wannacry | hxxps://github[.]com/cryptwareapps/Malware-Database

Analysis

max time kernel
279s
max time network
323s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
19-03-2023 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/cryptwareapps/Malware-Database

Score

10^/10

wannacry ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

3808 taskkill.exe
3772 taskkill.exe
3216 taskkill.exe
3976 taskkill.exe

pid	process
3808	taskkill.exe
3772	taskkill.exe
3216	taskkill.exe
3976	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133237378768380991"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1464 chrome.exe
1464 chrome.exe
676 chrome.exe
676 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1464 chrome.exe
1464 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1464 wrote to memory of 1532	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 1532	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 2248	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4048	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4048	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4632	1464	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/cryptwareapps/Malware-Database
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff02409758,0x7fff02409768,0x7fff02409778
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:2
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:1
2⤵
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4920 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4740 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4944 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1876,i,2209551755044727958,1607990565005579511,131072 /prefetch:8
2⤵
PID:224

C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
2⤵
PID:4348

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 225651679264566.bat
3⤵
PID:3604

C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
4⤵
PID:4684

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
3⤵
PID:4764

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
3⤵
- Kills process with taskkill
PID:3976

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
3⤵
- Kills process with taskkill
PID:3808

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
3⤵
- Kills process with taskkill
PID:3772

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
3⤵
- Kills process with taskkill
PID:3216

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
3⤵
PID:1060

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
3⤵
PID:232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3860

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
1⤵
PID:2216

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk
Filesize
590B

MD5
6db2e234e82befa3eded2dc398ba4490

SHA1
8369a818e097927958e6bf323809e9acd7ecc8f3

SHA256
769c723f570ffe398cb87390fa64becf3ae49dc96c874c4096227c57138cb00c

SHA512
9276594505fc2a8235c3368b806867a2babc98e93bfed70c13586c1de65c408ba4daecea72e8c60c7bcf977bea6fd670b8089bcbd0ddf3ca631c396580806b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
36KB

MD5
7a758325068017d61723b2a149c6df25

SHA1
b350c786b4d16cd1d843347c862f2692d1265e74

SHA256
8e16e26802ab344f7123dfbbfa226d5f1673c7ae2284d3bd94debe8bae980968

SHA512
f219d7ee8d069afa98eaf1cbd4a3f2a3ed8cf044d3456cb43821b9b29498cf55b2ad17c59ab1885143f1ace9d241a52a3d39b5c0364b80641243230b8b0c3f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
44KB

MD5
f796cb620218f638af1d33f911786222

SHA1
6dd33f8853e1297676ecce8c9c9847391ef3cd21

SHA256
4ed43ff92ab3d512dfc1405b700e2d1605a5484a5398d51e1c4fb0f3f0418bd9

SHA512
3ecc587d0f9889b2724dd35b5b73e5aa87d5d9d4fa328e804ed506717e159fdc63e0f4df92cee246b4502b764971c2dca7a0b227c01788e1d757bb356abbb411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
984B

MD5
e84eac6a9b6f61cbd73bd3fc32676ea0

SHA1
8f4de78558c03016408f63fbe4ed6f90928cb049

SHA256
11d023849190a6d81a3a6c1e99a00a80e07e7f8237a13efb7b66975e1ebc5b58

SHA512
d796c1b7161317be99ba4f2b7a590f811ad53f59df1cf43242451021085e7645e539cdb5323a092fb434eb632d3ff8ca792b85770a58f99287ef08d64bff7510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
353f15b8c38a8cc3281cef86c30c08d9

SHA1
f1428f373a06f9dbe112ad85f44fa0159df4d5e8

SHA256
e653c14aa48c34acebb1666526b23d76838de660cf840392cbed89be3d601522

SHA512
add2e66e2b33fcb6932dd75d6eb16abb8ed528ee546c612cb036e4917d1d9ecf24235f2794bbde40d7305f01d8deb35159a5dd4d91d222410e79078a15fa02b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
93d1d59b44fb23d749e7f65c20d3c4b2

SHA1
2ae2098d8a319db20eec4e63e2c8fbb2b788c6a9

SHA256
38bfe3ff00a91df58ec8c9bb7a66d0533926e53309c5a88bfd36751f4c0ae8af

SHA512
df8d8fb1c5b007e0c15e9cf69efd1b30ee083c3d6ab0f2a7bde30446ea67f2a3d5d66e33ae9508224d6f117943cb9c569710d87b350eacf974015e4c7d7d2268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
259160f1a6f6290dbacabe1985125fd0

SHA1
8f86bae62289ff5935760a37d09115fc482fae6b

SHA256
0b9999d54ed460fc0bcabbb06ab40ce7d493d9a2ec8c4c5a6cc889a443eea6d7

SHA512
41c9ffad5616eabdda159def23f81bd74cc42ff60617e23e1c0c45b19f5c262dcadaac1bac5d564e511b18cdbacf5172eee8a5a0218fe9d21c60ded9f4fb74dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
b0cc7f2422a0339bc72ce49e6a29b0a4

SHA1
e01d31c25f4b6b812330b851bd2b503771c97331

SHA256
be8e6a5a6202cce3b69d99a4a7572c3b475fc78f35cdca44bf33730b7169fdf3

SHA512
d9cf58879c67e4d8e8c86f8147f678b8c305eee1147efaefea5f1a3009d2c5b2cf60df1ae87adebbff7eb863b960c258a03bc21652f23cc65735b710f2b49b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
45cb89546670a339ba3577b340334e0e

SHA1
fcbf28fd7ff60f3be0beea889c7fb827c77a205c

SHA256
294f6fe0112328e84c57fdcdef9a7e8ce36d8ee2a890de35a66c2667292bc038

SHA512
16f65321edb49957a63800fb81b0484c0022a20b209e7904812819144339ad1245ba8c0ad8cb1a1e0304b9fb1ddd53feb86783efa76d8ac4f3de8ed4c71acf74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
818b034f168904017c3725e37b40c8bb

SHA1
37dd8ff2a38eea6edfafcbbb1e6bbef814e0a437

SHA256
0c48161a533129b7095fbea820ed32d3e5c6bd0e0005fed7d8ce1d05e09b3341

SHA512
8d4b835647c4bc4e1f4d413bfc35d8a3221fbddae3064537ce1b19eb45f1cbf47c0c868e62c701efb6a5c4e2989a2a012b366b1e0e0c1d7d968a6a687a3a65f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b4f12754670000e71b43be0ad3a4c0d0

SHA1
25623ff2508baf0df36e097d40252b36b7f8e74a

SHA256
0f9972078b8f2c8c74aa8ec350dc37e88ae057548adb692c1af35da17930c68d

SHA512
1a5f8c4773206424ee4f1bff015a51555aba0d16394f44e6291242036bfb123249615b75849670466ff47e9c0f05d5d456e85a9842921318b95aa83c02405a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c7836aeba38a6a8224d240d8cb062acf

SHA1
3916ba94385d9924d8965f705364c144951e7160

SHA256
fd57c14ab0a5aec6936b694735422043e6619c75024fd4d7326ff116c9093a60

SHA512
67cf23eab31c2b13a8265bcfe2483ee61fde1b55d5ca821d0cd01d3a26c99203dc014a6044ecf7bb5d2a61b1bd6d3bcd5fe5ce104d08b698eaaad3e52391f611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4087a6b5f9e0aefb14c8b6ef34ed8d12

SHA1
d544335c109046195b6296117037b6f11510cd95

SHA256
338b020f1200fb0bda22dcbc611b581f0f2d9f32ffb49cf7ebc2a5e64ef234db

SHA512
5d401ef886b9c7e483f1c9eaf03099f446a0fa378ce60551068a2333f18225b5589bb371fd3bd2452558ebd66b2ca4ae9baedb9bbe82b832a531e0055132b6d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8e8a46f6a7ca3d8f190b97f39ea4be9c

SHA1
e32b660a39fe0aea87742b98b7cc01eb1e907ad3

SHA256
85eb0cff4fe356d9ceda5e82af151181007b0485d738e4f652a1978327ffd384

SHA512
9a38f30f8d49806e891bb1bfa76920ba1ba75fff5ad572b0d2781862a62301edca32ece557a182160f4afa575edce23d7ebc06a5d453ad5f40a9f06ce4c682e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
41501a2e1f65d28224506324bd4d85fe

SHA1
63986352ce335006dfe6ac5fb12a426eaf14e75f

SHA256
9a306235fd921b3fbbb08af975f16f4591575667e918625faf11f63affbf5a02

SHA512
1feaf8fe3f631f29a548901011946c4e2c350902334799f2df94a3d28b93d1552956c21ec7f6f230db835960c68879e14ac64000aecb83e8eea85c2bcd926d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e79dffb472178270a0ee5b35d26d3d56

SHA1
99bbd3a3d80f8e3d0181dc0248004b581a7b7b66

SHA256
fe5204e593eaa7056320c176ce693c4cf90ada86a873aa36c19bdbff12585539

SHA512
9e5cb99e238420e1cc6d39e58188511ac38c27a02f3b83bd8d0ef78ecfbebdd8bb1ec170c215c2c8167689bfe34686225c271b70acf62949d6d5f9aab6ceed9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
55cbcd56fe597c660e77a44e3c6f0472

SHA1
027b0c436068ff68ec9d8f37549d63732aee1231

SHA256
5abd2f50828a8fdc7a8d8ff4d1de9c5792ea9a2bce22c06cdb42da8c278c919e

SHA512
6e683cb5ad9aaf702c387ec6ded5970da69b4dd6ecfe582d7b58906b4d03f196779730246d5d5006d43d1080b029fc9b2a19a1b5cd8f3ebfe0e9282fea1e070e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2408d4dfa68ec8de6ac4a11a3c7037fa

SHA1
9d9697417b1b020d1a17e479ef37ada962394f29

SHA256
063157b4cbbca86842f7ab7e6c3c4a3a28de790b1c2f3592eabc2c592b0ecd4a

SHA512
7b03ef3a3c616d78a07e92123168f0fc31cb5401d0a4999f465467fc78d9e3992f7d7c0137b2c146aaf61313452d3debea975396a6e38157bb5691f963e33025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
df3502c095c354530896b87ee44cf28a

SHA1
30efa06aafe284f6a770031cdcbb876ad2d55987

SHA256
3444aac572871990b99ac9d1800d68a1d031682995b9d7ade179230d1d56049a

SHA512
9e2405b8b10eb0bec84528692479c52fc2007359ad09b625559061a61d67e581d5132d9867db0ee1d0be4928548198329228ace382a67744aab96ee1fac50d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
5eb124a6af2162a08c3315101e7a9b97

SHA1
3d0c73e320dd0d9ad90c255c0fb2c50e5349631b

SHA256
b8946837e6447480364d8728b5a4f75912c277766c07e1c0897f345441d1e85e

SHA512
d93b7458ca203184d94e22bde3bccc265eed239f615ce43f677ba041a4b86d1dccdef4df45dd5243a96adaf3d6d6c7b2521c7aa8430d15b8a43c10654e44c530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
b3ff6ea936ba586c794e2d513cd2ffe7

SHA1
102276e2f11af845d1f961c85c154ad646bd7471

SHA256
392b2a05181acca7e909e7409614aac6874f550b0069565ccfca4790d5f56e38

SHA512
03bc983eb60f1ea837d03d002f5960050375fa19807f8575910ec91be27b89577e605362d5d2d14ce486a5291f3be652a4ee7dc0ed6212d0c35eb1e53a1423ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
8c62e7f9f815f103c8248b734b99a9d0

SHA1
5a230591a44610ac432acbae7d26bcd5a4dec360

SHA256
1fa8af47b5f5bacea618d39856e52a0e5001acba7adda36bc1e8ba244a023c3a

SHA512
9d46d01571c728fcdfed2ace868d51e8b39379ed3b0f2d50dfcba613d14616139b57407f0a57e91bca0e7ecedb427fd55ac674c6def9aea4d4fe0b2273a49f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a14c9c2c4a0f9b34657db69c31175a31

SHA1
7eed1409672cf78ee28c4518b7cc92b034075a86

SHA256
f1282c2db3924fefc1ab3137d418a9528dca3089f7c8037f79fa36891ee9c835

SHA512
378fa91c0dc76fa53ce95650addf160b1c8068361b360557f228fa27f26c956661f04f5d145dfaafa6055909a59161d5f0d49a00bb2edae67ee6b24e57cdf9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4c1d58322c83b0492f0c718c35915cb4

SHA1
98218bd3834c005389cfcf5130dfaa8ca28369d5

SHA256
5db1982791ed9ca0eab8b67f10616b245a0eb32c52e1887081e9b3ce385d67a5

SHA512
99022c2bc37adb0c0331e45f0a6c99976313d2b9567d1f6473f0757760363fdc51503ec56edc1dc789e2078854327c1eac73ebba8bf3ff5fb0fb3b3a0bc18bb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
890549efb71dc52dae899d6b35e60f79

SHA1
b2b55b894286df15201310364af697b79a957436

SHA256
da07daec7c9e9831872e320ae5f4dfe5df8e672acdcfd266b81f6c4911c8bb4f

SHA512
ebbd3147148ccbc195037f9cef361b05ef8282909abdc342292fd0659e54571bef5589302b63acb3fa12ef8fd4835a36afa599c46a96a66ed144e968f80e418b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
562376728f69fa0852c91c5335bc7f92

SHA1
3f459ca5d8e1b25baa8f412f3b68ee07f3c320b2

SHA256
aaf99040f677a5f81eb6925f04826338a3a420577ceb58631f6ee49d32230aed

SHA512
d8da4ff9a8174be8abfb2f0b7cd59fb9ac239adb780459384982638556a36dd63b321783be569d9b6d3f695ca44ff9e0280190388b9916f432b56212711e1fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
9cc6a69e9480a5d5195d9e7351935584

SHA1
b547bb2519f5b0d921ff2c8bf3d995a0cf5e0c7c

SHA256
bf9bf6f75ccad97407aaab1c3297a50e7360088c48650190383fd2ea03773ce6

SHA512
c9dc2643461d93e347642a133b9cd9c320a109f157f8ae4fb4025a89ff50802805dbeae793d0e8bb12f5ca268529dc1d6983b05572ae49fc819bacc30c8a2214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
4775b27347fa4eaa738d9653ed9fb109

SHA1
d7ba4578273691ba02aff92bfa173d9654e47b5d

SHA256
7005c26d69316a422710c9bcf2ccaffa6b63a5bfa79cb078c8ffabb72518c0d7

SHA512
838191c7ef507a50ab6e2ab1a2608c6c83b8169f77f762b2c26c3e1da139f353640467db042bae0d86e80ea465f9dbca4bad1011c95db1c3855e3313d38b00c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
adc2d948394abc8b8bc3e475cc8f0a1b

SHA1
2002f9bf6943bd40cefdbff45125cde4b798be3f

SHA256
a2a63814bd9d1413e2026127e85630636018c026402f6d47256c9e3def8be6a7

SHA512
edc00275a3327bbda2afd36c932eda05152574d573a64de4a8c49f0af30fed20fd2ed2559f9672fec9e06cf16efcac775b56644312c3d98bd0e84b0499a3057e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
b56b346ed51347f0c51d423233f0f1f8

SHA1
11328cfac952aadbf195dedb47e557bf3518ad1f

SHA256
f32db5911e9c2c24712efc0b683986b567050dcc7ec11a8b812d08cb9d2aa855

SHA512
203e9fb3bdf08786e363f6c722a8cf485acd064731148546a2610ff06a303e6e2c9a3ea7b9dc38cf9f96ed9d8b665ab684e8f04767503f605ed337216c744994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59a31c.TMP
Filesize
96KB

MD5
2129ece76fa7e66f915474fb73175ed4

SHA1
86417e050fce6ee75020bc4f5d428ee9d8156976

SHA256
5d800ef092b6f835a114329d9ed49e5241d9541bf7954a8f0981bbe844030c35

SHA512
59ccb7aad52447fc2be27cc6346b3a7f5b14401233574f433571ed4a209f9ac37b6510350edda7855901443482d695c73642fa900ce85b876c58c0ed56f696d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt
Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnk
Filesize
590B

MD5
6db2e234e82befa3eded2dc398ba4490

SHA1
8369a818e097927958e6bf323809e9acd7ecc8f3

SHA256
769c723f570ffe398cb87390fa64becf3ae49dc96c874c4096227c57138cb00c

SHA512
9276594505fc2a8235c3368b806867a2babc98e93bfed70c13586c1de65c408ba4daecea72e8c60c7bcf977bea6fd670b8089bcbd0ddf3ca631c396580806b6e

Download Submit
C:\Users\Admin\Downloads\00000000.res
Filesize
136B

MD5
1a7abd6f068cd641e32a384899c5b962

SHA1
dd5a67c44b20a66270ad7f758dd60e2a6b669976

SHA256
79b99c41eb5c9b576564c769bb0c2702ba0db6a5a7777881162f9364a0e02832

SHA512
3466200c0c3e8ee68c22bdf1091f7646f6800840c89c96a363fc85578f2e5d99eb467d04336661a1f36fcba4ad52c0fab619b560ee9725a74737de1190af754a

Download Submit
C:\Users\Admin\Downloads\00000000.res
Filesize
136B

MD5
0fc0f37ce31f09bfad99aa5b2a530e84

SHA1
2aa618f1309592f8d485f69f8c81f28e4159e522

SHA256
f904e18233be9192383a3657f05578b49c0476adaf100f7c5b95002f11610b9c

SHA512
5d2806a9b45f60e552dcc2f62d4930dbf7cbe4ac9616069a823b9283550b2acf7a8c7a2606c96afa1e9b600481f5fee114dc09369e382034227af80419297e9c

Download Submit
C:\Users\Admin\Downloads\225651679264566.bat
Filesize
318B

MD5
a261428b490a45438c0d55781a9c6e75

SHA1
e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e

SHA256
4288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44

SHA512
304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40

Download Submit
C:\Users\Admin\Downloads\WannaCry.exe
Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\WannaCry.exe
Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\c.vbs
Filesize
201B

MD5
02b937ceef5da308c5689fcdb3fb12e9

SHA1
fa5490ea513c1b0ee01038c18cb641a51f459507

SHA256
5d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1

SHA512
843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653

Download Submit
C:\Users\Admin\Downloads\c.wry
Filesize
628B

MD5
02b9ed722af13aa71742d18a9cc656b9

SHA1
ed35d151321256c2e9d680fb4108ed66d52de4ed

SHA256
85c37efb5b3b6caaa0bfe7fc1a0b7fc243b63067a983dc96391a5e09ea516e04

SHA512
74439b1401f5a24fe4dfd31499cd3f973edd2b563c63855444a6bded3bfe0dbde6179735c31eacbb8ecacfb4856cda1887f31fad738ec3fc4ecd56615474cdd9

Download Submit
C:\Users\Admin\Downloads\c.wry
Filesize
628B

MD5
02b9ed722af13aa71742d18a9cc656b9

SHA1
ed35d151321256c2e9d680fb4108ed66d52de4ed

SHA256
85c37efb5b3b6caaa0bfe7fc1a0b7fc243b63067a983dc96391a5e09ea516e04

SHA512
74439b1401f5a24fe4dfd31499cd3f973edd2b563c63855444a6bded3bfe0dbde6179735c31eacbb8ecacfb4856cda1887f31fad738ec3fc4ecd56615474cdd9

Download Submit
C:\Users\Admin\Downloads\u.wry
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
\??\pipe\crashpad_1464_YFFWZWLLGBQWPOUA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4348-579-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download