Resubmissions

14-09-2024 19:36

240914-ybkz6sscma 8

14-09-2024 19:26

240914-x5hw8s1hmc 10

Analysis

  • max time kernel
    479s
  • max time network
    471s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-09-2024 19:26

General

  • Target

    The-MALWARE-Repo

  • Size

    299KB

  • MD5

    779de164115a5525dcc72356a622c063

  • SHA1

    d628f3d56df4d4fa4857ced85e85279d6fd0f08c

  • SHA256

    1832e3fe9dd044a16468786ca07f682573c99ed5695a4ad22927f74bef8baffe

  • SHA512

    989698e369cc4fe91dae5c0318a8d27951626fe66c20c11261e6d4aa375124d3e88d695e33449e944e6d45f484c61db62deeaeac52455f2fc9f33c22a950c3fe

  • SSDEEP

    6144:15oQS3uokeOvHS1d1+CNs8wbiWQ+9rvZJT3CqbMrhryf65NRPaCieMjAkvCJv1Vj:DoQS3uokeOvHS1d1+CNs8wbiWQ+9rvZc

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �
Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Downloads MZ/PE file
  • Drops startup file 2 IoCs
  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 4 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 39 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo
    1⤵
      PID:692
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
      1⤵
        PID:4644
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2300
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff987d4cc40,0x7ff987d4cc4c,0x7ff987d4cc58
          2⤵
            PID:3444
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
            2⤵
              PID:4888
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:3
              2⤵
                PID:2096
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:8
                2⤵
                  PID:3904
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
                  2⤵
                    PID:4044
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
                    2⤵
                      PID:4776
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
                      2⤵
                        PID:3484
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4528,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
                        2⤵
                          PID:2396
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4320,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3668 /prefetch:8
                          2⤵
                            PID:1860
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5084,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:1
                            2⤵
                              PID:4788
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3424,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3612
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3456,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1452 /prefetch:1
                              2⤵
                                PID:1640
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4636,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:1
                                2⤵
                                  PID:1680
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:8
                                  2⤵
                                    PID:2724
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4920,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4292 /prefetch:1
                                    2⤵
                                      PID:5100
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
                                      2⤵
                                        PID:2724
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5376 /prefetch:8
                                        2⤵
                                          PID:2084
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
                                          2⤵
                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                          • NTFS ADS
                                          PID:4124
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6100,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:8
                                          2⤵
                                            PID:2516
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5596,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5912 /prefetch:8
                                            2⤵
                                              PID:4588
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6384,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
                                              2⤵
                                                PID:4044
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6328,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6192 /prefetch:8
                                                2⤵
                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                • NTFS ADS
                                                PID:3528
                                              • C:\Users\Admin\Downloads\WannaCry.exe
                                                "C:\Users\Admin\Downloads\WannaCry.exe"
                                                2⤵
                                                • Drops startup file
                                                • Executes dropped EXE
                                                • Adds Run key to start application
                                                • System Location Discovery: System Language Discovery
                                                PID:2548
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c 148781726342297.bat
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:3576
                                                  • C:\Windows\SysWOW64\cscript.exe
                                                    cscript //nologo c.vbs
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:1780
                                                • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                  !WannaDecryptor!.exe f
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2748
                                                • C:\Windows\SysWOW64\taskkill.exe
                                                  taskkill /f /im MSExchange*
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Kills process with taskkill
                                                  PID:4688
                                                • C:\Windows\SysWOW64\taskkill.exe
                                                  taskkill /f /im Microsoft.Exchange.*
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Kills process with taskkill
                                                  PID:3876
                                                • C:\Windows\SysWOW64\taskkill.exe
                                                  taskkill /f /im sqlserver.exe
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Kills process with taskkill
                                                  PID:2284
                                                • C:\Windows\SysWOW64\taskkill.exe
                                                  taskkill /f /im sqlwriter.exe
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Kills process with taskkill
                                                  PID:3576
                                                • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                  !WannaDecryptor!.exe c
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2084
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  cmd.exe /c start /b !WannaDecryptor!.exe v
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:488
                                                  • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                    !WannaDecryptor!.exe v
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:5000
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                      5⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1672
                                                      • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                        wmic shadowcopy delete
                                                        6⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4224
                                                • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                  !WannaDecryptor!.exe
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Sets desktop wallpaper using registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5060
                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                              1⤵
                                                PID:4120
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                1⤵
                                                  PID:4336
                                                • C:\Windows\helppane.exe
                                                  C:\Windows\helppane.exe -Embedding
                                                  1⤵
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2524
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
                                                    2⤵
                                                    • Enumerates system info in registry
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:1592
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff999dd3cb8,0x7ff999dd3cc8,0x7ff999dd3cd8
                                                      3⤵
                                                        PID:4380
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
                                                        3⤵
                                                          PID:1212
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
                                                          3⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:3432
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
                                                          3⤵
                                                            PID:3104
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
                                                            3⤵
                                                              PID:4672
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                                                              3⤵
                                                                PID:2156
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
                                                                3⤵
                                                                  PID:900
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                                                                  3⤵
                                                                    PID:2084
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                                                                    3⤵
                                                                      PID:2016
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:1412
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:3024
                                                                    • C:\Windows\system32\vssvc.exe
                                                                      C:\Windows\system32\vssvc.exe
                                                                      1⤵
                                                                        PID:2832
                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!Please Read Me!.txt
                                                                        1⤵
                                                                          PID:4428
                                                                        • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                          "C:\Users\Admin\Downloads\!WannaDecryptor!.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:3544
                                                                        • C:\Windows\System32\rundll32.exe
                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                          1⤵
                                                                            PID:4272
                                                                          • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ExportTrace.mp3"
                                                                            1⤵
                                                                            • Suspicious behavior: AddClipboardFormatListener
                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                            • Suspicious use of SendNotifyMessage
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1936
                                                                          • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ExportTrace.mp3"
                                                                            1⤵
                                                                              PID:2556

                                                                            Network

                                                                            MITRE ATT&CK Enterprise v15

                                                                            Replay Monitor

                                                                            Loading Replay Monitor...

                                                                            Downloads

                                                                            • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                              Filesize

                                                                              64KB

                                                                              MD5

                                                                              b5ad5caaaee00cb8cf445427975ae66c

                                                                              SHA1

                                                                              dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                              SHA256

                                                                              b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                              SHA512

                                                                              92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                            • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                              Filesize

                                                                              4B

                                                                              MD5

                                                                              f49655f856acb8884cc0ace29216f511

                                                                              SHA1

                                                                              cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                              SHA256

                                                                              7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                              SHA512

                                                                              599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                            • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                              Filesize

                                                                              1008B

                                                                              MD5

                                                                              d222b77a61527f2c177b0869e7babc24

                                                                              SHA1

                                                                              3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                              SHA256

                                                                              80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                              SHA512

                                                                              d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                              Filesize

                                                                              649B

                                                                              MD5

                                                                              2fc04031949f85bd228123dde7e299b7

                                                                              SHA1

                                                                              e688aa7b629799f1d9d1328af9e55ae13f17eaa5

                                                                              SHA256

                                                                              d3acdae0f4475b4f11deff848c0a616da099058b54ef5d239ff45ec686fd16d8

                                                                              SHA512

                                                                              3671116bc81f0973a05ac383b3de3c97db2cb3378e267cd6c305b9b2ed29b580fc590a46010058ab124147f3e432ce0c3a46b4fd5543e3129b443ab3117f40ef

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                                              Filesize

                                                                              212KB

                                                                              MD5

                                                                              08ec57068db9971e917b9046f90d0e49

                                                                              SHA1

                                                                              28b80d73a861f88735d89e301fa98f2ae502e94b

                                                                              SHA256

                                                                              7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

                                                                              SHA512

                                                                              b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                              Filesize

