wannacry | 96596a4011d86c9a650d3729189c48ccfa9047b76d75fdc4d19d54e1595dc5b5

Analysis

max time kernel
649s
max time network
651s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
02-04-2024 13:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

CPU-Tweaker/COPYRIGHT.txt
Size

1KB
MD5

e09604177a6ac3ef0aa5e5a7b9942595
SHA1

54cc4c7278af15a76b8ed2cb53a31a22c7e36cdb
SHA256

a13201b257682de3402c96e935bb5a678a2f88ee48f1966f0a673dbc78b4a9f1
SHA512

d73bed2563f8340e4b0fdc24e5f644195a258deb62c5bba2943ed06de1baf90d3de37af0d6f764a70150d54d225f2ed357ee749245334160af8962f2bc75a8e6

Score

10^/10

wannacry discovery persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDFC54.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDFC5B.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 10 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]

pid	process
3676	taskdl.exe
796	@[email protected]
4340	@[email protected]
2996	taskhsvc.exe
4664	taskdl.exe
4272	taskse.exe
2184	@[email protected]
1316	taskdl.exe
3588	taskse.exe
4632	@[email protected]

Loads dropped DLL 9 IoCs

Processes:

taskhsvc.exe

pid	process
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

2164 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
2164	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fdeakzwr832 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

214 raw.githubusercontent.com
215 raw.githubusercontent.com

flow	ioc
214	raw.githubusercontent.com
215	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

@[email protected]ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Drops file in Windows directory 3 IoCs

Processes:

taskmgr.exeLogonUI.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\421858948\767729314.pri	LogonUI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Processes:

vssadmin.exe

pid process

1608 vssadmin.exe

pid	process
1608	vssadmin.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

LogonUI.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133565377913855027"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000_Classes\Local Settings chrome.exe
Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

4944 reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000_Classes\Local Settings	chrome.exe

pid	process
4944	reg.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

taskmgr.exechrome.exechrome.exechrome.exetaskhsvc.exe

pid	process
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
3700	chrome.exe
3700	chrome.exe
4544	chrome.exe
4544	chrome.exe
692	chrome.exe
692	chrome.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe
2996	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

@[email protected]

pid process

2184 @[email protected]

pid	process
2184	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

chrome.exechrome.exe

pid	process
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4456	taskmgr.exe
Token: SeSystemProfilePrivilege	4456	taskmgr.exe
Token: SeCreateGlobalPrivilege	4456	taskmgr.exe
Token: 33	4456	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4456	taskmgr.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
4456	taskmgr.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

@[email protected]@[email protected]@[email protected]@[email protected]LogonUI.exe

pid	process
796	@[email protected]
796	@[email protected]
4340	@[email protected]
4340	@[email protected]
2184	@[email protected]
2184	@[email protected]
4632	@[email protected]
356	LogonUI.exe
356	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3700 wrote to memory of 2664	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2664	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 2652	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 1336	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 1336	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe
PID 3700 wrote to memory of 5100	3700	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

724 attrib.exe
2792 attrib.exe

pid	process
724	attrib.exe
2792	attrib.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\CPU-Tweaker\COPYRIGHT.txt
1⤵
PID:216

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffebf309758,0x7ffebf309768,0x7ffebf309778
2⤵
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:2
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:8
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:8
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:1
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:1
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3800 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:1
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:8
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:8
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:8
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5184 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:1
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5048 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1604 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:1
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5692 --field-trial-handle=1596,i,10541168770766870788,6789609897858004380,131072 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
1⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffebf309758,0x7ffebf309768,0x7ffebf309778
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:2
2⤵
PID:720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5316 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5184 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2964 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5144 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:3484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2944 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2600 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1640 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5408 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3272 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:1
2⤵
PID:3340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1760,i,7030114706404734293,10397796700995610671,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:2252

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:2792

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:2164

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3676

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 106041712064439.bat
2⤵
PID:4296

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:4884

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:724

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2996

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4340

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:1336

C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
5⤵
- Interacts with shadow copies
PID:1608

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4664

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
2⤵
- Executes dropped EXE
PID:4272

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "fdeakzwr832" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
2⤵
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "fdeakzwr832" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:4944

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1316

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
2⤵
- Executes dropped EXE
PID:3588

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4632

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1200

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aa3855 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
1KB

MD5
382995ec7643c0ce5e8df5913874b93d

SHA1
d1362442ef8aba686e356be59594277514d66bff

SHA256
b5eb0858614f3fce81890a32230cd7703c762c5d32a82576f96e2ee9aa4975d9

SHA512
fdeeecdd3207fd28f69c3d414a10df281b89860af642c27a824684abff331371b8779ddeafbfef39becd9bd9b3fe10b3dc1e432504d701290e22150e7a4acee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
da64fc260c78d2b22844beefabddecc8

SHA1
429cef066418a4abbf21670c1ec3b8a96e05f544

SHA256
47a2ba91662b5dc0634f36d49ad6d418a72c596ff194387ff757a49aa9be2d5e

SHA512
26a5a2de57c45ac2ef3e68781e50fb7e7cd73f47a6326454fb45b55b15c893cc99e625c93109dbab725e734e34e443a1c7df0ab88816d16e5d3bebdb28ab59d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
608d424260e10d4d3e6b839cf51ea123

