297ab572fb21f94e50cba03143b85ed605fa9b447fb1bdef03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b9a6.TMP

MD5 a2073fb5810004f300e196c0eb6e6d36
SHA1 847352cfc5b5165e8b1ca18f823170ef135b36ac
SHA256 1e2ce74adf8c616cbdb9b8da03269e8b6d125449093b9f30396d15344e5fb196
SHA512 8dbdc81afdbaf51db3df59d386eeb76fbc4a7fe14f5e913a399c08eaa5a0bb2497f455b73d7e3cd20895d97cca1114d7057d2e751a65c48f5ee06ff1fb08ad82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 265323f1e066e870a8f092dd83d40fd8
SHA1 c54a0907136183aeb6ef9c38122c43edd1adf313
SHA256 c9196c4a9f25ed67471666d0eb490d189cde0fb7023add6a7656efcd6c05ea4f
SHA512 8d22a3ef01750ac0df688203fdb76d867b6971b0d7c712058a24b93402de7c40e2d654e6541cb7327cf685c5e59a6cff17137a30fc7f82ecd640fa8a483af72e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f0471b9c-2b1e-4aed-8057-1fb779af18ba.tmp

MD5 b2fa10d0c70f99ce909341d21a154f9d
SHA1 856061568ac5579bdb15925f51058f0e2d60d168
SHA256 cabd280328eda1ef5f6c3a37117bcb932bca0a8ebad1284aab29dded0ca4f7af
SHA512 d6fb97d446eb314ca25ae30eece9c17a1d98118b4f666dbe8810e777dafd916a107448da1b59eedff551f00dc35b63e71910dd38e886a524a528569df3efe796

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 4e0cd35c7f207b56b5223bb60158325e
SHA1 9d774a6be15ccb8e9fa08715bfa1d737ed3766c7
SHA256 7cb0ed38aabc1cd82fc08e9138d1f8e0d7118a9b428e326d83bd370b62291138
SHA512 aedb6fb28f5cbfbe08ba150203fb952ef2de214be245d94b636efc970e1a70997386f2826a599acb603da2afd35834ee110d2a1feb445ea767ff3df498a21692

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 601ba6c49296c3ca388309cd320d751f
SHA1 cf0f81493c7ca50fbc887846d21f1d75c339408a
SHA256 f919d60cfb78a6315762f1b48302e7e985adfe812aa367c840c9dc92deb174dd
SHA512 3ad7e09ebe7b333afc086130114f31d84454ca9dba3a0350aeaa594a41ec06fbfbc2ca374364f9160121c27a1b923a37937c601b21aaa89317ac607d406d6d3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dc3813d7d9811178a85a43c1e5a2994b
SHA1 bd7374645928e0cf1ebf517ac09eeadd0b83f144
SHA256 e966a78b8e1757d839765472fc2b548c81330c53c41dd370b1d3d8d71a7e4dcd
SHA512 294f8ed6b9a2616c38d6542448b0241b3eaf608cc87fe1aef9e90d5b9832f3f60da61f18f29e08767a1e536479b795dc06e8092b02cac018758f1a8076e3df0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 28d52df1e3137f0bf3d55c3bd58f0738
SHA1 8eb4a1cbf96a53131ff9205de08172ef69a84ed5
SHA256 c4562692af66f4a3b79e9709e1c794c431c3111bd5e74d0ec83037f1f0b2bea6
SHA512 ae50913dc637aba877cd931cae14a5fce49566410cdae1c5a68186d2156270a2c97c7ed953b18cdda93cd8bb238044957a6ca3278428e988c52eff3917bbbfa7

C:\Users\Admin\Desktop\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/732-984-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Desktop\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Desktop\super important\@[email protected]

MD5 916e157eaac23087a1b8a111bf99fafd
SHA1 f7e54ce35f732b37fd41dc92ca8f98673a964b3f
SHA256 f00a628b217c7cbed26e371aeadd77e617774fbff6d868da055917d51637a284
SHA512 580e4809cd7faa322ada07775a4f3cfb7e233041f1835e871cc1e814fb7a397f46db0f6942175420fa3cb3a3c5bf051fc0006a8cd182beaff3862e0aff7ec77c

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Desktop\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/4212-2418-0x0000000073C20000-0x0000000073CA2000-memory.dmp

memory/4212-2421-0x0000000073BF0000-0x0000000073C12000-memory.dmp

memory/4212-2419-0x0000000073950000-0x0000000073B6C000-memory.dmp

memory/4212-2420-0x0000000073CB0000-0x0000000073D32000-memory.dmp

memory/4212-2422-0x00000000007F0000-0x0000000000AEE000-memory.dmp

memory/4212-2427-0x0000000073CB0000-0x0000000073D32000-memory.dmp

memory/4212-2431-0x0000000073950000-0x0000000073B6C000-memory.dmp

memory/4212-2430-0x0000000073B70000-0x0000000073BE7000-memory.dmp

memory/4212-2429-0x0000000073BF0000-0x0000000073C12000-memory.dmp

memory/4212-2428-0x0000000073C20000-0x0000000073CA2000-memory.dmp

memory/4212-2425-0x00000000007F0000-0x0000000000AEE000-memory.dmp

memory/4212-2426-0x0000000073D40000-0x0000000073D5C000-memory.dmp

memory/4212-2435-0x00000000007F0000-0x0000000000AEE000-memory.dmp

memory/4212-2449-0x00000000007F0000-0x0000000000AEE000-memory.dmp

memory/4212-2455-0x0000000073950000-0x0000000073B6C000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 16366186ac72b939546e5342c2b752ee
SHA1 1d55dafc2e46bd1ade2aaeec58d618ff4b76216b
SHA256 dac2272cc77df82129f5b14397d2295bf19c5b62860863c1d99f4cc278094dc9
SHA512 2319e6f8afb1c8a1f837e853820cfa76ef05f46c1f6aca6f73b338ebd81b5c463fbdb3a961adc425ee58208bc7bafc5e1f500f3e87ab0ce15f7983261a911e58

memory/4212-2472-0x00000000007F0000-0x0000000000AEE000-memory.dmp

memory/4212-2478-0x0000000073950000-0x0000000073B6C000-memory.dmp

memory/4212-2505-0x00000000007F0000-0x0000000000AEE000-memory.dmp

memory/4212-2517-0x00000000007F0000-0x0000000000AEE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3437983b729d9effd85dec32b366be11
SHA1 fddbcd768d3a8afe5f7c61c130e9acd63637f6d3
SHA256 912725192b6f54c37c9b160f9f05b9e2574234b7da0714e6b8ee012754933eea
SHA512 2f2ef7c1bd1e9bb1deca2c364a9fbc8dd881d8b7f62fb215262bd7fb54f3d6e119ba2eccdad7c385050f29bee625467cb30287ae9e26a63756a38a4d65faa41d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3dfdf9c00a1ceba933f111399fc76d04
SHA1 cf529d20ef82938222820c1a50570eca9ca22559
SHA256 ab1d4a6a4b503948f2f3c0cd0ca99192488c6064629ab9d57388d00f5147304c
SHA512 f6594f54a6e36b6372dd444ea0c51afcedb5e7a8c581b918c0e48088ec52dbc40fd425700f3e91e4446badc7e87e8b05c7e1700923a50bc4160cc20b18fbfc37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 930ebba3ce06b5f0bab4d296022fca2f
SHA1 69e0203e4181861cf783bbe93cbb89f7eb580947
SHA256 497408307cfd7e4a555ae30c57bebde34ee0a542d2af8b6f33bf16c288525906
SHA512 ef75ed07ebcf66202998ff51a6028a8940552f1c1194ce3993dc256ee2b1576d65bedb5a9edfa75795a9c7cb9869926aa6c6132b94f735ee3cdbabadd776047b

memory/4212-2670-0x00000000007F0000-0x0000000000AEE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 130414a170cd663531fc8209d8cd5657
SHA1 94525ff67acf2f44579d431c7a208b881e52136e
SHA256 7d216300ee5d2f09a4a121e98b8c5bb5d8ba76b3cc21db0648b1dd82d1969ad1
SHA512 c20e0ee3a8e34c42367c7364cebc31cbfe6c7b835a2d1bcf582e3baa9f7a40b10c2b9b4c5d56d41af19a14e74bd18c8b4c96873105de739f173540ed4718e040

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c16c38cb5b6716721f69c9445612435d
SHA1 7d8c8bd9ab15383fcb27433dfe32dc35e5fd561f
SHA256 5f08c8d3f8743da21e9e85654f8c83d6d4bc40e4c275da0b78c5edef11ae57b8
SHA512 a7943c2a080427ff2f352d897616750c72986c7de9e3941318351b9d65d64cbee62e446be04cfc8d956b9ee46ff520e6da07ce2bd1c31c11edb8630b06550fff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ccc8a15a69b491afcc120c17dcf94ac
SHA1 469412b2af66dc4e64aacf7613b30c0b64a81825
SHA256 7a71b471924ba86d24745a1cdfe06034745c14ff80441cf0b571310c92a07b29
SHA512 641898b58edd88643e3208033f976b9db775b6ae1689ffc65ccabdcda5c5866f478105718b2f0beae5c59b088775297adf3019d887c870173ce32940b4bc6e17