                                                                              216B

                                                                              MD5

                                                                              6eed57080e2a35d17105f4c1544a951c

                                                                              SHA1

                                                                              67aa49d21a330e6b4367b463f2811ca89a575875

                                                                              SHA256

                                                                              595ce9c508e46a156658fe30569c0813b74d6af30320201a599e77c073bbaaea

                                                                              SHA512

                                                                              0701d4244128db646b639b6a8dd438de29286db09150190ccfe9cc080d0cf7eaad440d57e61242518c380ace9cd5c4086e0e065c9705832651fa1226f3e696d2

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              58212d5bb21555ef84660e17be07a2d4

                                                                              SHA1

                                                                              67af67bb6bbf17c816b5422510950195c808a288

                                                                              SHA256

                                                                              3889c8997d9c796b96d335acbdd7629881b2c4120cc11aaeba56e45506a948fb

                                                                              SHA512

                                                                              5f674f084d61a78a49d2245cb45d9f09c8c0b6d41604cfc8fe67676b8d518af3b4c3e7581f759375a4380e2f39e850116280eaf2dbe8c8028a0e7c23bd3696a3

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                              Filesize

                                                                              216B

                                                                              MD5

                                                                              2cde61ac7f1bacedd2f8737cd685be2c

                                                                              SHA1

                                                                              67d67576f647061ca96e15a20b98d9481d95c00b

                                                                              SHA256

                                                                              d4aef1cdbbd08357804a3f741854be5df50c6f739120491fd44e9fa75f2267db

                                                                              SHA512

                                                                              cd8889f6b4502104be962e6327617e2626ebf0a7079fecfcfa756dc9f5d37584af9eaa7e94cca5f4552e1d34e01be1b6b8cd6a04cafa0c50a885aab287453696

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                              Filesize

                                                                              216B

                                                                              MD5

                                                                              bae81ff298dfb5a3acfe6ad545833913

                                                                              SHA1

                                                                              46f1961aa59339f08a32df439e1d6c42c54ec4cc

                                                                              SHA256

                                                                              4c3abce5db7c00d85235550a11b7e6b12c0aa5c5a0a31d43c203a760a1bd0c5d

                                                                              SHA512

                                                                              79dd501dfa3ac7433fa78fc719dfad4632ee2df69b3d3ca36d2ca67511ce551f86bc663ac20526221ba6686ac51d695a8af5eb9f5b8ecafe0088a6ff894e9879

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              b5d9db394ace8a57c60e59cbcc20331e

                                                                              SHA1

                                                                              80b64fe5ec73ddfc4fe099462ca5b7978ffb9797

                                                                              SHA256

                                                                              8853cc4387b93bbeb098b19c683002f35c52d311d05c4ae4e268be69767e02e9

                                                                              SHA512

                                                                              4583a976b57f078c65caebdd8e3aa061739f3246ea6fb67f6b926223bd34983d77b927d96419cc2ffb1cac2c7416c669a8052b97465535bad2df843cc0306807

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              ff1426b6533ddf85a13b203c9d95036b

                                                                              SHA1

                                                                              23e8b2e3ab726ea0067095b29571205dbdec2c8b

                                                                              SHA256

                                                                              113b3aa51482da9b0325fe9de36d7daf8d0051b4caafe2025cfbc2a35c5d1336

                                                                              SHA512

                                                                              889c82d517bdaa2884e1fb47ef077e55f2f7f306f70e0eb653cdd6e4a75d2037f3b8d9b6eb35dcfb29a34713dc4618b0f0d087f36e8f044cfa46e49c45f4652f

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              81348b8c12d26eefce6a8591263ed4fe

                                                                              SHA1

                                                                              e13efde535f729d4a70f63ece52900726ba25f62

                                                                              SHA256

                                                                              f2464b63ae0d75db048c56833604a493603a7cee8ec8e61ac9f3fad199a7b9c7

                                                                              SHA512

                                                                              b74148d7ec7ff64a06a1a1eb661c4f9247c12043c4b3e7a1a9c008c0ad205ea77f46b966d85231ec8fc4851a2c1dbe38d2abade1fe785279f0aaee266eb5aae9

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              e6dce05cbea0576f95c0c2df5907cc59

                                                                              SHA1

                                                                              db8d460be804c5922d41ddce1eee9998eb8251dd

                                                                              SHA256

                                                                              fe878bd7299da16fdd2349c376b5af0885e0396c9e167e421d54dc01826de8bd

                                                                              SHA512

                                                                              141ef9b7f60e759511a6139aae75a2aa6e1ac9d688360fa6e104ac0f2e67caa6e4dfac38ac50d8c65e00df65799625b575ba495673c6e7302ca8b198859d6aef

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              77928968ce775a23c86fc35877aaf73f

                                                                              SHA1

                                                                              b17b9e4fad540aba33d3aea25e323b056bc1616b

                                                                              SHA256

                                                                              36026d66f32af37a9e271628e69cdc3f5fce7d983ad561b13cca06c677a0649e

                                                                              SHA512

                                                                              1bdcf2394f056b6437b676f93df000a9b4c7df0a3de95f2292720432c1769e77e087a9e180697369f5c63420b9f2b86e18e4c8019188ca81acf31d1ecada243b

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                              Filesize

                                                                              2B

                                                                              MD5

                                                                              d751713988987e9331980363e24189ce

                                                                              SHA1

                                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                                              SHA256

                                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                              SHA512

                                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              356B

                                                                              MD5

                                                                              0955d789b9e97bb4c11deb3f182a4b21

                                                                              SHA1

                                                                              d6a91600ca31216356e74dd7185e184db466f20c

                                                                              SHA256

                                                                              07f2f59f2a0fbcd640fe5cdb9d5ad7aaab795855f01dbf2579bab7e9a44a70b1

                                                                              SHA512

                                                                              8c7989996260d505fa78fdd3bc8472b2aedf738e817b09caabb5b25b6cec72f564adbbc88ab1230da88e8b1678a5f1ab94066fa13f0ed5dd8a6efd90d3c8fa2b

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              854B

                                                                              MD5

                                                                              de0866c6dd545f86dc208362cb5e8900

                                                                              SHA1

                                                                              1a78a6c8f3c1b38f44af97fe1d0fe1e01797971c

                                                                              SHA256

                                                                              fd000ad22edcf932ed1bda2bce3fddbdb73eb06e1d57449050b1d386e18e46e6

                                                                              SHA512

                                                                              774aba45a608b3d5b2ded9fde5cc2341875bf021a08d1fc24bdbe7cae4da1761384a747658bcb63087c9c021c642dc9e6bf0f220ff2342cc1e4db519ece1b3bf

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              9a79df76d2a6477466f5dd498bfddb84

                                                                              SHA1

                                                                              d1f7c15ccc7a755ff0c0bf6c75b37e823f3168c1

                                                                              SHA256

                                                                              b41f79a9ba415b1bb174d7975606eb9662e211712aa74ca677afaf11efbb3ddb

                                                                              SHA512

                                                                              74f9e66fe80649cdbdd7b090fcb0893af3ed80946bb3b8b6b0e8779447898e41cd8c9df97ca05e6881407229526c793c6ea6fe853c75cfff1afda460d2a85485

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              91b8e1d2ba30f0111b8540dd56ea65f5

                                                                              SHA1

                                                                              bf45867f470b77a24e549b4a50d244901db6816e

                                                                              SHA256

                                                                              d6380e844f61c406d035ef5b7f9f55bafa2886e88ca8e21b9a76738d6d62eb0b

                                                                              SHA512

                                                                              89a4fd51c47c4e3f85edd6ae4054e5612d66c709405b1e9c388589df0e88240519d2cb71a6aaabf2bd4a026eab1b24dcff64dfa3b6f56439fb78579d5743697c