SHA1
3431024bf10f84aea35fd40041c8517cb744c912

SHA256
f63944049167777859fb822754d0ffc6d3aac2ab7bb9e127b101bea7658df0c7

SHA512
8f9297758af4390aa6894b025d5b720dd913ed81eac7f176109b94e17bcd04ff5421a7c32c15b5d699fcc541dfd039ba069ef8f630c8a4210dc3a66adbe89a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
c215d999527c0f79558e9cda68271a84

SHA1
0a1b0d46e933110c17b749d94b8021db8fa86782

SHA256
26570a669a493b5e9647f319dd358a8e90bdf0e4090c3a56e137fb077cab4d77

SHA512
084299253e16cfc1cb4dddcb2a202d7a512dd92066f76401af87a87b906042f44f85514492fae4e297f5806eeba005e1c0f2c8b29be75ec52e4ea179ded64370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
8c83ebd327968a1b22e8be72fa07c055

SHA1
b58b0c8f9a7684351dafee6232c3b433546787cd

SHA256
5c932aa0f1e23432044d588f92c24d94056babb89b3631a59fec44de691e0d28

SHA512
04f7589d232164977811f36dd36758203ee1d777cb0305a067dd37b80afeec0e3b8e07292834a2480cb8e0052252071ee2180d788573ecd3155f5f25856421c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
ed204ec944e8e68fd7292f96f25bbc81

SHA1
6be6a864229ef2428a735b6487b8452e858f216a

SHA256
ab2d3c018cc10b6be93e6e93bd74153d1f6be6844872401fd0c9b775f874d76b

SHA512
5cafdb079ba0da77d29d55cd05a9e9a9416b3db1087fc5d9da41e6da0576bc84e1056f82a0e7dd81e16a85e2c594903e2b061b78ab6a47274a62caa1651304eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
320KB

MD5
0c549c722aafe231574fefcbc8811ddf

SHA1
b5b24c153b11e7dbfcff68ebf34584c3d1fcb490

SHA256
64ba0d462c0d75a315c3695413af2c43c9751406c4328ab18400ac11a00ef2a8

SHA512
19173a0a338b32f1f57e4c92a020b43f08b15da62f833e8b37831a38cc6a747ba2bb52d47776f7c9f569c4bfca195eed4fcb89d3ab7a58e75a1e60396b64664e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
134KB

MD5
56f22b3d403272656c9f035626c900e2

SHA1
7552da0b3aecb82d739464ca78e96c0352076864

SHA256
c94a7f3a2dcfaa63cebcab44aaa772b02c66ebf6a4383132cbaf2f6ed4a263c5

SHA512
2eefa77608b29a946a7e54d22aae601d29c1f19928b571a198e379da79ad8f4dc73a151a46f1efb79012e0ae7fdaa41b8c86a976f02691e076f0174086b250ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
118KB

MD5
8b75c98e61428e0e98706ac33e39996e

SHA1
9ad72872b5b13a4e96c3be13cd91ccb4f8e854e0

SHA256
6ce01bf9f649e7fefdf353d5f5f9a037e1f90302bd22573f0f01cda8fae96d44

SHA512
4dbbf1ccd7e4db033f88c87579b062860880a865ed6813b56c9a7a99596ca63a1c0cc2054348cf86dff6d2e2b0b21085e3174e231ecda4eaa68a8e90274458b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
46b4fca2838c916f513ce04af66a1deb

SHA1
b4d26f2ac0fee2160e31a042ceeb805604b1df01

SHA256
4e08c2ff6f97b9cae16172e9625ec67da8f233e7a8fec6adc7d20cbc61e4801e

SHA512
2d33448c851d1a2f8d1f4b7ca5d7fd17f6903fa945634ca3021b115a261d21a19ed27346fa8efc34180a80e6beb663857df5237d83439ffc0a3a3ea2df52a01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
213cac0317c3ac5005756a51a008beca

SHA1
5bb5b9e113da72df4b231da5ec019f4f9377cfc3

SHA256
75c8398f46a4f0c4406cf2ce0b7a4849c152b26a156d02e82b650654e229d3ed

SHA512
bb76402377e8ed296f35b89166a35578a2cd1f16b6ca140733ebb93a5338a05bb7297998996e956572f396a6e14d142924f5ab0cee2ca31fb1bf629fd9360926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
54d03d45ce769f14522ad7f815a426d0

SHA1
0c3f6bd4ff8873a76c6faefacdfb6a797fb1c7e2

SHA256
a444aa26c6215fdd13a881231a59b833f26045630b02c474133af31e34befc5f

SHA512
bcd94e98a62443826c743ccec7c846c548c4fd04b81b6349f865257a31aa87ac67d2c055472ecaa39520ee12c93b2fba29c03d215074e429d213f2cb1e681407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
663e4630f7dcb112efca5267ade8a378

SHA1
3af99b42b1493a6b6df9891a5a984da2f2707603

SHA256
8c02bf1bd482422cf58c793e09f286174599c884d8a81842c29135b3f85c63d5

SHA512
66aa4b0a238fe03468bf57c6908beb1d18f55dd824264cc35508d300e42657e998d7b9ba57922a91f3de149d52f9183417b550dd204fc0224751298cbf5cffc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
28KB

MD5
fafc1d085c685bac6cd6a53b77e31a65

SHA1
c2da9a115c19f02048c82867024c84d2610e19d9

SHA256
c51d602528b46286a8a48304f43bc53da943eb1667bfd4db2a15903cf00de527

SHA512
ac77b7058e6c0f5ac850f88f87862ed54ddcdfed7e927edac14272a1182a70843e562aab57a81257a7ba8174c29767d152a9d41e794a5d8e7c10ae6578641918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
41c4ee763a8ca2e22e163405a0345720

