wannacry | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry[.]exe

Analysis

max time kernel
102s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2023 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry.exe

Score

10^/10

wannacry persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490
Downloads MZ/PE file

Modifies extensions of user files 12 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

WannaCry.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\CopyUpdate.tiff.WCRYT => C:\Users\Admin\Pictures\CopyUpdate.tiff.WCRY	WannaCry.exe
File opened for modification	C:\Users\Admin\Pictures\DisconnectBackup.tif.WCRY	WannaCry.exe
File created	C:\Users\Admin\Pictures\OptimizePop.tiff.WCRYT	WannaCry.exe
File created	C:\Users\Admin\Pictures\PingTest.tiff.WCRYT	WannaCry.exe
File opened for modification	C:\Users\Admin\Pictures\PingTest.tiff.WCRY	WannaCry.exe
File opened for modification	C:\Users\Admin\Pictures\OptimizePop.tiff.WCRY	WannaCry.exe
File renamed	C:\Users\Admin\Pictures\PingTest.tiff.WCRYT => C:\Users\Admin\Pictures\PingTest.tiff.WCRY	WannaCry.exe
File created	C:\Users\Admin\Pictures\CopyUpdate.tiff.WCRYT	WannaCry.exe
File opened for modification	C:\Users\Admin\Pictures\CopyUpdate.tiff.WCRY	WannaCry.exe
File created	C:\Users\Admin\Pictures\DisconnectBackup.tif.WCRYT	WannaCry.exe
File renamed	C:\Users\Admin\Pictures\DisconnectBackup.tif.WCRYT => C:\Users\Admin\Pictures\DisconnectBackup.tif.WCRY	WannaCry.exe
File renamed	C:\Users\Admin\Pictures\OptimizePop.tiff.WCRYT => C:\Users\Admin\Pictures\OptimizePop.tiff.WCRY	WannaCry.exe

Drops startup file 2 IoCs

Processes:

WannaCry.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1CE7.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD1CD1.tmp	WannaCry.exe

Executes dropped EXE 2 IoCs

Processes:

WannaCry.exe!WannaDecryptor!.exe

pid process

6004 WannaCry.exe
5316 !WannaDecryptor!.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
6004	WannaCry.exe
5316	!WannaDecryptor!.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

WannaCry.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

5348 taskkill.exe
548 taskkill.exe
2616 taskkill.exe
3760 taskkill.exe

pid	process
5348	taskkill.exe
548	taskkill.exe
2616	taskkill.exe
3760	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ef7ac6ba330834488520d02e1b55f84000000000200000000001066000000010000200000006e60e7ce9e9a8563d308a4bbc45b3779d9987432c653325f4a3e453761ba5ef3000000000e80000000020000200000001d4fb0ed6599301201990e1dcac25a027799c8d7b216e2a6756876d4f56df01920000000fce1abc2b7d2617b1a6781f3d3305b7241332decc00e9a0e479b2a28ae60eee040000000d4f0695d838842fb554d8ee289c610325a700487ee117aaff6775e9ca793c16035c54744296ffd63807b09f78664d20deccb3f12a1324540d7ea925c6fbe0866	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ef7ac6ba330834488520d02e1b55f84000000000200000000001066000000010000200000009ff4d36e6ee77ee4b843cb7782a6f21878b098d90b65e5ae337a16374f5758f9000000000e800000000200002000000085f6e13bc8f164a6471e67011cf07444c16f8592ed0f714c6d69f7b9d601bbd520000000581b36e589d4e0abfa3760c701c852ff761c7821b9536e2035a39972c8ddfa9840000000488ca310d5a4777d7dbb53ae791f778888ce8a473b11c65e3db5a5eca85d3678e9ecca3b468ecbf5580fb37f3211b3ad2585e92178635c05889a6e5ce68ec1bb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D9E24810-0306-11EE-8FFF-6201C35E5273} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2928281563"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31037203"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31037203"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a567b21397d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 604383b21397d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2928281563"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133303774793682040"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4572 chrome.exe
4572 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4572 chrome.exe
4572 chrome.exe
4572 chrome.exe
4572 chrome.exe
4572 chrome.exe
4572 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	process
3604	iexplore.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXE!WannaDecryptor!.exe

pid	process
3604	iexplore.exe
3604	iexplore.exe
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
5316	!WannaDecryptor!.exe
5316	!WannaDecryptor!.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 3604 wrote to memory of 2224	3604	iexplore.exe	IEXPLORE.EXE
PID 3604 wrote to memory of 2224	3604	iexplore.exe	IEXPLORE.EXE
PID 3604 wrote to memory of 2224	3604	iexplore.exe	IEXPLORE.EXE
PID 4572 wrote to memory of 1248	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 1248	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 3920	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 1232	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 1232	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4108	4572	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry.exe
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3604