memory/4212-2738-0x00000000007F0000-0x0000000000AEE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2750f81723ddaf3bf841e34a4e68879
SHA1 b723fb9659e64d4a6e6d48634ff3753270a8991a
SHA256 61206547b4225d61720ea2c556daa100225822b74007c9dba0297d387ba0425c
SHA512 328e5f776112d88cf03180157ae9b0fb9570c452cf85586565daf8c954736f21b994a0bd17587384a426b9b091f462f02d21d03f1b07bb72edf6eb2e55bf9f8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 82437c31379dd40bbd13fad3f00233bb
SHA1 755850b9a398b8311eb9564480798a21c4f8c356
SHA256 11a8e5669dacb270d8e221fdbcc71150eb558c10604a9e730d439706ca0cefdf
SHA512 f5b46c7a6badec3cdf32f6eef667410f85a779b89911272a488b43b865fdfb71b0acc89717a9409ea64beecba0b2978b4dd467783d38009fab35386e7aff5437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4e6521c03f1bc16d91d99c059cc5424
SHA1 043665051c486192a6eefe6d0632cf34ae8e89ad
SHA256 7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1
SHA512 0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f84feba3f2fb8412c7c1bd6575172a4e
SHA1 ff236b6b3aaa0f8a8eef248c73a59cd15a0d4a2e
SHA256 96c951f737b0e74fc24b7b882afa2c8d10278d7fbc7b70bb399619878cfaffb8
SHA512 961d6817bb07ac66845894e9ee8f0b2b17f068767a2e1ffb8a22af19aaac2188c56795b5c177101d3dd1792532623be57051fb9660a703b679602f9ec24cd398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 210676dde5c0bd984dc057e2333e1075
SHA1 2d2f8c14ee48a2580f852db7ac605f81b5b1399a
SHA256 2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5
SHA512 aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\da7fa4c6-42f3-4cde-914b-e20d3e694dc0.tmp

MD5 42d382263996f6d4235830531f369ebe
SHA1 b2ebf501e3e5122680a1beb2677f66baff43c0d7
SHA256 828203aae60161f6dad64acf45cf9a0cb0a58d6e560b659c5a32637bbada7e3c
SHA512 3378143ce1a616caa4172064cedcb7638e86741023135350c5029ac7d105f761bbe99b99eb0fd36d67308000c089699a31f715d357dceda90b9977cf95bd980d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fe6e14f8081e99dcf8263f663620af3
SHA1 e07e3c226587fa3c0dfbb6b4e32829b80a33f5d7
SHA256 014d4efe1c587ce1bf4586d667f4116dfc1631be4dbce803b92901a80bb7a18a
SHA512 9bc3fe2364d92c17f5507c59bde0ed332d1b4f1b79c249e692f889f8abc6a9b2a8d8b6c27f9addcfe499150063f969cebcdf8630acef65c1d9b45429c0695ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c7b2d8b5352332f6fe1b49317575896c
SHA1 a8aa401cc950b26660b97eee893c19ff08229f49
SHA256 fe2fe0bd9f52c31b03c2e696b3a3993bf6e415377b4c9e5b257e51849528bcf3
SHA512 0fb05d4e9708fd5729a3829bb64acbad64b3f2a2a4f5bffb6eba5b9806b24e29bcf6e9e3aec4174d3352ebb4e2c8144a8c788a0535d3937892a3475cc1aa7d3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1daa7992654150680ddac53161ac22f
SHA1 25416d6bbd6ba2b6d59adf04ab65f37c462446fb
SHA256 6d4436e03595758e7bd38c009553d77c4cbdd5132b83a2056fb87e6caf76b404
SHA512 25133c9c1cf2a3c4aa9bd67fc9cfd421b7f4af4bcce7b42135284806e74b5fc84e21e9fb9eff225ac7583fe972d10162945bc81cd709fe526aed17773ac7fd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f69906a816727e9ff88df157fc0829bb
SHA1 9af7fbb3211629ecf231c162ba2cb29e8ccc7c3c
SHA256 1588f620ddd406569142fe5888db7d48c318f5fbc7f1671609f1d837e40bc25c
SHA512 50da845e3e2dd7ec9ac2b7e1052b298d094e47fdd8a30ea99ba43c3b15c10acff49d42883be43cbc381ec41a6942dba0e869065aff551e377637faf0e6fa7d60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b49a4dc4ac63286d777d64f3c9f1b359
SHA1 4c0c79b3cfcdb73592fe580a5d32ea0b1a9b720e
SHA256 1a43cf14aed7853426fa3182dc40d7178a052095a275da78b92d5754beb63480
SHA512 c1ee0a5fa2e4122ef7d5ac943b9d7e6c6daa127badb049011ab151bfa6067306664c0b2ea99b66df05794376f3da6ad94435a30b8bd80bc4260f7204aefc457b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f596a827fae086a11387d7c5e956f99
SHA1 5039a5458084ecd0ac6b74ece0be7571920316e6
SHA256 90dec565b1dcd2cc8fb6c4986e6d90cd3268a46973eefb407f65a02819f2db46
SHA512 a3f0b057c962130aaf999aeb0bbf9cfc6e6c484d42f5bf0fa8fe2e2b354e69a8a7d7428fc6d9ec65014975987e9cf7c5919423b4913758551dc6a8ca7fed9617