SHA1
07dd6d031cdd8b2c1a9d78ef28334e9115ed4da6

SHA256
6966cffc080067569316091b619fb912c20cf74d4405ce9d94fdbb9ebb574467

SHA512
eea6831075d4c4744053c79fbbb676c0a06695a87f1778212703a12d29edd48661a26cb6754848d187808bcbea53a63404ffc9d7d4e91aadd25d7e3eea546c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
9b28a88288cc654bf3bfadde89a61fee

SHA1
6dd5dc134ba446739803e1ee19743c1e232a0dde

SHA256
772f9d2e4dad5dfb0d14d4d2adabe376b718fa906ea2ad16adce6b5e87f5e866

SHA512
91de49b5409ddf728bcd31f4f3e811c982a51c1b3492128e271e240b0104105603d18a95bbfaa2f797c928abdae117910936460fb354a2aaf31abf439e91e519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
10KB

MD5
35c3e58cd7148cabc47578415e230862

SHA1
dc407238a360c11d023df0b095e0242c37b6b36f

SHA256
93b236c25fe341d34b02cf600eaa9a0f70bfc9c01ab72b50d79e6686fdb13444

SHA512
a4d725549e2d226e34172e1768abcf6d91e18aded52e41690beb6dbd6095a7b445fbbdf824b1aa80e7b7e4d6b3fe5fcacf879854bb90dd31b18f94c697e750a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
f2249ddd06b1171731cb68826f41fdc7

SHA1
ea29a7c790129f0972c1456fc721daf3cac48532

SHA256
483bd6d0fe2174b49e3e982506bb7a95eafdc26dadb2fc79667780cc6bd9dd7f

SHA512
54de14995b3909285123c9577173bf13f2272b879debec77484b53fba0265a5961386885800221457a6f34fae80a958d95c34aa9ffc8b22df487f7441a96bd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
6055b0f2379c39576001976f4e4aa409

SHA1
6a5878130627ed664b21557ea54d430dac20be51

SHA256
dcb2f60fc6452f2c39e6a63f491e82db2ec4e6455a6abdf8ebc08696015940a8

SHA512
ee14f9e965e6e032034b7f739f53a98a48f065aa11eec46c56a8f37b1ca899a71c0f0c70bf68da7eb5aae8885222de57c4c626c7750490e8e366f68155b7b666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e2097fa31826816214c20e3a75539712

SHA1
3312285ec1a6a22afa50488bfdd6668dd9331e5c

SHA256
0d390ac5c6897d46a7c54d6fe43fd7b1d0fb80782a05f359071e2746fcd4fc0c

SHA512
7d154b2d0701287040dedcb7b27314d82b9d38e8388e8ea55f7529cf3672e40b87d744a309a117ee3bfad4ad5e70d5a9470294e937caa8b42f36378fe92d6f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
35668414a22ee1626efe109d1d4e344e

SHA1
431c5339b5052c49cbbd3ccf5425a366a6bd5e60

SHA256
3e3401aa273740adc33b51087ed4e1cf804062c53aed9e38b46163c759872aa2

SHA512
7b1053256ffafdd1cef428d945312fde2aecb85d18c9b8f39d390d80b62c6f518d5c96961a5208fa9744916a5184729cb6a86d313351ff569f5cb8117a3b9f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
4b50b6dc7faf2d047780d5613777fcaf

SHA1
9a58456fe0e99003bbc968051df7ed80dd4f56ad

SHA256
7e0622fd6d52dfafcfca3801f0d9bee7f1e53b0e9a3e27708c5ed6be28222395

SHA512
f29c9db9230dba6c548fcb48f6bb8dc79069bb4d5920a9624d3973ce6d2c417889d63c150ba200f3ea6f4dbcc6f0cf4cc42faa847863771651d7a764556e7da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cf43dbf7ea68c9215035ff00c1629f6b

SHA1
4b26fac46ef3ab4e2e212bb8873f38efaa8b2415

SHA256
9d2c081963200b215999ba96e4145b23062d7c79abe67ad7a4c11499fec7ba33

SHA512
790e0b05a33f9075708a5f08e556331f279cc2d7a56008e20ffd62c446a59a98cd53f486283abfe554ceba960dc5ad150c49c30ee7eaa1b79eb532b28dd95730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
27430c8576c1014eb0837f28dae7ac87

SHA1
23f6f5a56d630f40ef37a465dcdae6550e68568d

SHA256
0e21010fdd4a21dc8947f5e964bc8791260472976764695d1585ce9e07f6fed8

SHA512
10a418df25b08a8b1eb2a7ac6af222b59872f53211ea0a79887df7231e31355b570eca756366ac03075cfb543f55090e9d6398829f76a99037dfda2a004949de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
464db833e5774d24b758f97a6de21c60

SHA1
2a4e0d1b088b8dcb610a52ed69be053fa10b67c4

SHA256
1cc9a98fb48d80e22accd0865296a14984ebe31d49912b75f0ec0dabd3c3d5a5

SHA512
8c82493983de4fd41da5577cbbdeb8f9ea5ed59cd22a88f9c58adbc851d351c0e0222bb384dda9565b9b9e849bddcaa90b0b0e10b77aa00c765c172e37cec9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a5ab365c5bed59ee7ae98b8fbf1fea39

