wannacry | e7c8517568098e960be40ec88334cc28b58faab1a6c51672fdc371adf75b9e52

Analysis

max time kernel
324s
max time network
339s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2025, 08:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

new 1.txt
Size

16B
MD5

17389fd42352d9124e9eb867d4f6f2af
SHA1

d405df9351cf9d5775e4a63766a83f6403f17282
SHA256

e7c8517568098e960be40ec88334cc28b58faab1a6c51672fdc371adf75b9e52
SHA512

4ce7a2391269a1b4d6c6be20c79dc20bbfb172c635250c73110155bd5e52e1e837bfecfd6c45a5c209c4a538d44524481015ae18d15622ed08e5920905ebf778

Score

10^/10

wannacry bootkit defense_evasion discovery persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry

Downloads MZ/PE file 2 IoCs

flow	pid	Process
217	3656	chrome.exe
257	3656	chrome.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD1A.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD40.tmp	WannaCry.EXE

Executes dropped EXE 23 IoCs

pid	Process
4852	MEMZ.exe
5092	MEMZ.exe
4108	MEMZ.exe
372	MEMZ.exe
3948	MEMZ.exe
3684	MEMZ.exe
4708	MEMZ.exe
5760	WannaCry.EXE
3620	taskdl.exe
700	WannaCry.EXE
6108	@[email protected]
4876	@[email protected]
5220	@[email protected]
4624	taskdl.exe
3000	taskse.exe
1912	@[email protected]
216	taskdl.exe
5704	taskse.exe
5152	@[email protected]
4596	taskdl.exe
3000	taskse.exe
4180	@[email protected]
1900	MEMZ.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5164	icacls.exe
5176	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nwycckkvrgbsta247 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
231	camo.githubusercontent.com
249	camo.githubusercontent.com
250	camo.githubusercontent.com
257	raw.githubusercontent.com
216	raw.githubusercontent.com
217	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 34 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133847733681649042"	chrome.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 8400310000000000575ae3441300444f574e4c4f7e3100006c0009000400efbe515a4078575ae3442e0000005ee101000000010000000000000000004200000000005767c00044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\NodeSlot = "8"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3904	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
5092	MEMZ.exe
5092	MEMZ.exe
4108	MEMZ.exe
4108	MEMZ.exe
5092	MEMZ.exe
5092	MEMZ.exe
3948	MEMZ.exe
3948	MEMZ.exe
4108	MEMZ.exe
372	MEMZ.exe
4108	MEMZ.exe
372	MEMZ.exe
372	MEMZ.exe
372	MEMZ.exe
4108	MEMZ.exe
4108	MEMZ.exe
3948	MEMZ.exe
3948	MEMZ.exe
3684	MEMZ.exe
3684	MEMZ.exe
5092	MEMZ.exe
5092	MEMZ.exe
372	MEMZ.exe
372	MEMZ.exe
5092	MEMZ.exe
5092	MEMZ.exe
3684	MEMZ.exe
3684	MEMZ.exe
3948	MEMZ.exe
4108	MEMZ.exe
3948	MEMZ.exe
4108	MEMZ.exe
372	MEMZ.exe
372	MEMZ.exe
5092	MEMZ.exe
5092	MEMZ.exe
4108	MEMZ.exe
4108	MEMZ.exe
3948	MEMZ.exe
3948	MEMZ.exe
3684	MEMZ.exe
3684	MEMZ.exe
4108	MEMZ.exe
4108	MEMZ.exe
5092	MEMZ.exe
372	MEMZ.exe
5092	MEMZ.exe
372	MEMZ.exe
5092	MEMZ.exe
5092	MEMZ.exe
372	MEMZ.exe
372	MEMZ.exe
4108	MEMZ.exe
3684	MEMZ.exe
4108	MEMZ.exe
3684	MEMZ.exe
3948	MEMZ.exe
3948	MEMZ.exe
372	MEMZ.exe
372	MEMZ.exe
5092	MEMZ.exe
5092	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
4432	chrome.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
5500	OpenWith.exe
6108	@[email protected]
6108	@[email protected]
4876	@[email protected]
5220	@[email protected]
1912	@[email protected]
5152	@[email protected]
4180	@[email protected]
4708	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 1920	4432	chrome.exe	92
PID 4432 wrote to memory of 1920	4432	chrome.exe	92
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 768	4432	chrome.exe	93
PID 4432 wrote to memory of 3656	4432	chrome.exe	94
PID 4432 wrote to memory of 3656	4432	chrome.exe	94
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95
PID 4432 wrote to memory of 2768	4432	chrome.exe	95

Views/modifies file attributes 1 TTPs 3 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5172	attrib.exe
1036	attrib.exe
896	attrib.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\new 1.txt"
1⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff3daccc40,0x7fff3daccc4c,0x7fff3daccc58
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3316,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3156 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4404,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4964,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3256,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5284,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5364,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5404,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5536,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=864 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4764,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5248,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=1216,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5368,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3384,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5808,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5748,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:1788
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4852
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5092
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4108
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:372
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3948
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3684
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4708
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:1220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
        5⤵
        