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3604 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb46339758,0x7ffb46339768,0x7ffb46339778
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:2
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3236 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:1
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:1
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:1
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5164 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:1
2⤵
PID:5312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3420 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:1
2⤵
PID:5632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3300 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:1
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:5456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:5460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:5512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:5776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2712 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:8
2⤵
PID:5784

C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
2⤵
- Modifies extensions of user files
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
PID:6004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 38371685903931.bat
3⤵
PID:3700

C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
4⤵
PID:452

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5316

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
3⤵
- Kills process with taskkill
PID:5348

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
3⤵
- Kills process with taskkill
PID:548

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
3⤵
- Kills process with taskkill
PID:2616

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
3⤵
- Kills process with taskkill
PID:3760

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
3⤵
PID:2444

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
3⤵
PID:4684

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
4⤵
PID:5252

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
5⤵
PID:5232

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
6⤵
PID:2148

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
3⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2344 --field-trial-handle=1812,i,13505411184261681494,3925645905189957799,131072 /prefetch:2
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5568

C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
1⤵
PID:212

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5344

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

File Deletion

T1107

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk
Filesize
590B

MD5
d9f4c48b16f24a6a69a9c4673f99ece7

SHA1
7fdc99157456045004aa6ef2655c9472d521db66

SHA256
627af36b71c7395ae6e28fb738175ccb4d1411aade50413799dd0e5a946f63dc

SHA512
5f440a29ac597850fae2f432c274239503d81caefd3bf5cd191a42934bbc422b47a755c35d522e8368d1aa7c59330390b9360b3f69940b0bfefc4464d9632eb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C
Filesize
312B

MD5
f78db0bac57b9281d42b630b051ee409

SHA1
2c38ecc19e4fc5e26338fdc29338f4e04ebc9666

SHA256
cef2b9f0bc73404683a7f2e73176c08d4169d1f63597a6979a1894770358d62f

SHA512
e5e3de3686c4b02f2d6c4879153f271c31fe3014b5e6628bcb08d58eaaf44efcd97e4e1ef3603ec1ed928cae18c3179457eaf7578dc1e54838f8c9ce76b3cec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
29e12077c9460ca83a3ba3e4b3534ca8

SHA1
9282cfd2a62e998b58196dce23e5d9b62f504212

SHA256
8ab2dd06e4569674a3c4a6f99ce9ab6d50735f3ef9dc22560c59039e741c8a0e

SHA512
1439b4e6e118a3d152d83d4c24695587471c6359c7ea91c9de9e016de4303fb3ce282a1e328425b64d99ecd6c8f63bbd604eaa601d1d504801eee25a27715976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
d2d77fb43d393d099270fb30ee623a1d

SHA1
bc7f9e9bc6c2a82d43b78414215718ac0f472ec9

SHA256
e1e4980a4beb9bc6b62b95fa57858cafb8b7c907b5d1ab6b0620318f8dc5b84e

SHA512
10dfb3e7033c69702d1d3e86364fe39de2dca0e77a50ad3663a61bd2f18f5959ffdf527fe9115b13bdd2dc2320fc80e99064ddf450561181b261613f98a2d740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C
Filesize
408B

MD5
9c6528b700f36b7fbdeee8b75d7b3d27

SHA1
57000994968c1ef84f28e3e68796d8519de812d6

SHA256
590165662531f907ec27d88b6679477e973f07e58172ab6e2937e202714fb309

SHA512
44509a8be0cada8bb55501208cc63794cf7002177cbc0ce154cbde2c8fa4f92389b95116d826540a4ca3a828cf4c7a387fdbd83fb89212bbf853d5e8bc067547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
b0692ee125e87678f76b00174d30dfa8

SHA1
c372a16b0e3f3a78d8d32220001682359871b299

SHA256
553dbccb223de748e2cb06ac0e55f71f2c81a595e7b5d0990a23abae2e3405dd

SHA512
0d6f8bf8d0f9d535f701758f378a3abfc2fee2d1651ca8aeb82fee047ebbe8e18d2c4d184890db5b339c16eaf08496396e5392cbc573028c385f05c995a4e9e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
404B

MD5
315b4d2f6d74923b95bcb6b55517e0a6

SHA1
2698271a6a2b47dcfb8331631017e403238dea67

SHA256
d87537da7aad039cb509e51c97e4765d94cd2d936f8b29a524b3215bdd8eaa5d

SHA512
c7dd50088c77acf3795e977c0c10c2889155bf142217f7cdbdf372ea0f07af26f6bd1394b245c4b7b35c7a2a5eb3e7dbf5888537332ec8f83d61147c11e8a364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
d5ee1d89cc77cf111682b2924eb121db