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              63df7281c538723624c7d467d64f59f8

                                                                              SHA1

                                                                              46e41fed9543398ba37f501e34f6737d1f53a0bd

                                                                              SHA256

                                                                              40a885da877b85e6697c8dec3fb17645c0d3f0029796211fe28fa526819115a6

                                                                              SHA512

                                                                              b490fdf666f44eba481d28b27e789699cdc284c800fb7494a7fea009163490998b1746ba563841be41298c4b5d8da7c2f0e3e7acfaae52be88eb0fd17a08f1b6

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              356B

                                                                              MD5

                                                                              75c655ca0bfc5a26f5f90b5214a45cfd

                                                                              SHA1

                                                                              df0083ccb9957396e2d4bfee91a48d7167076eaa

                                                                              SHA256

                                                                              214de08d0ae29c231776b08bb25f81aeecd4e2ec313bbb11677dd09ed0bd1c60

                                                                              SHA512

                                                                              69c176e8aaae964a832d074b27538e594472f0a3face94e69d57f2e441d7b4cc01bdc27a384f6f2aa7c5141448e03bb4ec68b0b4b57db19dabe91a1a97cc8911

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              bfcc1a24cc050f42ef5ff03cbc956f89

                                                                              SHA1

                                                                              39bd087f03e481e952b21c7f3150bbd42759a914

                                                                              SHA256

                                                                              7eceeea4b5274b6445542ab89cdb234af4adea08dc74001b2c043916a8d84613

                                                                              SHA512

                                                                              b467f1e183fcd71e8826afc092c0e02fc0050087a01a6218b15534b426f9a1a70642ec13ee00c1dc670eb8ac66ae8c033978201c57bb6ec107dcac099d90b126

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              4e0f017da413eab509b95532c7182871

                                                                              SHA1

                                                                              5d029db803744f6839b8177875737cfb6fc5a4f6

                                                                              SHA256

                                                                              08c2b22a93ac16c7fbe82c9629628a70ba5e2789cbc7914465ebf71451f05b1b

                                                                              SHA512

                                                                              152284d0a72124a7e0d7225c63778d59d764811b82e642366ae42efd6d6a803f1d590cc2c520720e8ce8bb191a3faca94caf1542b5b990346aac458354998332

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              57a548bad521cb4b8728c2388a1c949f

                                                                              SHA1

                                                                              80b6dad6cac792d0b53b3f276365452244d730a1

                                                                              SHA256

                                                                              b599245aefe37ce92930a21ec66396b26fc15a9dae8c1a26d4872ae0af24ea8c

                                                                              SHA512

                                                                              ee294875c71de4524d793ea91abea052d3f3b28dd73f881a35dda7d022f4af93ba18e84fac09abc7306d345260243a63832fd21cb491d477bfd85a31893910f0

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              9c64465064f6f7f7d80197ea5d4e06f5

                                                                              SHA1

                                                                              ffe9586c5c1bf956cf7ca802287924899f421b59

                                                                              SHA256

                                                                              f805377242f790dc4c575f98d05d51e810cdd02c205645c1e562eae5ac138fe5

                                                                              SHA512

                                                                              957f43533c8fb08c8ebf7184fde3395068f75add847d8b698c9dedad8ff6ed0cbf7ad08841e26069d1fd38f49df19ddd3cdbc8a987c745d568a96c3d4b6109c7

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              bc05b3e134d6cf484b349ad6c1365d9f

                                                                              SHA1

                                                                              937fa9a9c183f38fd3e4cad9f308962caa9920be

                                                                              SHA256

                                                                              58efaf688825417f0e0d0335aea1a43c6940a7e3d731dac0b6eab396fcdd3dc3

                                                                              SHA512

                                                                              1055af63b53f8f38d3228d3c766775260125d6b986bf7cd209abebfc83ff947d10c8103d069d28af112f0ad9017c732a286a7bea3dce3dba60b3f9bce9d15d90

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              ad77aee147e5c0708a83296bec791591

                                                                              SHA1

                                                                              fa1b58707dbf4469c433bfaf64b65806895942c2

                                                                              SHA256

                                                                              960a4925c9e0b8821bceefb65520003f80f46dd9c8ea07861a94e41d274227b7

                                                                              SHA512

                                                                              2eb2f1cd00285a63377587b8d01c701dbdca694ca6c15a387277c67a19283d560b992afcbfe9cf46f68018000ca04bdde142fb1281393cb22694332f83d69fcc

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              f197ba7fdbcfd1fdc5ad2c906d1169ad

                                                                              SHA1

                                                                              cefa6eb43c4699b6bdb456fb1806eef892a7a3fa

                                                                              SHA256

                                                                              85ff9577d9b6cb6df7b2497dff3078b92d3be7e039a19c10d8e36386840122d9

                                                                              SHA512

                                                                              6729670477c732d6d894f2547464e675a4d4b0a3f507a1be5b63f981e0dca85cf9e046386f04b1d28eca07d77bae77f1ee7150cf1ce47171d57e25325bc8168b

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              9289d28875dff7c3bab8481fd253750c

                                                                              SHA1

                                                                              7364b24c936344a91a0573206de7c7b611b43dff

                                                                              SHA256

                                                                              7faece659049a7530c357a5feb79a057bafa7407f86ee873ce6ab248d7d1a8a9

                                                                              SHA512

                                                                              16010d251f67282e7c9bfcfc75b89c96594d022ec3b5f263814342dc92c46e69d8ae811c05f74a5ce365a658975292e1ea76510657e5e35ccd42457f85f017f8

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              48567d7a783091a8d964622e9cd376b0

                                                                              SHA1

                                                                              7f21816b560eab4eea02732bb129792564105415

                                                                              SHA256

                                                                              eff4145f7ad61dee742715fcc6b003c6e360ffcb9d4fca6b795250026c336645

                                                                              SHA512

                                                                              273ace1e3a80e7d030d70661a57acb3e04cc728e35dce87261658da494b24725d80a41efc132f66728240e3c7ecd2a8677f956cd1b93ae42643515c547bcbcda

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              7c5acc666d2176344b540a8560ccc98a

                                                                              SHA1

                                                                              45d3fa643560bcf287fd2aff10fc9ffecbda40c9

                                                                              SHA256

                                                                              f8cc2951c8d7e1e41f0320e8d81c2b3ba46f4dc869b0973b3b93e6630e9fc420

                                                                              SHA512

                                                                              f262113628c38c58183463697347ec3b594db91e5283e3461e5070b9b0d739914a2701e63f8f193328b27767d4a8ce17a6f0feda659c3eea7d32c0c196280224

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              d351bd065a50277aba18984d943a1479

                                                                              SHA1

                                                                              8a51ffe77448f031865a0108d9da0cc0b72b3e36

                                                                              SHA256

                                                                              c22ed58cca536d9156ceb55f292213a50e6f56d7f4e3c94b99ea8f52496544b9

                                                                              SHA512

                                                                              514ecd3cdf6371f095b241b0a1a0fed7f3d0c02328a49101deab4219870c229d0d78b88fc90f73db6b50b90ab6236ac18db395a4173e9dc4f2673f1b4dfe6eb4

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              b85d241916834741eb662b71bd65a58f

                                                                              SHA1

                                                                              be73cd122c0ab5c53cda9afa276ab9ab3de832f8

                                                                              SHA256

                                                                              fa9c38c6ed4e08909881d0e3564a6750ab370455470a138bc086c0143e35f60b

                                                                              SHA512

                                                                              1e33aad59ce3aa0621d8bda7ca9ec3b7d448e967001f7f7c1750aa7e1a672229ae147665c98bf7073b767e6a6835ca3f4d2ea2f4bdefdd2b97762790e3c88026

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              4be19d4e893a86707a055dd7f52b7044

                                                                              SHA1

                                                                              091eec9b3c93efa90049131102257dcedac7a5cd

                                                                              SHA256

                                                                              7a9a353da6d955dfe6ddffb72543e56788c600694f19b61056275789d338e2f4

                                                                              SHA512

                                                                              93eaf784c2124d5f5962cb5a00f684dea74db6256aaba2e39da8e33e20e5c27a88775852036c46cd6240ffe01afdf45c377f320ea90a8cb821318525332a11c4

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              3d6b02c04caf48149e53e46e85cb84c5

                                                                              SHA1

                                                                              f130a6b2971b4d303494f6ac3cd62f6a80c08500

                                                                              SHA256

                                                                              8fd96c5a1e6f743c5d565ba94b8db5a1a6857aab9fd9b14d8723889f70c79a70

                                                                              SHA512

                                                                              3b07878aa7418f772fe6fa92f6ec70e33bd15aa08825538eaa83bea97a86255d82777c2dec5086f4810993680d6add7ec7ebada61e3f16b3225c43ee6e6e9198

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              1c02b4eff88384a98b36aabc9043796e

                                                                              SHA1

                                                                              c868f48d72827defa9493820e41a5d919e4deafb

                                                                              SHA256

                                                                              069aad67a3813359b5c564df9def88b9e9c52ec13dd53aef2e069e1379087bc6

                                                                              SHA512

                                                                              09c9debfbf4d62132c3fa536646631c2404bee9b951714c2f26e3de1c3ae44ead79766b36bc1e34ca869287ad98e5c2b291c159b12110e52c46cf84e5f7f3f04

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              99553765e32bbb193007f5812465f534

                                                                              SHA1

                                                                              b58a485fc3bc15cddad6526cb7dac2cbbdb36b37

                                                                              SHA256

                                                                              d8949e28173caa6d263abba37246193763a97af02c5a90b9a97e370e3f48c3c9

                                                                              SHA512

                                                                              8b35aaa10e0c56829e89eae649aececf11e93c2641bd6caea456cbfcd03f2f10f21f546ab47cbe2a0dd95a88dff88577302589b1569273a1d9bea5a71e9fdc51

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              81a4231c37bd619fe4ac367fda17073b

                                                                              SHA1

                                                                              9aad05d6f07cb57cf2d8802af326563e73c70798

                                                                              SHA256

                                                                              4bd07a2cbba235a0e0000ed89f0031e647f6442f7e219de01918a3cf8132b6bb

                                                                              SHA512

                                                                              8f73244c1c3537184458c884a3283d029620d60aba8221a0912e0bc3fe9121280d8189ecb6a9be07f1ccf3284b0421f9f901a8dab576fe3a723b3c1926218a9e

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              ef23df961e0179254dfad3903cd5abcb

                                                                              SHA1

                                                                              31ff50b1fe273fc4bbf8cac42dc09f22bccf0532

                                                                              SHA256

                                                                              84a758372dd7d3d2eaf08299d4c999255e79772cbe5b15bfbbbe9e505bafabf1

                                                                              SHA512

                                                                              108958657d1eb637ceebe5d15dadfd8d631799300c60c45d93cb09196ffc683569fd707508cc89c051ff813733973f29ed7f5ad16e416119059ed10bf4fa762f

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              a4ef4b3d711c2426af445e9ed58b8f9f

                                                                              SHA1

                                                                              e5a1faa2f446d4e1228de488d9af75eb79ee7728

                                                                              SHA256

                                                                              1a716b2707e5d31951a9af2f7d09b1fc3527b1beb717a81b6c903009c80c262a

                                                                              SHA512

                                                                              23826fb5db7f33fcced9a945a4dd44412073e977e3ce8bc0e431331bf964b42e197282e9a37bd15da11854b1b3476c8949ca424fbbc6c4125a66ed439b9f4ded

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              ac569e535ca31a52158172aad47e4109

                                                                              SHA1

                                                                              52ed1003de95c352e5a56623413719370611ecf5

                                                                              SHA256

                                                                              e8ff1fa0539edc9cb76c12e26a34f70f90090a306514b595840248d0862dfb43

                                                                              SHA512

                                                                              12772aa32bd03e9f5ae26cc4e3ff6df7c36669c2b25229a55fc17f2c50146d3c22d361e37ffe75f2ef28a0c59379bc54c2c989971f01e29d4da67da65b7c8221

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              3d21d28ab8593fe14cce28ef333beb25

                                                                              SHA1

                                                                              3e2787b8edad232079b19955be1b8211241fcd6d

                                                                              SHA256

                                                                              f952521d5fd9cff6942cd3612841c6ebee261dc953db450e56ac93ffcaf6966e

                                                                              SHA512

                                                                              ffe931b06e187ea4328470b30f3ee99d5522ed83769c93616ef2502ee207962d969b9b2ed038453741cf430cc04d4a000c5bf774db134cdc79dea9c9a3cefcdc

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              478c89dd3d88df1119ff07205650c637

                                                                              SHA1

                                                                              21ec255f6ab5feda2490415252fdc0afa0d5b623

                                                                              SHA256

                                                                              e6c1cac752256f7046b6bd3c1ac44c8e4f16c60c4d3ac855bf8565b4d7462947

                                                                              SHA512

                                                                              fdea46196b9ca34813f225da2397d554b67947c7c32d44385395a2d3e08ac71ae9cf4c4ae4631dd5e151bc20042bac0931a7fe4539f1a875b4aa760efee61b97

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              d12b7b275276bf89c4ea73197d8afb46

                                                                              SHA1

                                                                              22d7994e852e3f428a27d9f9008feafd4c67cdfb

                                                                              SHA256

                                                                              adcb34c29bd4e919f0997d1c043105fc983796385090aa29a55df4cdc20ed2d6

                                                                              SHA512

                                                                              432f01f7c9fc01fe2d2dd2dc11ee95e9d48dc82529c5851d14442ea5da4bec0a6bfc31e4c25ff7fb95c1224b36ec2720d70b878ab338cdabe3e5c31117e4db84

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              170a801386beab24ce184b8b4743f89b

                                                                              SHA1

                                                                              49b2e76ee083fb26cf8a2ca3a862e9c242697eeb

                                                                              SHA256

                                                                              304c021049e728059ea6693a998bb15601456d6ecd45306b5b4d406d614920ca

                                                                              SHA512

                                                                              13e0497d0dc9bff63b90f931d176109c5dc1f5b00a09f7213409fea09a6003b09166449484e7523bb8d8359cbd5dc87f82753041dabea9cfd4c5e6f7ca3453b4

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              f51b5d0ead045fd7f2017b1a5dd494e5

                                                                              SHA1

                                                                              7c2d664a739171c3acb3d883a812ac9ccd38a51c

                                                                              SHA256

                                                                              e1fe2b914e8d1ffa62c33040165af529a6bb215407f6b572023695712f081024

                                                                              SHA512

                                                                              3cbe87c0c8362f0affadfa528dbbac43eda211a7fdd902cd58e491a53c6c4aa51000af6c9e8f7b7bde1a4aca1f41eb519bea21fb3d79b5e354deaf07440e751c

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              710434d46f0024c20b68437ce0039b88

                                                                              SHA1

                                                                              d9ace6be8194df2acf6a373cf067c3c548b51f77

                                                                              SHA256

                                                                              7c0699f55d3636cb894de0de398245cd6f986cc6d015ca15fc5b01223205f000

                                                                              SHA512

                                                                              a43eb29115fc5bc52dc581f961fad2d2a4467b371b3001affbec9341dc80af58de1d7d1f0c4bb414fe57df94f5cdabfa187c99b0418acedcb8834a6b41acedf6