        PID:1612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
        5⤵
        
        PID:4460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
        5⤵
        
        PID:3604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
        5⤵
        
        PID:3200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
        5⤵
        
        PID:5096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        5⤵
        
        PID:1820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
        5⤵
        
        PID:2344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
        5⤵
        
        PID:5160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
        5⤵
        
        PID:5912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
        5⤵
        
        PID:6012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
        5⤵
        
        PID:5324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
        5⤵
        
        PID:2060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
        5⤵
        
        PID:5280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
        5⤵
        
        PID:436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
        5⤵
        
        PID:5748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9044179420098362019,8806473456244543158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
        5⤵
        
        PID:5704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:5848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
        5⤵
        
        PID:5860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:1336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
        5⤵
        
        PID:2476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
        5⤵
        
        PID:3216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
        5⤵
        
        PID:3496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
        5⤵
        
        PID:5696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:5448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
        5⤵
        
        PID:4424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
        5⤵
        
        PID:4148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
        5⤵
        
        PID:3636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
        5⤵
        
        PID:5376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
        5⤵
        
        PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
        5⤵
        
        PID:6124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
        5⤵
        
        PID:5952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
        5⤵
        
        PID:2020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
        5⤵
        
        PID:4368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
        5⤵
        
        PID:2000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
        5⤵
        
        PID:1120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
        5⤵
        
        PID:5340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
        5⤵
        
        PID:1852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
        5⤵
        
        PID:3716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
        5⤵
        
        PID:988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
        5⤵
        
        PID:4624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15336080081312132081,1597042193777393639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
        5⤵
        
        PID:3952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:3320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
        5⤵
        
        PID:180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:4344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
        5⤵
        
        PID:4220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:3252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
        5⤵
        
        PID:6132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:1840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0xf8,0x124,0x100,0x128,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
        5⤵
        
        PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5012,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5652,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4844,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6052,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5136,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,17039517750983695600,18438450661634948429,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:2816
- C:\Users\Admin\Downloads\WannaCry.EXE
  "C:\Users\Admin\Downloads\WannaCry.EXE"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:5760
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5172
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:5164
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 196661740299942.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4752
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:5716
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:1036
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4876
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6048
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5220
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4624
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3000
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1912
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nwycckkvrgbsta247" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3656
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nwycckkvrgbsta247" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:3904
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:216
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5704
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5152
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4596
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3000
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4180
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    PID:3100
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    PID:5604
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    PID:1168
- C:\Users\Admin\Downloads\WannaCry.EXE
  "C:\Users\Admin\Downloads\WannaCry.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:700
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:896
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:5176

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5500

C:\Users\Admin\Downloads\@[email protected]
"C:\Users\Admin\Downloads\@[email protected]"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x424
1⤵
PID:1708

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1900
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:4612
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:5008
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:2400
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:1048
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:5704
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  PID:888
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
28b2b22bcaeeb6475dc97a8dd336fb72

SHA1
21ed1cd2aa93167290d3ff5e259f60e53bdf0626

SHA256
6c0245219a8e67706aed131991222a668a2c2361055f69a9298850eb354be54b

SHA512
61e781f4318e1ba0958e4f0dd5489a7ae20cd7cf32c37e5505b3428ef197d534cd40538752022b9949dfac412845e6458960678ac804373c3785be2360b56d44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
67KB

MD5
73c52c814a005a48e77c6b95037bf608

SHA1
678bb8f0b67d4cfd3eb394f2aeb449269e02941b

SHA256
a1cecf47e5894ee9eb6b90503b2502706cc9f7c2b5e0d60ad11938839c0a090f

SHA512
681f08bf143cf15cc7c3ce6ab8f2e336bbfacc14ffe3a194c7ebdfca0dcc06c4ccc349497a95274f860f0673fd9e00f7d131edb5612c05d35ae38dffb96ec37d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fcd646f8e7b57d19d6c1a58f118f41dc

SHA1
b71b155906134a71950b43e5939bbc991f2087c7

SHA256
39f287b2f97b57431cc3d48262ed726a68ba899e4fc5a4473c5852f7a411088c

SHA512
90642c904c87dc3126320294e50623d519172e639f1a144a25b720749e20adbf74a667aa643327a3da50dea3d27849ab33829044d303fd9dee7cee1a15dfc3ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
e33f2daf3dc046ab812df59d2d46c4bf

SHA1
af566514c70e264a2fa768977b2ebed12d9ff220

SHA256
27065b17b933fc49ac22afb5c0c7381ab801d1700b0bdbe14fa43897f745d722

SHA512
4d5530cdbb144b81642a640f37a80475f1a5a64c2ee9200d74ce899f3ff85fda21ab69f68966eeac156d1c2ab7cbb1f930b0ce935f40b5a813e374a24afd470d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
abd3d5dcf3762bb0fdb85613a5dd5634