SHA1
737630bb9ad261f4cc4469eba1c54ce78c60a7e7

SHA256
8fcb4b50aefaf7b87fb66a628b93519e77d182bb1a6209dd3a3af06acead6994

SHA512
99856a745c99cf0b03bb76f3a92def167055296322a8c477a34e713bdbe04ee70361622a68748737d857292dc1d333b90afd6a13cc1ccf0157cdf8f45403ce09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f9f8a31329d73978a45256dbdc303299

SHA1
b07f6ec3b8caaf49abc80cb7ff54266b126ed07f

SHA256
b47a9a4be4b2a751160f93126c76168e54da6cf699cc7b77afc18492f61df5f9

SHA512
5591b61f06db4a3b6f0312523a56a0619603d7c969c75389325532a16d9e3b83366ff33ce52793bc97c36adf9ec72886472b4189981332f5139a4ebe00d824c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a77e0de53cbf98b5c4dc9addb2ecf963

SHA1
cac63a6f97dafb654c0a3852d44a410216f5bcb2

SHA256
e61e1c7569236b65b7b2cd8453879493130dbfc2bbec7a5d68327767bf51ffb5

SHA512
0b6bbf9e0f059463923fbea61f41c53a06597a26b4ba5e5aac2a6574bfb3171cdcc387b9e8200791fed01ea9289ad02ac23652ad16b3fd1405799cc20021ee04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d1695f853063b4a9300cdde783341cb5

SHA1
5d2fcf188a49bdc1240859e196a7907090d84a52

SHA256
17954f13b50419ca8841813dc0778702fd206a879cb31a568dd18a0594c9fd18

SHA512
1d92dfec83bbb875120ea72e286e27a32669ceccf83c8f6b388652a4dabeeba5f61ef4b81cd0e7d6fff36440ba875d08e3dd50666678e2e40d937c30b1cfc7bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
33974dbe0862c1420ee4e273efea1d65

SHA1
2f48be56215f9c74e11badf9ace71aee9588b28a

SHA256
94e6951cd44c1cfd3a6801ec738e30e898cf92aadf82d80c6c567dca25272800

SHA512
5b3fbd7fa4455459c999509bc368c0437afce07a51c427111f08b82d7819b7c16466a4007cecd9ece7da1e94863953c6777ed5cf0d80ecd28374a20d9255de86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9b1623f75feb271ebbeb84f9ef7775dc

SHA1
315bd973d8225ff000f6023cde127daebbbe2f7e

SHA256
d8686d125ecd10c1c92d1666069357e60956b9dfae8239b8c33cfab5467352f5

SHA512
ecf32ee1729527a0386b892b91a5dab586a9d24c64ce9a04cce017ec5c1defd2c709503648c404647c9ec50af6dad6801d00653762566922ab49c5836a9a1508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2b518c8281878e16e9661831b2b900b5

SHA1
739b723195e5afac0c171861e19af86481d55a63

SHA256
a6e40f12685fc3fff1414d31c736f750920bcf8d6cfd73f35a419d439b5b94b3

SHA512
fa83f9ac74645661ed7b0279601de8cff4b5a500fa83e85c2ba3c6ea0320776f9e6ef0abe8d40eb3403d7c1e4c3cefc8e1821612653f6b29ca7ef7b14608f0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3e2def068991c57912a18016fcc3bec7

SHA1
904a3f0a76bcf2f4af01d1e630bb16b0af728184

SHA256
297d3195ebcb653b86a86f29c34b60cefe02b048fd04aad73a4d9db5f9ca7998

SHA512
43ee80459aa7096e4154d0b192023f29a93dbbc9e54b8e10e942d072b911f15fe1c28d0d77381bdc95e8ea481782c84c0eec5acec1a4dde614900eb0141b73cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
261b46e2817e982f46eee6a1db52aef5

SHA1
10ccee25507f102e71487338a518484a2be016f7

SHA256
b3037f4cfe25e59e09c9fe7e59b8408ffde61df7d1d78871f694af940db5bb39

SHA512
4dc74f9e4b73de590e01fbec3effed270e4715a44974bd5b26c3a35c06cdedaac2d0842d838e0e6bf6bea01c086f91ce4d2cddb0f045aa1e0273b3385400fef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1de5828f17656d2f76e436aeabf9655d

SHA1
9ec7279fb3cd5d7235f5aea46fed990ce8ecd80c

SHA256
363300eb243c2449ad6a86f3690ebdef1563a6f73c3151042d9ce373eb582e24

SHA512
23e8622117141be090285c926fa78b51fcb3860caaf4d127a1cf54844a45816d1095f81c7448659ab9191ead9e354dde9ef3e9e764bb339e5aaeabdfb8162149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dae4ff2283c76e1a600abaa2866819b5

SHA1
dbdd1b75272f7638670f41d3f32eb4b8c67544d6

SHA256
500fb0700483c2a54629fdc0b236897b79a6b46f796911e41755faec4dbf0d5b

SHA512
0a7658268d1a50001e0e792c50c4d5caaf3e77e6c85944536ecc095c8086e4ce0d930c0848bf32ab0ff37d0dda630f4e8c86b262b23b7763b39e63618dea5edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce9a20a524e1f6ab7bbb85ec2775cf82

SHA1
07a4ba42b5720d5e140bafba893bb679182191dd

SHA256
b4c709839f860509ec2bb26f6994a990a9f929a2d3a30c7c36b8a31575bee11b

SHA512
2153f8796000c4d2378d549a9b5b4f78b0be4d664a817bc4b194d5ba0ce45008092bdd727648b853359a2c1ac020a459e6786d4f8036920f5089b6eb3735ad8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0943d2dc5f7ef73ca3ab2564b5d774dd