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              6986bccfaa20f14a665bd2215ab7146c

                                                                              SHA1

                                                                              ff4ba29320e209cf2db48aceb07b0ab0841caeec

                                                                              SHA256

                                                                              d1d234016e1e955103be26053086caa8326a3e2f7fb4b927b2f5033ca82ef687

                                                                              SHA512

                                                                              f2b4e716911047ed4fe9fa1ae30b42667f94900f212448537c1e8bd5ebae9f6e7b20efca93075de6cbbf2ba98818b913af13b84aa7b9cdc0a2cd3e8bcad163dc

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              847a0c4802d0e15448a1047c007734fd

                                                                              SHA1

                                                                              f820548d8b67a7adde2d4fa062dc97d4c6c37d2f

                                                                              SHA256

                                                                              e3505f1cf2a6b46797894c94ea614d813ab34772e9e3ecef6bc3a6bfbd23508f

                                                                              SHA512

                                                                              dd188bc488bf83a42cf489327f0c071091f8ea263e4e6ea41f1768694f4cf289e8483e4aab620ff84643bdea0bde73f5a32de8768c56689cf4928e1be6333836

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              fc991b7783f0dfb81f8b2f0ebfe08ad5

                                                                              SHA1

                                                                              f74f3191230390e571408882db75bb5d6a86a33e

                                                                              SHA256

                                                                              eea5528be726b5b82ace1a349254f444c0ae9ddacb2301cb59e2a356a122a9f1

                                                                              SHA512

                                                                              83141a0f90a83733e513ed8a704093a2fe9850ecb09a7904ea9eceadb91af4da1ba24196b936be3470e95718148d3ef5e320d24de3ba27160852aa305823715b

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              469a1576332de804efce24668e8e0c68

                                                                              SHA1

                                                                              c687465a5d7fef91d43b83d0d81a6a6e63403678

                                                                              SHA256

                                                                              5e3c15d14c4531b899b8a3d1fe982a17292a1283157bd813b1149a73925bbdf8

                                                                              SHA512

                                                                              9c3c19582ca8183f993d5dd640d987f9ace7171477f84f63fc7c72b966c4b0295c039213cc54637cd1ab570e84785f730b1ad2a04828fed59f08ac52682b6d8d

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              f637ef4ef56e2e3eed5ee2c276e4935d

                                                                              SHA1

                                                                              ae4eb30e32a6d46682ed65a933013c892843c5f1

                                                                              SHA256

                                                                              0340f9a95d188a952e57a15e4dec79a0d4c2222febdd2d0d8629499d56b2b5c6

                                                                              SHA512

                                                                              8fc9921f01adac6d4946e7c7ef70005c219e2bc22e74b7fbf7949365bb35b0d3740c66861c61be2063ce75c606e6d64de46bc42aa6345121d70ad1a95e8bcb40

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              a068c727b1235b583760c24792887385

                                                                              SHA1

                                                                              238c89cbf6d5354eee8ed87586b03f9d0c186267

                                                                              SHA256

                                                                              67e5c529ab9ac4fe5f648dc0c613b540b6057e674f7ba2a5c1dabb1c6d617391

                                                                              SHA512

                                                                              f8056458fa1bdbfa1fece0c7661d73368d15fe0fb4e9af1d20f4f975188dc5c861643c18200db0d3d78edc68ed9eac5059f3b886577545c45968eb64eb4e5e5f

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              a4266ba6cf76128e57b6085a28c03baa

                                                                              SHA1

                                                                              b7fc02fe2b60ba4db37638c38bbfc9159571a2c0

                                                                              SHA256

                                                                              145a66d12ec0a9b419a2c083b2f29a0e9013e82fb76d9ec42ae9d100942aaf87

                                                                              SHA512

                                                                              87638218aca806c693a300687ae162a382af389206ca0bf835699a38c6f5e87571f1ca40117edbb48fb4662a9edeeb1d2fed3543caaf94b66bde0a01716994ea

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              ba1d0c2ef9eaa182ac093870a850f5f8

                                                                              SHA1

                                                                              a8b496429536a64f067cc83710c547d054e70e54

                                                                              SHA256

                                                                              fc3174b4e257263749538987d12497fb6b10c565533cc001f1cc4218f4df57c8

                                                                              SHA512

                                                                              478d03354260812c16586ca5c51d0923d1ac9be2875559b6bd52614b223a0a35faf3e4caeaf9c4751f3c8aa8606fcbc5e51f72c17150af875936aef7325d6c26

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                              Filesize

                                                                              15KB

                                                                              MD5

                                                                              d7763c3abc979e210e1132281441584b

                                                                              SHA1

                                                                              8f9f35e13a8fea429d21efb03d5409ba794340f7

                                                                              SHA256

                                                                              77df1ed7877ca3bddbe3759bea894f589c5c29cd4aae68f28eea7c27527ee5a2

                                                                              SHA512

                                                                              28fde13fe834ef5f64ebacb652d8d47135c41501af89542779a9c5441f51d88715cb4aa42c2f3c719f88b6dcded2aebd87fca027c049391c4bf855b474cd07b8

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png.WCRY

                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              cee4de720838702222dc16e791e9dafc

                                                                              SHA1

                                                                              bb42c3f7590c9a958c0e29ab82a92364fc447509

                                                                              SHA256

                                                                              0c5048a2fd7616eefda9ab2d94968a1fb7b78ce6a3c986cfb9530bb3ac0f5a81

                                                                              SHA512

                                                                              b9d476bb517536961d6420973b6dcc8c2f5a630d4e82d3f0801d016d8006f85eed18ad057cb977d78eda20842e106eb4042fec88a8227f931eda5b80c26c06a1

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                              Filesize

                                                                              208KB

                                                                              MD5

                                                                              3e7319713461c43cdc8d7c3a8b57a237

                                                                              SHA1

                                                                              03e2317c22b8be0a4414ee68a981ea426edbdcfb

                                                                              SHA256

                                                                              2a26512f8ccc99462d5448727fe51638defc82b3157539bec52e01030ed76291

                                                                              SHA512

                                                                              79abac7626ae6891f25c33b83e826f5fdd164673bfb5ec2fb4a209743ed690762a3b7809cf89c1aec7d1ede004d12e2f3b7396536f414a50a22ea2d9e8c5b88b

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                              Filesize

                                                                              208KB

                                                                              MD5

                                                                              d7689cf4c982c01b5028b2c4c3fbf486

                                                                              SHA1

                                                                              1246f4bd9c14a19d627bf74b60a8d71a210d1155

                                                                              SHA256

                                                                              86b712d0d28120c28cca024585a314986e4310a972a075967d3a5ca7bb418598

                                                                              SHA512

                                                                              a48ea55d6e0e75912064fdc27d6251390f54a6637ad26f7e8db94489ab5fc0b5ef7aa6fc2dfe3dd3bc2894c2bdd9e90543156bd3db6eef9dad019531a933df76

                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

                                                                              Filesize

                                                                              48KB

                                                                              MD5

                                                                              5a1706ef2fb06594e5ec3a3f15fb89e2

                                                                              SHA1

                                                                              983042bba239018b3dced4b56491a90d38ba084a

                                                                              SHA256

                                                                              87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

                                                                              SHA512

                                                                              c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              03a56f81ee69dd9727832df26709a1c9

                                                                              SHA1

                                                                              ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

                                                                              SHA256

                                                                              65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

                                                                              SHA512

                                                                              e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              d30a5618854b9da7bcfc03aeb0a594c4

                                                                              SHA1

                                                                              7f37105d7e5b1ecb270726915956c2271116eab7

                                                                              SHA256

                                                                              3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

                                                                              SHA512

                                                                              efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                              Filesize

                                                                              456B

                                                                              MD5

                                                                              689c9c1e82969e995e580a455a8323c5

                                                                              SHA1

                                                                              0f565d22b1e02cb9c7c937c478f54a005ecb3767

                                                                              SHA256

                                                                              0004b1de20013735939108b66d57b884729ecde8c0cb40093f10e975b30e9a91

                                                                              SHA512

                                                                              43a918b0587292e58afdfca40da6c2da22b5ed8a82904153ca66ffef0bde025d4592bc8602f317b2c601cf170c9c5262b3825a30af81df57ab1e451b48aee2ff

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              c354a3a64b713f88ce7fa2a3fafada66

                                                                              SHA1

                                                                              dd5d9baa205393c37d9bc2e5e70115b7d1ffcb89

                                                                              SHA256

                                                                              bb7f2cb35bb039de1406339fc5df634659e276cc768e49afedbb7c56bac4e895

                                                                              SHA512

                                                                              d5bdf412969978637a447cf66f1ccdf7990549fea06f43516ad3c3417d01a6879d441f7c4732879baea8bab34eb88a29c4114157e2757dd5ac49272b5747cc5b

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              e25fe6b4e82dd55512b45e326e4467a5

                                                                              SHA1

                                                                              3afbc8f57e1f644ce45f263f53b8d347c35f17e9

                                                                              SHA256

                                                                              5dc5f6f31f4502f1c8c31245f0afebc1e5e52e1e1ce6b7c1be68a5ba8098fe8e

                                                                              SHA512

                                                                              6880f710f30c3e72a92770fcaab033f8e855d3a6f5735304ffda54320a489f108f224260fa1977f2a08f1223fb5b91869ac765466c77b745772bf5d32f8458d4

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              b0ca66f5204932926bf7035f4a5dd711

                                                                              SHA1

                                                                              d02c7b0e2055eaad1a21f0129c518e6e36a2b786

                                                                              SHA256

                                                                              8ae4b54c8744926de0265690611d581619aecdad4dbe0d7a13dc0a1691e5b0a2

                                                                              SHA512

                                                                              41c7f286d5a526352f0e962f4812c595a80b69b9af6f1e04fd52a9d13c1b736b007bd38406805cf06181ac77decf780b194aee22e90c6325a5286d1e8da719ab

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                              Filesize

                                                                              44KB

                                                                              MD5

                                                                              b2b0a33e8f8deaabd1a6b60de5dd65bf

                                                                              SHA1

                                                                              95bd20da453efec34b91d8efc951f93a3d19ddbc

                                                                              SHA256

                                                                              0171637543a1100abf878bbfa375f9c8eb6b1e4ae97805a7a8ff616474543a19

                                                                              SHA512

                                                                              c63addde610e0b82c6c54b6acc06e0024b28b4c744b290031d4818d0db32e2fbe7fc7a26fc225758344fd80c18bd81940f21eac697d29b97bae88e43fa425c3a

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              715aec142a0948578bb84d3d3d54c0e5

                                                                              SHA1

                                                                              ab186aee0b03bfc5c676366e765fb7c3412afd01

                                                                              SHA256

                                                                              15483fc975420a38f3d015d0b5a3f96df5769e0f8529c02c30e3a52bffddeb3c

                                                                              SHA512

                                                                              6d0a7fdc1dba7ae2a6aa90da27f9f557b1c31cb616cb0d80fe1a8ff54e26031306843a216b52b3ab4c9d62993cabe34e61218f09de224400724ca6fa584e7248

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

                                                                              Filesize

                                                                              4B

                                                                              MD5

                                                                              6c6ac288c27be1d2769e57c29e5fc37a

                                                                              SHA1

                                                                              d2929385b326cf17dc9f9a23512085d01e65f7cc

                                                                              SHA256

                                                                              f9459d502b850fd70592d6523f8ca8d2b22cab951bb10bb6daa42aa31a8b9a3a

                                                                              SHA512

                                                                              4db58bcb36b0fd9ac05d9118519179c42edbc6eb70b449f10cac10c8942e0f48c5208d1cb9e7133f52ef7dd145cafd5e40a09f05f279d5dbf9734a8e26c54f87

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.WCRY

                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              76ec1ff8ec34a31d324777ac5b145e89

                                                                              SHA1

                                                                              e655f40b31bf1c0fe1ca77577f4d514045f395bb

                                                                              SHA256

                                                                              5c883b7de0f1dd66f36da14b9090a01098c0adb5da5d69188db3ed16f0122bdf

                                                                              SHA512

                                                                              69656977e499826ee110b2921552381933d66274f840c540a14553749a527e1b4c1d9cd8a738e8237ff2d7435027054f789decb43cb855a935ed9ee49a6fb338

                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                              Filesize

                                                                              2B

                                                                              MD5

                                                                              f3b25701fe362ec84616a93a45ce9998

                                                                              SHA1

                                                                              d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                              SHA256

                                                                              b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                              SHA512

                                                                              98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                            • C:\Users\Admin\AppData\Roaming\OutMount.php.WCRY

                                                                              Filesize

                                                                              761KB

                                                                              MD5

                                                                              ef69449fcc8c4a275e9e166b11f63638

                                                                              SHA1

                                                                              8b3f328e71b8a1c5fa4faeda4510c47c3d90d636

                                                                              SHA256

                                                                              e6a91a98a926a6fd49567438b87244dd0fe940729eb7f43d7090fc82784242f8

                                                                              SHA512

                                                                              441ce591f44814102b3281d0812dc9b0e8d13e4ab2ccdd7149740d3ef3c6aa3f8b24d7ce38238f3ceebf9d3fe6e5958f355078534a17e696dde5cfc56d9bf6b5

                                                                            • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                              Filesize

                                                                              79B

                                                                              MD5

                                                                              095c8cd9bc907f3d23323897a8aeb860

                                                                              SHA1

                                                                              1da6288e12ddfa932b0dc76b8a950236a00f750b

                                                                              SHA256

                                                                              320c708ff666da026776913d03e4fdc5ba4099e10b8931ae12afff0019515baf

                                                                              SHA512

                                                                              60922193d7a818af435db56113b77d7ce95a9e1404fdda8b5ce48eeee835328dc2ae18115b6861dd25d130c36ab76c2cea14200b98094952c10c0e9c528f402f

                                                                            • C:\Users\Admin\Downloads\!Please Read Me!.txt

                                                                              Filesize

                                                                              797B

                                                                              MD5

                                                                              afa18cf4aa2660392111763fb93a8c3d

                                                                              SHA1

                                                                              c219a3654a5f41ce535a09f2a188a464c3f5baf5

                                                                              SHA256

                                                                              227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

                                                                              SHA512

                                                                              4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

                                                                            • C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnk

                                                                              Filesize

                                                                              590B

                                                                              MD5

                                                                              22bd33cdb17ad5e44fb876bfa7b87388

                                                                              SHA1

                                                                              ec37540ec595b29882d93845f6942af79611d3e6

                                                                              SHA256

                                                                              70ea4bf03e4c1ac34c85094c87e0c0f1cc4f53f5fb45459095a08588d2af4964

                                                                              SHA512

                                                                              a0301d9f0762fe67e3375d5fb59ed90f07ea5793fd75f7e40140009d1d9dc231ec00faa6a165df248a16c23d10d3227492d127b7be7fcb44832152a7287acf19

                                                                            • C:\Users\Admin\Downloads\00000000.eky

                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              593410f92473bb87c2461a1a2f03c590

                                                                              SHA1

                                                                              6be97bbc0a8d45b9a2eea5de13f045ab0b51b6ac

                                                                              SHA256

                                                                              6767381947b8e8cb1472a764fc1a8e3022ef9c3099bce0c23335c6cc8f2a5648

                                                                              SHA512

                                                                              c2dfcbd66634770c86f2d3cc89c90232d63779158f7679d1251f522f247d93aa2039e2d76fc76268d59b026e90686d21ff96d781b3168fc5bea84712780e6d40

                                                                            • C:\Users\Admin\Downloads\00000000.res

                                                                              Filesize

                                                                              136B

                                                                              MD5

                                                                              f57ab639d78426137521b114c100f993

                                                                              SHA1

                                                                              4329457a968b1c7fd74a3069a120bbd7e2573d99

                                                                              SHA256

                                                                              c047efdc6b22d08699610382cc1aebc5a4731e88c90492634803f481c03d1755

                                                                              SHA512

                                                                              ef3f55d5f2290a9a2a83169f9c5ce70e76b3c3936b393778455020422b892076c4499c620badb0ff5a5159a8cf1e548a526981aa0510ef0bc6dd0cab3df5357e

                                                                            • C:\Users\Admin\Downloads\00000000.res

                                                                              Filesize

                                                                              136B

                                                                              MD5

                                                                              c05886d28922f6815b282fef4d4a59ae

                                                                              SHA1

                                                                              70e743638ea0839d9059a2dc926e518d1f027a80

                                                                              SHA256

                                                                              c1b6d1feea50b598690a5626647a633e3c066c0ba0a8a3a2e699bd44fc7c2191

                                                                              SHA512

                                                                              caf88c636c580021200689534f3e1be592d78c38ebcbdac2ce66756ca206ecbcabc97df0d800de729b07d0bd599ac1f1bb94b2988587a0b3d542862da743d67f

                                                                            • C:\Users\Admin\Downloads\00000000.res

                                                                              Filesize

                                                                              136B

                                                                              MD5

                                                                              a371e1959e60f92f8f431c170cf3522d

                                                                              SHA1

                                                                              66ae0b829785c7f5ef47b86385642f5d40d63b7c

                                                                              SHA256

                                                                              ca8d18600320632a709515a435ad932dc5789c32f42f37503a9aec7daf6b0b83

                                                                              SHA512

                                                                              e4c478d15bdc3a306e8f9ce4d17e07068b11c344042461d229f9b2300bb73f5faed75c38665bbb16710bb165ce6eb1a34fbcefdf9954a05524ff8f246dac02cd

                                                                            • C:\Users\Admin\Downloads\00000000.res

                                                                              Filesize

                                                                              136B

                                                                              MD5

                                                                              be9ff2c7507a2d158f21e5e9119b9d3e

                                                                              SHA1

                                                                              33ef6abad420f3f4bb37c5086b26b47cb60019c5

                                                                              SHA256

                                                                              4ac9b88fa5b88759e06d2dfa0c5a877ea5797b6b4c1e746f3989e432be7c829d

                                                                              SHA512

                                                                              215ffb7f61d267aca82eecc8d75e9bd908721b709cbb5f28a935509a2b84a7ed6f2883e219ef91e3a0fc7e0a4432117e7e7ac0c9284ed87e0db49dc41f243220

                                                                            • C:\Users\Admin\Downloads\00000000.res

                                                                              Filesize

                                                                              136B

                                                                              MD5

                                                                              3f281253ed46b6edc1af135a382e7264

                                                                              SHA1

                                                                              b6a92580b2615936292b378700bd8fd94c19421a

                                                                              SHA256

                                                                              a4aa229e6030492c4ac4cec2d545c29c15cb5f9ec8ac84f4934161ddfe08fd0b

                                                                              SHA512

                                                                              ef406677b87aa72db62cbf9c42071bc72e4e7235e4b6ab5f5326bb1615c86afbd88de28bd84d3380dc7f198907769549066ce4cf9f42d8ab45cb4b3b81ab18e8

                                                                            • C:\Users\Admin\Downloads\148781726342297.bat

                                                                              Filesize

                                                                              318B

                                                                              MD5

                                                                              a261428b490a45438c0d55781a9c6e75

                                                                              SHA1

                                                                              e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e

                                                                              SHA256

                                                                              4288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44

                                                                              SHA512

                                                                              304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40

                                                                            • C:\Users\Admin\Downloads\Cerber5.exe

                                                                              Filesize

                                                                              313KB

                                                                              MD5

                                                                              fe1bc60a95b2c2d77cd5d232296a7fa4

                                                                              SHA1

                                                                              c07dfdea8da2da5bad036e7c2f5d37582e1cf684

                                                                              SHA256

                                                                              b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d

                                                                              SHA512

                                                                              266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89

                                                                            • C:\Users\Admin\Downloads\Cerber5.exe:Zone.Identifier

                                                                              Filesize

                                                                              55B

                                                                              MD5

                                                                              0f98a5550abe0fb880568b1480c96a1c

                                                                              SHA1

                                                                              d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                              SHA256

                                                                              2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                              SHA512

                                                                              dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                            • C:\Users\Admin\Downloads\ExportTrace.mp3

                                                                              Filesize

                                                                              355KB

                                                                              MD5

                                                                              11878f19acf2fe646fcf4057bb56a3be

                                                                              SHA1

                                                                              73504ca50c3e3e694309fb108d6ba76fcc0ae7f5

                                                                              SHA256

                                                                              6e4e27bbccd966fb73ef5bd1799eab6de32a22bcc9115f59191fb5d61ed2ce31

                                                                              SHA512

                                                                              a593e198cfbf568b7dbd5c2d40cc11b6352827a0ee0fb1e36fe9db63aa9dd9fdb27230b0955bc02df70d738982e56977c85214d3eef7adc7576888c59c46b036

                                                                            • C:\Users\Admin\Downloads\WannaCry.exe

                                                                              Filesize

                                                                              224KB

                                                                              MD5

                                                                              5c7fb0927db37372da25f270708103a2

                                                                              SHA1

                                                                              120ed9279d85cbfa56e5b7779ffa7162074f7a29

                                                                              SHA256

                                                                              be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

                                                                              SHA512

                                                                              a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

                                                                            • C:\Users\Admin\Downloads\c.vbs

                                                                              Filesize

                                                                              201B

                                                                              MD5

                                                                              02b937ceef5da308c5689fcdb3fb12e9

                                                                              SHA1

                                                                              fa5490ea513c1b0ee01038c18cb641a51f459507

                                                                              SHA256

                                                                              5d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1

                                                                              SHA512

                                                                              843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653

                                                                            • C:\Users\Admin\Downloads\c.wry

                                                                              Filesize

                                                                              628B

                                                                              MD5

                                                                              df15579592883e74dd48b9ced474fb57

                                                                              SHA1

                                                                              c82ae76abea283dbc3ed734dd99865c5a0786f1a

                                                                              SHA256

                                                                              1b7adadc62ff907bef257389bc51dc0d7346059097450eb478645b0edfaa94be

                                                                              SHA512

                                                                              879a18ac036b1b0de4f2668d1e1c4a56bcb7bfd9ba010c8259417ee056bbf0926911c30792f1766dc62c18604582c696ef5b1b7b024e7e5ebccfc10428207205

                                                                            • C:\Users\Admin\Downloads\f.wry

                                                                              Filesize

                                                                              377B

                                                                              MD5

                                                                              64adae6585d9c1d9f76221ae72c40681

                                                                              SHA1

                                                                              def3db1da1c791e52e398ae78e1089aa8e00246e

                                                                              SHA256

                                                                              90fdca4d7ea0ef05e769da2d38e9a73ba825a2cbb1f0f0e2d420979c1c19837e

                                                                              SHA512

                                                                              f8a727ff14f07eaf5723d8bba22a18dccf4fe532e9e0d5e45a3c8e85ad28897a0c76e01a7f58c0fadcc6ddf7b3928c1148f015b4fbbe32a4e25f01c93eeb3216

                                                                            • C:\Users\Admin\Downloads\m.wry

                                                                              Filesize

                                                                              42KB

                                                                              MD5

                                                                              980b08bac152aff3f9b0136b616affa5

                                                                              SHA1

                                                                              2a9c9601ea038f790cc29379c79407356a3d25a3

                                                                              SHA256

                                                                              402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9

                                                                              SHA512

                                                                              100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496

                                                                            • C:\Users\Admin\Downloads\u.wry

                                                                              Filesize

                                                                              236KB

                                                                              MD5

                                                                              cf1416074cd7791ab80a18f9e7e219d9

                                                                              SHA1

                                                                              276d2ec82c518d887a8a3608e51c56fa28716ded

                                                                              SHA256

                                                                              78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

                                                                              SHA512

                                                                              0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

                                                                            • C:\Users\Admin\Music\StopUse.jpeg.WCRY

                                                                              Filesize

                                                                              810KB

                                                                              MD5

                                                                              2f66057314c1d787bfcac0e8c03e521f

                                                                              SHA1

                                                                              8d188e40d56de53f33c5262b1d1338b54b4b0802

                                                                              SHA256

                                                                              a761e920730bef013b5f45a8e4810a2882cf686de8f7b6089bc791c9f9708be6

                                                                              SHA512

                                                                              2d828a2a46765c5477973600765c57a7510296a7735b2705e54de23a9502ea543b931e1837aec763bb4ae10736faa4e6698fd403101ff287c90a1d286d4b9cb2

                                                                            • C:\Users\Admin\Pictures\RedoPush.bmp.WCRY

                                                                              Filesize

                                                                              399KB

                                                                              MD5

                                                                              393a64e10c4fc146fa0da88ec3920a30

                                                                              SHA1

                                                                              b8013d8ce0ff45285009740325539edaedd95d9f

                                                                              SHA256

                                                                              a74af37c51431eb64c27f6d2c7f18327ccca4c5f52cb022f1834cdde4220c34b

                                                                              SHA512

                                                                              93f5c8df9049b4cbfb91bf3ad40df02f7ec85dacee1ca2e6ec7f271527de36363f1554060b44bc3e2efe32654a9caf4b2931711f638c8d1bb5be8c749aad6bdc

                                                                            • memory/1936-2421-0x00007FF984F40000-0x00007FF984FBC000-memory.dmp

                                                                              Filesize

                                                                              496KB

                                                                            • memory/1936-2422-0x00007FF98EC10000-0x00007FF98EC21000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2435-0x00007FF982F80000-0x00007FF984030000-memory.dmp

                                                                              Filesize

                                                                              16.7MB

                                                                            • memory/1936-2432-0x00007FF7BF2C0000-0x00007FF7BF3B8000-memory.dmp

                                                                              Filesize

                                                                              992KB

                                                                            • memory/1936-2433-0x00007FF9A26A0000-0x00007FF9A26D4000-memory.dmp

                                                                              Filesize

                                                                              208KB

                                                                            • memory/1936-2398-0x00007FF7BF2C0000-0x00007FF7BF3B8000-memory.dmp

                                                                              Filesize

                                                                              992KB

                                                                            • memory/1936-2400-0x00007FF984240000-0x00007FF9844F6000-memory.dmp

                                                                              Filesize

                                                                              2.7MB

                                                                            • memory/1936-2406-0x00007FF999900000-0x00007FF99991D000-memory.dmp

                                                                              Filesize

                                                                              116KB

                                                                            • memory/1936-2405-0x00007FF99A530000-0x00007FF99A541000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2404-0x00007FF99A5C0000-0x00007FF99A5D7000-memory.dmp

                                                                              Filesize

                                                                              92KB

                                                                            • memory/1936-2408-0x00007FF984030000-0x00007FF98423B000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                            • memory/1936-2403-0x00007FF99A8B0000-0x00007FF99A8C1000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2402-0x00007FF99DC20000-0x00007FF99DC37000-memory.dmp

                                                                              Filesize

                                                                              92KB

                                                                            • memory/1936-2401-0x00007FF99DDB0000-0x00007FF99DDC8000-memory.dmp

                                                                              Filesize

                                                                              96KB

                                                                            • memory/1936-2407-0x00007FF999790000-0x00007FF9997A1000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2399-0x00007FF9A26A0000-0x00007FF9A26D4000-memory.dmp

                                                                              Filesize

                                                                              208KB

                                                                            • memory/1936-2424-0x00007FF982B50000-0x00007FF982D0A000-memory.dmp

                                                                              Filesize

                                                                              1.7MB

                                                                            • memory/1936-2409-0x00007FF982F80000-0x00007FF984030000-memory.dmp

                                                                              Filesize

                                                                              16.7MB

                                                                            • memory/1936-2423-0x00007FF98E850000-0x00007FF98E868000-memory.dmp

                                                                              Filesize

                                                                              96KB

                                                                            • memory/1936-2434-0x00007FF984240000-0x00007FF9844F6000-memory.dmp

                                                                              Filesize

                                                                              2.7MB

                                                                            • memory/1936-2410-0x00007FF994E90000-0x00007FF994ED1000-memory.dmp

                                                                              Filesize

                                                                              260KB

                                                                            • memory/1936-2420-0x00007FF98E870000-0x00007FF98E8D7000-memory.dmp

                                                                              Filesize

                                                                              412KB

                                                                            • memory/1936-2419-0x00007FF98E9F0000-0x00007FF98EA20000-memory.dmp

                                                                              Filesize

                                                                              192KB

                                                                            • memory/1936-2418-0x00007FF98EC30000-0x00007FF98EC48000-memory.dmp

                                                                              Filesize

                                                                              96KB

                                                                            • memory/1936-2417-0x00007FF98FB90000-0x00007FF98FBA1000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2416-0x00007FF98FBB0000-0x00007FF98FBCB000-memory.dmp

                                                                              Filesize

                                                                              108KB

                                                                            • memory/1936-2415-0x00007FF98FBD0000-0x00007FF98FBE1000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2414-0x00007FF994D70000-0x00007FF994D81000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2413-0x00007FF998F60000-0x00007FF998F71000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/1936-2412-0x00007FF999440000-0x00007FF999458000-memory.dmp

                                                                              Filesize

                                                                              96KB

                                                                            • memory/1936-2411-0x00007FF994D90000-0x00007FF994DB1000-memory.dmp

                                                                              Filesize

                                                                              132KB

                                                                            • memory/2548-1003-0x0000000010000000-0x0000000010012000-memory.dmp

                                                                              Filesize

                                                                              72KB

                                                                            • memory/2556-2396-0x00007FF99DC20000-0x00007FF99DC37000-memory.dmp

                                                                              Filesize

                                                                              92KB

                                                                            • memory/2556-2397-0x00007FF99A8B0000-0x00007FF99A8C1000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                            • memory/2556-2395-0x00007FF99DDB0000-0x00007FF99DDC8000-memory.dmp

                                                                              Filesize

                                                                              96KB

                                                                            • memory/2556-2386-0x00007FF7BF2C0000-0x00007FF7BF3B8000-memory.dmp

                                                                              Filesize

                                                                              992KB

                                                                            • memory/2556-2387-0x00007FF9A26A0000-0x00007FF9A26D4000-memory.dmp

                                                                              Filesize

                                                                              208KB

                                                                            • memory/2556-2388-0x00007FF984240000-0x00007FF9844F6000-memory.dmp

                                                                              Filesize

                                                                              2.7MB