SHA1
2f62fe94e8b96d36098250e84e9895909f9451c3

SHA256
e3644cee75f7c01e58d32000594c683ba15ffae806ac2058c1bed3111bddc904

SHA512
03c13d60e4c625b3f238f76545c26ce71d5ce2d6f058ee64a502362c33d8c1e5ce8fea8c6d1489622423c94c513a7ed79f9472ca2e208cf33609cec365a322ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
17dacdac898ffd9bf50ee5c3454253d5

SHA1
44d645d14b84a194710627d2b4b7b9e5351199f9

SHA256
6b2ee74822b55ba5dad131e36eabad4db896565679c08a1f0dc14a3545f05423

SHA512
9f2891a1fd917c661c3fb04443f954a29800323a16a309d6e71140c9df9fb4e39315506fa6a767c47643d71e8f4d0424f29fdf8447832d6874c269c48013254b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
9b2a5c3833e2698798da85262c40fcfb

SHA1
6d647175085bb0fa40cc361555bf3359e6acb48e

SHA256
d859d1ebe8ab4cc91f704145bece377f136c06ade338312c6e7b41cc01ce5640

SHA512
d1ffab11fa1c46704b4aa5dbb35b18e99c43257e768cd001394378ee27e45d3fbb8f69c90b5cbeee16a7f3bde9581861e5f802e1129e995250ee76728b5e7264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
8629bcc78fb9ff8a778765243f9a63b2

SHA1
339683e1780863d15859c2bb9ef8f096073211f2

SHA256
cb379857d6659fcfdebba1135264a8e108366d97b3f32d439429c5f843547404

SHA512
e7ce05ba8dca29bd3a4ada702b266c96697c091656e8c0b4d64f9dea52478302802959025782c4f850129494f7811e7c4a8a8b554818f78ef1b4f0decbf2f30e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fa87062e0486447f80b882fc05ea14df

SHA1
7fd3245246e13143758911aaa625722ad54f9ded

SHA256
891bdefb30dfd1a247c902cdec4306412d14421a9e8ae0f99b29fde4d2b6a0f9

SHA512
276b2f8c86b385a0a703878d6c3cecb166b316d2673585785cf7a583338b4a879a0703bde2d1f8010571725c1eb0486cd697b8a8c5413093f3a306edbc0e86d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5feccb7442ceb22a3ef90a37962a5d9b

SHA1
b70686f83396edd22963e31bb6bc64d74b7b2d98

SHA256
8d96e86a72a97c38b2927ee83186e4404763945f5f4acfcedd86d6f05f551bf3

SHA512
43acdf6aad311cb7526c94f353f574043338c74244f0f8c3a9a8d497a4b4674a3baae2e7d1542ce92fba63957452c78b326a0a7c3f7bd56e7ad3da0930957c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c6e52d0eb8c208869baf1f7e39314ed0

SHA1
50a9371dee6b9327bc2cfe1e1baff36eff10a411

SHA256
0116856c489e250022c49a43bf65b6772271d8f22d3ca64ee55b4dc17401e11e

SHA512
39e2002eadf84960a6ca04a7f9c95ca7a8977be32638f91cd7556636c4556a912623d25586c38b8eeb6bf1a05ece6fce1c08a5559f97bea7ed9b4e45a58f1bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee4974ac520bc7323ffd8af9ce3fff4b

SHA1
4f11a69f901498ca87dc8b142a75910cbb7e46cb

SHA256
47b2aa87eb396c53e4a3fb7425f9d80177552c02f7a167d12b24abf01c7e3c03

SHA512
af6084752d7b0dfade710a8cd5e142887a96a370eb91dc604457621eba4745d9c8826efb94b1aa692abca87e98100ed9359b88891adb92f635acfaf70e27754a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c50928719ee0e90bf3f5d2f057bc2fb0

SHA1
7ea104ffa887dee45bf157b1cd0f41449cb26f33

SHA256
c4d086ec6a0adb527aa8210b9edf42b880eb7b49a0a423440fff8013a0c77abd

SHA512
6e19ab9c8e68d35873ae6d5c4f25c2fc1431b80e0372d6599444df7ae279b47934d7958bd72a9dcd71cae8908c073008ac68995462e277f02bccc18596f56638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f33e689814e0f763ef63dea1d4de149d

SHA1
ce7b0325ed8be8ecdbaefab78aef8ff8d98d1c39

SHA256
3f09788ceb0c4a83b67e59d756d0a20b98510d09053e183f20d98e685ca98d09

SHA512
3ced6c66634075670f3d4299ee1ee184adf1c1610cfedccb48fb298e4807a195734d6e4a5ecd6de368c38e05b1a85273409f84fcb8be47cf85ed96cdfd18caf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
44f9657200c9c15a14c31fc9cb9bb272

