wannacry | hxxps://bit[.]ly/WANNACRYRANSOMWARE

Resubmissions

30-10-2024 13:10

241030-qemn6svqek 10

30-10-2024 13:08

241030-qdm9batfmg 8

Analysis

max time kernel
523s
max time network
519s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/WANNACRYRANSOMWARE

Score

10^/10

wannacry defense_evasion discovery execution impact persistence privilege_escalation ransomware spyware stealer upx worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\WannaCry\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDD5E6.tmp	WannaCrypt0r.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDD5FC.tmp	WannaCrypt0r.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 18 IoCs

pid	Process
2104	7z2408-x64.exe
2008	7zG.exe
5368	NRVP.exe
4008	7zG.exe
4172	7zG.exe
976	NRVP.exe
5336	7zG.exe
4976	7z2408-x64.exe
5908	NRVP.exe
5552	NRVP.exe
5128	WannaCrypt0r.exe
4916	taskdl.exe
2284	@[email protected]
2436	@[email protected]
2360	taskhsvc.exe
1980	taskdl.exe
3956	taskse.exe
1476	@[email protected]

Loads dropped DLL 13 IoCs

pid	Process
3436	Process not Found
3436	Process not Found
2008	7zG.exe
4008	7zG.exe
4172	7zG.exe
5336	7zG.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5864	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dndvwjqosrws018 = "\"C:\\Users\\Admin\\Downloads\\WannaCry\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
69	drive.google.com
70	drive.google.com
265	drive.google.com
266	drive.google.com
267	drive.google.com
328	drive.google.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCrypt0r.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023e69-1465.dat	upx
behavioral1/memory/5368-1815-0x00007FF671620000-0x00007FF67162C000-memory.dmp	upx
behavioral1/memory/5368-1819-0x00007FF671620000-0x00007FF67162C000-memory.dmp	upx
behavioral1/memory/976-1823-0x00007FF671620000-0x00007FF67162C000-memory.dmp	upx
behavioral1/memory/5908-1827-0x00007FF671620000-0x00007FF67162C000-memory.dmp	upx
behavioral1/memory/5552-1831-0x00007FF671620000-0x00007FF67162C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000"	NRVP.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	NRVP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000"	NRVP.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	NRVP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000"	NRVP.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	NRVP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000"	NRVP.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	NRVP.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747675695729124"	chrome.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	OpenWith.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5764	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 555408.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3628	msedge.exe
3628	msedge.exe
1592	identity_helper.exe
1592	identity_helper.exe
5764	msedge.exe
5764	msedge.exe
1492	chrome.exe
1492	chrome.exe
5740	chrome.exe
5740	chrome.exe
5160	chrome.exe
5160	chrome.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe
2360	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4508	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe
5740	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
6032	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
4508	OpenWith.exe
5368	NRVP.exe
5368	NRVP.exe
976	NRVP.exe
976	NRVP.exe
4976	7z2408-x64.exe
5908	NRVP.exe
5908	NRVP.exe
5552	NRVP.exe
5552	NRVP.exe
2284	@[email protected]
2284	@[email protected]
2436	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 4832	3628	msedge.exe	84
PID 3628 wrote to memory of 4832	3628	msedge.exe	84
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 4088	3628	msedge.exe	85
PID 3628 wrote to memory of 3368	3628	msedge.exe	86
PID 3628 wrote to memory of 3368	3628	msedge.exe	86
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87
PID 3628 wrote to memory of 972	3628	msedge.exe	87

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5220	attrib.exe
4348	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bit.ly/WANNACRYRANSOMWARE
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8f5846f8,0x7ffc8f584708,0x7ffc8f584718
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14249557997573495272,13497328203248510229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc805ecc40,0x7ffc805ecc4c,0x7ffc805ecc58
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2376 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3160,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5032,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5248,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4944,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5336,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:5940
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5608,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5728,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5808,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5860,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5632,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6264,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6312,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4720,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6384,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5492,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3192,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3516,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5888,i,2423796036804118791,15143672141186004831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:3952

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4508

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1860

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WannaCry\" -ad -an -ai#7zMap4593:76:7zEvent4081
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc805ecc40,0x7ffc805ecc4c,0x7ffc805ecc58
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=1812 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3704,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,4734611012119133675,3719609398401303256,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:4804

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1504

C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5368

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WannaCry\" -ad -an -ai#7zMap19226:76:7zEvent14821
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4008

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7418:76:7zEvent9455
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4172

C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:976

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WannaCry\" -ad -an -ai#7zMap26124:76:7zEvent3279
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5336

C:\Users\Admin\Downloads\7z2408-x64.exe
"C:\Users\Admin\Downloads\7z2408-x64.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4976

C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5908

C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffc805ecc40,0x7ffc805ecc4c,0x7ffc805ecc58
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1600,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3680,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4648,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4956,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5252,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5384,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4380,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4900,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5092,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5708,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5744,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4792,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4828,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5680,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4964,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5776,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5868,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3128,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4876,i,13608274304942578841,7675841114763071520,262144 --variations-seed-version=20241029-180044.537000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3928

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:368

C:\Users\Admin\Downloads\WannaCry\WannaCrypt0r.exe
"C:\Users\Admin\Downloads\WannaCry\WannaCrypt0r.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:5128
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5220
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:5864
- C:\Users\Admin\Downloads\WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 207371730294319.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3860
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6012
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:4348
- C:\Users\Admin\Downloads\WannaCry\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2284
- - C:\Users\Admin\Downloads\WannaCry\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2360
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5656
- - C:\Users\Admin\Downloads\WannaCry\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:5000
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
- C:\Users\Admin\Downloads\WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1980
- C:\Users\Admin\Downloads\WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3956
- C:\Users\Admin\Downloads\WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:1476
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dndvwjqosrws018" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:768
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dndvwjqosrws018" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5764

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
684B

MD5
391e84c068b16c483a7654dc211ecb8f

SHA1
794eba33b386b040ca77fd6efa500d0d2712a131

SHA256
7157f58aa678e54c176df6cf2ae218b8fe94d94038f05b97c5a9b80a39419ed6

SHA512
60d7352e5a57a92000a53be2ea81deb76205f997ae13b73ce3219f542f0f74821b4557f21eb7e5274c72d4365d2225c1b4ed0c6bd6105c35e395c97c8ca57f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\68865775-302c-4ead-9904-24eb9dfd1c1b.tmp

Filesize
120KB

MD5
2fb14cb7861a3e758bc282bf0093b53b

SHA1
f40bbeb6deadc070145b5fde4a51f1df6dd49de8

SHA256
8017bd8f151ae7fae20585819697b018584abcdf57edc24f8e9f34f8ad46c77e

SHA512
1a730f19e0612c8d98f2b5f45a0a12f9d221d47e54e2e8c8401141bff94204addd88ae4bffaab772f90c907c2b0a8e337dcca5d7b8ac9334ce6d8417fe461313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
800547b40b40a6d57a70b74809b450fa

SHA1
310a064c7ba82120f80af50892dcbe61b53f9d70

SHA256
a562ff4b14badc73b0804883bf4ccfd9972e485123de5e5949981794f66ed936

SHA512
39630e3b5069d0c66ea44069358cf01f180bf25103968f77d483a27deb7e91e796a1718ce9af2f438bebe8207537e735cd402d649e2adfa2ca7748faae2db949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8d40d13a5008e8f505c8c8ec8548fa99

SHA1
34dd13b85252912c0aa740775696aa745b842f11

SHA256
d1dfb5986d172df19ee625a995e3850530893f76ce80fb07bf571ce3aac3ab03

SHA512
11ed36da4d360e7046af251bff28445e6f3a53d9c4f1bd8f27952649f4510a6cb3282a9cd0495bd19da153052b38b0cf9db904d67110e4c7c6fd45715dc8383e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
37KB

MD5
c67ee59476ed03e32d0aeb3abd3b1d95

SHA1
8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b

SHA256
2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3

SHA512
421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
37KB

MD5
c130e937317e64edd4335e53b17d55a2

SHA1
51bfff9dee11ab5a8c43198c0d6178799ed9433b

SHA256
46025a134ebdd6c6464ff422818e60938fc41af735f7951f4febe29f57612a49

SHA512
68e5fa69101a7347028ad30d7c004dafabcbd8f8009df90d0471b19a36741075d72da56a2b1693c2067902630584bda5536f0702302db5d69f407424d4a964de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
20KB

MD5
2766b860b167839e5722e40659620a47

SHA1
47766dc72bcace431ee8debed7efcf066dcd2b59

SHA256
725a5e52a501bcd107624aafa44a857c00d02286fde07be774afeac2efed68c3

SHA512
a97f77977518ca755e9460cac34e0b5358ba98b3624c53f0e1ef7b947e62a6f3f99caf2852fb3132c822525d88b67b9c1ed778b3e40083d9df36028c85f73ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
19KB

MD5
a65f7f00889531aa44dda3b0bd4f4da2

SHA1
c8be192464c7e60d4d5699f6b3dabf01b3a9d1d3

SHA256
0dcf11ca854f5c350637f7f53cccdaf95492dbbf779b905138e26b1ec1dc91e3

SHA512
6f48f0f7cc1a35a9068c1284579db065e0fd4b2651355d68a8ff5ae9df86090be3f6e5ac4589585166829087c8bd3c37431a7066358eaced0cdb6c5a0d544fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
58KB

MD5
2389054bc92fc6a9b9d21997feabb1cd

SHA1
d46b4bece5021bbb060dceef4273475b879c75de

SHA256
5c38b4d4f6b902a99e4eb9cd922a2a2a37b549388bb4dda0b756bf6d5887d6da

SHA512
5525a4228fe65d25f0084fcde29dce0b97b80126e36875d226549f379e56ae52c0b2ae12752b188fb9715812d14d740f1ebf35f3ebb5c1b4e3b564836ed30b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
38KB

MD5
b376c55a7ba31e51dd8e8255789fe89a

SHA1
439c757d3520f276a8d313f8c337aa90ddbab16b

SHA256
97eab72e32402a938305438fa0682cbaf45b75af692793bd35bf9134782e3bef

SHA512
99b31f6378611df26a3dc827aa24709e0854f2a1595097482530087cc26761db5efd6be323005e49b89563de1169d44d86888c98eed8e9ffe880f516281a9c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
99KB

MD5
2940076ef5b451648e126653123622ea

SHA1
46adb402ebad36dc277bc281d15b4b9643c4cb6e

SHA256
2766045315b53c22ce78b0c83624a7f52000765c55061a9deae19ca67897d664

SHA512
f695bdf186be90f1df6d303bf5beb5bec9c71a069978fb6adb23b68c893ef7ca0c5da2cdc32d39cdc9a8f0bbcf0050abeb3cc02c75a2861d9434591ac8680922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
18KB

MD5
7d5eab356faec5b5f4d54a6aaa773bed

SHA1
25b586f3c878feecf21a0e7456990d9882e818cb

SHA256
0d2392b48ec59632d23269b239b2153ed66943717a0d3711628fc2dd52a2119e

SHA512
7c7649ecbfa3deb35a6f08134ea3703a639f957a254454f228f4ded47b6c5a73f03a34b8368d789a2b92aa7a9a979c9aa1fda64fd5531a404d3b2f8997dc54ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
63KB

MD5
b470641c453d5e71c3d924ab3b79a455

SHA1
927594c292bb654e40f1154a40c9948647a9b9dd

SHA256
ab60625b7a253e84b7631e65c2a5fb70563f9e60f2c9faf93af5ccdaf38cf8e8

SHA512
b8173c986ef7bf4b2890aa9bb5a8c4c099dee5f47bdd1ab361a13a1ac47d97cdb26b711ebf8dcf469fb9da777e7bf4e3710a0730b7328c8d74ab3062ebd770dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
19KB

MD5
9f35ba270e9ea92ab439941460109ef9

SHA1
699dd11d06d2d5925cc91c2df7e4fca4acab56b2

SHA256
344f84869c6a5fea3a0ba409a9716b2d5e83b27bd295603d72bdfd6f8af98f24

SHA512
8660fcca9cf7ca63ccedd93e9606b5362babb0d2b7525248d2530a1656043aaddfbd71d4e21cefbc1669f97efc2e54f6f5e60a2da51084997dcc56f02ef4e750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
335KB

MD5
ead37d1ec6eaa6a892d217997949ae04

SHA1
339b4bda4b73a8b5dee14d8429da24b079282715

SHA256
14b942b870624557c2f92355a005ee7fa587343c1dd45e2b37fdc79508315804

SHA512
963c29c8b702490a1edf72c72803ba5d5532ec0159ccee77391faa0a30085fce48abe465655ed7e27197758a7f1c6bccf861e2aa492d2f9cf2f3448a2abe089f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
661KB

MD5
483ed34d39af48b1b9cd7fd39422f3ef

SHA1
2e1343fae57f57ffd2ecdb208be88cc01500fbdc

SHA256
6471b530b51d838a5363738dd31e300253b3e094499b93ffbd7df2353a55ef5d

SHA512
7fca3bb52452032faf406d13ad4fd512d7d2a0e2760b41acac3f0d01db5cbe55d7f03e437ce382ba639f0267af522eedcdee1e0e19ad1e7c50a1112971fe05d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
76KB

MD5
98e40948100b4551ce6475f82c928a2d

SHA1
a3b556247c68b12d720a1ea27d477605b4f68089

SHA256
67745ae406b2f902d0e64b56526606d129d960dc7e3e6183aeb637acd0f7d5ad

SHA512
664a56eeb42620186d60d2aef36b157dd2f83c3e652af588c711bd2a115119bb174555f9e9443f72b9028b8d3acbaf65a9adcf53802323c4d89642aa2fbc8416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
38KB

MD5
e036c584f8c5842bcf19c22e35008486

SHA1
fae3e2b04e3a18061e1fe0ea6ee4959983e26036

SHA256
4b28f4c834b466f0de20ce2c0e4d98b68879f69a86bf417f5e179f3f57045e66

SHA512
cf284436d0dfbad4d34f197c69ec3f535bd04e52251994244c333cea6bab7569cce677a1709d396d1d913e96e5407f60df055e42ed992e9a7fe2044b738062b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
70KB

MD5
ef2fda268d2f78763011ce3cb3a92bd9

SHA1
7bc579db0afd1d376d39e15af75ae1b8a862795a

SHA256
4247ee8c52aaea7fa69e82b5449642cc525a2916127a2f6f8502bc9b0b3aebd9

SHA512
ac1c0a3c0b9013e7e944545c2d1f912ec934d0b334d0f2e0356c2121bdaadf583f2db6c874f31ef6f129cd219b52d4153e2cbfa3d7df407c4899d96608011929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
49KB

MD5
f79f2f844ef06af05997235e3248619d

SHA1
32aa08b48d142f29faaff08b6c93b5b66a80cc1f

SHA256
c20139341e758c5b6443b6a8375e6bd8fdb80a188b050544a8cd0e3e7713ce11

SHA512
2dea94563a5a635b91bf65990dd692045c7db92606f971e631603427228288256458f7d8cf4d63b0acfcea62fc3e25907ed2d2ff099a0437881150e6ce0530f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
278KB

MD5
9c0ddf517ea1282e06e975d66c2132d9

SHA1
2cb1360d038ed1949a814401bb34d638081c1259

SHA256
ff43eac875d91b7277b981dc15d3e86c0699d4e6b7ac2069847209037cf5ade9

SHA512
38bd43508fc3635057d110181065a89ff9a38dab53aea39c137ba297b71e6fc071d3a3756aa1c1323f7b0140509f2bbe4fa8f2941492f6cd5d4619601fd5fbd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
648538dcfd268aa6aa700ad656def296

SHA1
4fc13c6c85c18133d5a741b8dd6dfa3c99754cfb

SHA256
b2020c590f00080590e2974d4404fee004d9adec6ce04b16c3bd834bc43c728e

SHA512
3cdd4838e13197d80f9377cf811c1372c4e34b704793836076bd72027f3e86b9739151469a138e3b5c1962d43247d9075899d00665f4a12968d4f48d5bb8366d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b24eded78fa6f0ca4ed504a84dbae247

SHA1
6b3e14f83490771f0bd968b151624d427fbf180c

SHA256
eb327cd5c7ed2a01f0900433a27b74f125fdb49f7388d4187d82c466e09f865a

SHA512
a381dd2d36b2cea76dfae66ac3c4c7816c03c2ec9d3106d22659ca3bda269e8b76dbb04d34c9dbf1516463cac9a2a6a4f02e0bc4b1f7deacc8b1d1532d942298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c095ec63aa8514ce37deac1744810543

SHA1
2b1ddc33b418e98da90b5b465145814203ca6f57

SHA256
22035297475b7ee2780e5e239cf32465aa5c7d97ca9cb7e18ac12b43f5c700e8

SHA512
d20d5fba3b9ecaccf5a9e4c759dc9afb9ab3b83f3538778b4c1b571d1571e6746656ca1797b19c9b72dcfc4f1775c313000065e5043ee58c79283005515704f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
12f8f6c843cf94104cef5a2da3533a72

SHA1
57f65b7dff8812982bfaf9d26f9611bb402b6fa5

SHA256
f8e9822151455285a9f624876177f08dc19ca54a702f39d6c1f72cb4c18c547d

SHA512
220a6d104f0efde18f9803d212661c20b096d874ba126291d5329101cc541b21bbe9219a761211df5c75310ad8df713f4bd9c30cd5efe9e3267ae8254a89c8b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8fb2c48d2a0dbedf3e3b51f47b245c86

SHA1
ad2cf64e79619b8631844f192dd8fd87042afcfd

SHA256
84e5566cdc155ada57dc6f7babac2518870939e2142ec4e14378f6d305134e48

SHA512
4e6faaaccb450e48cd8ab1197043701e90227ca73171b07d912aeaf7d05ee32858e2e12e9cbcb8b5324790aca47613936bd49297b468cf2bf84ba4bcdd11a7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5941a8547b0cbd2c3584a9743cca0bbd

SHA1
c267839795ff227b87e4bbfbbff9f1a8507b9a7b

SHA256
f1949c6e7cdc0f89a0a64f3ae22528a71bb6cc48e6cae6faab41f43d19d56fa4

SHA512
472105712591bdb188ef89e06d156d35549a50a39ed49b86602e8033810ef2cbfd3fa3b26c9fd75cc27e6510825aad196b19625d538e2a63d8692d532d15e4e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
3d749c7508b54bfb8052af0534be8378

SHA1
e2c77e69d3c0f27d9b1f626c5e5f52def2b74166

SHA256
c51cab96ea59f86244031fa4e5e8e688f5aa020439141aff3433dc9f9c88ecd9

SHA512
22ff9c59ffe4bb7a602632bab08040293f9d6336ae2821952f04d20dd94065b0ab253358483abf71f3f28520cf5a072abc1d7cc1bab261beb9b23a5f8346371a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d35b78eeab52e05d4ce8504aaa678395

SHA1
3d52a28029bc0afcf9753587cd2ccac86324ac23

SHA256
13038188d135bef97134bd1e3a2d0a464892857b3bb670375d1395f8a49361b0

SHA512
74ebbb55fb70b737ffa537a4e924b882d8e920d73b966e73f037d7e381c40acd506973603726177aad948627297b7b6ddc29eb740457de06e88b3b7e347b16d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8a3b66c92918d0d415f41bd87bf1da92

SHA1
83f1e106f3e7716efef4169853f87cfc3213d56b

SHA256
a02722aa3033cda928411ae76bee45925bc8fbc7bf98d2950f971f2732918ed3

SHA512
92bfbe2b0aa5b12653270318935fe98e2835d5de9bce429be36ce3afd319b07c866604a7d7d45f564314298b117c0d93af36c4923843f33d09f3d82b3316aaa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6111b8312d49cb3797abc3b974f898a3

SHA1
d50e18d47ac41cd9a40e35e80a8f71025662e49c

SHA256
50689beef6b61de56089cea6ff058d3355934da7c2dfb660c5dc26107892bcae

SHA512
2818b21c900a45c3a785935d23473c5153c725d2acad67c1d3a9e408743c44365aa979e112f301e8dc8c5dbb4fd60e0087407d34b39793347c77332b03c5a650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
789a2bf878808ce7caf851f5127a3a1e

SHA1
5e745a4899efdcb0481909ff4aa9f45c5d34fcb2

SHA256
46b0ab5e1f17adc1c8b8539db426dcf6b9aca4e3a7a81978f54d29f86ac125ab

SHA512
ac560b55b255bf5cdb849285392dd49a052d5613e53ee3f559e10c9e1922f4f02d7c80c8f63f16fd7d1e88235493d774eb0e92e368771571a1eb5082caf10bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1b53cd6d4c54544e29c60974de8899b

SHA1
b1746883025cdc56fba90db6b673ed5411bc687e

SHA256
3a9027dfc9bb7b06ea440a37f674c28037f540bff7393da7034711406fcc9660

SHA512
12a0202e8e42d15af3128541abbe8b4874d747cb5bee6c4721d79046dc965171415fa9eb1b9562cbd49618dea321bea234490bc5b33cf0d36ff7a3654b741a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d04ccb60ad4b86d29cb1ea5da0449720

SHA1
bef4e64599075173dc668919e2c8bf280d69b5c4

SHA256
a9e6de571553c6f39011c659037809dcda3077708efcf274b938ea6d23e50a04

SHA512
4174fa56b6480b23cc6eeab053cee0e036f68d92fa958b1d73bc24829ed133f41d0b800e30a4ddd1907b41068c24802eff0b07d84699d306633fcf80ad7aeceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
55ec292a2101b8c178e8fb728c722e6e

SHA1
6af8c913e26167d8701307fc377e1210b47d136d

SHA256
64288b2a3e0fd740cd01b6862b469bed854ee54b9b0c7e9852eedb66e3fc65b3

SHA512
b74784a1eb8afa70032cfc9baa986b63c405bb4f00f35b332d6feac74f6ff0a7382eb7579fb73b2487e84392342843340ece4251a3e62747b264b5aaba34abf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
045cad09c1180f3e52b31c92a32ddcb5

SHA1
a54977d56813e4fb3d0c71b59f9b5ac259528bf4

SHA256
6d1aae44b6f741545d91753b1e20a5256dd27dbb24e41da2532faa553e475d84

SHA512
cb7348294c580e97c38c08b7b57547fdbaf41986646286c004d227e5ba2b820efc5ab3162374609cbc6edf880790802e278323d94d7035bc8bcd51c7dba811f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c1823e800aa70de0fff4a28eac8e4e5

SHA1
e6a1c8736c7768f43503255e5e866eae4a0dd021

SHA256
277a4b67b83894914b0896fe4f01f27de84d8e204993a275b5dd1c89808ea078

SHA512
ee2ff1ca21af6100c97b727c6bd8de033f3a1cf9afb706fcbf3ce447d70536605bf825cf9553e7f963781577bbe652d3e2df03162504a109d0e4835bc1e9f5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
e3536b7f4c5eaa5372f4f30c9e3d689c

SHA1
412c74659a6d011002d5e7f353036efec6850a3f

SHA256
af29d976e46e4ff9bb2015d9854ef2443f59450d8159a7206b038f3d6f9dce3e

SHA512
1738d3e6297548a59cfc4af401defabb7b5a6c209a64a6b736807a0b963c567e8082e1e2c36152f373c852b99fa6743f2b860d422e1ffc5217845f223d5b2ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2cfd9df33481f4063f4025115b69278b

SHA1
25669e820867ab5d6fc24c7baf1f1c12557b9f92

SHA256
ddf92a6e36abfedd23a9e9202b01c2c821c6ffe4cb4aba1aed043c5700762b1e

SHA512
5a231f1408c55306fb7f43d77896b9bf7822b448b25c24bb5ef954be7017d159bb3a35a0a512364525b1be3346fcc1c23fed7718c8424f13ba4b0f58963020c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3a9a000444f5e66f9fe526e88ed7957

SHA1
d1c957de0a870ea8cd055c0bf92f677d9f08f556

SHA256
edcb5fb22135d411e6236b87564f9689c4029397c62cb63a4dff906271c18c5c

SHA512
dffcce882b1937ba6487e36cc1b9b3cb516f33f44de494ea5768ff00334ae60721f4e40e2fd7dabfb4850715da2b9ba86bb2fff7c5a47183835e75797ca82e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4be7051e87b6eaa41129083f8c84145e

SHA1
56bd9ef9dbcac46fe04cbdce5296d62cf9a571eb

SHA256
72efc17ada71883f9e966da5941c1c15bb77e4e166a73a3d4009c10283c08bf6

SHA512
13d53ce91e1d815c6a1421c7068f864a68c682179d61689cb9b263afffcfef2737fa9958f0c3f5071aeef40dac87119fa9298e9338eed63d238eae44cb052ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85c774ff2ae2c8004a5671092074c922

SHA1
ec40bbccc0d82fad3af0a19f6b799a0ff65d513e

SHA256
143abfca24ef201e6a2a62f82676bdf151a118c219f5727a44d51925ffdb4554

SHA512
368cab9403d911fb9147f3db3273eff4be977552d072ffd3b6dce7dcf1e5d4c71056b3086e2c46af95dd6e87bc64ceb94057f92f25cf7109ba8b9369ea7cc37a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9baf68894d923f69a78d33eb505978ab

SHA1
12a006f8faca66afa0a92beadd12dfbf603a81b3

SHA256
b2fe45e33db5ccd8f1914d5a72858f08730408e494471d84a8f33dd9bb0f146f

SHA512
6c2fc2111db8cb504e66f169a2c22bda63e306c31822ae5e2c980c965e7b2a696419e4597714296f56206c51fe4d3d47a40365ad042994b67597d0e8d24af094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
77b9e97c34b37a181b35999bb820260b

SHA1
fdc90a4ff6b897ce948d83e15d63bc9dc95ef1bc

SHA256
68cfe9903e13a6930409703b42b07d6f91cb3a369c7c5da390bb4a7edc29479d

SHA512
495c67a0ed973e3b1f33dfccd57642c792171627d73c3915fb1659a0729326b9afbd76e41d12cf3d37c5ce6874254da274112142a42270bf76b6bb43de92417e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d3a44c085b539e78927597102bd4728f

SHA1
ba501b382872097df33df2cc26c56a059bb69843

SHA256
6da79d47c48653cd4aed1f76926132a1dadb556c1dced6968c1cbce4103c78da

SHA512
3e312a93c552be1d8ce02f4592b1fa6c100dcccad697d2f96d8283c5c693101cf7131af45cef1329bfc6f5bfeaac35fe236fcdb0d94c994ac6ea53452f635850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6eca77c49b888480487268b7c3206bc8

SHA1
15a5d3fdc03081cfc428c28d172e6a5706499846

SHA256
c55fdd3829c090cdd0a73f92bb1396d0a5b111c661fe41e8809e973f27d09041

SHA512
90aeb8098c6a8c095900f406da5e1d6f037255f3d8c636fb6add80009a7ab3ba3ab58e68611d51b650d8d47f39873f88247718e51a833a3bbd9b5c2d56e07f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e0821d0dd79a4958fc858453f2414096

SHA1
7fdfdc1d626077b4934078850c94b18b13bc063a

SHA256
91aa8f8639584cbabc6293a13165498a906a7461ef2bb0b21f49d144cbe9e803

SHA512
cdb28a1b1afd1a4158126d3dfb6fa7f022f0251d2f193e82d24805b9105ba9f0e057b1f2b7ae99c496382ab09485210a70d58c00a32706bd7b810a1a18819ce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e3ddb368097b9ef0b9fcb65d36a8979

SHA1
fd863790d2ecb2eeb68d4e845daca4f13498b20b

SHA256
63597569cfa72f6e7fb779370c50d0b9e0a24ce87b625d3035ce31f51a354048

SHA512
be3826bd4b6c09fa9f91aeb588fd2fd671825bde57e3800174cc5c8fc59dac046827d2996f37a440f5e8efdd2ee7442125577ab54fd039fc8a20d481f6841203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ff9d3e82dcb7ef98452a4c6c2d476068

SHA1
635bb55a6ac5a3ad3a22c9457d1a0c18b4380ddc

SHA256
9f7fc11aa550651a5a346563c347a01ff5540d1460cea4812f771e704549be0a

SHA512
dd86991c63ca023d491c220d8a90b01a0be845a178630b51fdb49beade04852de25c750a2dc06ff3a5d113052838fa0b4e94c5c5e56c969e111f11899c7918ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f61131ed821c9a0580289a403944d67

SHA1
55cd8907ed9bfc7881a991da443819555a5ddd82

SHA256
a006ed6a5eb8a15b5a27b473ecc934f8fb4e97de28224bf652a9760e36f8340b

SHA512
5990bee746df630800d2ac8ce5ea7eec8cf2853a9d02c9c7d065abe83a9e5372f35a32d6e2261a4b0590dc01b61dd2ed5bd7282c47cc190e9afe0cc13573aef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1f4fca87253b2fadbaa808db1b2d5a16

SHA1
433bf1bbbd1318f44ac401f1b20a1f2b6e352052

SHA256
822129a6617d148b9c7f52ca0e3d4155f9466bbcaa9bff145b851671565d6e87

SHA512
ceb63311976b5b26175cbc33c62a1707114731922328484b5dc57be06678be61118f2b579977a8c75ce0629b177902222797a0d28ea48e886f4e7b6a2afc5fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
db0dec3ca4ce8357be542351073e5e4c

SHA1
4d32bdfff60ec1d7437c8c0d3a43021778720845

SHA256
0ca5f5683674906a0e0feac69485688491e48357e6bf644de8819d7b32532bee

SHA512
3117051054b8ec3b70686930bff66e81b4abc7e9c2c986ac53c9d9a33ad53ca568eb8e12e9e78ac0b226103583cc3e724a3e93cc3e7d53e59862df8357db7c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a405459978ea899fddb6a5f4cadecc76

SHA1
065a522feacf378ebfd9c77fd0a1edfc11a31b34

SHA256
c3aac661fb53e71bed412bd799f5c2d09327f84f75108ef3d895dce1bb8a14eb

SHA512
ca540cb8b5ea12fac8aaec682f8e677e7cc4e91207ffdc5632bec367de835aebb6c37956393345cebbd46bfba82a01efedf277eac3a07eaf71141d3a00484103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2b6dfbdeb8f8006e094ea0ed2d86a64f

SHA1
a7bedbf9cc6e760dc8840a3d72e213d9ec443248

SHA256
35003b6a8e0e578da83d17caa0a748201bde7d29b87239194aaf1fa83335695c

SHA512
96a60393b5e9d2664da7e4c914212ec83abb49769a1659fad9abb0276e7b27cce9aa911d7fcee4424e6aee2037aa7c6473c604f17ba624d2a4f512dcf137987b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c76b7b37-f390-4695-b677-755805593bb9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
2395679c8de089c6fac812b465c364da

SHA1
35acb7202e4f1e5b34c359e5c7e895d385d45cba

SHA256
5aa8f9fa0c8263e38fae575e06c984941922ba7a7bf40b9a84e5000bea075f83

SHA512
5966f7b3483ce12bc3664da700baa9d4cd6edadad7208b36ff02e948381a0e5f94968d6a1e8bd57a38ac15c244891a0a9859cf4949d10b4288e0927a86162eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
c4cccd6505d114eb1d095a5349f2c75c

SHA1
1cf996cd522eb4daaf2f1f15ce63358fc79f1c00

SHA256
295e0af1dae4738fdca6d1f5685f0e1f7d8a73bacf9f12d4189d4c95c9d56b81

SHA512
b00abdc9c486162baf81b0a3c031d8881c011347321d4a6843dae33e67a04cf90879a56f57261c85e45735ee1ceab194b13b9de76efbf8b61715a01b7d12700b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
e255dd0758bb46973bec3e0d53c00cae

SHA1
6f74d706b96a27b72ad26154b0e798fb9178bc7a

SHA256
b1b8fa227e5c145b193e176473a8568d83e6b28f0ae1b9883bb31c400777fe01

SHA512
a9eddb09fd5ed98735e38eb8cdabddd24fc98f48febd953c123fdfcffd6d67e0a71435888a4ad874f2c2f11b228dabe3fb4b677d137c6ca98f76034754b18f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
2b1b063ce81358fd5f6165943a07ae2e

SHA1
69d359da2daef156c27343559edebfa5a35aa1ca

SHA256
8eed4e1ab27fe06a3c41d84646b2d7e1f66cf256ebd6509661c6b0e2fd0267b0

SHA512
def6c7ea0f37dbc9bfd937cbca4ef4d52edd80a50140da6816ef55d93aaf59bad9c4f7cbbbdc840c95c29a866c0392be0c730293f46ce73c5fa1b2e28578c4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
7bb00eef9b33047af38e2523bcc448d0

SHA1
d6e3e971197cd807e95b8dc44b34bfb697c5251d

SHA256
84b1dc99a015a3214aa50d291cfc6fb06a5982d3dfacaa072bcc43954d1cbf8f

SHA512
755955e2f2fd790fadbe849e032a3b8111ad9170e7acf8533c70a76b5269209728057c3c38407387af21548d68b19d392d10ca6383bba81b9fc7c8b343fde3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
55db5f9216e529899507270f6ee12b1f

SHA1
0e6c315f52f222d24f6835403b9e5f8e36c7f9af

SHA256
58d18d0fb8b7ac12262a0c3482ed9a3e803a72e7501a270ee4b7a17d4fd3120e

SHA512
92e018a446fe67dea5eb4a873e78bf5647ce8e6221609c9797ef63353bac1112c32da40ffddd9a6bd9234e4c90995bef3ff64dd3c099296750c79d03782d58c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
b036b2a75917daa16719a491e0e39b8d

SHA1
c227dc83b867d4f5b82e8152c56ac4c815cfa8bd

SHA256
8ace711003248b123877ae7f7fa2dc4c66ea9f51233b7f41eb35fa354712b5d7

SHA512
acf5a6d85cb7fda2a2321261d88a44b54ae54c422a686d118106c8afcbc3514baf6e7f9efe89981086515575d7f11cba099376d9dc08ad6c43a270f5be05a9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b5aaac6b-0e91-4a3b-809f-3b782d1be1c3.tmp

Filesize
232KB

MD5
f36a4ba723f9e398ff79c3a7123850ee

SHA1
57e93b53b2e57e5d8a8ca765310b7b64012b02c6

SHA256
609db22f378481e44dd8b78e8ef4ae0bde6ee56369d4f5e8dc034aa6e923b0d3

SHA512
529018f2b1f0d2c8664841d435257cf7219d08bfb0c4354ed1fd164bb6e1a7a3778a2bb70a8563211d6ee36aa264c0390f67f1eea674bacd7516e775c201d3dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\da1a2fd4-311f-4af9-9d5e-8734697cf749.tmp

Filesize
232KB

MD5
9ffb716a920a4a6154230b81438242ba

SHA1
914b68f662f3eddc77f6e768b95d08dbb98e1fd5

SHA256
c91f6be9735146f2f891d059df057ee173f70c28d360cd75b00e93bbb78cd9ac

SHA512
6cfbe02c0ced66e6f1c054ece9d622bbd000d008638c08eb97458ce456ec9cf5a6ad51f42134af1ccb51096bd209eab3179c2ee4d96572d34964ec0cb424babe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4c1a7569bd554e4e39837d5528502338

SHA1
e38746bbf9a72177d3c6258781bc368658e16c67

SHA256
14e05cdade4611f0c4e9d8370be69923312ba18e852dcc14a083fc293fbedf5f

SHA512
4bb2053d927e8fa9ab18873e0501b2ba43f5171b5109bc7aa22e2b7709e7d44ff87d861e33f2ee16487119361eeed5bd17e22c98f3cbfffcd43d8043bc4d4bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
50d6966e59053af7c94a38aeac656cfd

SHA1
c93d3a2696db47c085ed2cbc34af8b0396938a1c

SHA256
7a20c8e0f881351254e075bb601548c1d67858ead2a31ceafdcbd2adf7ce949f

SHA512
4020a19d2c8890fff75aa636c300bfd3433e47778e4e6195791043c4433b247fa4e5874660739e3cd1e5e29240aa74ebc9d4d3508972863794dbe948a736d95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8eba50c960589f85a80794db153223df

SHA1
40b546c6c1bd38e83953df6f10665e78037c7080

SHA256
43766878a5be7632928bf213b82fae75cd88c87d8d8745b6d1a760faec84262c

SHA512
fc6f1bf5a062c9a36a26c584c128bf3deb110d3d7c9f9221e4f88cec9637beaa4c6bd8271c06d6be86e9d92338f30b46af19f66b21a32020e848a6c5117bf8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d4d1aad1f06c70b4946033e08a13e125

SHA1
818fcb9c348ce2292eba3c3c431a46784add5d56

SHA256
a7ce2835aff671ffa26edc538685d5f509716a49ce2653b6dca18ec695e69b74

SHA512
ca58282de80347a414e8b976f5e97478e9ce552968c1def225f69a18a459034a18e955fdd0c14347676b002de289771f6e3810871c972446df63d1df748a5a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ce55e364af6ff718eaf653c8676c361

SHA1
82d521363953c172bd31cc30b60da7f81ccd9023

SHA256
c0b2e1a79d1e3a168d421266511944883aa1001116eb3c28e5bc080d30ad0e5b

SHA512
f0d96d06360b304df7d34ffe09e0f006b3b3dcff9682f0d666edaa89fb221e4d7139650743df3630a73e4fe4cbe02c187fd7344823d42327bb35b12d82f5f659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62aac7eb2080cd18d5bf3fc6fcba9737

SHA1
50506d90823f5e0c9b829dfbb7e505928ec4a21c

SHA256
a16611375eae0444df904343605a312fd005163bc5ea817902ff30b9b141d139

SHA512
2dea3dc791d3c6be1c3237321520a40ad1c46248d2b705ddf6688958566df8a563014e148216b14e105f0781b56cfd2f664f282c6f720ee7fa879a3bbd63f62d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0408cf83faeb056b083d39f8502d4d4

SHA1
4b5ad934e04bafc022828da4818cbe608b67fd32

SHA256
665c647335a721a5ffb28af04279a52718de65965181fba1fc22162f6162bd10

SHA512
4ef7b3e9197f881bbc3bd2acf5b87aef5b0e460b42be0236013976033fd60dd8f4f47c1581fcca6b1ea367d0accd6cbe00c9c7763168b11fdaba2a331f1e4c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a22557867dd028271ed4c612d5902c8

SHA1
315fe548f450529b44898143aad350c1f8b88584

SHA256
887d0fee80eaa8933519953fb783bb4b8a0fafe545cdf91b0bd6f8d9202d288b

SHA512
0147d02f82fda7a0ab7df7f6f96af6da94e01e1864d2483ad26fa6467e3e6c9f812197838ade8c9429b23f6fada504278c545601b03bd538864369b021afeb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06d6e31d20063c0e5ecd2ea4880488fd

SHA1
e7c6089b9a5b613e1d424be5271a88ac877c8b21

SHA256
5fb92c32fb5bd9711a65cad1e5d6a06472054a8cfdcfd9572fdc2ee1b09880b8

SHA512
42906aeba4f87a593db2f2c0656f7476eec8ad514163741984c756782e5ad60705b47afb7163612374671cbb52675a1f7eff004f1ec072bcd77c1de10022b42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
218f4fe9797114e3ca4570e12570f5df

SHA1
80bfcf703d679d311199c7ddd78e42924b06c57a

SHA256
299adad9cf89ac5f8c2b40143b5c0fe15cbe0371d506db47a04df82d082694db

SHA512
60c9773bef9fefc6a27ce4e00b548a1a19e51a7132cde68b9f38d95e9b95efc050f4fa4eae80a2d249a6c1e5c8b094312b60975ec511327245a33b613460201b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc29ea4d8fde5d82f3f8a045790651a0

SHA1
a760aa26fe036369b0682682c7b7485a1d359393

SHA256
621ce4f2492b9252b5b1d224aafed6ee821eb1f99b9945799a1c58993f933323

SHA512
1e60a5d6b5a3ee10014ddeb69da5c542acdecf241aa0b28a7a85b12848e02d56c5c04d414d2b4f324e46282548848d6eab699b411b32ebfcd450c85bc5377e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3866bda7843332a065db4fd7da6863c6

SHA1
1ee455fc684aaabd5eeba7ff60512a41e80adb6b

SHA256
79ee6f1eb64007fef09c63533db87ac86edcfcb1c2655e761d7750560daff3a4

SHA512
cb320f3674cbeae06ffbe971b5e2f6825539a800f0f8ef4ad0525902d8b01a94ffcd6b6f31d411986aabeb0fcdd892db5f7923dd4d3701ba89d27613d06c01c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a7eab2708f48e49b501efae5881a28f

SHA1
6f1a09e2e27b09e3242662180eff8ce635fddd4d

SHA256
de3ccd5b05f451df7b3cff9231e68cfac7dd5a61da60149fd4557cf98b18a93c

SHA512
e8e6c206a910c3a8efdad61fd5e5c0439d8f1ee6ebaac3769e0a023f70a838dd5eb8b7194c42d354fa6dc9dcd946cb7a925a4056db5035ad94af53b5759247e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d6edf34f3b1e62158c10064a7a986f3

SHA1
3b2efd8002742de8623af98a91df7c66b787bf30

SHA256
912047be6f5814506197ad8fb1c530309359b1db8e5a6995787d7c5648df4bf5

SHA512
f76d84fed529ad85b5052762ec874d6bfaf1c18e7d5564213dd561191911bb6e2af4c83f3d53353a74ba23c193fe889bc8ed8398315957ceca1270056031031d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e704.TMP

Filesize
874B

MD5
963343505a3537365f02998202d78a4d

SHA1
4202200e939b98ed009def75b2920e585f6d88db

SHA256
c2523ca0f42dc520420dcae867b67ecc46e13cea1f68e5851e34d2819189e157

SHA512
ad9b6a2a444a9c0d028be4d7c84f1e59248eaa163e8fd3112d6f2eedf6cafd3e62490d95a4a08da4b268027c832b323a9e19d845e717675253fa462e8ef83600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
678a47b1fd368749b16fbb73baf45806

SHA1
f6699c4ae55dab098e2029fb2782ca01949cc1cf

SHA256
5b57e96f43eaa18c56e4aa00e989f64e65fca0bbaea96590f0ee1793523286fe

SHA512
5766bf4e2a6421e2c935c35305d8979395abb909a496e662a3f61a8314b16b5d5c3d68d51aee5bb5d6c448c6e8e4868b93533ff2b5a8028d2b26974ec09bbeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
028a09ac5ad3e48e631cd3d9e15bc328

SHA1
5a088524043150b0c5207d3d20d7ae261893961f

SHA256
651437c6b2ccf325ea0fc5db0de53fc5929932f328fb3803f72179f7daec7e9b

SHA512
b5fcff8bcbd3926d59798a8148fd01d6f3eeac326120d31722b0d40bae31b411d59d863e8fc54aa76ec13dfe2fc183d247a2b6b6a4ee293faa924310d6fdfa15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e8bea6ea3c8fe4bbfdac426e6308c12

SHA1
d33b0366e60afa55cbc497c4121eabe5d9ef8873

SHA256
60a52b08d610a82cc05737e6aeb77974631ab7bcdda32cddfc67c0c74f3dd597

SHA512
d2a35649a76285bf247beaef839b5c59deae2b208bfa1d5f95639e698fc45e04501329c7c8aeeaec77ff62e61dd4997a11527bbb6d7ac1664d1819401f7163e8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 649029.crdownload

Filesize
3.3MB

MD5
3d578d30f8947a0e4ca0b6e340c6f9d7

SHA1
d581d6caec9ebe4aef2e0d365c8163116d18383d

SHA256
6d8e3047582dfcece9e3284538ff46a16e1809de18b1a7543e2082ad0a009237

SHA512
ccca55db5214f271d94a6d24596f74ae08e0d5ab053b9fedce6670d817ca0cf9065a5db76216362045e0133e6644139e73c72129c165c337898594c5d385da37

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 85768.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\Downloads\WannaCry\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\WannaCry\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\WannaCry\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\WannaCry\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\f01bcc51-2842-470d-82ad-c533a10cd098.tmp

Filesize
9KB

MD5
f7349874043c175bee2d0ff66438cbf0

SHA1
da371495289e25e92ad5d73dff6f29beea422427

SHA256
f852b9baeeefde61a20e5de4751b978594a9bf3b34514bc652d01224ee76da1b

SHA512
878f4bc1ab1b84b993725bcf2e98b1b9dcb72f75a20e34287d13016cc72f1df0334ac630aa8604a3d25b9569be2541c8f18f4f644f5f31ff31dd2d3fedd6d1ad

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
memory/976-1823-0x00007FF671620000-0x00007FF67162C000-memory.dmp

Filesize
48KB

Download
memory/2360-3717-0x0000000073520000-0x0000000073542000-memory.dmp

Filesize
136KB

Download
memory/2360-3716-0x0000000073550000-0x00000000735D2000-memory.dmp

Filesize
520KB

Download
memory/2360-3741-0x00000000736F0000-0x000000007390C000-memory.dmp

Filesize
2.1MB

Download
memory/2360-3738-0x0000000000230000-0x000000000052E000-memory.dmp

Filesize
3.0MB

Download
memory/2360-3731-0x0000000000230000-0x000000000052E000-memory.dmp

Filesize
3.0MB

Download
memory/2360-3714-0x0000000073660000-0x00000000736E2000-memory.dmp

Filesize
520KB

Download
memory/2360-3715-0x00000000736F0000-0x000000007390C000-memory.dmp

Filesize
2.1MB

Download
memory/2360-3718-0x0000000000230000-0x000000000052E000-memory.dmp

Filesize
3.0MB

Download
memory/2360-3722-0x0000000073910000-0x000000007392C000-memory.dmp

Filesize
112KB

Download
memory/2360-3723-0x0000000073660000-0x00000000736E2000-memory.dmp

Filesize
520KB

Download
memory/2360-3727-0x0000000073520000-0x0000000073542000-memory.dmp

Filesize
136KB

Download
memory/2360-3726-0x0000000073550000-0x00000000735D2000-memory.dmp

Filesize
520KB

Download
memory/2360-3724-0x00000000736F0000-0x000000007390C000-memory.dmp

Filesize
2.1MB

Download
memory/2360-3725-0x00000000735E0000-0x0000000073657000-memory.dmp

Filesize
476KB

Download
memory/2360-3721-0x0000000000230000-0x000000000052E000-memory.dmp

Filesize
3.0MB

Download
memory/5128-2261-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/5368-1815-0x00007FF671620000-0x00007FF67162C000-memory.dmp

Filesize
48KB

Download
memory/5368-1819-0x00007FF671620000-0x00007FF67162C000-memory.dmp

Filesize
48KB

Download
memory/5552-1831-0x00007FF671620000-0x00007FF67162C000-memory.dmp

Filesize
48KB

Download
memory/5908-1827-0x00007FF671620000-0x00007FF67162C000-memory.dmp

Filesize
48KB

Download