SHA1
69a8428b312f29a6f1cd464ecc20a1541a91826e

SHA256
12b7c152c7da848394de715c79498d4fbb1c53e1242dcdb5409b8bdc24e58bdd

SHA512
0f9e20b8893530166654e1df0eacae2e7e300da5b88c90ecaa4f0f36200085f0e3bbe2e007a7c5711a93140d6e24aab2506262dbba7514836902855282190adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0a4e374ff796dc852ca5881b05699b09

SHA1
ddeaebcac01e88fb459ddb07b97491336859c91d

SHA256
a8a52c48e166b0bf5e16a5428f5a1a80d479b1bec17b9113a4167324f459ecb0

SHA512
ba47b62a2b535363a226d310ae320e0d627c33922cd8ab26ed8fc34af5c2d83024af885864e78d7965c46b71a28536fb6ed39c9603a6c1978b84408a0250f830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7f801f016eae45c33254eb01106e24f2

SHA1
9ffdb066e78e66544bc80964d039b9bf2d03721b

SHA256
36f366bc0295ae880b803d66c584cb05e7f0ff93ec12c3bc55aaf9b41b5a10b9

SHA512
705604d5946a2a4361cf432be478ed3278326d94c78fbf2bb791dc409d79a49dd3c2b2bbbcf3c67528ce0dd28e1482792366b160213d1f18081d3bd3f3e0695b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e94a9b1037e78132a3357a8ea71b875a

SHA1
5123a8be0e8b244c4baf5a19a50c0acc09ccd057

SHA256
41c8d623221c3e4cec1d8069c2df17894c9acbb5fc742b78c313779c42a66221

SHA512
c5ce4aa27db18b100a4714590635b5c63000bbcd5034298bf03e424b82966da86a67ed892cfc283e6894dd3d7a309e2965ea5880da75817fc3524a678208483b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4863ea64f977744b2fb81875adc14b79

SHA1
827b11763367a795a339105f7c31b2ecb11ba9bd

SHA256
35c847feeae411c3a5ef1083109e3718c49f8852bf9965f56385ca6ad69450e6

SHA512
bf13f2b27572dfc1945b239c23ea747d6991f4adac3a7716a86521155c266819620ab0adbb97ad98eeab2a21748fbf1d56c168e595cf4e60bf9a49638a0c9cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1368bd2ee88756ba3243cb3d433335ac

SHA1
373ef850a94a1ec1434a805653c5b845bc6c9031

SHA256
d9e325b766187a64c443708fe351be92f0e3046824d50d6419c817850b1129f7

SHA512
b135d00bf22fc6e54074734e1aaef50346c333c34770aede4bdce913e29c6a3faf0853641f6c48594ff87e0dc2f3537e0458fb5a006fe49cd20e16b685e57a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cd8b26ae2acffb13011f98ff9326c3e9

SHA1
5b2bf9cb7b7b998bd46bfca2045d47b772b8d266

SHA256
04c157d1c99670e6d5dd8f43c1b6bd562faddb98d057161c5354561c478ad02c

SHA512
928e5270da8bed1a77df5fa81c068122c39064689fa0d637c2870955af6eb16fab0930588e1257ee477a22234079bd59d64156715b188e939780f1987432b139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1404e43f3110c936b5f8c348613fd32a

SHA1
fe8d78587fcf8a1fe52e45b94934f4363f500dd9

SHA256
2cd6c9a792313f4463e98ea854ca9f3b6df6b326ee45fdbc3cafb2a6b09119a2

SHA512
9bcf18a96255218319b96b9da8370b601039033ce811be3cd48f2cf0db3dd29378329179a9a46a5ea484d1b5056673af559f509d0c13d7ff35a67c193845b597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
def55b91cb606ea9d25437e876b53d72

SHA1
a63ad5cb8edba8bd37c2777dc796e7c77ab1b868

SHA256
1e9e0feec0cdd4e6facb7b10a94f1ba2ad54dca7c9360cc26dc9d35f23176b17

SHA512
1b05befa36fa1ae2e6eb34098ba01f1f5d4b80f870f946c69032e4356cbefd27d0b2542f355c5670dd92f3c68e8fb3c323888f790f0fa90d6bf2b5c996c34eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
5cfd13c0702ec105ba9427fbe3d19c97

SHA1
34ffa807bf33eae1bb649345d340332a20553f15

SHA256
9e52a1fdc54983083e22f48c23d6f2f96174283c5f0b53901f2c780d5269b636

SHA512
ea2775df1557a74fa90bd4ca31664dcf87879d425647d2c42530692bdbda58278b77047816977fee1a2367120c90f271094b1a4e3cabd9797bf078ed456c9f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
4KB

MD5
d48a255888c49407249611f37635cc17

SHA1
6b549056cb56565d62b7892a56308611e7ee88fd

SHA256
15543c9dc6612b2901ad167f6a6fe4beb676ce06a71f835dbc0536b801150b1d

SHA512
93209d19f828d228ddaea114886d7900374a5b0eeb148a2f80b90b94a3b9ad5abd15fa922103f180155381e42c284fb3095ecbe4c22f0ca0ff563697ac70787e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
8988cf2edd1169db8fea104d2bdd5547

SHA1
c69538fcdf906e0fda11a8d11d93bb543c5e1daa

SHA256
c2c10c46c1df2bec123bd93d072308dddde3198cccfaf9e3c81d7b5f35909087

SHA512
8d7d5076e647c0e2f4156b3d5728b1cc7247a404f27090b7cab0a07525ae954ac20d602228e0917da7d34e4a17d9225fdbfc89a1c087d752fc33caa3b94378cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13356537848351937