SHA1
0362a213dad74cd3f4d5abadaa88fc30a1827825

SHA256
baac3f16959075cbfb0b571f14f2f9ba0376568f47f1090498ec51486b6dda9e

SHA512
9e454cbec52662a79d8c386593ab45c1d24bef13c5d91a18566154398ee6c883f227add74a68e491945a24af41210e4a4305044ba66e7530b42241d181dac237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
57950a5b7eb754319a1032e3b9008631

SHA1
3931e8e51fe9905f3fa9720a9308bb2ddcd1533e

SHA256
a32dd9c5ed6d2a081e6b864fcb877ffb60a98c9ce2764a6faff851e9e5a978fe

SHA512
d3a509cbdc93741ea8511dfc66bf0cb46f343e5ef4791b469081c2e9626ed3e98dda124651847119ce53c33936956aa42924d3148a743a45b2186fcd7d00aadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
12e679cba09ff137e84838eca4db9a37

SHA1
238c6f12ef119fc0cb0bc3a9f82224b5fe45a98a

SHA256
e0ebce91cbb225a68117488f3a0591bb78e7eb32caa83d2475197626f2842147

SHA512
4bf5bbb1096309b7d3ea5e15fea7306544ee3f7557197b689c60cddbdd65a8f23a234c0d52f7e389b2d517d2582c4d078ff2cdb8fdc2fec1909ea24941833a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cb7b95956445f6c6bbbcd8a79a8bc8ec

SHA1
52020e1cd53453b9f973bfe7a604222db1af8299

SHA256
f5702a626b621c28b6aa63d587881f0a4e2e29dd5c63243e0ad81266b59da254

SHA512
bfba5f9883138b02d764e7562f9a7b6554b47cb6819fce3092de490873988f9c0e9b5f7b4bd0ed05c1c774a2aa14a9475fd4c6f397a2997dec207b3d65484322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cb3b972cf046c87f9884f55be0141905

SHA1
42e18382ba1967b95f9fe53fd96990d06c95cc6a

SHA256
ec46f6e95c527febde5296bbaa533269310df585d653bfb39ab9ba35dfbe979d

SHA512
b0db55c01a810e97f9ac1164848793becce5b52f53856df9389bce7e6e6ff9b49c9e3f63d57db4474407b54b17def219d30fb70943603d126e59125fefb7edf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a8da8987-655f-43b2-bbad-8abc95ecbc68.tmp

Filesize
2KB

MD5
21d2db505c9c10921b394d1ea9741f8c

SHA1
d1da2bd9dbd362deefde4d6b65008f31fdc70756

SHA256
eb26cf6d5db3be5501a80134027f7d70aa8672245c6f1ae001f1bbdc472dc722

SHA512
c5fea73b918f06a65b0e40eae7990a1d92b1db66fccd59ced4ff3aa94cdb12db1615e3e1bedc8e221cf31838ed897f59e5bfce50a225cb36b29f39172cd1fa01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c6a079ad483befcceb67382f1c5219a

SHA1
455d342fbe92d879200e5a9d8c5c7035212c6a50

SHA256
16e36b4300a9bf567a574a31927eba75bdeb7fa2b77ab1aa3362be729e2d1c18

SHA512
b1961d5e8b9ef67acb122b4259e0095df8b83262a70220333b8ee01ec1d146ce03cb2c9c09151c1c899fb13e8675ff435fce9b2cf377fe18624175507cb52df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28ee6d74270a76e1977914bc23d64884

SHA1
0a1aac1057f74a7f0c3e11e2070b6cc987567a17

SHA256
a9daef023d60b4889e0cdfe2c85a0d6b02cf701082c8c58d4d4311c7cd0185c2

SHA512
2bd709aa337467e334b78108c6b26e83dbec4bc595fdb33ef507a9def7c03a00ff25c608e915db273885120dec6692ea0857c09130bf61c15bc31cdb8f9f4534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80b74e7eb1d21a7b4d2a7595d5cbaa15

SHA1
39ea1106b02dd3af843111f356a83f532c908083

SHA256
79d7cf6ce951a26d903329d5a77339e0224fa7eb66865859e1575efcbc3524f3

SHA512
640a85ca8db3086bd4147cfffcf67107ed5101507ec088c8eb98903cda7049303af1a4a5bcb52b13bce2590ec604d239f1d8df5c1e83671db969627abb1b57bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7a4a351544d04e98aa79fc085380de5d

SHA1
7e6e3ff7c15b62a588f68a602271326d0c4a83e4

SHA256
e33fd98da2c1c8b150c6f2f8deffd6cee784ca5f67851015e50a95612e50ce09

SHA512
e7de6723e8c8152bae28b85ec49fc4eaa809153184828c2a252d9dcebb26d06663d00a31da1a9dc90f38d2bc1907e9e476975376eeb713998008f03636d34bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0889e4e6ee88529134c442aa6a343e0b

SHA1
25e3384f43613bc23b136250a6d2e938af66aab6

SHA256
5cfcc7ccaeb581e58fbc454a59467cf6d3e7f7f4dcf88eaa0ae93939d5a169ac

SHA512
73fc20b0527158391ed374eb048ddfca718158dcd5c1f976478177adf1c99e2cc6934acb90a6eaae253c886bc5784312a4489348d811c2883922a2e59315cd8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02d68e0e00665b9e634fbd86587cc358