SHA1
ce1d0a479b9ceba740459bcb031021f87c037f38

SHA256
8c78f8ef8bf8b3304f0bf58e5c228fbf45e37c5d21b4e4205cebce75ed5a1e85

SHA512
d13ccd7dea5cad1e4d880d7aa4ce4f61072e907b10f137a6c38a11c2d9d2b531e020ba9717f7f333abfc8a2b100d74b15b28a0a2bf9224e217325d8686ae992e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
8b4e815c71d4f6e1d6d5dc26b37d265a

SHA1
9581f6ba60056ec5fd650f63b3fa645a30d54c7e

SHA256
8c7e3a1f1ba35eeed0e6a9cde2caa55ef03dfe062a9b7549c1175eafb6951afb

SHA512
863faf028152616264fb9625b59fdaa86b46d4b18708ffd539075b2a49c892b18fd4ea1bc3f836c1b00131d5b8015f946822699bc106f2467eebe9989ff1a9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6466daf35e6fb9ffdd9b372e305f2993

SHA1
58d70749a842ab306a27a481f3d7c4c69af8f166

SHA256
4d356961a8a74bcf4c3f9137675177100c20fbee2a6e8d6bc40414ff8b89e82a

SHA512
0079ebe090014117b116f6f36bde4d6d44da7ffaf828ccad3c11b9560ac85bcb323cced2b4ed83d0cfc291ca9e08b6a59570ee1737d0754102289f79c53996c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
56b4dea5e2d8803aeb6d84155aa813c1

SHA1
28cc5ed54bdad55b62bfa59634d67833c4612d99

SHA256
9460000147ee7576fa047905afb289d60d910b5f1aff79eb045c688127ff1a8a

SHA512
74857dbdd18f230fb78cb5f9156e4c60ec89e8ec2b828dcbfd3c343347e711b7ac9d8e5987d77f398c4a1f0e09191f5af048e8b9d104bcaed3f52712fe7e1ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
863170e0358e31c1e5595f8b3ac6a1e2

SHA1
95f71673e7e5f886d62ae9d0a5f5035a6ec22087

SHA256
8dabbc9b042447975daab21990ff93652c9b3de5dd20276db6ee9e136dab764f

SHA512
4caec712d432caea176f89e67c465434419ca563ef2755c1096c8e90faceecbfd723bb40727cfb450a1bdc7e4bc8c8ec8547a78f162fb142d260a762652d0b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8d7e9492d71f33d7a0032f1174c9809d

SHA1
bcfe7d6e04ed6065d35d85e7e00e4a92ed1c6857

SHA256
d36e567a7ad28748a115cb32d45311436ec8b970cea6bcd952ed8e7d769f8d96

SHA512
b91b270d21c09435f19848d8ae4c9ca16888ab3788979afe4d0495a7d347349b1b1045721143f4f68f6f5d341cf0503c069a0aa09dc0cb4dadd2040eb698e669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
dc2cb5816288f53a1fe1dee75b680fcf

SHA1
f7b67bdb00802165b320bdd95130fe87688489b5

SHA256
a8f7b3e5d52fad8dd91a0e9c66a79208d67b2a518cf7a754b5141e133e671e38

SHA512
32386f87f5bcd6da68b62fef6eac070a0017bbb80d306a06901d11610bd225409a5632bee8515cc28de478bd8651227d017a88c07e1a84651cdef94ea24d049a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
209a192bee3416583c6fa3ae1a6a43d6

SHA1
bf57d864368105537aee676d426082f62cdca458

SHA256
bd356c7f30794e387179a5117e745868e5a780de827be36e34d6278b19889024

SHA512
7599c6344017a2a844f90a114ba37ce5deb2b25be98b50eb096709be770cef52fc2c7929a55e152f49b1522f5c1c4b9583a39c3c5a3be8c41630f7e3a2f55b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dc617871cf54a6709a504cf87928b142

SHA1
ff208ad58484223db4511d5c0023928c93e0a32b

SHA256
bf706cd2042eda7b539c1911d37f4ef438e2a878b68a1e63cfae0fbe09874858

SHA512
f5a40dc400474b977dfaa209bfe2fdf291bc5cc7a046b6d8dde1b17d2bf39110c690875fbb04c95418e9710d10845f02a1f5c5ca84c0ed19fc3bb5f41ab15236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d25438fdc120b72a522080c3796fa097

SHA1
f6cad8aed351ff31f2288473f1c08064104c506d

SHA256
fcd68ebb02ad1ea310b6bb9b0c7b3f0a0fe9766768c0bd84efb166844f21e11e

SHA512
576f3e64efaffcf738df169d58aa7c6f97d455b7616db434e14eff8f35f1d3bd9c62fd192ce440001ae454ab3ed034ecd2d9935bbc0c85ef76e52695271d58de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c25f676bdee074fea4accbfa94fb919b

SHA1
c7aec5607754289a8300e92b094fd9eb91d7fa17

SHA256
140ae180e76962ce565a87f8c53280b1e6925ee3d7f3e58029e67a2751e35415

SHA512
bc1acc9301f5d05aa450ec055bbd645d1bad903b39561773488faa10d77b657bc940c6b250c5bfa54f24708a9cd3fafc4f02ef79fee1c7b20699147194080664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578ca0.TMP
Filesize
120B

MD5
844ca19072c7a2f8fbad6001cf82f3ed

SHA1
22a30302de9504a2cfc6fe844fb0e86410ac2567

SHA256
a054b3c196cd945eb63ea600959cc06d00dfdf43356c5981e998f8f344dfdbba

SHA512
b40c348fba6b09fe37a140b8d56e58a7afcd357209023a20765705a29892e06752d3af492f215d60398b2898f7a0c6b1ac0ba27cf8df7d8d89e0b5c7941cdefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
Filesize
28KB

MD5
89f95cba7df4701a8173efa00dd6b94c

SHA1
673fbd9811b91813675b1f2a42cc8bd96450a0a2

SHA256
7334dd817408a2ad18d3ffd643e1707504159d52daef7c280db4f14d9c719129

SHA512
9cb34878f8fa559d0ee1ee637218df7763f33aaf44c7aa01f40709e0c7ec74a131dbd9b96c14c845ce29d665bb97c077e81a24bd6b8a797fd306678a15820deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
158KB

MD5
32467f4455e0e0795a186ba0356c2fad

SHA1
544cb3a304cd5646078ca5c48b3791a8eb8538e3

SHA256
d8edd8f7dc83ae125a44dd42f9b4b98d2fe1d8a8604996623763c05cd268ecde

SHA512
35a48820a0e04d45e31c84e5db012e2cb2ab84135210a6775b1d5e93d4579ea6ea1947d72ac4fd775a326776785734e3fb7dbc0f27ba1ab4313b70a098054e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
84182b480715f13b9a7a46542e103cba

SHA1
d2495d0f2ac49d69e866810adc7711d1ae5c2698

SHA256
d64c6f3c4679c627d7351fbf679e12c29f8cc7fadace363343b68db9e004c699

SHA512
0fd20b02531c1ac6fff3a9e90b4155c60ae90af913ff198a31f3e8f1c5ba12310dc4df307524d678e9878f9647881c7aa19f44c7245ec3348c4073e50dc0a20d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581ba1.TMP
Filesize
96KB

MD5
245339e48a96dae1514aa7405a6856de

SHA1
38619bdcefac0caa33c31f400db651b7e700f530

SHA256
3b995f53044512ffde37e127df553b97c55f4bf17304fb1cc43684be5aee7687

SHA512
325ff0462702b043c34c3210439b5344ab5eaf3d42f5492e9cdb38109c75617be0ac63237efc39326337093ab729992f8acdababf2f50ce0a82d56f116589936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat
Filesize
1KB

MD5
5d56f4ec1a09e582ec58c8a9274d6c19

SHA1
6378644f62c11eedb4044d1cb05fb52485c01bfa

SHA256
03da8c12c469c862d3fe5d5ea67de297d5c346fdb85005cfea7946f6c1ac8f1c

SHA512
ce66e8ec95210a731b4169e55b2ed4b326afb541a733659be31bef1a6a3c23c21f1e3eb426964117e7722a96c48c77cb2cfe94d52ba214265716144d4a9e8c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\app_assets_modules_github_ref-selector_ts-8f8b76ecd8d3[1].js
Filesize
9KB

MD5
019ef7d910ab3ad87d523c379439ab31

SHA1
dd97c99ddd637832502230c904f6fe4e4cacf4d8

SHA256
9e6a2cf46f911f800edc46a13a14dbc4d867283c2f036942fd76d13c5c3f4be4

SHA512
8f8b76ecd8d340cc9d4a3a09ef686e0eb0c00549fd15d50199a20412f479f22026dd00dcb70367cc98e249734ce25d03cbb0b585a5156f439c91c29cda78e647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\environment-de3997b81651[1].js
Filesize
5KB

MD5
1b85079a9ba25d7ccfa2e6551f1f23da

SHA1
95807b2db9ddb55f1c2d063de80a21126396a938

SHA256
5ae5c1c250b930691353ec3310295d1ea8128ba6b1dd69a8bd0ac08aa3283aa5

SHA512
de3997b816515df468e65014eb9230e603f485f9bebbb1e8f9e28437bb64e15c62e2377b462605099c1f5778324da56f8712ae8419f27628188332283b9644a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\github-elements-6f05fe60d18a[1].js
Filesize
34KB

MD5
5b04df474e86da9d2cfb56c6a655e9fd

SHA1
7aa0801e4a25eb1fbc4ede60b3c7efe4904bd945

SHA256
ab9c8d519415855e6af5957980d48ce278e90551434feea0df9762c350c224bc

SHA512
6f05fe60d18a3fe5f40d7434a84513a182636e505df02bb40d0a78e4aff975d04b24a1c1f201b97c23d2f261b3a73964b239f1d3912f2896a26ff96453fa6f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\repositories-0355d3fe50ee[1].js
Filesize
64KB

MD5
92bc7cc04b72eabdc5d8dadea976a93a

SHA1
efa2b79ebd856edb93184d6548e57988f922ffa6

SHA256
87e182a2a527e7a4c994342d8c40d843a489096bc1fdc5282d42d4f24b39ff94

SHA512
0355d3fe50ee70f466793c0206964c89a67a6bc19a19d05a56577b50adffafb9f08b45c9857880ffc441dcf93de03825ed101ae69170d812bf76ec534bf0b2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_color-convert_index_js-node_modules_github_jtml_lib_index_js-40bf234a19dc[1].js
Filesize
20KB

MD5
335c0961babd1c1c0d898b5717f961ae

SHA1
104c5caf6c79e0a658ea309651ae75d734be92c9

SHA256
981215a3a3c0857405f95bab20d9e8d1eae8a0e757f787c62824bab1330a8cb8

SHA512
40bf234a19dc5a70430eb6893527d5320d850d63bac10e3789ac6ddaaf6bf1682a0ed81f2224bb1ea2154f9ddfe9afd929a1611078ae3b3f43fafe7d584221da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_filter--b2311f-15fe0f17a114[1].js
Filesize
20KB

MD5
a8f4a1a398acef2eee122fde824f9ef2

SHA1
440530ba71a7a5418ce1812d40e7bfd09d0df04b

SHA256
fb9621350585365742bffca023fc5e3462becdc2090c351eaa70620ad6a3746d

SHA512
15fe0f17a1148e338c28c1faec59a6cf86318c427a861425fc9fdf66c0ec85e118b020563161cda00099e3f73535f4b9c2075809547e3e9f6c6a359be75c41c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_github_remote-form_-e3de2b-779fd9166293[1].js
Filesize
18KB

MD5
c5ed543ae8a311bdf58dccfc4cc18a8b

SHA1
311e3e19b0a308452d917a4db844c01c7a5386f8

SHA256
56e53054d7df85620ba0b07ec44cc41fbc64656897663ce49627803026e47106

SHA512
779fd91662936344b6e65eec18a60160a677df13d33cddc8708a70074355ca6ba8a704e27a9ec66ccf3d57cfd503fb50922ef08cd6968bc0141415278b9a526b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-c3e624db1d89[1].js
Filesize
16KB

MD5
e64f83d1a9f51f9c14c9ab8f3a50f8fb

SHA1
16e820a27942595273eded6a23ccfb20e47d5472

SHA256
4fde779475a942b75da84597dcf9650ae9eec74aa4718123b7b1d804267883dd

SHA512
c3e624db1d89f8a4598209f6e86f431371354696485067d4c97978b5d8258342e8d3c4079d89b7d1721e782f6749eadfcf4398d635507c8202f34c8e9540d5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\63458929[1].png
Filesize
1KB

MD5
3165208221c840ddbf5527c9b7dde086

SHA1
9b1aea8fa2a9e8d58d886175af3c8db7b48e05df

SHA256
e25efc2f3c542a995df70f85198b7fd6184be4700ec9756e00c0a8fd9e7a124c

SHA512
e0e130bd177c22767dff15c257e54c5f2acf266eb625ead3c537cafc728f5c53004008291908ba775743722abb9869658a2a8861fac092a61b1938f8a04d0fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\element-registry-84be4ef284ec[1].js
Filesize
42KB

MD5
37e97f57ebc8d5dc75173bf0befc79e9

SHA1
a8b24483abcfbe89774378531cc388608d1111d7

SHA256
e280bd8ecafe3d1ec9403c82b770d5f8917cd7f1e60b49668a5ac639b9eea4d1

SHA512
84be4ef284ec5999c9d52e262f2cab9e4b041abe5380abe64cb69b7bcb0be9b5b23eeafc8b8ee36f50232b045ea1aaa021a7ff4accc99508dc33f6ef8ca14a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\favicon[1].png
Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_text-ex-3415a8-7ecc10fb88d0[1].js
Filesize
11KB

MD5
bb1800636a88e2cf90f48ea181a1c3e9

SHA1
486238b0e8fbb84b4f92e462ba7f337f8c6c091d

SHA256
7bfa93a6b92eb9a2f1668a9b16ea5e1f7f2591d3664351788a48107ec879bf84

SHA512
7ecc10fb88d0dc86ce7d35b7a2be7b44f51904fbb1908b53c9afdf0d6d1fe9760753f6cf8f9ca1897bd537552d3f8238c68e9b993a167cc52f43b5f7a58b37e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-8873b7-5771678648e0[1].js
Filesize
11KB

MD5
cc3b9d72861037e13bd0d0be98ef5ace

SHA1
ee4ffb8a335a106b2b784364f017e017f61d7398

SHA256
7b13afa92922980886b59316cbb313d4d4c05037979c1a49fbc99d6c4ff822ab

SHA512
5771678648e04c79885e4671ed343d33268564ca16a73d0a77dcba1dd1aee2b1ea303d6ab1b226e61f4c0bd5df6b33f28d86ba2ff72e959978e03f8f640a095e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-424aa982deef[1].js
Filesize
13KB

MD5
fa2bd9163204e6ced0bf13f169206c40

SHA1
ea2d13287aef46af1ad0f04b04eada4e8a8966af

SHA256
0c2a6aa4860bd3d3a135d59418bf4e7a00173c3e974842ae436a0a2fbe3da624

SHA512
424aa982deef4fc0969c58c54d1dfcf1b589d6c9da95575e4b5f88ffb03a8457954a19c03b00afbb5f4fa0d64a6d7b7361c0a4737c1d21490d2767eea227e0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_lit-html_lit-html_js-9d9fe1859ce5[1].js
Filesize
15KB

MD5
29b126d180066f2cd72287a725af3dce

SHA1
da1a0918b337b6bcda086580271306fbb2d41ea0

SHA256
9417afb32e38d089ae0e18debddaec99629f25af815081ebf426a48066ef3438

SHA512
9d9fe1859ce5c02054af70a2435b2b137398d7f41f2b71cc138333f706bf3c175eccc001e8ba717e80508a10590fd40c91468a9ee60839cf2cf5464c2601deec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_primer_view-components_app_components_primer_primer_js-node_modules_gith-3af896-d8cf3e5f5813[1].js
Filesize
84KB

MD5
4d8ba4c37951dd52f66e0e34733a36e9

SHA1
c1ab4e1f09ebd165cffe8af3b5d414a21c826b22

SHA256
81d5e204e6971ac39280cbe9eb0b85b801b49b537ee789c0b0a5bd7adeeb6b19

SHA512
d8cf3e5f5813c726fb74d03f26ea7e7d5be180d39708ecaa1e567a40f89fa6c7c6bcffe476cf8e32486f848b93d5eb1ffbacc207926f350b7ff918426d1206df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_auto-complete-element-5b3870-ff38694180c6[1].js
Filesize
26KB

MD5
aed57c5b19c71c3a620a8aa2abf9a69e

SHA1
e30ccdbeb880c3b8fc82cae3d1293354226f3c59

SHA256
a7c516e60d317d33dfa33e6f1ad396b0bdc096b9e2081572ee35be0fa7fb99bc

SHA512
ff38694180c6b07c0efffc27aae6ef9b02852a15b6ec0f6b92b4bc92ec5db0bb6ef46f8d3ef15910fc9bc64dc96af4415c8d2ed44499d0b39b64cffc9487d559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\vendors-node_modules_fzy_js_index_js-node_modules_github_markdown-toolbar-element_dist_index_js-e3de700a4c9d[1].js
Filesize
13KB

MD5
186933c0117b94c9b8aade71f6f310c0

SHA1
ae67ade0e920b536137b6e98bb5e9e6c34b96925

SHA256
1465e7c16987bcaf9bb6209172d23d157cba309e9c8b2e4751b77ce4feb1b14f

SHA512
e3de700a4c9d4e1a490d2daa45c518f837ba0f6e065274231627b3911c43faf07e365ba42dc6d110627987662366ea1cdebc9ed4f5a8b88a04b64a7980c7b5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\vendors-node_modules_github_relative-time-element_dist_index_js-99e288659d4f[1].js
Filesize
14KB

MD5
f491d4f9b68507dfdf90a5ef6d4f70f8

SHA1
dac15fb588758d0cf24eb922931dc367d9f0458b

SHA256
6f7e23dd694a3e70ef7b0a8dd6b30161168039187a16bb1f8ad56c0e385fc2f2

SHA512
99e288659d4fae2fc48756d2bc57e0bbe2add23ed9ff370f8f9643ee09585f4bcacc6688cfe6380e60dbe883f614bbe2c61cd7d52fd5109f20aa79b70df6f079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\vendors-node_modules_github_selector-observer_dist_index_esm_js-2646a2c533e3[1].js
Filesize
9KB

MD5
e5411d902c14114345232eab0b388a2e

SHA1
a079ffbceba09465e2546881d6b963d05edd3add

SHA256
3dd71977f8bc77d1d340787b166bb300047f951a16e440f75c9fe2599659a70c

SHA512
2646a2c533e30cbd3c0ef653c306fdd6052f00fb9479ea664f791ee17c4a8d8321a0337dc9f79b9a0aa0a1d68a9cc84b46bda6b2285bc16a8434712b54794f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-2e2258-7effad8d88d4[1].js
Filesize
13KB

MD5
e5e0ee4e4de0c843b03099c3b1aaa7d2

SHA1
eafbae47da31696b3c09a2e4d4d14f376a66a717

SHA256
3b81439b3860fac8d5bd56a7579ab2d91b68c66c42e14cda16aeb6d6f28924c1

SHA512
7effad8d88d47e07020e165d94325f23be53e5030165842c0fd8b44df717211934c2d0561ffd4fa2403114e09f182160ad0cf9c60e11878b9eefd1668a06e550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-c97eacdef68a[1].js
Filesize
11KB

MD5
877af1a0f83cc799c024e324dde1c078

SHA1
e07d194bcdf77c01c0bb78903732babf0acc99f7

SHA256
85edcfe9717ca67aba8f94c45da5071c5bcf600b1431e5daec667d9463474877

SHA512
c97eacdef68aba2c690f85c669524ac13ef83c6c54cd3afe654d0c74f400887226a84be09da958c50a0581f9270aa5ed52b476c336c08d392cd67e4a53c513ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\app_assets_modules_github_behaviors_keyboard-shortcuts-helper_ts-app_assets_modules_github_be-f5afdb-3f05df4c282b[1].js
Filesize
14KB

MD5
9200feadadbbca8309d5977b36e8ea6c

SHA1
5c1f182157d97fdc3c765f93d4e5d1ddc8d091a3

SHA256
c2703d901b7c6cba74a1e0e7179941d5aca8748c25ae79479a48f562d02e77a3

SHA512
3f05df4c282b95264abf3cef77b0dbf2bc00cfd3bd2af67073107f6d929a29c8015f6404da03b32fcb9b9ec70809a6b4f3b9e3107abf5f19f173c57a36d331d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\app_assets_modules_github_blob-anchor_ts-app_assets_modules_github_filter-sort_ts-app_assets_-e5f169-c54621d9e188[1].js
Filesize
6KB

MD5
7ee251a6f80c7f077f8d307c0f96f667

SHA1
3606d3715836bc5b0a9862ec37cfe00ea6a5f8e5

SHA256
d969c168035c946188b97f6cf8af2a71ad2d207a775e9b918ee6488d721c63fb

SHA512
c54621d9e18841f538bc2274b29cb272ef9ef1e5e282970c3467b739cceb5712c23db00c0c53f65a66880db3b744e2063250e1af206a7ccdcb1d6dd0ce2b9baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-f96c66-97aade341120[1].js
Filesize
21KB

MD5
ffdf3477d878f7bc9c074de92e94f8d3

SHA1
9ca15efd982a6f1fa7e768123197a0643d40416c

SHA256
e17178e0b5e56102735f541e5b61419271ddf8221ca745572b0c18e273a43c9a

SHA512
97aade341120a6287d8a510b6eec421f1bd01abf1b68b2bde473b7abc57345a7127f957bcbe101ff56f295524526a79caeee1d85c1f0bb730d8666a311666a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\app_assets_modules_github_sticky-scroll-into-view_ts-050ad6637d58[1].js
Filesize
9KB

MD5
472d32c51f1f61232b4067c6ce1db8e0

SHA1
6a10d4f7f28e48d06f86bd47f7a9f1bf678594fc

SHA256
2909936c658bd0564865d9dd672aeef5347af08b70d3e57bd4e2224cb7ca6904

SHA512
050ad6637d583c942bb7c8638eed0dacc4da3bbfcec8b1198091f40964de91dbe828fc6a24e74b7f27bd5a5ee28334caf223cb015eb8acf3e6595c832ec7483f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\app_assets_modules_github_updatable-content_ts-dadb69f79923[1].js
Filesize
8KB

MD5
ea38f9963d35351c101d238af3a3cf73

SHA1
9ab43d46fd1b2774ab8b1bd7d51b55a6a2a49c84

SHA256
8158702cd486d1cfaf584b4784649207f4c668e27d37c2c3c38fc70d0e30b24d

SHA512
dadb69f7992377066b58045ae7182c82eaf7d8c3233571020172bf70e11589447098c1766954df0c736df3def39f1e3f6f34e6153ad571eaf0f71e06477d29b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\behaviors-3647463f0628[1].js
Filesize
214KB

MD5
48c5480c68bdb9752025d4f413b2de96

SHA1
d2379970d39986f98204ee653d9c091a8e78d6e0

SHA256
ffec5af0cd49856f7d2bab405bee2d43e479f8021468fa49d720e913b9b64899

SHA512
3647463f0628339a2a080b69ef1f22b4622187fcaa7ba30ff5fae3bb2b30d674c0d0687cefa2d7c446f68638abc315c45d1b7bfba3ef419fed12f953edf8946b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\code-menu-da1cefc25b0a[1].js
Filesize
13KB

MD5
f6d880c309509987d43bc91637e519db

SHA1
504b065305834069a6b3c7acc07a726738bcf8c2

SHA256
e843b6d6cf094b7ce98cbb4bac745ca475a06f33b37285fcab29dec9aad82c5f

SHA512
da1cefc25b0a815ebe4d17fb811eec30b5f6b62418febafd443d374c8e889e5744526c7aa1cc04923b1209d7a255178134ead1c7c1ca0c480964fa55ec2a319a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\diffs-e4bf217e85f5[1].js
Filesize
77KB

MD5
4538e425de3bbaf8f63850f62d1d456f

SHA1
e936ff00355b75f3ce0dba8f537ea5e10f12f243

SHA256
d33b44f5baac34458f29730901daf9b7f9238219fd3aca583f33e65e831e87cb

SHA512
e4bf217e85f5f95d5ac7c1adf622b9b136e56c9ea45c2422352866af63fbc64ceedaec1e691df7d9b9a5b12a62d086b68a3ca4bd2ec6538782da9567d1cb74c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\notifications-global-4dc6f295cc92[1].js
Filesize
11KB

MD5
f9900e70cb1dcc8a67f9f446e5d718ae

SHA1
f7be42badef3fd51ae90deefbc913e74e81e705c

SHA256
3611cb16979f594f606f41f6537a27e431a29d8a883fc1b18cb309b3f5890e7a

SHA512
4dc6f295cc92706460d7f2f96dccbaf776474d47a47889ab69fb549011d0f76cffa0ec1c8f556f8a52dcefe755a4d7d4bc4473a47c710b27223ddced094ec160

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt
Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnk
Filesize
590B

MD5
d9f4c48b16f24a6a69a9c4673f99ece7

SHA1
7fdc99157456045004aa6ef2655c9472d521db66

SHA256
627af36b71c7395ae6e28fb738175ccb4d1411aade50413799dd0e5a946f63dc

SHA512
5f440a29ac597850fae2f432c274239503d81caefd3bf5cd191a42934bbc422b47a755c35d522e8368d1aa7c59330390b9360b3f69940b0bfefc4464d9632eb1

Download Submit
C:\Users\Admin\Downloads\00000000.res
Filesize
136B

MD5
6b4360fca071fbd70cb43d0a74459e73

SHA1
e79f032c72bd3330ee7f99667ae1c1a5121d07f0

SHA256
2d3172c62fc218b9f9344962de7d71708f1ca4634226ad4fbbbd76f96e415ca5

SHA512
3e8bbdf5ee459dc33f0c6aa81f98a63388a79825c704894c0bc03287b5600224223ec16ad013fa218c051bacfbc8c71b4c0c80ab874be1c39ae9e0fbe699e282

Download Submit
C:\Users\Admin\Downloads\38371685903931.bat
Filesize
318B

MD5
a261428b490a45438c0d55781a9c6e75

SHA1
e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e

SHA256
4288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44

SHA512
304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40

Download Submit
C:\Users\Admin\Downloads\WannaCry.exe
Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\WannaCry.exe
Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\c.vbs
Filesize
201B

MD5
02b937ceef5da308c5689fcdb3fb12e9

SHA1
fa5490ea513c1b0ee01038c18cb641a51f459507

SHA256
5d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1

SHA512
843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653

Download Submit
C:\Users\Admin\Downloads\c.wry
Filesize
628B

MD5
252c46c71094ced493b6d8bb170d8fb1

SHA1
0d09fa25cbc74a292986b18615222ec001e749c7

SHA256
af54d7bf2f987503bac5905a42e304e83f1714aad17e7044087c72bf55643c32

SHA512
82c68184501a76e0bc8ae4b97c081cb39a9c6e23bd60aa54d6d14c52476c4f0e244d316fd31d4f2e41696d69880c9e0d6cbd5103a01f546856d6d183f72cfa05

Download Submit
C:\Users\Admin\Downloads\u.wry
Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
\??\pipe\crashpad_4572_JPXPWJHDIEVQFEJJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6004-685-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download