Filesize
8KB

MD5
067d35103831fa9f34125ee10c6b9424

SHA1
a5cc0be8ddb2bee051c436c41059ef765a26e4a7

SHA256
20724f787392d270e8ec9c9c4113363c70a88c3c5fa54ead4333a2f09933af0b

SHA512
2e0436b6383088610903d7168da28506367e5ba76eed29e494a13cc31e3ac0eba294fb5ceb3f9aa18dc9416c0d87a34fe15bfb7a27b79ce6d1385a77abb85c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
0d531f71b6ef7d3382dfc15bccfa06cd

SHA1
f3824484858841fcc9a52b5a0273ba1697eff344

SHA256
cd8215ad171d32830fd24aa026ef5049af5f5148340a52da55401217338c9fe4

SHA512
fed5fb621212425fa14859deceb36eef28a39c632517cb8539d68a3fb361408aef566b94af2dbc83506c3554fb72e3d787440eeec0aecc37dc2c5aada5514303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
e7d7ea18559aa461d6f588be27fd8b8c

SHA1
342ebbcae06e303cb53ae0a48e9f633729158362

SHA256
8f7f2b5ed9bb093b9b1b44f8f51609a3c9f002227109dc05cfb6cbd327edecd8

SHA512
ca4122647bfce72504017a9698484ad1d9f83403e2481bf6c280f7d8456ca6da1121f12b8963b96e3b804cd499a73e405c6846c3d98c50721a648a5159635f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
b1f44f9756c9167cb1df019d7801b7b0

SHA1
ac5b967ebf9c8e02555c17f9cc26ba73d4c939c1

SHA256
9e7f06abcae8deaba3b058926cccd33ee01e0ca2c871c68d9429bad4b09c117f

SHA512
bde4b1f31a7469160efe6e101e9f7a29aaa4aaaebf70060bccd9431dfbf39d78a762696b9d7fd042b926346fba9a95607125c9b332abd71852d7ca8469902dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
5bfce231faedc74b2dc989ff1231b63a

SHA1
35a393cbcad7ce996c7f692804a2a5327c276244

SHA256
da3eb0a09d3a9c87d927e71c08745f5fe5e64764df23059dd3f21f44ba69fdc6

SHA512
7d7197f77a8e4b29660bbc522261c232b142766dd2b31b00b9cb2bfca3f9aa8158e5d921bf73c91a657ea64c9fbc795eb8339dfc61dc841a0d0a9314a75e3cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
d548e13bfbd6a1b7ce6829e01070c153

SHA1
3f348d69236bf451b2bc95adc9b6ec16fb854a0f

SHA256
e5c4ece38f946ab440f5a603da19dbf65e33fa60355e1ff00812b9be7e8627bb

SHA512
c116ad3759975578ed33d4d471dc0e01278221e537827165caf3c3a5f0dcb3efc76122af3bafcbcf51d799de35b2f9d03ee02d0553869b72cf0c3e51db90f999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
4df6ea229c4207c4a5d0d845ec1e276f

SHA1
4a8ee95b23cb531eb79e9b8c8817f1d607b5679c

SHA256
9f8659ab502f25f278cefed91eb6789354a42ea858bed3fd1ae8bfda841d3fd9

SHA512
4b47382d187f0263a01894bca527e4ad3cb7598aa1f8aae89e36ad6a281bbc6fc4fba620872fb6b3caff5d1edf0d9ce88c6257e370cd14996422d18300f0989d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
a02f178c30217d7346a0b959629469f7

SHA1
2f1c78b691640ad23c934e1eadf2acb3ebafa8ff

SHA256
1ead96b8b9632c3e5fb83957e924d277609efd45d6273149b5732f812f4b8b5a

SHA512
96c402be037a86f47ee5d1af9d300738a77fcb0e91cf70021bcad386de56880a79affe2a181903288092180a7c8cbc8ba01c4c2100bad16812a643168542f845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
d6184bba2aa099165531a1b1ae312220

SHA1
c4c1dec6d193682592cb1978ccea141842f804ce

SHA256
c2fe2be34ee7e47054ada70b717d79d07eef4a8cac2c0514c45c280cc7a990c3

SHA512
125e5b3a268cddb565f808ed35aeb4d0997e83882a823bb17452b12de0ac91457bff599639d1ed5e4773aab6f1fc191b54b526fbdcc76574ab88d47fda0d8ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
dcf86b760e930b9d8dccf7658211f895

SHA1
aab36b68e7545defc226870aa8241de2cbef4f87

SHA256
bd5fd7e82a2a2ae99743101bb2a56755d137784e4e18af3192ca8ede190e2fc9

SHA512
b517b7441b7f6181f83179ded51eefa77aa255acaa575e3c757925162847782d53ae2744f86cf3686b53e48b3e29e89459cd41baf93f2e617cfee03fe404fdc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
8f3736d5d43e198157ced2f46cd1a605

SHA1
211ba2b3facfc9579be998db5bb1c2368bf747e4

SHA256
f35d116cea387ff62aba18202ac0a248d49548194f164fa6d97afb5a7457f03c

SHA512
029fd846bdaa552bd82ef19ea35ddc5762ee028ac3bea550832b3c9962e54f4e3d8df7e974179b003297bebc6db3065a1c912688ae3eca8126f4c875896de137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
a82d32a00049be07fa464941a6e1ccef