SHA1
28f59271f214d7be032537050a898f12b41b0591

SHA256
b0c73fd5cf148a51587ffcd71df80e369f605a4985168b63549cc97870186620

SHA512
6d735b8e2bb12badbe6390957838ebe12ec20cf3f4450666a58dbceaee0ad19eb674f2dcac64279102711a387410fb2f9173217f2d8f0f14a9d6d94c4f6264af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed94a63366dab4051452a547688b07e4

SHA1
5b067f79c9ad7ac2213d80f4949b00a30d9982fb

SHA256
b9c59d2c8012fa1f9c2fe3a973e11d1ee97c809aea45b344ace8de8d9c6f2b03

SHA512
cfa5aaba111649e2d54fa5fad585e6272f217043aef4d2dc6a7796508436f62d65230a9dedcdd5f4ffa9d01b897b28bd61083af13944b7fa730cfbfd0a7fd69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a98101f4afaa50f9dde27b3c5ce1ed2

SHA1
5bfc3d1fb8666e04c3e0be526a2b9a0f1d9d0cdf

SHA256
80bdb1e6d3617035611158965f68356010ce60681ef485e36c1f3768f4b32c64

SHA512
a52dbd9e815dfbed998b60435028457be5a64d675e4ff30258ded10852c6ee06afb45f89b53800f0c5d43e6be72bfeeb51b7be48769797987cc84dbd9ae2c949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a91866df961c9aabd379ce1486a5c0f8

SHA1
a313ef93a31b83372422a8c7b87b48d339fe8f75

SHA256
3525746a62ef7f97e7a07e216c44f79216826f15f9ce61afd2c914bb6471eadd

SHA512
e3145d7cd113bea957e544983b5f2b94723ddbdf55cf1547c01785c5324cc6632632831650c0c97e613ca7c5e1c8f0456ff30b653306cfbc0ceec08a1b70afad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
092b206d2334955173125cdaa67e1bb1

SHA1
316aab088b2e36fab91f64a9f034a744b4c03aab

SHA256
68a71bb6614003e2090edf9070ca41750bade94b3e8e852582e77177661b17d8

SHA512
f341bea2ff77ab3d43deee8106d21ffb99aa9b7d9cefde97ef1b50c620ab8e164c6328306e1e220d4ae446e701d1a5af9b10bf527589f79c580946c78de1d114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6271dd96df24fbfdba5b0d79ff160d9

SHA1
4bc800829fd033d52216b3781d16f08f46402298

SHA256
27411ac57264f2b829eae89e572dc1bfe49a27c9db49d63e93cd2f9539e5a4d5

SHA512
cfb828f05d23f340799fa1c967a2d9678a712bf9b3e658069bf043182ffac519612d2c65c415261100f1295bbfdf5df8de5aacc1cb415e1f52fad11c79753da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c41a8967a65df4ed37411ce61fb1228

SHA1
ac71eb789bd836efbc61e5638a788a83329be14c

SHA256
c39bc419fad00dcd53f94f24afbf2fee6f9514b740d6f217083e18a926ceac9e

SHA512
210fbf4238d278c714ded43b27e4f66d39bc5ff579d21ea22b02f63f8a2194c6820c010e5338e494537ee182626cab4241779cbb95bdb708abbedbc95bb651bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e7ab5dbda033e6f8823971735bbe67a

SHA1
9808b71705ac8c8da72a434775bc826da48353fa

SHA256
1c4a4f06ca5c019f8ffc1a1f5b68fa7b9e26c9b04b6ae9b7ac233a0247f0c04e

SHA512
b84c84035e3cea69c0addd8219e0519f29731f5c1d9f12217a7b62eecbb6fc54afa3f8cf3e19c4bea8660acf7c810b722f8a6338d29cd2847ba1b990896d5406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
14a4605ca0b42ba8a410bfdb92619d1d

SHA1
f3615384dc2025b01717b57ea9272a4679becdab

SHA256
27aef781b53f04b5ec37db2cd6b322e9c1b302e0c6b8253af1fdcf6ae55bd891

SHA512
8dd53d818f3a11c9b7ab03a17fcbec2270b76e179f211e97042bed1f6beff8f327c95f829f0d55938633e1eddc91a328101f28e61656b9f2448c0afebed5b08c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
fcc4be77755c4212a954b4c47d6ce157

SHA1
99938088df9c09dd5a5912b141879e9f0401c578

SHA256
0d04b5f48bdf616aea71bb9df0b4123c8746e8fb912efa5729e034fcd2e264cf

SHA512
30ad173e931101be167339c08646d2fe61b3626412a4a3964d075fd638bbf3f7116704fe8c01029d5f7c9ef370c4ba48c2528dcfcd20cd887ead92425fb10288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
f729d8d5109e58a2f76188a573c8e7e9

SHA1
11abd8affd0da1a4422ddf06b1ec8ea85a21ee28

SHA256
f158b2a2fd75afb74983b3363e69b0ed292d5250c38e860d76e4b95825b44f65

SHA512
4ca1bc46329bf611845b0b376acc37ac597a42b7e41fb3092a9e8fa07c26831d39666877ca670dafd7dc506e56be5beaec9471992c72e45f3658f1eb9987fea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
eaac3f01eec71905c60f4a3ae6784db4

SHA1
6f97de7a3b85a0c4c697cd57cc6b5950eac8752b

SHA256
e7241e3fe1b6ffae86e2590d997582a0c87faa37fa3b2acb4254d47c80391792

SHA512
91e35baa828c51ce5ae175988acfc66ec4f83957bbb560677b105d8fb976aedbe54c50b688183244d81e0b95f9b9a182366cf2e488476a7e7ec1e9897e050820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
bc91780001f84d9eb54d8e31e2f299b1

SHA1
5cdc1c633a202badadca186291e1fbc4a30aa1d8

SHA256
b5dc0696a3aa189adbce0ce3f1ad524d5ea6d3a9202b3cd40458eea748ad670b

SHA512
c07135b66a25002010a4db5ba0111c624fa7c5f383c3422b2c5b596763e2bf51c824e09fa1e5910e3423f59e6a1ab6390edbd4091c2fdeecf7cfe374453c1d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
97036547fb8e56b5ccfab93fcab3e2d8

SHA1
a421484ba9ce3a91bb58fbb3644c8dd739c9caf5

SHA256
df41fed7974412c75fe56b5ab0086401b6af05c0ce4754ef5321bde6f69ffe0c

SHA512
590567a94e466761e57a506e08289ba7f25ffe97f21db7387b0be6fe1d6b8de58086152430d9aaac5778e4bb3abb0911fdc5b3936f80bf144ae7a9fb6e71f82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
8df53af745fff03f16464b10b96e1653

SHA1
dfb5aade364047897e3d96988a2b9a6d02b87bd4

SHA256
2ab6cb903975c7dce112ed71855d5f2c60caaf911b4d7adfe64257c28ef5d193

SHA512
ef9cc7072f5d487fdba75c325c1722e385d9231d69e368b93ffa7929f9f0d2aec5c8ac6690c00b15d2241f807dfe9bd1774d67100e68479b85201962b3fefa90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
f9a6277ab27f07b52705371354403e9e

SHA1
797ad61fddb3c9a1c4b336c78a0ec059acb18aca

SHA256
202099fa5bb4396889744c2060d937d2fcf39b9b3ec6193ffaf934e9160f6768

SHA512
679853c2f21a9d0a58df615391226b2d0d95aeea1099de3025ebf183651383c2168b63a86a9d6104d9620454b9f35b3d9911bcb987edf6c6b5624252f9529644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e27df0383d108b2d6cd975d1b42b1afe

SHA1
c216daa71094da3ffa15c787c41b0bc7b32ed40b

SHA256
812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855

SHA512
471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
395082c6d7ec10a326236e60b79602f2

SHA1
203db9756fc9f65a0181ac49bca7f0e7e4edfb5b

SHA256
b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25

SHA512
7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
074e77caad8501493fec7ed422082896

SHA1
24a6435c75643dbfd07571e138d80412f064d21c

SHA256
596a12d60c6efd72c9c4f7c3c420c94a6e3c6674a1d066b8bfc653c9ce2b9136

SHA512
5be5169500850cffdbba5b4a2421940591a56f61a58d227a7888ad6eb7a4c453391def929e7fd9e986beece4363c9a1ace7fc55cd44ab90f534bcb0e25bd0900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b69db8e7a50fa87eff0b7140eac29db

SHA1
5dfbe5cea801a847162707b3a350e3811892e45d

SHA256
3d8fbab7fca1dc09e8ca447fc33ef0ec5ff8cb599370c8399bf699b98874640d

SHA512
537002517b867534dba48817f963a9e18c612098b113055ca50cd8063d9ffa1c198b58e6a21f2dcffafbb0f6f83eb49a12170506855bf9666fd2c4815b46657c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
6283217ea088f352876ae67beb27d0c2

SHA1
76250e052a43ec7c5a4d31b4960b85f857a26cd2

SHA256
b6431faf0e8b009017b9621dd6b136ff82f4f3cc69d79cf8824b0f9c1ecd05ba

SHA512
7d6af54106b79284fa72760e9f0800ab2f3956c946ab353f1fe84c3201844490b35b2a1fc0b82a9ac0c6ff7dee907e8c9c9cb8f88f121ceeb1b9979c6fa7980c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f6eccb37b0e42da89fbee6b3e545f5b3

SHA1
eb3838355345c77da505f372234830138d5ae05f

SHA256
53a8c5c8b90aee133013cce198c74b2e1e8829418eb24f644fdec0dae665b063

SHA512
19c78da4fdbcd37c3428711447ef9fb79da03a7a4fc2da708f48801ac7a579d6115761f44a55fc23ff3f2a6c24336072df8987a93bee8c819bfd44d0bf7c0758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6e001726bc877869654e10b687e240f9

SHA1
1a9604230ca5eaf68dd9b18809b7efd01b3f5fc4

SHA256
5f7c6ea6d934b2bc1b1e72583e91f4bc7b6620dc4537fe47a156090c990173ea

SHA512
67cc912ccc2240b6c16a323d465bae0474263f077fd49b58821547692d8aeb628f278aedf0a7132bcbd9b6d3f6ae856c34de3d237d08eedd61181738b19795de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
aa5756bf9ff1830a81bd4d87415266e9

SHA1
908ecaa6c8d4ec83853ae7e9b87aefc46b7d9db3

SHA256
9def1609baf171f49f371203b4a26f6f91c1da5d31168fcb3748a8f6a453edcd

SHA512
ecacb44de4fb93fdef401494412bd7fc95215de86d4251d48c93994d04742e309d0bad986ccd83c31b5cd9300e699d3684b36b7510f1fed5ed569c67c57f4fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e90b2a4e8eb3facd1565d3ffd7bec2a1

SHA1
24510129ef150df6d3e43fc3bf84b2ca39f6188b

SHA256
c557d015c20116e1129e14d4c6a9d5b6bc803589e8e256cbdf50a7f45a1f6417

SHA512
dde718c75f7a32a1059963314c635de5aca7e558247069721cd8d2bc3f5f6790604e72ce177cf87e6e8ccdb838e980dfdcca2d327363666405300578cc541807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9f1e9255959fab5feb42912343388d7d

SHA1
a3e4d0674e741dcb79741224222b86c6ac5d9185

SHA256
900cccd861dca873a245970c041dd350b0308dc3ab7319fc1c37e7882e700d7f

SHA512
12a8cc7e9460b5e1a12c061882dea6e4c61b2e8c04fde5a1925007d27517f538b2efcd1e15a4277ea7442da3d7a6460aff71fbf3316bbc18af1e4daae88906cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b9183709d79e9d883984498cef1e0ab4

SHA1
bb1706612630bece4fdf211af93acbc0d1fb8d04

SHA256
af363b573a40589e7de6f5a89cac8f26c0c0d21b5fcf2405bc95f26eb700b465

SHA512
81a0752400781d6d4486b4a0c7e1d75d99c03e136382c64951c642a18c7f0fdeae693dd7ae53777b65b6db054c55ef695f8759435d57f17eeec1ceb4cdfbedcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f2b0043912175dcfded279452ccf330e

SHA1
e98d043237048cb60db1a825e0b0702d603d7ec5

SHA256
8861b4ea9ea05372236bb982ada16f932772b55d6c6faffc1aa4c9b66391c202

SHA512
a051971fbdd85813ba61b5db5ed295fa112386c980b4670140da43585f880abe28cafb96faa83b8a091b66a5ec611010df31488550d4383f0dba71ed3dd4679b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
964B

MD5
7a43cc093e43c1bec0531bab77c5bf32

SHA1
c2d6745c36557f43555df1f4030a5c8e13ccfe1f

SHA256
334f34c0c9f77134004494c4b7f9faed1f1725e4590855037b9e179a11dd0130

SHA512
2b24edd5c40efeb6f2789d9e8834f9e6de4e10c5e3dfc90f64889ea17072efc6a070a04978dea7452c64cb8ce571ab3329904533dc4cc4641a7d7ea3d96e4773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
053494fb5e0e2814ef89281592ab6015

SHA1
4cce2902f740ebb388936c6af5eb9039e238fbb4

SHA256
10e47273a613f465196c67081a6f971227147b6d9b92bde60fc0bab8194a6746

SHA512
a75a216b59df8affae81c66f56a6e665f9229889bcd4c59a079bf169521b2daef6ea663c57315cdd312c8ed9361fa914bfe91c5055997a2e38b9a72713872c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e28efa40679e3ce476a4672b630a7c78

SHA1
2f3a4f8fd0f692929a2bbfb172e28bdeea789cc1

SHA256
c914191df733a00e0bc1494719a36e91d0b4e7256a2cebd44bfae529039eeed8

SHA512
ecd15603f1340184fc2f41681c21375ed9741690e8deefcbd97795088f089a0118bf27134f28045aed237aed943eb39c7e043f905ef19c87f248d075011db40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72b2dbe9ec650c9c84cd5be66572cbaf

SHA1
247ce0fadbe6e40127d179c0908074ccd18b767b

SHA256
d6a3c7bfde295a01529fd826f9aaa4ae62e894e8a3ca7f1ec280f5a78fcbc505

SHA512
e869835356458a32ee0ba9d3af0f424adf9872970b35b51d480e86a8629d5a5f893d8260fa83d0245cc9d4a1698ee92b295c674ac4c0b5a4d92c5baafc900520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35d2dd038fbbada4dfa861ffb328f9fa

