Analysis Overview
SHA256
1832e3fe9dd044a16468786ca07f682573c99ed5695a4ad22927f74bef8baffe
Threat Level: Known bad
The file The-MALWARE-Repo was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
Reads user/profile data of web browsers
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Sets desktop wallpaper using registry
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-14 19:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-14 19:26
Reported
2024-09-14 19:34
Platform
win11-20240802-en
Max time kernel
479s
Max time network
471s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5D45.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5D4C.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Cerber5.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708156313173561" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Cerber5.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff987d4cc40,0x7ff987d4cc4c,0x7ff987d4cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4528,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4320,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5084,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3424,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3456,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4636,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4920,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff999dd3cb8,0x7ff999dd3cc8,0x7ff999dd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,9908612724709448177,1802938109292751411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6100,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5596,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6384,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6328,i,187677321007996876,5139736803471106182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6192 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 148781726342297.bat
C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!Please Read Me!.txt
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
"C:\Users\Admin\Downloads\!WannaDecryptor!.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ExportTrace.mp3"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ExportTrace.mp3"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.213.251.133:443 | cxcs.microsoft.net | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.251.213.23.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | chrome.google.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| GB | 95.100.244.112:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| US | 152.199.21.175:443 | acctcdnvzeuno.azureedge.net | tcp |
| DE | 20.52.64.200:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.21.38.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.64.52.20.in-addr.arpa | udp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 20.190.160.14:443 | login.microsoftonline.com | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| DE | 20.52.64.200:443 | browser.events.data.microsoft.com | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp |
Files
\??\pipe\crashpad_2300_NKRIPHQHBAXIGLFX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 2fc04031949f85bd228123dde7e299b7 |
| SHA1 | e688aa7b629799f1d9d1328af9e55ae13f17eaa5 |
| SHA256 | d3acdae0f4475b4f11deff848c0a616da099058b54ef5d239ff45ec686fd16d8 |
| SHA512 | 3671116bc81f0973a05ac383b3de3c97db2cb3378e267cd6c305b9b2ed29b580fc590a46010058ab124147f3e432ce0c3a46b4fd5543e3129b443ab3117f40ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d7689cf4c982c01b5028b2c4c3fbf486 |
| SHA1 | 1246f4bd9c14a19d627bf74b60a8d71a210d1155 |
| SHA256 | 86b712d0d28120c28cca024585a314986e4310a972a075967d3a5ca7bb418598 |
| SHA512 | a48ea55d6e0e75912064fdc27d6251390f54a6637ad26f7e8db94489ab5fc0b5ef7aa6fc2dfe3dd3bc2894c2bdd9e90543156bd3db6eef9dad019531a933df76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d21d28ab8593fe14cce28ef333beb25 |
| SHA1 | 3e2787b8edad232079b19955be1b8211241fcd6d |
| SHA256 | f952521d5fd9cff6942cd3612841c6ebee261dc953db450e56ac93ffcaf6966e |
| SHA512 | ffe931b06e187ea4328470b30f3ee99d5522ed83769c93616ef2502ee207962d969b9b2ed038453741cf430cc04d4a000c5bf774db134cdc79dea9c9a3cefcdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75c655ca0bfc5a26f5f90b5214a45cfd |
| SHA1 | df0083ccb9957396e2d4bfee91a48d7167076eaa |
| SHA256 | 214de08d0ae29c231776b08bb25f81aeecd4e2ec313bbb11677dd09ed0bd1c60 |
| SHA512 | 69c176e8aaae964a832d074b27538e594472f0a3face94e69d57f2e441d7b4cc01bdc27a384f6f2aa7c5141448e03bb4ec68b0b4b57db19dabe91a1a97cc8911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d7763c3abc979e210e1132281441584b |
| SHA1 | 8f9f35e13a8fea429d21efb03d5409ba794340f7 |
| SHA256 | 77df1ed7877ca3bddbe3759bea894f589c5c29cd4aae68f28eea7c27527ee5a2 |
| SHA512 | 28fde13fe834ef5f64ebacb652d8d47135c41501af89542779a9c5441f51d88715cb4aa42c2f3c719f88b6dcded2aebd87fca027c049391c4bf855b474cd07b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 08ec57068db9971e917b9046f90d0e49 |
| SHA1 | 28b80d73a861f88735d89e301fa98f2ae502e94b |
| SHA256 | 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1 |
| SHA512 | b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0955d789b9e97bb4c11deb3f182a4b21 |
| SHA1 | d6a91600ca31216356e74dd7185e184db466f20c |
| SHA256 | 07f2f59f2a0fbcd640fe5cdb9d5ad7aaab795855f01dbf2579bab7e9a44a70b1 |
| SHA512 | 8c7989996260d505fa78fdd3bc8472b2aedf738e817b09caabb5b25b6cec72f564adbbc88ab1230da88e8b1678a5f1ab94066fa13f0ed5dd8a6efd90d3c8fa2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 469a1576332de804efce24668e8e0c68 |
| SHA1 | c687465a5d7fef91d43b83d0d81a6a6e63403678 |
| SHA256 | 5e3c15d14c4531b899b8a3d1fe982a17292a1283157bd813b1149a73925bbdf8 |
| SHA512 | 9c3c19582ca8183f993d5dd640d987f9ace7171477f84f63fc7c72b966c4b0295c039213cc54637cd1ab570e84785f730b1ad2a04828fed59f08ac52682b6d8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 6eed57080e2a35d17105f4c1544a951c |
| SHA1 | 67aa49d21a330e6b4367b463f2811ca89a575875 |
| SHA256 | 595ce9c508e46a156658fe30569c0813b74d6af30320201a599e77c073bbaaea |
| SHA512 | 0701d4244128db646b639b6a8dd438de29286db09150190ccfe9cc080d0cf7eaad440d57e61242518c380ace9cd5c4086e0e065c9705832651fa1226f3e696d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 478c89dd3d88df1119ff07205650c637 |
| SHA1 | 21ec255f6ab5feda2490415252fdc0afa0d5b623 |
| SHA256 | e6c1cac752256f7046b6bd3c1ac44c8e4f16c60c4d3ac855bf8565b4d7462947 |
| SHA512 | fdea46196b9ca34813f225da2397d554b67947c7c32d44385395a2d3e08ac71ae9cf4c4ae4631dd5e151bc20042bac0931a7fe4539f1a875b4aa760efee61b97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3e7319713461c43cdc8d7c3a8b57a237 |
| SHA1 | 03e2317c22b8be0a4414ee68a981ea426edbdcfb |
| SHA256 | 2a26512f8ccc99462d5448727fe51638defc82b3157539bec52e01030ed76291 |
| SHA512 | 79abac7626ae6891f25c33b83e826f5fdd164673bfb5ec2fb4a209743ed690762a3b7809cf89c1aec7d1ede004d12e2f3b7396536f414a50a22ea2d9e8c5b88b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a4ef4b3d711c2426af445e9ed58b8f9f |
| SHA1 | e5a1faa2f446d4e1228de488d9af75eb79ee7728 |
| SHA256 | 1a716b2707e5d31951a9af2f7d09b1fc3527b1beb717a81b6c903009c80c262a |
| SHA512 | 23826fb5db7f33fcced9a945a4dd44412073e977e3ce8bc0e431331bf964b42e197282e9a37bd15da11854b1b3476c8949ca424fbbc6c4125a66ed439b9f4ded |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac569e535ca31a52158172aad47e4109 |
| SHA1 | 52ed1003de95c352e5a56623413719370611ecf5 |
| SHA256 | e8ff1fa0539edc9cb76c12e26a34f70f90090a306514b595840248d0862dfb43 |
| SHA512 | 12772aa32bd03e9f5ae26cc4e3ff6df7c36669c2b25229a55fc17f2c50146d3c22d361e37ffe75f2ef28a0c59379bc54c2c989971f01e29d4da67da65b7c8221 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e6dce05cbea0576f95c0c2df5907cc59 |
| SHA1 | db8d460be804c5922d41ddce1eee9998eb8251dd |
| SHA256 | fe878bd7299da16fdd2349c376b5af0885e0396c9e167e421d54dc01826de8bd |
| SHA512 | 141ef9b7f60e759511a6139aae75a2aa6e1ac9d688360fa6e104ac0f2e67caa6e4dfac38ac50d8c65e00df65799625b575ba495673c6e7302ca8b198859d6aef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 710434d46f0024c20b68437ce0039b88 |
| SHA1 | d9ace6be8194df2acf6a373cf067c3c548b51f77 |
| SHA256 | 7c0699f55d3636cb894de0de398245cd6f986cc6d015ca15fc5b01223205f000 |
| SHA512 | a43eb29115fc5bc52dc581f961fad2d2a4467b371b3001affbec9341dc80af58de1d7d1f0c4bb414fe57df94f5cdabfa187c99b0418acedcb8834a6b41acedf6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2cde61ac7f1bacedd2f8737cd685be2c |
| SHA1 | 67d67576f647061ca96e15a20b98d9481d95c00b |
| SHA256 | d4aef1cdbbd08357804a3f741854be5df50c6f739120491fd44e9fa75f2267db |
| SHA512 | cd8889f6b4502104be962e6327617e2626ebf0a7079fecfcfa756dc9f5d37584af9eaa7e94cca5f4552e1d34e01be1b6b8cd6a04cafa0c50a885aab287453696 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6986bccfaa20f14a665bd2215ab7146c |
| SHA1 | ff4ba29320e209cf2db48aceb07b0ab0841caeec |
| SHA256 | d1d234016e1e955103be26053086caa8326a3e2f7fb4b927b2f5033ca82ef687 |
| SHA512 | f2b4e716911047ed4fe9fa1ae30b42667f94900f212448537c1e8bd5ebae9f6e7b20efca93075de6cbbf2ba98818b913af13b84aa7b9cdc0a2cd3e8bcad163dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 847a0c4802d0e15448a1047c007734fd |
| SHA1 | f820548d8b67a7adde2d4fa062dc97d4c6c37d2f |
| SHA256 | e3505f1cf2a6b46797894c94ea614d813ab34772e9e3ecef6bc3a6bfbd23508f |
| SHA512 | dd188bc488bf83a42cf489327f0c071091f8ea263e4e6ea41f1768694f4cf289e8483e4aab620ff84643bdea0bde73f5a32de8768c56689cf4928e1be6333836 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bae81ff298dfb5a3acfe6ad545833913 |
| SHA1 | 46f1961aa59339f08a32df439e1d6c42c54ec4cc |
| SHA256 | 4c3abce5db7c00d85235550a11b7e6b12c0aa5c5a0a31d43c203a760a1bd0c5d |
| SHA512 | 79dd501dfa3ac7433fa78fc719dfad4632ee2df69b3d3ca36d2ca67511ce551f86bc663ac20526221ba6686ac51d695a8af5eb9f5b8ecafe0088a6ff894e9879 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4be19d4e893a86707a055dd7f52b7044 |
| SHA1 | 091eec9b3c93efa90049131102257dcedac7a5cd |
| SHA256 | 7a9a353da6d955dfe6ddffb72543e56788c600694f19b61056275789d338e2f4 |
| SHA512 | 93eaf784c2124d5f5962cb5a00f684dea74db6256aaba2e39da8e33e20e5c27a88775852036c46cd6240ffe01afdf45c377f320ea90a8cb821318525332a11c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 77928968ce775a23c86fc35877aaf73f |
| SHA1 | b17b9e4fad540aba33d3aea25e323b056bc1616b |
| SHA256 | 36026d66f32af37a9e271628e69cdc3f5fce7d983ad561b13cca06c677a0649e |
| SHA512 | 1bdcf2394f056b6437b676f93df000a9b4c7df0a3de95f2292720432c1769e77e087a9e180697369f5c63420b9f2b86e18e4c8019188ca81acf31d1ecada243b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc991b7783f0dfb81f8b2f0ebfe08ad5 |
| SHA1 | f74f3191230390e571408882db75bb5d6a86a33e |
| SHA256 | eea5528be726b5b82ace1a349254f444c0ae9ddacb2301cb59e2a356a122a9f1 |
| SHA512 | 83141a0f90a83733e513ed8a704093a2fe9850ecb09a7904ea9eceadb91af4da1ba24196b936be3470e95718148d3ef5e320d24de3ba27160852aa305823715b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | de0866c6dd545f86dc208362cb5e8900 |
| SHA1 | 1a78a6c8f3c1b38f44af97fe1d0fe1e01797971c |
| SHA256 | fd000ad22edcf932ed1bda2bce3fddbdb73eb06e1d57449050b1d386e18e46e6 |
| SHA512 | 774aba45a608b3d5b2ded9fde5cc2341875bf021a08d1fc24bdbe7cae4da1761384a747658bcb63087c9c021c642dc9e6bf0f220ff2342cc1e4db519ece1b3bf |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d12b7b275276bf89c4ea73197d8afb46 |
| SHA1 | 22d7994e852e3f428a27d9f9008feafd4c67cdfb |
| SHA256 | adcb34c29bd4e919f0997d1c043105fc983796385090aa29a55df4cdc20ed2d6 |
| SHA512 | 432f01f7c9fc01fe2d2dd2dc11ee95e9d48dc82529c5851d14442ea5da4bec0a6bfc31e4c25ff7fb95c1224b36ec2720d70b878ab338cdabe3e5c31117e4db84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4e0f017da413eab509b95532c7182871 |
| SHA1 | 5d029db803744f6839b8177875737cfb6fc5a4f6 |
| SHA256 | 08c2b22a93ac16c7fbe82c9629628a70ba5e2789cbc7914465ebf71451f05b1b |
| SHA512 | 152284d0a72124a7e0d7225c63778d59d764811b82e642366ae42efd6d6a803f1d590cc2c520720e8ce8bb191a3faca94caf1542b5b990346aac458354998332 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc05b3e134d6cf484b349ad6c1365d9f |
| SHA1 | 937fa9a9c183f38fd3e4cad9f308962caa9920be |
| SHA256 | 58efaf688825417f0e0d0335aea1a43c6940a7e3d731dac0b6eab396fcdd3dc3 |
| SHA512 | 1055af63b53f8f38d3228d3c766775260125d6b986bf7cd209abebfc83ff947d10c8103d069d28af112f0ad9017c732a286a7bea3dce3dba60b3f9bce9d15d90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bfcc1a24cc050f42ef5ff03cbc956f89 |
| SHA1 | 39bd087f03e481e952b21c7f3150bbd42759a914 |
| SHA256 | 7eceeea4b5274b6445542ab89cdb234af4adea08dc74001b2c043916a8d84613 |
| SHA512 | b467f1e183fcd71e8826afc092c0e02fc0050087a01a6218b15534b426f9a1a70642ec13ee00c1dc670eb8ac66ae8c033978201c57bb6ec107dcac099d90b126 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b5d9db394ace8a57c60e59cbcc20331e |
| SHA1 | 80b64fe5ec73ddfc4fe099462ca5b7978ffb9797 |
| SHA256 | 8853cc4387b93bbeb098b19c683002f35c52d311d05c4ae4e268be69767e02e9 |
| SHA512 | 4583a976b57f078c65caebdd8e3aa061739f3246ea6fb67f6b926223bd34983d77b927d96419cc2ffb1cac2c7416c669a8052b97465535bad2df843cc0306807 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad77aee147e5c0708a83296bec791591 |
| SHA1 | fa1b58707dbf4469c433bfaf64b65806895942c2 |
| SHA256 | 960a4925c9e0b8821bceefb65520003f80f46dd9c8ea07861a94e41d274227b7 |
| SHA512 | 2eb2f1cd00285a63377587b8d01c701dbdca694ca6c15a387277c67a19283d560b992afcbfe9cf46f68018000ca04bdde142fb1281393cb22694332f83d69fcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9a79df76d2a6477466f5dd498bfddb84 |
| SHA1 | d1f7c15ccc7a755ff0c0bf6c75b37e823f3168c1 |
| SHA256 | b41f79a9ba415b1bb174d7975606eb9662e211712aa74ca677afaf11efbb3ddb |
| SHA512 | 74f9e66fe80649cdbdd7b090fcb0893af3ed80946bb3b8b6b0e8779447898e41cd8c9df97ca05e6881407229526c793c6ea6fe853c75cfff1afda460d2a85485 |
C:\Users\Admin\Downloads\Cerber5.exe
| MD5 | fe1bc60a95b2c2d77cd5d232296a7fa4 |
| SHA1 | c07dfdea8da2da5bad036e7c2f5d37582e1cf684 |
| SHA256 | b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d |
| SHA512 | 266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89 |
C:\Users\Admin\Downloads\Cerber5.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f197ba7fdbcfd1fdc5ad2c906d1169ad |
| SHA1 | cefa6eb43c4699b6bdb456fb1806eef892a7a3fa |
| SHA256 | 85ff9577d9b6cb6df7b2497dff3078b92d3be7e039a19c10d8e36386840122d9 |
| SHA512 | 6729670477c732d6d894f2547464e675a4d4b0a3f507a1be5b63f981e0dca85cf9e046386f04b1d28eca07d77bae77f1ee7150cf1ce47171d57e25325bc8168b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 91b8e1d2ba30f0111b8540dd56ea65f5 |
| SHA1 | bf45867f470b77a24e549b4a50d244901db6816e |
| SHA256 | d6380e844f61c406d035ef5b7f9f55bafa2886e88ca8e21b9a76738d6d62eb0b |
| SHA512 | 89a4fd51c47c4e3f85edd6ae4054e5612d66c709405b1e9c388589df0e88240519d2cb71a6aaabf2bd4a026eab1b24dcff64dfa3b6f56439fb78579d5743697c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 58212d5bb21555ef84660e17be07a2d4 |
| SHA1 | 67af67bb6bbf17c816b5422510950195c808a288 |
| SHA256 | 3889c8997d9c796b96d335acbdd7629881b2c4120cc11aaeba56e45506a948fb |
| SHA512 | 5f674f084d61a78a49d2245cb45d9f09c8c0b6d41604cfc8fe67676b8d518af3b4c3e7581f759375a4380e2f39e850116280eaf2dbe8c8028a0e7c23bd3696a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ff1426b6533ddf85a13b203c9d95036b |
| SHA1 | 23e8b2e3ab726ea0067095b29571205dbdec2c8b |
| SHA256 | 113b3aa51482da9b0325fe9de36d7daf8d0051b4caafe2025cfbc2a35c5d1336 |
| SHA512 | 889c82d517bdaa2884e1fb47ef077e55f2f7f306f70e0eb653cdd6e4a75d2037f3b8d9b6eb35dcfb29a34713dc4618b0f0d087f36e8f044cfa46e49c45f4652f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a068c727b1235b583760c24792887385 |
| SHA1 | 238c89cbf6d5354eee8ed87586b03f9d0c186267 |
| SHA256 | 67e5c529ab9ac4fe5f648dc0c613b540b6057e674f7ba2a5c1dabb1c6d617391 |
| SHA512 | f8056458fa1bdbfa1fece0c7661d73368d15fe0fb4e9af1d20f4f975188dc5c861643c18200db0d3d78edc68ed9eac5059f3b886577545c45968eb64eb4e5e5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 03a56f81ee69dd9727832df26709a1c9 |
| SHA1 | ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b |
| SHA256 | 65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53 |
| SHA512 | e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d30a5618854b9da7bcfc03aeb0a594c4 |
| SHA1 | 7f37105d7e5b1ecb270726915956c2271116eab7 |
| SHA256 | 3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8 |
| SHA512 | efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0ca66f5204932926bf7035f4a5dd711 |
| SHA1 | d02c7b0e2055eaad1a21f0129c518e6e36a2b786 |
| SHA256 | 8ae4b54c8744926de0265690611d581619aecdad4dbe0d7a13dc0a1691e5b0a2 |
| SHA512 | 41c7f286d5a526352f0e962f4812c595a80b69b9af6f1e04fd52a9d13c1b736b007bd38406805cf06181ac77decf780b194aee22e90c6325a5286d1e8da719ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 689c9c1e82969e995e580a455a8323c5 |
| SHA1 | 0f565d22b1e02cb9c7c937c478f54a005ecb3767 |
| SHA256 | 0004b1de20013735939108b66d57b884729ecde8c0cb40093f10e975b30e9a91 |
| SHA512 | 43a918b0587292e58afdfca40da6c2da22b5ed8a82904153ca66ffef0bde025d4592bc8602f317b2c601cf170c9c5262b3825a30af81df57ab1e451b48aee2ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 715aec142a0948578bb84d3d3d54c0e5 |
| SHA1 | ab186aee0b03bfc5c676366e765fb7c3412afd01 |
| SHA256 | 15483fc975420a38f3d015d0b5a3f96df5769e0f8529c02c30e3a52bffddeb3c |
| SHA512 | 6d0a7fdc1dba7ae2a6aa90da27f9f557b1c31cb616cb0d80fe1a8ff54e26031306843a216b52b3ab4c9d62993cabe34e61218f09de224400724ca6fa584e7248 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e25fe6b4e82dd55512b45e326e4467a5 |
| SHA1 | 3afbc8f57e1f644ce45f263f53b8d347c35f17e9 |
| SHA256 | 5dc5f6f31f4502f1c8c31245f0afebc1e5e52e1e1ce6b7c1be68a5ba8098fe8e |
| SHA512 | 6880f710f30c3e72a92770fcaab033f8e855d3a6f5735304ffda54320a489f108f224260fa1977f2a08f1223fb5b91869ac765466c77b745772bf5d32f8458d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c354a3a64b713f88ce7fa2a3fafada66 |
| SHA1 | dd5d9baa205393c37d9bc2e5e70115b7d1ffcb89 |
| SHA256 | bb7f2cb35bb039de1406339fc5df634659e276cc768e49afedbb7c56bac4e895 |
| SHA512 | d5bdf412969978637a447cf66f1ccdf7990549fea06f43516ad3c3417d01a6879d441f7c4732879baea8bab34eb88a29c4114157e2757dd5ac49272b5747cc5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 63df7281c538723624c7d467d64f59f8 |
| SHA1 | 46e41fed9543398ba37f501e34f6737d1f53a0bd |
| SHA256 | 40a885da877b85e6697c8dec3fb17645c0d3f0029796211fe28fa526819115a6 |
| SHA512 | b490fdf666f44eba481d28b27e789699cdc284c800fb7494a7fea009163490998b1746ba563841be41298c4b5d8da7c2f0e3e7acfaae52be88eb0fd17a08f1b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a4266ba6cf76128e57b6085a28c03baa |
| SHA1 | b7fc02fe2b60ba4db37638c38bbfc9159571a2c0 |
| SHA256 | 145a66d12ec0a9b419a2c083b2f29a0e9013e82fb76d9ec42ae9d100942aaf87 |
| SHA512 | 87638218aca806c693a300687ae162a382af389206ca0bf835699a38c6f5e87571f1ca40117edbb48fb4662a9edeeb1d2fed3543caaf94b66bde0a01716994ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57a548bad521cb4b8728c2388a1c949f |
| SHA1 | 80b6dad6cac792d0b53b3f276365452244d730a1 |
| SHA256 | b599245aefe37ce92930a21ec66396b26fc15a9dae8c1a26d4872ae0af24ea8c |
| SHA512 | ee294875c71de4524d793ea91abea052d3f3b28dd73f881a35dda7d022f4af93ba18e84fac09abc7306d345260243a63832fd21cb491d477bfd85a31893910f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f51b5d0ead045fd7f2017b1a5dd494e5 |
| SHA1 | 7c2d664a739171c3acb3d883a812ac9ccd38a51c |
| SHA256 | e1fe2b914e8d1ffa62c33040165af529a6bb215407f6b572023695712f081024 |
| SHA512 | 3cbe87c0c8362f0affadfa528dbbac43eda211a7fdd902cd58e491a53c6c4aa51000af6c9e8f7b7bde1a4aca1f41eb519bea21fb3d79b5e354deaf07440e751c |
C:\Users\Admin\Downloads\WannaCry.exe
| MD5 | 5c7fb0927db37372da25f270708103a2 |
| SHA1 | 120ed9279d85cbfa56e5b7779ffa7162074f7a29 |
| SHA256 | be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 |
| SHA512 | a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c64465064f6f7f7d80197ea5d4e06f5 |
| SHA1 | ffe9586c5c1bf956cf7ca802287924899f421b59 |
| SHA256 | f805377242f790dc4c575f98d05d51e810cdd02c205645c1e562eae5ac138fe5 |
| SHA512 | 957f43533c8fb08c8ebf7184fde3395068f75add847d8b698c9dedad8ff6ed0cbf7ad08841e26069d1fd38f49df19ddd3cdbc8a987c745d568a96c3d4b6109c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba1d0c2ef9eaa182ac093870a850f5f8 |
| SHA1 | a8b496429536a64f067cc83710c547d054e70e54 |
| SHA256 | fc3174b4e257263749538987d12497fb6b10c565533cc001f1cc4218f4df57c8 |
| SHA512 | 478d03354260812c16586ca5c51d0923d1ac9be2875559b6bd52614b223a0a35faf3e4caeaf9c4751f3c8aa8606fcbc5e51f72c17150af875936aef7325d6c26 |
memory/2548-1003-0x0000000010000000-0x0000000010012000-memory.dmp
C:\Users\Admin\Downloads\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
C:\Users\Admin\Downloads\148781726342297.bat
| MD5 | a261428b490a45438c0d55781a9c6e75 |
| SHA1 | e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e |
| SHA256 | 4288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44 |
| SHA512 | 304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40 |
C:\Users\Admin\Downloads\c.vbs
| MD5 | 02b937ceef5da308c5689fcdb3fb12e9 |
| SHA1 | fa5490ea513c1b0ee01038c18cb641a51f459507 |
| SHA256 | 5d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1 |
| SHA512 | 843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653 |
C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnk
| MD5 | 22bd33cdb17ad5e44fb876bfa7b87388 |
| SHA1 | ec37540ec595b29882d93845f6942af79611d3e6 |
| SHA256 | 70ea4bf03e4c1ac34c85094c87e0c0f1cc4f53f5fb45459095a08588d2af4964 |
| SHA512 | a0301d9f0762fe67e3375d5fb59ed90f07ea5793fd75f7e40140009d1d9dc231ec00faa6a165df248a16c23d10d3227492d127b7be7fcb44832152a7287acf19 |
C:\Users\Admin\Downloads\c.wry
| MD5 | df15579592883e74dd48b9ced474fb57 |
| SHA1 | c82ae76abea283dbc3ed734dd99865c5a0786f1a |
| SHA256 | 1b7adadc62ff907bef257389bc51dc0d7346059097450eb478645b0edfaa94be |
| SHA512 | 879a18ac036b1b0de4f2668d1e1c4a56bcb7bfd9ba010c8259417ee056bbf0926911c30792f1766dc62c18604582c696ef5b1b7b024e7e5ebccfc10428207205 |
C:\Users\Admin\Downloads\00000000.res
| MD5 | f57ab639d78426137521b114c100f993 |
| SHA1 | 4329457a968b1c7fd74a3069a120bbd7e2573d99 |
| SHA256 | c047efdc6b22d08699610382cc1aebc5a4731e88c90492634803f481c03d1755 |
| SHA512 | ef3f55d5f2290a9a2a83169f9c5ce70e76b3c3936b393778455020422b892076c4499c620badb0ff5a5159a8cf1e548a526981aa0510ef0bc6dd0cab3df5357e |
C:\Users\Admin\Downloads\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db
| MD5 | 5a1706ef2fb06594e5ec3a3f15fb89e2 |
| SHA1 | 983042bba239018b3dced4b56491a90d38ba084a |
| SHA256 | 87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd |
| SHA512 | c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | b2b0a33e8f8deaabd1a6b60de5dd65bf |
| SHA1 | 95bd20da453efec34b91d8efc951f93a3d19ddbc |
| SHA256 | 0171637543a1100abf878bbfa375f9c8eb6b1e4ae97805a7a8ff616474543a19 |
| SHA512 | c63addde610e0b82c6c54b6acc06e0024b28b4c744b290031d4818d0db32e2fbe7fc7a26fc225758344fd80c18bd81940f21eac697d29b97bae88e43fa425c3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9289d28875dff7c3bab8481fd253750c |
| SHA1 | 7364b24c936344a91a0573206de7c7b611b43dff |
| SHA256 | 7faece659049a7530c357a5feb79a057bafa7407f86ee873ce6ab248d7d1a8a9 |
| SHA512 | 16010d251f67282e7c9bfcfc75b89c96594d022ec3b5f263814342dc92c46e69d8ae811c05f74a5ce365a658975292e1ea76510657e5e35ccd42457f85f017f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 6c6ac288c27be1d2769e57c29e5fc37a |
| SHA1 | d2929385b326cf17dc9f9a23512085d01e65f7cc |
| SHA256 | f9459d502b850fd70592d6523f8ca8d2b22cab951bb10bb6daa42aa31a8b9a3a |
| SHA512 | 4db58bcb36b0fd9ac05d9118519179c42edbc6eb70b449f10cac10c8942e0f48c5208d1cb9e7133f52ef7dd145cafd5e40a09f05f279d5dbf9734a8e26c54f87 |
C:\Users\Admin\Downloads\00000000.res
| MD5 | c05886d28922f6815b282fef4d4a59ae |
| SHA1 | 70e743638ea0839d9059a2dc926e518d1f027a80 |
| SHA256 | c1b6d1feea50b598690a5626647a633e3c066c0ba0a8a3a2e699bd44fc7c2191 |
| SHA512 | caf88c636c580021200689534f3e1be592d78c38ebcbdac2ce66756ca206ecbcabc97df0d800de729b07d0bd599ac1f1bb94b2988587a0b3d542862da743d67f |
C:\Users\Admin\Downloads\m.wry
| MD5 | 980b08bac152aff3f9b0136b616affa5 |
| SHA1 | 2a9c9601ea038f790cc29379c79407356a3d25a3 |
| SHA256 | 402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9 |
| SHA512 | 100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 81348b8c12d26eefce6a8591263ed4fe |
| SHA1 | e13efde535f729d4a70f63ece52900726ba25f62 |
| SHA256 | f2464b63ae0d75db048c56833604a493603a7cee8ec8e61ac9f3fad199a7b9c7 |
| SHA512 | b74148d7ec7ff64a06a1a1eb661c4f9247c12043c4b3e7a1a9c008c0ad205ea77f46b966d85231ec8fc4851a2c1dbe38d2abade1fe785279f0aaee266eb5aae9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c02b4eff88384a98b36aabc9043796e |
| SHA1 | c868f48d72827defa9493820e41a5d919e4deafb |
| SHA256 | 069aad67a3813359b5c564df9def88b9e9c52ec13dd53aef2e069e1379087bc6 |
| SHA512 | 09c9debfbf4d62132c3fa536646631c2404bee9b951714c2f26e3de1c3ae44ead79766b36bc1e34ca869287ad98e5c2b291c159b12110e52c46cf84e5f7f3f04 |
C:\Users\Admin\Downloads\00000000.res
| MD5 | a371e1959e60f92f8f431c170cf3522d |
| SHA1 | 66ae0b829785c7f5ef47b86385642f5d40d63b7c |
| SHA256 | ca8d18600320632a709515a435ad932dc5789c32f42f37503a9aec7daf6b0b83 |
| SHA512 | e4c478d15bdc3a306e8f9ce4d17e07068b11c344042461d229f9b2300bb73f5faed75c38665bbb16710bb165ce6eb1a34fbcefdf9954a05524ff8f246dac02cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 48567d7a783091a8d964622e9cd376b0 |
| SHA1 | 7f21816b560eab4eea02732bb129792564105415 |
| SHA256 | eff4145f7ad61dee742715fcc6b003c6e360ffcb9d4fca6b795250026c336645 |
| SHA512 | 273ace1e3a80e7d030d70661a57acb3e04cc728e35dce87261658da494b24725d80a41efc132f66728240e3c7ecd2a8677f956cd1b93ae42643515c547bcbcda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c5acc666d2176344b540a8560ccc98a |
| SHA1 | 45d3fa643560bcf287fd2aff10fc9ffecbda40c9 |
| SHA256 | f8cc2951c8d7e1e41f0320e8d81c2b3ba46f4dc869b0973b3b93e6630e9fc420 |
| SHA512 | f262113628c38c58183463697347ec3b594db91e5283e3461e5070b9b0d739914a2701e63f8f193328b27767d4a8ce17a6f0feda659c3eea7d32c0c196280224 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 99553765e32bbb193007f5812465f534 |
| SHA1 | b58a485fc3bc15cddad6526cb7dac2cbbdb36b37 |
| SHA256 | d8949e28173caa6d263abba37246193763a97af02c5a90b9a97e370e3f48c3c9 |
| SHA512 | 8b35aaa10e0c56829e89eae649aececf11e93c2641bd6caea456cbfcd03f2f10f21f546ab47cbe2a0dd95a88dff88577302589b1569273a1d9bea5a71e9fdc51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d6b02c04caf48149e53e46e85cb84c5 |
| SHA1 | f130a6b2971b4d303494f6ac3cd62f6a80c08500 |
| SHA256 | 8fd96c5a1e6f743c5d565ba94b8db5a1a6857aab9fd9b14d8723889f70c79a70 |
| SHA512 | 3b07878aa7418f772fe6fa92f6ec70e33bd15aa08825538eaa83bea97a86255d82777c2dec5086f4810993680d6add7ec7ebada61e3f16b3225c43ee6e6e9198 |
C:\Users\Admin\Downloads\00000000.res
| MD5 | be9ff2c7507a2d158f21e5e9119b9d3e |
| SHA1 | 33ef6abad420f3f4bb37c5086b26b47cb60019c5 |
| SHA256 | 4ac9b88fa5b88759e06d2dfa0c5a877ea5797b6b4c1e746f3989e432be7c829d |
| SHA512 | 215ffb7f61d267aca82eecc8d75e9bd908721b709cbb5f28a935509a2b84a7ed6f2883e219ef91e3a0fc7e0a4432117e7e7ac0c9284ed87e0db49dc41f243220 |
C:\Users\Admin\Downloads\f.wry
| MD5 | 64adae6585d9c1d9f76221ae72c40681 |
| SHA1 | def3db1da1c791e52e398ae78e1089aa8e00246e |
| SHA256 | 90fdca4d7ea0ef05e769da2d38e9a73ba825a2cbb1f0f0e2d420979c1c19837e |
| SHA512 | f8a727ff14f07eaf5723d8bba22a18dccf4fe532e9e0d5e45a3c8e85ad28897a0c76e01a7f58c0fadcc6ddf7b3928c1148f015b4fbbe32a4e25f01c93eeb3216 |
C:\Users\Admin\Music\StopUse.jpeg.WCRY
| MD5 | 2f66057314c1d787bfcac0e8c03e521f |
| SHA1 | 8d188e40d56de53f33c5262b1d1338b54b4b0802 |
| SHA256 | a761e920730bef013b5f45a8e4810a2882cf686de8f7b6089bc791c9f9708be6 |
| SHA512 | 2d828a2a46765c5477973600765c57a7510296a7735b2705e54de23a9502ea543b931e1837aec763bb4ae10736faa4e6698fd403101ff287c90a1d286d4b9cb2 |
C:\Users\Admin\AppData\Roaming\OutMount.php.WCRY
| MD5 | ef69449fcc8c4a275e9e166b11f63638 |
| SHA1 | 8b3f328e71b8a1c5fa4faeda4510c47c3d90d636 |
| SHA256 | e6a91a98a926a6fd49567438b87244dd0fe940729eb7f43d7090fc82784242f8 |
| SHA512 | 441ce591f44814102b3281d0812dc9b0e8d13e4ab2ccdd7149740d3ef3c6aa3f8b24d7ce38238f3ceebf9d3fe6e5958f355078534a17e696dde5cfc56d9bf6b5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.WCRY
| MD5 | 76ec1ff8ec34a31d324777ac5b145e89 |
| SHA1 | e655f40b31bf1c0fe1ca77577f4d514045f395bb |
| SHA256 | 5c883b7de0f1dd66f36da14b9090a01098c0adb5da5d69188db3ed16f0122bdf |
| SHA512 | 69656977e499826ee110b2921552381933d66274f840c540a14553749a527e1b4c1d9cd8a738e8237ff2d7435027054f789decb43cb855a935ed9ee49a6fb338 |
C:\Users\Admin\Pictures\RedoPush.bmp.WCRY
| MD5 | 393a64e10c4fc146fa0da88ec3920a30 |
| SHA1 | b8013d8ce0ff45285009740325539edaedd95d9f |
| SHA256 | a74af37c51431eb64c27f6d2c7f18327ccca4c5f52cb022f1834cdde4220c34b |
| SHA512 | 93f5c8df9049b4cbfb91bf3ad40df02f7ec85dacee1ca2e6ec7f271527de36363f1554060b44bc3e2efe32654a9caf4b2931711f638c8d1bb5be8c749aad6bdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png.WCRY
| MD5 | cee4de720838702222dc16e791e9dafc |
| SHA1 | bb42c3f7590c9a958c0e29ab82a92364fc447509 |
| SHA256 | 0c5048a2fd7616eefda9ab2d94968a1fb7b78ce6a3c986cfb9530bb3ac0f5a81 |
| SHA512 | b9d476bb517536961d6420973b6dcc8c2f5a630d4e82d3f0801d016d8006f85eed18ad057cb977d78eda20842e106eb4042fec88a8227f931eda5b80c26c06a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 170a801386beab24ce184b8b4743f89b |
| SHA1 | 49b2e76ee083fb26cf8a2ca3a862e9c242697eeb |
| SHA256 | 304c021049e728059ea6693a998bb15601456d6ecd45306b5b4d406d614920ca |
| SHA512 | 13e0497d0dc9bff63b90f931d176109c5dc1f5b00a09f7213409fea09a6003b09166449484e7523bb8d8359cbd5dc87f82753041dabea9cfd4c5e6f7ca3453b4 |
C:\Users\Admin\Downloads\00000000.res
| MD5 | 3f281253ed46b6edc1af135a382e7264 |
| SHA1 | b6a92580b2615936292b378700bd8fd94c19421a |
| SHA256 | a4aa229e6030492c4ac4cec2d545c29c15cb5f9ec8ac84f4934161ddfe08fd0b |
| SHA512 | ef406677b87aa72db62cbf9c42071bc72e4e7235e4b6ab5f5326bb1615c86afbd88de28bd84d3380dc7f198907769549066ce4cf9f42d8ab45cb4b3b81ab18e8 |
C:\Users\Admin\Downloads\00000000.eky
| MD5 | 593410f92473bb87c2461a1a2f03c590 |
| SHA1 | 6be97bbc0a8d45b9a2eea5de13f045ab0b51b6ac |
| SHA256 | 6767381947b8e8cb1472a764fc1a8e3022ef9c3099bce0c23335c6cc8f2a5648 |
| SHA512 | c2dfcbd66634770c86f2d3cc89c90232d63779158f7679d1251f522f247d93aa2039e2d76fc76268d59b026e90686d21ff96d781b3168fc5bea84712780e6d40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d351bd065a50277aba18984d943a1479 |
| SHA1 | 8a51ffe77448f031865a0108d9da0cc0b72b3e36 |
| SHA256 | c22ed58cca536d9156ceb55f292213a50e6f56d7f4e3c94b99ea8f52496544b9 |
| SHA512 | 514ecd3cdf6371f095b241b0a1a0fed7f3d0c02328a49101deab4219870c229d0d78b88fc90f73db6b50b90ab6236ac18db395a4173e9dc4f2673f1b4dfe6eb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f637ef4ef56e2e3eed5ee2c276e4935d |
| SHA1 | ae4eb30e32a6d46682ed65a933013c892843c5f1 |
| SHA256 | 0340f9a95d188a952e57a15e4dec79a0d4c2222febdd2d0d8629499d56b2b5c6 |
| SHA512 | 8fc9921f01adac6d4946e7c7ef70005c219e2bc22e74b7fbf7949365bb35b0d3740c66861c61be2063ce75c606e6d64de46bc42aa6345121d70ad1a95e8bcb40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81a4231c37bd619fe4ac367fda17073b |
| SHA1 | 9aad05d6f07cb57cf2d8802af326563e73c70798 |
| SHA256 | 4bd07a2cbba235a0e0000ed89f0031e647f6442f7e219de01918a3cf8132b6bb |
| SHA512 | 8f73244c1c3537184458c884a3283d029620d60aba8221a0912e0bc3fe9121280d8189ecb6a9be07f1ccf3284b0421f9f901a8dab576fe3a723b3c1926218a9e |
C:\Users\Admin\Downloads\ExportTrace.mp3
| MD5 | 11878f19acf2fe646fcf4057bb56a3be |
| SHA1 | 73504ca50c3e3e694309fb108d6ba76fcc0ae7f5 |
| SHA256 | 6e4e27bbccd966fb73ef5bd1799eab6de32a22bcc9115f59191fb5d61ed2ce31 |
| SHA512 | a593e198cfbf568b7dbd5c2d40cc11b6352827a0ee0fb1e36fe9db63aa9dd9fdb27230b0955bc02df70d738982e56977c85214d3eef7adc7576888c59c46b036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b85d241916834741eb662b71bd65a58f |
| SHA1 | be73cd122c0ab5c53cda9afa276ab9ab3de832f8 |
| SHA256 | fa9c38c6ed4e08909881d0e3564a6750ab370455470a138bc086c0143e35f60b |
| SHA512 | 1e33aad59ce3aa0621d8bda7ca9ec3b7d448e967001f7f7c1750aa7e1a672229ae147665c98bf7073b767e6a6835ca3f4d2ea2f4bdefdd2b97762790e3c88026 |
memory/2556-2397-0x00007FF99A8B0000-0x00007FF99A8C1000-memory.dmp
memory/2556-2396-0x00007FF99DC20000-0x00007FF99DC37000-memory.dmp
memory/2556-2395-0x00007FF99DDB0000-0x00007FF99DDC8000-memory.dmp
memory/2556-2388-0x00007FF984240000-0x00007FF9844F6000-memory.dmp
memory/2556-2387-0x00007FF9A26A0000-0x00007FF9A26D4000-memory.dmp
memory/2556-2386-0x00007FF7BF2C0000-0x00007FF7BF3B8000-memory.dmp
memory/1936-2398-0x00007FF7BF2C0000-0x00007FF7BF3B8000-memory.dmp
memory/1936-2400-0x00007FF984240000-0x00007FF9844F6000-memory.dmp
memory/1936-2406-0x00007FF999900000-0x00007FF99991D000-memory.dmp
memory/1936-2405-0x00007FF99A530000-0x00007FF99A541000-memory.dmp
memory/1936-2404-0x00007FF99A5C0000-0x00007FF99A5D7000-memory.dmp
memory/1936-2408-0x00007FF984030000-0x00007FF98423B000-memory.dmp
memory/1936-2403-0x00007FF99A8B0000-0x00007FF99A8C1000-memory.dmp
memory/1936-2402-0x00007FF99DC20000-0x00007FF99DC37000-memory.dmp
memory/1936-2401-0x00007FF99DDB0000-0x00007FF99DDC8000-memory.dmp
memory/1936-2407-0x00007FF999790000-0x00007FF9997A1000-memory.dmp
memory/1936-2399-0x00007FF9A26A0000-0x00007FF9A26D4000-memory.dmp
memory/1936-2424-0x00007FF982B50000-0x00007FF982D0A000-memory.dmp
memory/1936-2409-0x00007FF982F80000-0x00007FF984030000-memory.dmp
memory/1936-2423-0x00007FF98E850000-0x00007FF98E868000-memory.dmp
memory/1936-2422-0x00007FF98EC10000-0x00007FF98EC21000-memory.dmp
memory/1936-2421-0x00007FF984F40000-0x00007FF984FBC000-memory.dmp
memory/1936-2420-0x00007FF98E870000-0x00007FF98E8D7000-memory.dmp
memory/1936-2419-0x00007FF98E9F0000-0x00007FF98EA20000-memory.dmp
memory/1936-2418-0x00007FF98EC30000-0x00007FF98EC48000-memory.dmp
memory/1936-2417-0x00007FF98FB90000-0x00007FF98FBA1000-memory.dmp
memory/1936-2416-0x00007FF98FBB0000-0x00007FF98FBCB000-memory.dmp
memory/1936-2415-0x00007FF98FBD0000-0x00007FF98FBE1000-memory.dmp
memory/1936-2414-0x00007FF994D70000-0x00007FF994D81000-memory.dmp
memory/1936-2413-0x00007FF998F60000-0x00007FF998F71000-memory.dmp
memory/1936-2412-0x00007FF999440000-0x00007FF999458000-memory.dmp
memory/1936-2411-0x00007FF994D90000-0x00007FF994DB1000-memory.dmp
memory/1936-2410-0x00007FF994E90000-0x00007FF994ED1000-memory.dmp
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 095c8cd9bc907f3d23323897a8aeb860 |
| SHA1 | 1da6288e12ddfa932b0dc76b8a950236a00f750b |
| SHA256 | 320c708ff666da026776913d03e4fdc5ba4099e10b8931ae12afff0019515baf |
| SHA512 | 60922193d7a818af435db56113b77d7ce95a9e1404fdda8b5ce48eeee835328dc2ae18115b6861dd25d130c36ab76c2cea14200b98094952c10c0e9c528f402f |
memory/1936-2434-0x00007FF984240000-0x00007FF9844F6000-memory.dmp
memory/1936-2433-0x00007FF9A26A0000-0x00007FF9A26D4000-memory.dmp
memory/1936-2432-0x00007FF7BF2C0000-0x00007FF7BF3B8000-memory.dmp
memory/1936-2435-0x00007FF982F80000-0x00007FF984030000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ef23df961e0179254dfad3903cd5abcb |
| SHA1 | 31ff50b1fe273fc4bbf8cac42dc09f22bccf0532 |
| SHA256 | 84a758372dd7d3d2eaf08299d4c999255e79772cbe5b15bfbbbe9e505bafabf1 |
| SHA512 | 108958657d1eb637ceebe5d15dadfd8d631799300c60c45d93cb09196ffc683569fd707508cc89c051ff813733973f29ed7f5ad16e416119059ed10bf4fa762f |