SHA1
aadecc78da257a0189c440ba1cbd187e460bc3b9

SHA256
d8473dbf2964bdb719fa048a2e475b834286224df6ced2dbadb38cca647c6967

SHA512
6ae86098143820652cc4f80e6d285bf007459415b74a12eaf95d40706fa4afd0a71036ea3be8db39473f2b243286de3ffe58a8429fe94af47478d09ab3b2a13e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d1daf1ba5aff0a632f8b9db848312ff8

SHA1
08a0e835598e82141d94065f3213707a290279cf

SHA256
e4f05e914ef32c852fcf749f5eb3d6a27c398a16c51f418d824598f4cf15c6c4

SHA512
be4ce2061a4b7b3ae896a4e50d2ffee75976805f564bc2fe5a8fdb58c448e28bacac92ec1ca4a35d2403282df1c1f147b185df119cbcc97a1d2ee7083b335403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
687ff3780413b929f473b2f6698ce25e

SHA1
f7cfdaab1354bb496ce2e59a161682022b31e6a4

SHA256
140db2f27fc4006b634ad58a2999d4255c155593121470de2926408f4265f737

SHA512
5ac1639847da558ebaff16f8c8d9f2c4ffb37599e180755bb4aaec07b42133eb430ac9b0bebb122f45bfe1bb0a243ccee588ee16ab0683bbf93338aff574ad29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000005

Filesize
16KB

MD5
8257043e1b6a8ec4a61518c1539f10f0

SHA1
b74300a0c170428e9c20cbbdbc1d1f957adc7089

SHA256
3134234b93f92c12e368fdb69c555267e42989f807ad2972165ac2b21f6fbc30

SHA512
d0e4fd0c95da41456db1964e8f09cdf3096993f0f299ce0ee73b2b4559f9b022465d1aa6615d0b3dabfdfa1fd75352f3efcd944c029e2c1f1bbcfe4ef19627a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000006

Filesize
16KB

MD5
c8698c415ed737acd8fd8512c5821733

SHA1
2ca7990e2f16e5a8fe92722074a30336c3e40bf7

SHA256
c5ad4768807581c07c049acace5d4bd303987599c59b24b1f818b72f58db16ef

SHA512
363ed39af177aa54060abe8c49ddf11a2296b6f8e59325c9b6e0b6e945eb337b565d09d775eee80ef8e2b94646ad75e4d23a13bb93407c5fabda817b3195bdb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
be52daa81f390ad0d73d7f8510fa28fd

SHA1
d7b780f8abff01db1534726e5788723a80170689

SHA256
b93e1b76adbbae56a9f215f2eea2850bc1aa96d793dc6b3a80aae87165ecec9e

SHA512
8dc6235dbd18c7ec12fdbdcf6ea041bd50fa0ec9cce1a0fa22f0a3b8532e24fdfe32d539339cc0bb61341bb47715db312c9cc0c656eea4e676541e2ccb335d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
133KB

MD5
bcbbb668bdc31c6985e7bb7243554099

SHA1
0c5c484dec522a60043777653afec54ee6bf544c

SHA256
a42b9242f24b16bc93b475755a7e096d8fbb914fce77e539ddddb6423fa5d799

SHA512
523f568e7367b8997f06063a2cd2dd9b036b329a5789b619202d21492d80540cc4467a551d7cab91d26f21f9f233f431f0b2805cac8b97cbeedff3f3a19e6049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
133KB

MD5
7d39a8dbb5a3bd5af4cf48d1c29f4e80

SHA1
67b90de5ec37c7270c1045e4a23a1905b849aca0

SHA256
56c7cfe32d105dc9bf13320b3463c6927eae6a751644c2bba27b7bb9469090a9

SHA512
8fa5a37a32235f2f7b5ad1e80df847ba81e7eaab32f7ca6c24614d18a399b07576920e2d836deed5f5a087ac7b9149742b357c462a73cfc3117ec6b7ec19b77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
16f59996729bc52eaf324d46aea3c271

SHA1
ad648b35e703d5bbfe50a20d1063ca9f31dea325

SHA256
68ee51e78cf67a2ff8815b47cdd788b17182b0e2dc6c3982aa6e2d90f6b9e2ae

SHA512
669b10ce5c4a4102d0650ea93388626f433c147c631de0c199fe1a7c0ebc25583ad46a0aae939ae8caf8a18e33d6e969af9b1d6f64a184addcf5798bb8cfb02c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
b61bdd9d44dd4c82d88537ee89d0be62

SHA1
c3d6bb3eeffdf330ee5ce7097341dd9121b860d0

SHA256
943fe5641a5f69eb3548e5ebbb4659738772fa3a4807423f8a003ba30d05394b

SHA512
ce8aa00cc56a65154c18b17ad8ce380aa1ca7e7c704017ba127b0af151b29dcef0502ac87d11249075df66d3e8c310cbbc67b3395b8946eff9aa2d95177b0bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
f6d8da05781b5bce03e3e0db97d714e4

SHA1
be2d452edb1120e8facedb40d13e33382a58d97c

SHA256
86a834e1ddbd4344b4bf516be21ef5b758bfee36245d25aed52f8bc0315ccd7d

SHA512
2a2bddf30969dd44084ae1a74a86452a411d282d016eda12b074e2ce492d26c582691fa7ead485aab4162f7fb14e7902bfa069a5c37f7dfd11a9b66f847cfe05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
10b4cd37328130df0d59ba9e2ebdd214

SHA1
d342ffc251b44f91e47f8a9d73f9074e217c2c4a

SHA256
54c6e49b297b421c56229f8d945d51005f5562cf17eb8c9ecdfa236723c5ef09

SHA512
d82641404792cd08364c157f0d943a8e88dad0adb31d997987a6975445a3a96196c37df3d5cc3e154a6630732f1cd8c44ccb67d7a07b54746fb8560ca676edc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
a0bd733efd452f00b652235b94501314

SHA1
2bd26b9cb074e8af103e733a597dfd43333d4b72

SHA256
4b3e2572214d8e03293149761b303278c5b30bbe372eb7b3b40e6193752e51d7

SHA512
8e0e4907829c682240670d5bce80225bd6cef97c5c0cc64b7f32b943b4d06c40a8a7f00dfc877829d5a4a2f12299d6efa82b328cef9b843dab0373c92a37225d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
992957c4943407ed0be7639c367d427d

SHA1
645141bbaf3be1625a874363a531bfc40d072dfc

SHA256
8cce7b294ba9e9ef8793ca08a60c6552362468f4e8f9ab944ed31830a6ad527a

SHA512
6150850b85c005d819b9218d002008822db17a7b38979db9b8cb06d1e2eda7f306eb885c84f91680b153926d97921e2c57e2e7c00331c5a1cbfef8cd93ed1947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
f8a69e5129881237cfde34bd75fac5db

SHA1
e052748d93a4063c18738f4d67ebb56cdc6c9b58

SHA256
c2f1d2239cb0c6217586202fea0d066f2fb32f26224bae7618427fd28be8401f

SHA512
0c9392600c62c8dcb8135a09e49ec8414268522618c1d1abce812ca1556bd6dc29344374ee7fa8749d4c1cca16d250b7af607f8996493f35fb82531ece5c3c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5cdf5b.TMP

Filesize
92KB

MD5
ad421da4929b104d32dc2f3cf84fe357

SHA1
93cda7d4624a6e880c422bd1875dbefb62e66a31

SHA256
9e08c9c11fa21c988b529cbd52f03bc141d1f0ff8917f2c7c1ddf0db020becf5

SHA512
1060bce65f34bbcfabd338b138d61f9b10b2fcea68978b4369c4145d0fab27d40379bfd3a13e44ea24ef45df929802ba4d9cf013775cce8b69ed8c45a9e301b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
bf037d66424ef7842ad13ff1e92f9d09

SHA1
51b5ca0d8fcfd42fe10dd5fd8edc7d110c6c52c9

SHA256
0b614322f9307ffae7304b035fa4b654ec91be593c5d8896c98cf73a8be448b0

SHA512
906ae1306f3ee66a05520b0774a0430a6122b5a85497abdde8eb057d179b1efe502b6fab52fa1a8bfe7ae7968c4d13569bd094b50024dd7dc65458c248dcfa3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
19.2MB

MD5
f572e2d792f30dc6ad9d39c0de08cd48

SHA1
d6a6147f3f51ff81e98ec3eec0a165363a492146

SHA256
1e7fedeb61be1cc4dc662604240339521d80e75016bd9352e05271eff4ef3306

SHA512
47d709a9104e97432529ad868f34a27cd4e325657215b9a2542356866d34b584b7c38a7918757c480ab2d236e177432d8d8a86290e1530ca4e8f1a24672ff6f3

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip.crdownload

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
\??\pipe\crashpad_3700_MFZTDFAGVWMIQEYB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2252-1135-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2996-2424-0x00000000735E0000-0x0000000073602000-memory.dmp

Filesize
136KB

Download
memory/2996-2453-0x00000000738C0000-0x0000000073942000-memory.dmp

Filesize
520KB

Download
memory/2996-2423-0x0000000073830000-0x00000000738B2000-memory.dmp

Filesize
520KB

Download
memory/2996-2421-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2420-0x00000000735E0000-0x0000000073602000-memory.dmp

Filesize
136KB

Download
memory/2996-2419-0x00000000738C0000-0x0000000073942000-memory.dmp

Filesize
520KB

Download
memory/2996-2422-0x0000000073610000-0x000000007382C000-memory.dmp

Filesize
2.1MB

Download
memory/2996-2416-0x00000000738C0000-0x0000000073942000-memory.dmp

Filesize
520KB

Download
memory/2996-2452-0x0000000073950000-0x000000007396C000-memory.dmp

Filesize
112KB

Download
memory/2996-2451-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2455-0x0000000073610000-0x000000007382C000-memory.dmp

Filesize
2.1MB

Download
memory/2996-2454-0x0000000073830000-0x00000000738B2000-memory.dmp

Filesize
520KB

Download
memory/2996-2457-0x0000000073560000-0x00000000735D7000-memory.dmp

Filesize
476KB

Download
memory/2996-2425-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2459-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2468-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2417-0x0000000073610000-0x000000007382C000-memory.dmp

Filesize
2.1MB

Download
memory/2996-2418-0x0000000073830000-0x00000000738B2000-memory.dmp

Filesize
520KB

Download
memory/2996-2578-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2589-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2593-0x0000000073610000-0x000000007382C000-memory.dmp

Filesize
2.1MB

Download
memory/2996-2596-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2643-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2651-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download
memory/2996-2655-0x0000000073610000-0x000000007382C000-memory.dmp

Filesize
2.1MB

Download
memory/2996-2664-0x0000000001230000-0x000000000152E000-memory.dmp

Filesize
3.0MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads