Analysis Overview
SHA256
b697691d3b3420eb65fc63f4c467657b789fb0bb4e8a8fd09e07d303b7a3ddfb
Threat Level: Known bad
The file mini_installer.exe was found to be: Known bad.
Malicious Activity Summary
Wannacry
Wannacry family
Deletes shadow copies
Reads user/profile data of web browsers
Modifies file permissions
Drops startup file
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Checks installed software on the system
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Checks system information in the registry
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Views/modifies file attributes
Uses Volume Shadow Copy service COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies registry key
NTFS ADS
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-16 21:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-16 21:08
Reported
2024-11-16 21:13
Platform
win11-20241007-en
Max time kernel
215s
Max time network
225s
Command Line
Signatures
Wannacry
Wannacry family
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD79CF.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD79C8.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tgikesyrkli880 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\chromium_installer.log | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\chromium_installer.log | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762649973781052" | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.svg\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xht\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\Moniker = "cr.sb.net912CF349EA5CDCA5C827A64B4A04D6CD2D31F46D" | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.svg\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\DisplayName = "Chrome Sandbox" | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.shtml\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.svg | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xhtml\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770 | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\DisplayName = "Chrome Sandbox" | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\shell | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xht | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xht\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xhtml\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,0" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.html\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationCompany = "The Chromium Authors" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xhtml | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\133.0.6842.0\\notification_helper.exe" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.html | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.pdf\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.webp\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,3" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.htm\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.mhtml\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.pdf | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.shtml\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,0" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.htm\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.mhtml\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\133.0.6842.0\\notification_helper.exe\"" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\ = "Chromium HTML Document" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.pdf\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.webp\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationCompany = "The Chromium Authors" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,4" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationName = "Chromium" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\ = "Chromium PDF Document" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.shtml | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationName = "Chromium" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationDescription = "Access the Internet" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.htm | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.mhtml | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.html\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\Children | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159} | C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier | C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\mini_installer.exe
"C:\Users\Admin\AppData\Local\Temp\mini_installer.exe"
C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\CHROME.PACKED.7Z"
C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff73b3edb78,0x7ff73b3edb88,0x7ff73b3edb98
C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff73b3edb78,0x7ff73b3edb88,0x7ff73b3edb98
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --from-installer
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0-devel --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e87e0ab8,0x7ff9e87e0ac8,0x7ff9e87e0ad8
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=gpu-process --string-annotations --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAADAAAMAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --metrics-shmem-handle=1564,i,10593148211279626118,6609342431828898507,262144 --field-trial-handle=1908,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=1896 /prefetch:2
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --string-annotations --start-stack-profiler --metrics-shmem-handle=2120,i,6547248106953915620,8021023023693984662,524288 --field-trial-handle=2184,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:11
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --metrics-shmem-handle=2452,i,11905886002004830068,5548612815041121803,524288 --field-trial-handle=2468,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=2464 /prefetch:13
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --metrics-shmem-handle=3252,i,13067046881112875786,980841950368565740,2097152 --field-trial-handle=3268,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:1
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3276,i,4295307808950516034,8346987840652757810,2097152 --field-trial-handle=3300,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=3296 /prefetch:1
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --metrics-shmem-handle=4740,i,12689719730439492678,9502492724354225352,2097152 --field-trial-handle=4756,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:1
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=5072,i,4141174794409856315,17488190587083686819,524288 --field-trial-handle=5132,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:14
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=5736,i,7490914973199901671,15123751905079006878,524288 --field-trial-handle=5760,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:14
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --metrics-shmem-handle=5892,i,7289578277655229338,3055637551832164918,2097152 --field-trial-handle=5748,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e8603cb8,0x7ff9e8603cc8,0x7ff9e8603cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4788 /prefetch:8
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe"
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0-devel --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ff9e87e0ab8,0x7ff9e87e0ac8,0x7ff9e87e0ad8
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0-devel --initial-client-data=0x154,0x158,0x15c,0x150,0x164,0x7ff75717ec00,0x7ff75717ec10,0x7ff75717ec20
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=gpu-process --string-annotations --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAADAAAMAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --metrics-shmem-handle=1716,i,6485235603946622836,8148252844165033016,262144 --field-trial-handle=2088,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --string-annotations --start-stack-profiler --metrics-shmem-handle=1940,i,6642845270321810308,2948304730013972798,524288 --field-trial-handle=2120,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:11
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --metrics-shmem-handle=2496,i,3198832854681593609,6002266995815705961,524288 --field-trial-handle=2504,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:13
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --metrics-shmem-handle=3500,i,1902956024797587257,5036121622429436116,2097152 --field-trial-handle=3684,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3524,i,2615196415983730119,16924288164822186264,2097152 --field-trial-handle=3768,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:1
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --metrics-shmem-handle=4748,i,18166339022660861825,14182772229365040049,2097152 --field-trial-handle=4736,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:1
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=3732,i,9020446811191151586,15337688045987058181,524288 --field-trial-handle=4868,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:14
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --metrics-shmem-handle=5596,i,5487211215978258414,2028276052451843795,2097152 --field-trial-handle=5028,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:1
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --metrics-shmem-handle=4408,i,15330435360368237352,1124783329882861356,2097152 --field-trial-handle=5736,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1348 /prefetch:2
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=4828,i,572688495991528581,316292147252484849,524288 --field-trial-handle=5788,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:14
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=5968,i,180147886698713559,16176722167058285168,524288 --field-trial-handle=4000,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:14
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=3960,i,1185298306692897626,1799476732608936611,524288 --field-trial-handle=3936,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:14
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 67351731791554.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tgikesyrkli880" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tgikesyrkli880" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:80 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.201.97:443 | tcp | |
| GB | 142.250.178.3:443 | udp | |
| GB | 142.250.178.3:443 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| GB | 172.217.16.227:443 | udp | |
| GB | 2.16.153.216:443 | www.bing.com | tcp |
| GB | 2.16.153.221:443 | www.bing.com | tcp |
| US | 95.100.195.155:443 | r.bing.com | tcp |
| US | 95.100.195.155:443 | r.bing.com | tcp |
| GB | 2.16.153.221:443 | www.bing.com | tcp |
| NL | 40.126.32.136:443 | login.microsoftonline.com | tcp |
| GB | 2.16.153.221:443 | www.bing.com | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| US | 95.100.195.161:443 | r.bing.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 95.100.195.166:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.110.133:443 | tcp | |
| US | 185.199.110.133:443 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 140.82.113.21:443 | tcp | |
| US | 140.82.113.21:443 | tcp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 20.26.156.210:443 | tcp | |
| US | 185.199.111.133:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.213.14:443 | tcp | |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:53027 | tcp | |
| NL | 185.66.250.141:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| US | 204.8.156.142:443 | tcp | |
| US | 8.8.8.8:53 | 142.156.8.204.in-addr.arpa | udp |
| FI | 185.148.3.69:9100 | tcp | |
| US | 8.8.8.8:53 | 69.3.148.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
| MD5 | 4dcffe2c9bbe1808b07a2816b30ec9b0 |
| SHA1 | 56974f015c64376c04f12ad09e130c26a3432796 |
| SHA256 | 1cf7ffcf08d7d8e6484e86559fd28b0f8fa419247ba49378ca65aa671e01ada1 |
| SHA512 | e2285e7059bd266f6ec88ae5725955dd18ff67a34024cbdde4f8bbcc99bc5aff72fe27346dd3bd54820d31d5deaec1f3200a3bbaa23be854a3eddf4eb7e6b13e |
C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad\settings.dat
| MD5 | 7359ac8da454193fd33a5016baecd8b1 |
| SHA1 | 63d7228e0052949041ffb0a5f19dafb5d5d89356 |
| SHA256 | d65be5459a1798fa051baff3a5e87be579d9d060ea0d3b35dda137c9cea93f4a |
| SHA512 | eea3f7095dae3a847169822ec153a3311581df293378e99342f336e54b43dcb8513548d6a2b2c6acab2dd7861edc5c7952617ba44efaf2e43f2431491d86f3f5 |
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
| MD5 | 50089f738b1a2a3d51345c750ab20c07 |
| SHA1 | 821a7d43e369f110343c3f9757073e914b1ac80a |
| SHA256 | a592620bdbd60757de318947828d44cd7abbbcd5cf849d0243c94142e75ccff8 |
| SHA512 | 43e1de703a75cc0aa0675e9774f885ba719a62f15298d17c4929607be008048390e38817b831b28f5988e3304d7836541a5b9e8eb0034ad04c74fd44f92171fc |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk
| MD5 | 1f62285dc44e2cac69cab4ac9cf2ae65 |
| SHA1 | 37bc792f28e2923a673b23b4bbe02cb4f387cb00 |
| SHA256 | 4af1abba38be64621b54a25b01b16945676ef7477d2d33c9e4ec2701ed4ffd71 |
| SHA512 | 6826251d9dd022789f7e71f2f37ee7c9d4b1b4732c6c39f97978d07cffde2c764994b66b7a85d7add39770d673fbbb63a3ae50473a0f18851220865515d4aace |
C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\chrome_elf.dll
| MD5 | 8a8a50f3c8855df58360667663d246a0 |
| SHA1 | c21731094c37537b255d5b959560b089a33f57bb |
| SHA256 | bedb732a1fad31ef332c9cdb923b06e9af55053d9c600556986a139db4b75e9f |
| SHA512 | 20f7755885cea9b6373d75099856d7cb87fa9c85add4504b6711af36b06f46a623e844c9163bfda253d1edd2bce6a2b1a1f13f3799c1cd30517db2feb7972cf3 |
C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\libEGL.dll
| MD5 | 559e1b32b7d26e6babefa2628eec9d9b |
| SHA1 | e91770cbcf281b9be49678b7002b28bc0b70cb0f |
| SHA256 | c0f99437a186daf06ded4ee985915e33cd7dd3c4de68820e9ac27a65f1c72cde |
| SHA512 | 4bf8097fe9136d73ac82150e6620194eb5ccb4d1d8dbe776efd27316783211f2da6e5b98616099ebad343e31c8a271026b0b5a99bde0bdd0597eae0c74e0e26a |
C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\libGLESv2.dll
| MD5 | 921d00625565df6c3c3ed91fb7014f04 |
| SHA1 | 8821068b3bf6ba6b1982fd09cb7b788d79fa9980 |
| SHA256 | cce85d89068e9b3b77fa9d0daf5180238819ff33d4d433157c3e31a21fc9fbcd |
| SHA512 | 8381916853aeee34f6d09095ee65374999b1870f2a858ca5098741370717d7d5728f08aa39fb4419ce45953a60938092c1aa482d3f49b144f3c958ffa061e2e0 |
C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\dxcompiler.dll
| MD5 | 6408ccea836ccaf521bc7faa3e463f22 |
| SHA1 | 90494611cfe02aa622ac0c2086edafea852e29d1 |
| SHA256 | 0ca01e204eb4848cf0e8186bbd1c3375074bfe17a4a09bde0030b31398f98287 |
| SHA512 | 85aead0cfe857ad97598a474b10136b9d917ce64dbdaa768cd8e58824b1aca2cb00ba523ec04707e51040020e013c837b83643bcf58d5955bf6c22485db91958 |
C:\Users\Admin\AppData\Local\Chromium\User Data\GraphiteDawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Chromium\User Data\GraphiteDawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Chromium\User Data\GraphiteDawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\dxil.dll
| MD5 | 30da04b06e0abec33fecc55db1aa9b95 |
| SHA1 | de711585acfe49c510b500328803d3a411a4e515 |
| SHA256 | a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68 |
| SHA512 | 67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08 |
C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\vk_swiftshader.dll
| MD5 | 156955119ccbe9cdf7834e9d78a60a4d |
| SHA1 | a6711b68a30fd5e036a18703f11dc22f19ed4db1 |
| SHA256 | 013e80af17631e6f764112dfd8001c502766ff2606eb9f6bf7eee8afd6a05598 |
| SHA512 | 3382c1d683c001ac15aa712a855869c9d34d4ea392457439d0c79f50c72b02b57f3e86c544e476eaf71edc7502a94824bb1496a34f71ceb0cf2590c0ffe9510f |
C:\Users\Admin\AppData\Local\Chromium\User Data\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
\??\pipe\crashpad_3076_IDMSJIAXBETGXKHY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\9f551d31-3cea-4e9e-be83-b4bd85813401.tmp
| MD5 | f2b201b3da07d84b8c54fd2290913d38 |
| SHA1 | 3c27f0617b299c7fa318de6d0934170374abaf0f |
| SHA256 | f811d2d9703a9d0300aa2fc02459b9f0616be82b69e457a4603805dbb1254738 |
| SHA512 | 24b475c32f9509dd9b7b6eacfe9961bbb8f96370e4c9bb92d067ad731ab2250d00f30fda1cd20961d201ea140d2a9c09f5e61cc4a2dcd131a17e5dc9efed2dc2 |
C:\Users\Admin\Desktop\Chromium.lnk
| MD5 | 519476ecdf366574618442a5bbf01a12 |
| SHA1 | 050d84a80fd6fa7d8ea84c5523a8f2407bf7c739 |
| SHA256 | e659b744d1067a5fdae775bd90d51107c3652f63123e08b1c93178562f745519 |
| SHA512 | bd043d12f5a6bfa93dea7e86df7bc2b09197aa155cf7353c8a7db1d2cd39c690a3d13585fcefa621e1408a03474edccb4314856e2a29a09b20c3b8e9ab17521c |
C:\Users\Admin\AppData\Local\Chromium\Application\SetupMetrics\3288_13376264990612657.pma
| MD5 | 1b7cdddfb06152ae01f12d9f253237d6 |
| SHA1 | 1ef358781a086a0727f4fa95cd53510eb328bc52 |
| SHA256 | fd668d6edcf6b6cc176edd9bf7b0d7f1881fe2f0d94ebae656127c27a359550e |
| SHA512 | 4705c93b233be92dd2d04649d404b538bc76607bbe655d5e35a739653ac1af776ecdd12ec1cbf81476070ec5bae633f891817155014730a06939efb21bd132ea |
C:\Users\Admin\AppData\Local\Chromium\Application\SetupMetrics\3992_13376264990700185.pma
| MD5 | a2b53bb970e3ec6b56ec7f304ad0c9bf |
| SHA1 | 34365e0a2c0b77260a73864bee96be8a90d9f37e |
| SHA256 | c890363b9850e23803cae09e60860e6be1afd1d0c701e355d921610aa5b1b7a4 |
| SHA512 | 0a2154130eccb85c366b7df958c14559cbdd5232c26cf74c1fa946921e29b1dac383467ddb95d683ceadd07704ea4b2b6e5bd6355903229af1ae8a6bde6aceb8 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State~RFe5817b9.TMP
| MD5 | fe536579c344e0f7b242038121abcbcd |
| SHA1 | 4cffdec30b07f14b9c0e643af318c95b8b46f330 |
| SHA256 | 911e501b0d33d00fc73c65cc24a1ef9e4f53a3a4beb96deac2b9c69e8af7ecb0 |
| SHA512 | aa3c788c3283db5d1a186e4cb92b51d82343be60889b0aef5ea84b747479ee975358b73175392e52080c543a751e4ea691a1cff2d1565bfa37608e0858666f5f |
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State
| MD5 | 2f056039c5560f832ee509d97508833a |
| SHA1 | 417a861ce3fae5979a216464ac368749739fff35 |
| SHA256 | 1a0466db95e5183adbbd0a887e74f6a0c99f59b8a6385ad4b71f82f9e53c30d1 |
| SHA512 | c44df4b95f25f557f77b50ae2622ce69c54d9a83363cab63cd619eaa30a87b72100479a86051a8db63808ba4bb6677d91be5aff3a9011dbe2942ec8e99e5126b |
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State
| MD5 | a12e4df5498b4896569d588420d8b2ca |
| SHA1 | 9519c4e81518d6105d32b3c2b1cdd123538d47f6 |
| SHA256 | d0ae6414c95c2bdf15bf2e9d9ca4be328e7ed05ea4a76587c709440ffc7802df |
| SHA512 | 764c96b659d275db7c01535f7958cc3fb33cf8fa1976e330cbe7f63258b2bac72e4c5333655f756822758e716fcfdf9d31a5f1bb3e7ffcfef73f6b0e24179244 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3c7b288f426e05cf95a00220a4aaca1a |
| SHA1 | 910203625ace9fbc35f0d9c1252554fb8bf6a89c |
| SHA256 | d6c3aee8cb25741de942171a7be27e0e25e469cd40a4589934b8ea51cf886daa |
| SHA512 | 970833acf654c5b5c446b401373b386048f967bd3f5c326f7e797ccffdd98756f9328291e11b06829c9dbaa6bc237f911c30c01670c0ef5109c2801ff57d5195 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5844e4.TMP
| MD5 | 62de96f499b2c4ceeda554c18fcbccdb |
| SHA1 | 93a89aaeb13280386510e9577799d76e9f8f48dc |
| SHA256 | e3e7abce25c48c27c7e7612db91e53ddd0784267429bbaf7aa7bc3f87a0e9680 |
| SHA512 | 01d417a54085be5e678baa8dc4cd57fbcde6a38294558806269ab79b7161a03038a4ed06972b8a107b4e8f6ea4b83ea407a3e576e2de73aef487e6b93a31bf0c |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Secure Preferences
| MD5 | 66c8c2f56ce20d0b0c253fcaff29e09c |
| SHA1 | e32948d5e953500252f7a52e1d7f130e2381d0d2 |
| SHA256 | 3aace3fe41529689ce253074d2a566c09b6906d4e2e07b759710843fc016b99e |
| SHA512 | a958fc0988a9422cd44d60ea11df209555738293bd22eb68e929f4f5d7270a985a5fbdd92f24af91bc863d081d899f50616bee9f4febe82dc5a0586d79fb7de9 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Secure Preferences~RFe584503.TMP
| MD5 | 41be01dfc8562e0f3957c936d5a9118b |
| SHA1 | 1bf9012f9261e0c55e2b1d431bc0e657e6a94967 |
| SHA256 | 0f865fbbe64f04c99e9ed79f49c4017d1c4659bf06c7abd27e991dc762678dc2 |
| SHA512 | b437d34b7204a35ee1c604b3db61b53594c4e2766f48d2e46514db88b193ee34921251e887c496b836e31fe2e08474181c349b2a5fb2a367e26a3fc636fbadb3 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences
| MD5 | 9d597a810a32e730a8114003cfe5a86f |
| SHA1 | 05faafb26ec2e9d475a83f6b154981e46e712477 |
| SHA256 | 602512e4bc8a39d329f0c0f724c27bfde3461c6c85b590fc8ec9c289e78526e8 |
| SHA512 | 4aa53630aab5ffd0595e872195604518b0ae7bb87a450045759c4a1b4638a02e109108e34f761398a30782941d48b4ad4d0642df0e6d230832613350f2cbd39c |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences~RFe584513.TMP
| MD5 | 6054105f072d5763f52c9f170beca3be |
| SHA1 | abd273da0fbe809715fe29d2ad70ef468dca58c1 |
| SHA256 | e07406d5725713d5e7a31bd06b1ae6a2136b6c4c721829c9012146f3e7c005fe |
| SHA512 | c9f10e639b198befcbd611665dc3cbde3387a35e59cc7bfe9d6f84fcff11942bd6a839941570edb48aeae2e2b7019b9d6516d55935c9c7ab29f1f58f6b4d4a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a28bb0d36049e72d00393056dce10a26 |
| SHA1 | c753387b64cc15c0efc80084da393acdb4fc01d0 |
| SHA256 | 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1 |
| SHA512 | 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 554d6d27186fa7d6762d95dde7a17584 |
| SHA1 | 93ea7b20b8fae384cf0be0d65e4295097112fdca |
| SHA256 | 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb |
| SHA512 | 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e457554f6dc345e56a0ce9a7a68c62a |
| SHA1 | 4da06cc00c9b73d080528b942ba6a1afd1c8d957 |
| SHA256 | 80e410bca7a9e31bb5eb42d4a6cada7157aa7aee7e8acff1bd6bb3f0c4077694 |
| SHA512 | 62432b811911500c37af09fad493ed009e003b068554e0893eef1a52b790d2ad7e6891224eb2f2a712644074d18935fcb5d85a90cd8de3897e6310d8a0d38eba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5a64307d27fb42ca9d255366f6b54e4c |
| SHA1 | d135930cfbf31685ecc7d58b3375da90abd361b0 |
| SHA256 | 183c0afec4c8f2a58fa89257649a70504fec0e145cf12c8940867be250596258 |
| SHA512 | b13afb0d3bb632da42ee8b55013a84dbf0fd70fca31d5e5c99873e81855ca9a0093d9ed69a68dde08a3eb2fcdd6147e87efa30458c243cde1f7dcf8db280eef9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ebdb934045a48aad0226e50d1a4034c |
| SHA1 | 0672586516f211fcfa1aaa0cb335ae9ea7275287 |
| SHA256 | acddb64216003da9ffbe285fe2d96de1073c204b89b5e9c102b679a44bec6976 |
| SHA512 | edbec94d50ec226189021f70b88bc01f1120d0806ffe93dba186e6f8e70164120cb7d01543e333cd4820fa89af3938b74cdbebf9b06f9072d33fd247816ae251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a009622addd49cfc7987fcf164a06a7e |
| SHA1 | a371eeac91518a32edc07ff340f163248e7cdd3c |
| SHA256 | 520783aa7a0d261ed263a92fa5a02efa1c09ec633899bfa66cb211220055aee1 |
| SHA512 | 4f7b917837cb549a4ea0466b03c05769fa29723d0d3349d20c50a2bbafd35f6c3e3b630253dd01daabfcf96d7556b0a0a72d0fae9a8cfd5d9bdbea1342cf2881 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3139cf4a656c5c3f95529c1728d8db8a |
| SHA1 | 374581e023cfdfa0c9ccbc2585c4f219ffadddc4 |
| SHA256 | 6200a368ec59d5c003231c0c464f3bad88ea368d61b22cbb1bec917ac2dead0b |
| SHA512 | a4bcb9e7be9b21d734d333fbc0d1115e5f745c7ec743f78a24549498b5d54b685b02680521815675d01b427bd04d46e339d4ef9b23fdb12ff2a050383d1317af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d76ea62d237c63c2206bcfabb0800ac5 |
| SHA1 | 95ece66966b5fd67bd45916f3d2969a9141e19a0 |
| SHA256 | 04b36129bc773c03271366364371b0adae91b239b1a14ea17bb6b1cdb018f297 |
| SHA512 | ecd52288d3cbcf2c7dd72625646307d0cbea7e844577b029d1a93ba07f54604c72797d3097878e228bf140f37cf5acd169021c927dbcec44ba7b915280f2da4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c84a42acc52f9f805f0cfd395320947 |
| SHA1 | 79776750a63d0ee8fefbbae9c5e203ddb2273345 |
| SHA256 | aaeb966aaf367adebe12738b99e05b74bd45f99d7c2564bbb7f2409660b49c16 |
| SHA512 | 8a7ff3fb2bac52438f5d2f8620ce959e2f6414117895d464adb215c68776df327928f88af42c52981beb6023762427fdafec7f8dc845979de786df5347700be2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34dc8e5745e6e672cdc812c6654cc252 |
| SHA1 | a971776a3a2450698ed1f72fd12a18000860a8a1 |
| SHA256 | dfd031a1bc9101554953ad711db4de11ea9eb275badfb36c38f5b3ed424a3179 |
| SHA512 | fa16fc32c91cfae1fcbc6e0aade1a316abaadde452a4d1445acd7186330f7232bddfb1e153eb272b2f2e0a494f618bb9d754bc8c336c08122f089682898635ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f92724d1d57621f2775adfc5ffc1351c |
| SHA1 | 6526139e9adf6a2d6c19ce1368da7419cd280301 |
| SHA256 | cb3bef47d4b1a3491f3713825d4ffb6107b83c9bd06c6e0b0d459f6fe35c329f |
| SHA512 | 048e1c58e17449a28cd17216aaf4f24941bf3258b26de4a86baf182c997065b738df604ff8a7fddcc97285b38e685bb4672a46601ee0d42716c803990eb5d8d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 10c13faf212cd241c1329eea0491413d |
| SHA1 | e289b614bb97638ba827a556d6f1182d851b7da5 |
| SHA256 | 548b791b36b2d1769deccf786af67902094809fe9d047f6b93c6d1038d89f1b6 |
| SHA512 | 02c91f3462530016ac13752367dd721c8926be9f7f42bce90e08aa4d79901ec6cf8cf7d8d5c239eef2a803294530915345674f784aac1173e65d440d6c157cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596d56.TMP
| MD5 | cf3429c34a35e99728fdf74e8b9fd420 |
| SHA1 | 78f2941b327400744ab6315c24ac40444b67a8f1 |
| SHA256 | e38d43fc5583e5430e61f0d4d2a15d63a7a7c492daab820ae6041d32f4359994 |
| SHA512 | 91f97072b28998239521ef5ef1c8d66678ce9ea0dd36c68a30773c808692ff2f4587526b7b46c4d3c71dd4aa87f81846e005451dfd91d2806e76bb1a7657ec6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 831d28bc4bc17e94a06988e507edf030 |
| SHA1 | ca05af05691b8836a965fadaea1062f859e93edd |
| SHA256 | a0fb3285e570b67b3760927e4bbb5173d7b43a691be7eee20ae8b33fd37d4742 |
| SHA512 | 66aa3359136961ad695c6f673e343d1a8089b1102bfe7004bc28b64849debd5636780546ab6215fe414960556cc0d61905a9eb994e4993d8fb80d963b246616b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | e938739b12a56769d93009345d4044ab |
| SHA1 | 5c566c0dbdb6aa805538b3f7d80c693072e0289f |
| SHA256 | 0d5a83909375a9139c60d36dfe1f580344321ce7c38e7ac9463b17396b44d5d8 |
| SHA512 | 0f133f2e6a918909f00bd1220f5afd05a26177aa17cbe29da35ca60f92f5bcc780f8f396e2123908f33e57c8301bfeb219423869b5f687acbe60d5b022c3fc6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0a289e201dc141d66b30d945b4ad11de |
| SHA1 | 1c3f3614c6f3a8dc677fbe3aba4d691c172c7967 |
| SHA256 | aa85e32575655c8ca6ad35c8cbb5a4ba66acd538acc387732593299268449336 |
| SHA512 | bc99a9c8ee50761c2c843d5c9d232e400aa68a2a4eb57add73c2f95420fc92b26b54d3f473c80d58ff55ec47ed7b52e7be724b933b579ffd19101eeb7bd72581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e32fcb6516427d8a169d518c90462ead |
| SHA1 | 87f28c0525c431d480e5992cbb4bfdaf03b1d3b2 |
| SHA256 | 9200382c2c0faa2c73051f57d07bfc63ff301387c681bb4045b1ec70c8412f19 |
| SHA512 | 157ef926b861d3a86c1c7455d4bc43279d2d592144a6511a378e7caec234cabc3dde919b8daaf13c65731e3166d2fe19b3a88f945ea9d4ff4e6a27b1b8c4675c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2551edd85cbae781c82eaa62bc1e2826 |
| SHA1 | eba73d7e371e6970bf5d0c5e06ba76ca6f9a3441 |
| SHA256 | 7c90a1862205b7ad798ecf9d7650180b112a3dd2238ec4edc3a6598d3913c42e |
| SHA512 | a026239009dd1938e5c1f2dfb2b455a50650ac656d1492523ec8aa0eeee37a3762c993d6ed21981183886381aa97824a201124b6c11a8e87fd17629cf1392878 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\41497641-9d8a-4723-84b3-9f76ef9904b8.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\a8510879-dc33-4296-bb60-7833d6f9ec06.tmp
| MD5 | b77fc97eecd8f7383464171a4edef544 |
| SHA1 | bbae26d2a7914a3c95dca35f1f6f820d851f6368 |
| SHA256 | 93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68 |
| SHA512 | 68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\d47f01af-4335-42d9-8eaa-591dc4852e32.tmp
| MD5 | c4af7ad7e11e7129e5077c9c2fc74ae6 |
| SHA1 | 3342be0db856c7286b96f2fb13318ec69ba2ce13 |
| SHA256 | ebeab19afb17e8c2998fab3e91a388627630cca4a8d6e6f58a3ab47b0cdbb150 |
| SHA512 | 8474feb71e49b511bf6b76845e97aa67c1cad1108860fa1a14e357e3b3a7b073237e805c0569ac0618238b717a0933c3479c1d2bd8a9f8a62b217195b078dda3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a9038280863119a5ae7fdfac5cf77e5 |
| SHA1 | deb202fa0e8e178d4944f1ffa2c8aa7441fabae1 |
| SHA256 | ede1c73ed9780d24c747c0987826ad552020dba9d36e2e04aa16e040d7f9691c |
| SHA512 | de4dd34277592efdc72ac07d475d446ad79078be772130647f47a296c12097673a3d1afe708679f3acaa763073190256d8cc54c38e144f2ea0d30afc8ef7c202 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State
| MD5 | 53509edaa52cb827d6b01dcb752d2f11 |
| SHA1 | c78bff99d5f9e8d89a56ba46560ba988b8af610a |
| SHA256 | 0cc10065af26d68211fc87417f201237e07e257fb67c41df64e0403f208f90b0 |
| SHA512 | facc2ff4671d62d87eb0d909f4996e89656bbfd47f3e66a029f35d071160216e4e2e9e873156578c0c495233720df2183462fcba9f9e7b0673ffa5b4c0e8ac3a |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences
| MD5 | 2ee8d91359a972d7a778f41869457054 |
| SHA1 | 42c8c3617023c80fd2d893151515ecc70283d535 |
| SHA256 | 4332ee872c62b82d6edb4edf6ccf77e8ef83d339086b7d53b1b2378f40db53b4 |
| SHA512 | cd63ec3283e263ff1b0de33045759c62037f9aa7b20bf8f8e01e636d1a8f084a44db5d3a5b16ae32b5430c503d8fe76b6ccefa6bc328c63d757c5ce16b6e1015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6c6a2e9ab63839d1e9900439b7de9302 |
| SHA1 | 32227e703d3adcaf0f0022f498542d3926358f10 |
| SHA256 | 822ac3a9389804f5cb56b36443e81c4fde1cdca0f742fa72c45bd315ad388275 |
| SHA512 | 833128cbdf25a916f6901c03ef3430bd69d85c3b55ce496bcdca91e18aeeacbd1a7ad06b8cedca783c7433762b6198f1649b6fff8627da1afdda7422078fecbf |
C:\Users\Admin\Downloads\Unconfirmed 897641.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\DownloadMetadata
| MD5 | c12198a618b0d2ebe9337893e38d0605 |
| SHA1 | 4c7c6ea11e307e8694f686f80a0a81613b613d5a |
| SHA256 | c21ee56f81c4e61e94ed62dca291b7d85ca0ad8e5148f26146395c8f0fbb591a |
| SHA512 | dbf1997e87083b41d1184e9f2f50b35bc8d36d6670f5e653363187b33bf15c0beeb8842090081ab69875b6a79d4800f91318deb17bebc386424a0cb1b7263c72 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\DownloadMetadata~RFe5a443e.TMP
| MD5 | 07799115ccaaeecc4a1eb0d0a91fafa2 |
| SHA1 | 67a547c8da215371c895c0fd3d4199d0190d377b |
| SHA256 | ae85e76d89568dcec7d86d858c20b1ca0aded66e263cdf8c2c1bf86c7846ba07 |
| SHA512 | 53a2d9a9dcfe7e1b3745c27c2b95c90e9e27b5e43e57817e6419aa89d81c5709feea4fe04eeff4d9fea5de9bd410fc195f91b23490a7124f529385b6e6ca02ab |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d9e537090d6404e11028f4a6f4fc430c |
| SHA1 | 4d978bdd8e0c654adf268c1eea728f9e6aeace3a |
| SHA256 | 686b746b881c20ddf49d4633abce69f4c68d1589a97d1364b9e55f77e9104fa9 |
| SHA512 | f81c45918180a7637bbd5a3277bf199149d1fd953caedefcad51705e2b1d860e9b52805ee5d5e410fbf76d49a6beb26efe498b37a7cc880e24d458facef60134 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\DownloadMetadata
| MD5 | d80fbffb0dce9e88bee19947caf3cceb |
| SHA1 | 71d0ab343ef803616b864bb7af464c006b86d13c |
| SHA256 | b3f9ee8ef50a6daaa5e41628e217d6ba2f0f293405d987ad7cf08cc5f44d63d7 |
| SHA512 | 7595b94d9db4bdacc8079753acbeecf6325635dcc6288f86844e3603ce0450ee0707c516da7d4c0f4cc498cd01afa3c78117ba6d5f26a5a954389135326910ed |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences
| MD5 | 6449b5fe1516d2e70eb86094be61cca9 |
| SHA1 | a487744797401be1a59ee90a1c62697a8fe79a41 |
| SHA256 | 5a0328df00b4da6234aebc707cabc3ee7ce43f89e89c9f42bc60f4a504b2a404 |
| SHA512 | 991d5eea0a471192c21dc097413946cb15418b18c6d6e4b3d60424136163d2222bcef3f4f1811712b0c113d79fab5ab10dd08bba3e127374b2ceb76034e759d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f768fe7f3b7e12fb9197c1426ac062e8 |
| SHA1 | 259dbdbe0a51494263e5cc0f8f42e30a048c2e8d |
| SHA256 | 449bcb75ed12392f1a34cc0abffa9474a5936f3de708c2529ba0d09493bd411a |
| SHA512 | 5904111a9d22d70105995b592ec65c58822b602fd265c043238a49324f14f4cee25bff82004a6ee93f7501c83775501e0556c356f5c94a87db073341b795ba2a |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/1376-1645-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | f3b27b7815db7b4d585bb109af0832e5 |
| SHA1 | 2a191e9951ab137495b26ee20eda3eca0f87b624 |
| SHA256 | 79c3158dc0d890cc98af6829a7ad9967c61a795778850d418cda9cc417b2a46f |
| SHA512 | 3b97a88acf7e8b1f6198f57d6a277afb0a465ec81d657079a41d9cc73ba64d6cd4cecd24e7664c5628c35a9773444e8a05cafcea5e94c232907fe5d0f86237ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ef70bc6fc308564437a2e3facb56149 |
| SHA1 | 0f7dff19169c4cbbbb49f26d4b170393e7de3b11 |
| SHA256 | 02c38ae78d6459c04f8ea01e96ca6bc3666dabf02208efc8c6f7778c63a27720 |
| SHA512 | 613105de629b8c3fee95b426dbfb44393eebc9a0142fc700b270e4e91d36232e3a955dfc9a3fb2a1f03200339243e881d53061ac2bf547219bf6d7768c9eccdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8c64d7d46f237b9f46f62cda16828bc |
| SHA1 | 8a4e0152e04063b50e147fa07ad3d6d5344fa56e |
| SHA256 | c8516df0af00868eadf02bf73bf21a235850f119ae4dbc6f0be9518a22b1b5c3 |
| SHA512 | f5469e785a3aeab854e139bb11d50de9e2dc018456ef5625772d533c39d4568b5ce7ea6f84bbc1615b0f0197767ff8b7fc3c2c79daa8fe683627cb60b810cc92 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State
| MD5 | beb44b37182ae14dbe9c227c204a66b8 |
| SHA1 | 407bb74cd87cf541214ccbd3cc7b8080a8f1f963 |
| SHA256 | 11c96afdaf20b952d306f7a291f1451444174b497c65386b52c9fda288d27ff9 |
| SHA512 | 567666c73c00296b99089c71d23641b482521922c985b62e7d9355d5f6c76050782586f59e21b55e8b6ee9da46875d604092356184967cef43cd53c9d8f8f3b3 |
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences
| MD5 | 150638c310263cad1a6ff355d3b8f0ee |
| SHA1 | cba9c8516ce7a2e5e99b6c1b8dad5fb08f329a14 |
| SHA256 | 2b678a94897dedbde8fa048543ac6302da7e3908358cea750faa1b3ba72c3998 |
| SHA512 | 53f14dee63c2146ec9b62f65519eb2dec40e4b2d011caacd9e224eb5d7d134d2a1afa6b5aeadd9528bdd121590b8f7de2b9ed68561012995d4ef86804b648fc4 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/2748-3075-0x00000000739B0000-0x0000000073A32000-memory.dmp
memory/2748-3077-0x0000000073900000-0x0000000073982000-memory.dmp
memory/2748-3078-0x00000000738D0000-0x00000000738F2000-memory.dmp
memory/2748-3079-0x0000000000B50000-0x0000000000E4E000-memory.dmp
memory/2748-3076-0x0000000073630000-0x000000007384C000-memory.dmp
memory/2748-3094-0x0000000073850000-0x00000000738C7000-memory.dmp
memory/2748-3093-0x00000000738D0000-0x00000000738F2000-memory.dmp
memory/2748-3092-0x0000000073900000-0x0000000073982000-memory.dmp
memory/2748-3091-0x0000000073990000-0x00000000739AC000-memory.dmp
memory/2748-3090-0x00000000739B0000-0x0000000073A32000-memory.dmp
memory/2748-3089-0x0000000000B50000-0x0000000000E4E000-memory.dmp
memory/2748-3095-0x0000000073630000-0x000000007384C000-memory.dmp
memory/2748-3099-0x0000000000B50000-0x0000000000E4E000-memory.dmp
memory/2748-3106-0x0000000000B50000-0x0000000000E4E000-memory.dmp