SHA1
0482487c182448e074208a9d343f56f35e3e1a50

SHA256
db2cee90a362159cd5796313771332496e46d3a3a051757575465ff2a3c5927a

SHA512
aa7fc23219ace98b475a26a0d54c9d5d71d3a87412a01f8649f6ab2be650948f8763891b7550e1d3abf7e1f3c33ab96556b6b297008f15222dcb3f07dcaa73cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e40b316e1f713f9b0265efeefe042661

SHA1
137cea5a94ed256ed6296f2767b1815bd7571ea0

SHA256
697a22577998ff9d627143d7c1f242b7a3f1b0a0d92bb8eb055518e636b001e0

SHA512
de25c75a95a2ba34d15a6522a5d752028593186972949769b856fd06aa4dd918b152fa18ba6bcd1fc9a7b411b61509da4711c02df4de5c4cf6898649c4146225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16935fe7d20b4e2120272a9d5cfd3b88

SHA1
fb7b8f78afca30ab069b02237791976949f75213

SHA256
17f81ba4d2392799412fbf7fbc78cf222b520e20509969712965ebb09d81f16c

SHA512
1d65fcaca866e7d6b6de98c95263bbe34a0e3d3fda8b5b74cf55a86d600be09ee25c53e45474afd5a62b6a5677d9ef8180836c7bbd8216681c940172391b77df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdbf0369e77715208b10a45516bf72b9

SHA1
e8ae736262f73694240c1092cdcd7faf50e9e04e

SHA256
3e2942581bbc55a148437ff5867a2b1bdd68401401310c7fa6998ef330994bac

SHA512
d91af8347fda9857a3ae7f0d400c9727802f9913ed456555c1cda28b7fd61de265b652521b1219fee8735be6f0bda931c2f4a0d439d5d95520645e45097a85b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c382f214bc2d420ef50cb5fb0ccb990

SHA1
80a08111a6027bb3697c3a6cc6a8a7271e85191c

SHA256
ef86c865aefe0fce8ac0493ad948a72280f741bc714ba68af50be0d47e0ca8f3

SHA512
0f01ddcafa8162dce79385c7dbb5d5fb99674f58bdcd467834ac57a1c73f05d4682f7f319480dbff645fe2c54ec97211eb508325cd9a7a681e5a288eed84c1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
816692818cfc6139f00b20bbd98bb2e6

SHA1
28d61e0f7484d27b79c81e0786b507395e369f37

SHA256
0107eb92f6dfb145b297cb4958f4abfc801727f17fab494df3a88176312e95ec

SHA512
1239102c7e948334904114b46f46c367118a6f6f1151a9ee701bb75136ae13e4008d32225f54df403e01504a7584375253f27dd616d2d31590ada968c019bb64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94cd47f9023808b6a35060b5528b936a

SHA1
9a28223e586fb0ac6d5a936dbfe0d1cb64dc9590

SHA256
c5833a982cc67945b8538b762465da55ea6774ccec60fa4d496fe5600b6de59c

SHA512
06dab25ed4953f1160215affff96c1b871edd67f78581d49e965fa6ffb73c82fd9bbbff7385e0abbfebfddafaf449dce696b3c5f0d23f6e16ef44a5be9e955ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\da7a6b2a-0630-4b49-8faf-383440cd8d19.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
96b14ef3c7c92442b60ae346be88c19a

SHA1
b2d3c10eaa92b4872cc3ad623216e82a499fea54

SHA256
c0f47b485e9af40c05ade210c093c85fc300269925878d4bc05d1d229038a9a4

SHA512
a04b415b1f1221b3dd48ae9982fa5fa76201f40439e708306e4a91da81130670df458e413fede85b81a1cde9b0c23eb6adef60239a91f1b7baed8be53fb5c1ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b48c8553a2ea253a88287e5c0d39e4fe

SHA1
5fbe1cccc2a612e66f783d3186e1857b6b56d292

SHA256
106b3b1f9b6dcea934ac945d7c0e60550170ed54980b6f74e80d7c2729022e33

SHA512
0e9ed105217313cb8bc2c816b540d677b159b1b8063de4fb06bf7e1ccbd68e079be97d1a0bd7f41a6ef9b61369b70550791cca04e7666b353432388d303753ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce51b69ee68f811aad8d1a32246a1dc0

SHA1
9576f356ca7c502d11ffb731b3dc308d8834b3e3

SHA256
c32340c05a1812f9d07870c3be1590e73b82dd497c296717d70589e615a0015a

SHA512
d4bf03b452c4eb55ae926094a9a668e33f954ca339e5b8ebfbe723a79e2b51afdd6d88a275536edc3bd904953d4a8ed81fd91aa1dcbd17311e9a80c3bc26ba96

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\WannaCry.EXE

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\c.wnry

Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\Downloads\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Downloads\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Downloads\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Downloads\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Downloads\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/5760-1497-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads