wannacry | fbd14a801dfd7473447ff77e13e8a0a0070459ce871b1222ed38faa9c67ef210

Analysis

max time kernel
370s
max time network
383s
platform
windows11-21h2_x64
resource
win11-20240319-en
resource tags

arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
submitted
04-04-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FirefoxPortable_124.0_German.paf.exe
Size

128.6MB
MD5

78d73860b8402516a1da03ea38b94de6
SHA1

5acd6fd1db7e8792bd0c5f8c7bbab9e826d6cf1c
SHA256

fbd14a801dfd7473447ff77e13e8a0a0070459ce871b1222ed38faa9c67ef210
SHA512

2f95c4a977569dc5d8272c778aecc595f5317fd6b1531fee181a607b05fad76b4c33760cd3d016955b96c3c6b12de2449ddc59d185c31caf48a57fcb46904c1c
SSDEEP

3145728:XtyKufiNMRj5G306aqKTllYe+T2bfrTAHOi8UIqZ2fj:9yKybfG3RglFTHTAHx8U2j

Score

10^/10

wannacry discovery persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5FB2.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5FD9.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

2276 icacls.exe

pid	process
2276	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dxmpyojihutnaoa414 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

41 raw.githubusercontent.com
146 raw.githubusercontent.com

flow	ioc
41	raw.githubusercontent.com
146	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 4 IoCs

Processes:

UserOOBEBroker.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Executes dropped EXE 10 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]

pid	process
4492	taskdl.exe
3340	@[email protected]
5580	@[email protected]
1924	taskhsvc.exe
1116	taskdl.exe
5584	taskse.exe
5948	@[email protected]
6100	taskdl.exe
1980	taskse.exe
3768	@[email protected]

Loads dropped DLL 10 IoCs

Processes:

FirefoxPortable_124.0_German.paf.exetaskhsvc.exe

pid	process
5400	FirefoxPortable_124.0_German.paf.exe
5400	FirefoxPortable_124.0_German.paf.exe
5400	FirefoxPortable_124.0_German.paf.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133567049109166565"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeMiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

1444 reg.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier chrome.exe

pid	process
1444	reg.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

FirefoxPortable_124.0_German.paf.exechrome.exechrome.exetaskhsvc.exe

pid	process
5400	FirefoxPortable_124.0_German.paf.exe
5400	FirefoxPortable_124.0_German.paf.exe
5200	chrome.exe
5200	chrome.exe
3000	chrome.exe
3000	chrome.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe
1924	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

@[email protected]

pid process

5948 @[email protected]

pid	process
5948	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

Processes:

chrome.exe

pid	process
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe

pid	process
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

chrome.exe

pid	process
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

@[email protected]@[email protected]@[email protected]@[email protected]MiniSearchHost.exe

pid	process
3340	@[email protected]
3340	@[email protected]
5580	@[email protected]
5580	@[email protected]
5948	@[email protected]
5948	@[email protected]
3768	@[email protected]
1768	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5200 wrote to memory of 2400	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 2400	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 6000	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 5264	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 5264	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe
PID 5200 wrote to memory of 4976	5200	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

1924 attrib.exe
4964 attrib.exe

pid	process
1924	attrib.exe
4964	attrib.exe

C:\Users\Admin\AppData\Local\Temp\FirefoxPortable_124.0_German.paf.exe
"C:\Users\Admin\AppData\Local\Temp\FirefoxPortable_124.0_German.paf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0ced9758,0x7ffd0ced9768,0x7ffd0ced9778
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:2
2⤵
PID:6000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:5264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2748 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3248 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4904 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5404 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3384 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2444 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5292 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5784 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5912 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6096 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5624 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2800 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:3500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6040 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5364 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5444 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6012 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5376 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3404 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2584 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5448 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5160 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5572 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5944 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2456 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6056 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3252 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6132 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5956 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4016 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5748 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3348 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:5600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:5968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5336 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:1
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1804,i,3458459610472377395,7180351435017149800,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:3380

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:4964

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:2276

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4492

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 136041712231520.bat
2⤵
PID:1876

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:2168

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:1924

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3340

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1924

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5580

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:5016

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1116

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
2⤵
- Executes dropped EXE
PID:5584

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected]
2⤵
- Sets desktop wallpaper using registry
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5948

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dxmpyojihutnaoa414" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
2⤵
PID:2920

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dxmpyojihutnaoa414" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:1444

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6100

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
2⤵
- Executes dropped EXE
PID:1980

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3540

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5628

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2188

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4328

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
1KB

MD5
219ede3ad7679c0ef348e238812234b8

SHA1
9576767bd0840633f993dd5bf8e163d0f3e43934

SHA256
e8fa79f64cc64a1af53ab41afb9c824d9eb58554839f8dfa50aef846c637a611

SHA512
a87c664a990920db79b028677ee645e7663bb448afa6cac84ae3be2c439ce9462910145d7184af9aec6f83793ba28ec408d10d5a7bb91c089fdad7d9d73ab2e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1490a18278e67152c23356c7d007a954

SHA1
e4919119971f6107f3e7e261e840603c2ee22ee6

SHA256
895f02c699237d96adaf9317365225a37af6f485290531ea6afcb98f514f1d01

SHA512
4ee9865933485ae2e2ed1ad749300841f6043db3f1c99dcffed9e87ad67caf6fe10c41d5cd38ea285c508d123251a36a91d6cad5392fcad100ba7fa0b5cb1cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
9122537775a9d4d6b3e3e686b031a904

SHA1
871e9020b6ecdd60d9657bc86a2718dcbc386ea1

SHA256
aea9e4425da89c190ba575334fc145c96d5b742e49998caeaf8d8cc0c3ee4431

SHA512
48dd6cbb79c5f9587ad49e2587174f5001e8e0900ac11955437e772b4b4ba99a93fbd750a11fee9092226202a00c31647ba477b5bac537b885144006a5db2125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d1fb48a634d2617467625867616c01ff

SHA1
c14175848d8f1e44bcfe94dcfbc137c7f0d327f8

SHA256
0f1770fac6b39fb397124ac14042d803dcfd767b226cd9f55c7226c1b0659965

SHA512
91401586f25f6f00dcba3d8376f5dbb9617cd65a1edd09f87aa3e597b7fd5aab800627dc223de31feacc531124658c1a688cebaa296cc1f18a0dd1604cf43559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
18d54136faf958399dda561998817b39

SHA1
9f5cb4c83ee59bcac8fd476deb901705ccffe4c6

SHA256
5f255836d31d7787146e2fbc593fcc9ce5fc3f60b5dacf482163715c1b2bdac8

SHA512
841a2eb04a25e8280eb7f548ba466bc6596968fde5986a7c187403a69824ee1545b291522ea7b1f5ddecc4d4a8243f2f9bab3859ee92893e71e50ff2322c9417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
57942898def8d5d4014d4aa5bc25c16e

SHA1
e9f4b2036797d3c5125cf35c4e3a53f2844c8fa8

SHA256
aa33abc2040e695c24d3f606c49bf1773d232a090afede4ac6e68826e453e516

SHA512
959467da6dec2ce0942e83a0f8acef18fea949d42729ee8e4923d4b862be93ff17b94eb418eb2b9fde1adae10295afdcca8a6e87d505d30a6347fb59513fbb6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3e69f80dde14465d3707e8623a7d617b

SHA1
8be27e6405344ef0ad90a1ea7f64fe8ced675390

SHA256
5f79a763f377bfe5aa685733f3c7c8acf08c63c30e56db8b255471e9c38a8fc9

SHA512
33975e10b5c2f01a5707ccede1ca8d531dfb972551c4d2985534f91c24923f335a671a564174f0150a6c7bb66133753db867da7506c24134ce8333d514af4d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a604d07d4480690160a4a1a93633221

SHA1
269dc87d577201604d89f2ab6237d83de5a296b9

SHA256
d6062f661baa6093ca5951564fd29f08857a7b9e8ce3a56a5a549041f4721cf5

SHA512
ddcfffe0a2740398f5bd8adbe0df51df652f757d5df2ee23922599d93b221db1e282d7ff770dd7d5fb50a6ae64fa68c5a4e537d11207c235c2ead6e758d6480b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00abc621171e867beb32f88e624aab49

SHA1
4b27cb2eba99d0a4d0b08c4d2adfa72d98d291a9

SHA256
c01c25666ff21ef2155d7113bf3e2cadd1b0cbbbf86350e2fc62853659957369

SHA512
296d3df64613af2bfc81b0bef0221ead4427633745fa6d1bde8c35d63ec4d631446e5030ff5ff18788d844cbcc07dd276f0bab333fcb41a251b72764b47fea9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fab241f2292276eff2214aa672c6486a

SHA1
62e6d266e3cdd69b8ce79384074cbe7d1a3e8299

SHA256
d1ff9dc996636770100c72be04e9a4920da1476c489fc85feabea428a2094919

SHA512
8e34cfed672f6fee826a4469e1eb397abfafe0089e1a06198ddae040c598253649813579106b6520752d76046a97639874ac3c1f399d18671cd0e1a0c7e53ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
216ab720908e3e0985aec0f8ebd6c2cc

SHA1
6f7b47f65a77c1781bb02d471bd0584e88d0fc05

SHA256
9badc57173f82452b3eff89896d77df2215e3e593662f3b4838209856cf95d10

SHA512
d222156ce8b899da64c15c16aa037bd8ac2ad1cf7b31bddb994256633b873132613b9c3c8565e374cc8d469fc1565e3975a2434744792edb401ad429bb63ec45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aa08d59dfd29a05392526ea7023ee66a

SHA1
0c871b16e12ad1b13ff2e1394ee423fae275bb8c

SHA256
8aefb922a6a6a0fa3895feec63b6bbe29e3f53ab7add53ac35837ef15d1186da

SHA512
af38ad166e7de5eccff23e474cddf256b0020edb55eb7dfd289b8862c2c95456fa15b17f04233a13598a905272b1453f37c7879746a3e4b32c9fd2c6be1df10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
325e6a6ccc7b654e2e7027f3b9accd2a

SHA1
31fac1a81a2b17fdcce2a3128f125fde7afd3d67

SHA256
15b363fdae81ab8f367a80caefdc4ea4aece1ad4f2c1ea223804b54d3158fd72

SHA512
b76839b92090c79e7e8d18d08216e0a7394bd82a0566192e7a6c1632c06d81351eafb4761b40364832e3e271e91a3a5c8e0582cac22fd7cb4099c62afb853e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e1d5f3a3f64cf9cd84ddf622de146e1

SHA1
f1601d5d90033bb032e830e8b9517346fa7fcd40

SHA256
b1437207c7dcce31f5300c6e6f7c9bd8b8caa2e2156ce8f19f9e8ea46ecaf942

SHA512
d7bad2a464dcbc82d2ef239e15ad0978a156cae501604e7a5c783357e871557385a476fb80513c624d2a8d0d8f78d8af04cd5256cba918f07e8e56cde558d05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
47402d2d5453108d30c704e9c3d31f02

SHA1
54160566b8bba72e543d6200485ffdc1d4b87bbb

SHA256
e245a398bd52ff5461daf2216dfda1d29e40b2e1fb44c3cc89a3e59c76de414e

SHA512
a14551a28de4464cec5e95eec4c4def2ad58a90bb8e8d79377d4b7fe9d720d6a2c0d1e6d49a060eb1f39b3b712e28f16bd2652b1324bf43039a049b4ce3484a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
49abcc374cc1ab319973333eedaddd28

SHA1
a9ccb17c55919ab72dafabcf846607445f33a9bd

SHA256
e2cd519c5552f3233962bab4c0c594b9b1f5e9a09a167948825427918c7b2d21

SHA512
43028c1b7bb2ff97b1cbd23ecc5b627ae559bcb8987e8acf10c3102c3c52b40ff330e8b2ac8a4758468945d2a8cf303d1fd367e9706e7ae2e41baf469dc6910f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
12d4dcc3405768777c7f091792917c4f

SHA1
656057ee70301cfa5963d0a0d7be610c557ab3a2

SHA256
ce615b454fc10c9b22feab8dbc954fec8066487916c03e5aec40d4d49d44c814

SHA512
af64979ebf5b1708387ebb4e837f4904df7309c3c0f0b77379c5cfe62c0df4cf69c78e02c122c30b1d5f966b42aed1cc352ccd2b7e1c60e90a1b426cfda542e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
527a34ed496867a3008a56143131143a

SHA1
e83c2e1a9a1efc2f125d6148eae8e6bdf9265871

SHA256
9972f7a8c4a675c4d18f7c34617835e54461d2c1a5ac84ef2430a9165c3b3e91

SHA512
608a0635ff60c130b2ddc41a0c64d3d69094337f2632bcb88a2db0faeda8d27a93c1a5b9b3ddf8c77bf1f001bbd4f2c1052fe2b14f237d5047395f53fb042cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5f7c3549eb9c2be84a03d6b078b6dbba

SHA1
388b39f566f1a52db1d6b78ea79c1c9e81031bee

SHA256
bba827000d6d8686a4075b31a0b8079ddaf9c990b1097272938e30eb1e06635f

SHA512
ca4bb8268343eeabbbcb0ed24754781dccb52a609af3c6c3eabe27006b6df5f72421b5dc5953ccb16d2633bb981ddd771218fecf2d3e0bc6765533c3756d38e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e66bc029de34e6ad8abf123a992943a9

SHA1
9dec8f43f457fc4246d795e47e05718ecfd709ee

SHA256
c04a6d5abc5afa21e25c993e2d293c40c827dc4205c12ee4a78907c5eafdb5d8

SHA512
c6fe3d10215b5a9585856ed3f3656c2b60df990d68695864b0ad3d2e0fbbf01b02475408ced2f39dc3595c4acdadccb75bc279edf824bc3f46c14536ef2f18c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b3814026e2f0c332560f987800ea4acb

SHA1
51bd3685c30337303a524aaea8cdcb8918f238cd

SHA256
90399504f81bd56002fb8be58ffcae4ee004f954a7dcf9423410e6d163b93c41

SHA512
dca055552bd5e3118697c98a74fc0074a352f636177f7b6fe3b3dd319202745d24cddfd5f1b32927ae89fb9fb6966b87ae87b921d0063fd0b742e5c520e01b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
937e0566ebd344e8ae0fc7b9d0215d9c

SHA1
1f452573794601450bcd22b58c40571c8f07bdc5

SHA256
803f399e6ceb830bb7a6b49767a73d6090edd21f7216b0838d87c98ee8cb3274

SHA512
3783a3786ebf041ab48c7f3f7bc0103f4d81381717e7875fd81d1e363f2fe3f139f8dcd074f5cc6d957fb1a67fd92a9156d6c53d5b0ffaf825e0f3901c4d58f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
62891fe0acf6d7505ee472ac14e56d18

SHA1
e5ad4e733aebd85a48d54a024006759f65341f88

SHA256
3887eb190f39921f978bef57b7dbeaf68da813c9d412081f979008e5bcb1a53b

SHA512
3e20dd7aae882f8416f89b223a408013aa65b041159f759c5b8c70515310e4503c7f1ef365371a2db722112a99f3b3185d9316bfbd8a7cfceed9a877780943b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
30b3dfce8141cbe7035df254f1f37c9a

SHA1
e69f69077009c0e635e37aea9781aa581ea91733

SHA256
91e1c1e368dec4b38309a5fbd3b6cd30ba071f9125d8d74e744ad01d14063bcc

SHA512
86b5eb9ba5e6b3868f5ce6922f1bd9c73d103655c214cf1f69ac0bbba433a310679a99512d6ee23addc8e2b505994c274c439e181076969a675a4a70f199f1b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f955e09a0e5f23110cf32f79d2b5e32e

SHA1
6b31d7b9a05aadad09727a0c9a07a3e73b1d048a

SHA256
c7b03519b918b5b94e26cc7ec7c357801e2c23f0b10e22eadc79647451becd29

SHA512
495ffee23f7b5170da48a434a6d7c0d2bee3b31b3002fc79b90c0d3b86295d2ffe8f8178c95dbb93624f5a0e9b26647269125b0d3202fa5a12d064b47e4d0fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f7037941b67b43f950864b338e993a5b

SHA1
dba8f44cac9ae71484e514decc15c765911f664c

SHA256
1613abeafc9dc82cd131aaa20ee3b9573dbeb3d551f65bd00f53d193623b7ee5

SHA512
826776f406f5dc898e699001fc4a3ac45ac12ce5fcd2e35dee0509c1e9b13f9054340cb5cc8ce27ee0791f9402adaabdfedf320bdb3e7eaa123ef9f95fb4e8ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c424d8439a59f328d8716ecfc5d9d013

SHA1
b01d7c3659f90e50c904ce0ab70da370136be68f

SHA256
5bbac06d86b0231cc391d0ecdf1386cd7059b7c4a94ba98af943f6cda35e2263

SHA512
448eed4019acc2fc76ac40f72afea9c0a65d1b53289ef3b6a76047c0f7cecdccac0d3bce5c1b29a161919c46330f15397baec0bddf54baaaec2b875515385f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
50ff7e34337f40ebf88b3684e0b73741

SHA1
3107783001d4fde17029c3883883831a6ef25098

SHA256
aceb6b1209c0a3eb1824808019acf8a1021392c70b5647aa4bdffccf3264f570

SHA512
59bf74ffdd18d309ad2b2c47c92f0850818b168d71cea25b38b1fd13c90e52da1e3ccea4e1a15d15684c8df317a4846992795374727f80d0535de31c2045247b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\ed35771b-9ca8-4672-9519-b5c811002020\index-dir\the-real-index

Filesize
72B

MD5
2cf6691c87962ef6fccf18d7e6755b1b

SHA1
7da19a9dd5dd5b8572c76e7f2e66c10c40f14d9e

SHA256
89090bef3e853ed271b7615b35a945b17fb4000f6666f2e0bf03c97c23970307

SHA512
5d0d9063d3732c20c33ff87fbb06e78031d7e6f24c886f02bd40a2d0c0a3cd3d812f00ddbbbe498fe9609d8ea4270c0add80aced2f10e9e28a497b82f894d6db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\ed35771b-9ca8-4672-9519-b5c811002020\index-dir\the-real-index~RFe5b7fac.TMP

Filesize
48B

MD5
d12697762eeaed851fffe6f5fb92484b

SHA1
3c1514bad770de854a5141d4f5829b53eadb39b4

SHA256
41d102a04ccf7d0982f7ce48bb2dc6c9ccb6b45ad94c2df24c6532d40bc83f6a

SHA512
c90d27abc54f5c375402ed097e34941fe89f70be503dc9da793ee343d661493f0ece54c7be859e1a5046a6350210b7a0e37d0b490d29e70455bc055b16637f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\index.txt

Filesize
126B

MD5
eba7743ba584541488abd5477f99b2cd

SHA1
f6e571a9e7f27991ae1c1664f5a350511a3f382d

SHA256
6cdfb9e3e2f8a3fe623fac899e30f34b514a5a279b9300871da1beaf493c3c6d

SHA512
5848d3b000de28658166a52727790219c58d300f5dde285201275e96be34cb831febaf5167f4b1eb90c1b2273b08cef419f9fc0fbeaea9039c84cc4615908a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\index.txt~RFe5b7fdb.TMP

Filesize
131B

MD5
2b6c585aba3376adf2f37d3f8c5fafc1

SHA1
b50900b0438bf4f0ca1cb03c6b2a5f1690723bc0

SHA256
a686340d6d87aa302537f00aaf1337df5d29e342926919b10e4b4adce75ace2a

SHA512
892e0184364ca1b591714f865e712afae9f4b1a32feb8119b3a99031516f2d37d54fabbee265d307587bf5bfb60b30cc9afb0a2ec86949d9fb26c33a62d350c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c0f2108a0847e654be3604092de24883

SHA1
7570dcce0f0c8e0e721c5df239037e0064765027

SHA256
ce2fe3f266235fdada85636aeea84b4f2dff6e48937f254090f5729d942d1ff8

SHA512
f39944fe4722768c8950c68be5219212c08d4cc143991bb421d5f7b6176558d3c0fd47e18845e65afc1bc6b38e42c4816752c9d42c6c6052631f9d229090fb11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b7eb2.TMP

Filesize
48B

MD5
460ebc0eb7173dca751d8687127c5966

SHA1
fba5b8214e11d39591b2afc117ea8bc25565869a

SHA256
0e16d76034a3744af87cec6c0c612d8bc375b28c8d007ed8332dff593158b9ea

SHA512
e4edad2eff9a4b5ad67d60ff73ea9c08afb7481e6b99f2856b67c06bb102d522541748f16a391edd3b039a0ed37a4901455acd34fe059bca45a2266c6d917810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
e4f6db6e22b21f8278fa08d493a9bee0

SHA1
9b4250f48df47237f8191b2585e1d00e60a71e48

SHA256
b38e5a4ba171058f821be5e30dda59f40b7b7b3d03ecff8e106e94213a141803

SHA512
00b49ea84afcdb7f8b8b0bc0a5e326c9552704a149a8d96acd883db1d3d4fe95a1dcc9e99091cadd76b4dbe27ecdf83be0a326033b0babf427236ed3d1571673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
352a1e032a1a781814fad26e22041fe2

SHA1
2cdc522e2c142c4ee5278b8c7a5616320301673e

SHA256
da92691eb5ffc7ac1f3ae5eedbec21db08e4dce0f4e36da6185814b92961fcf9

SHA512
d649f6a22104ead920ac2886ee16b97db45653f620e44579d3aed4c9a5b30975784b7bef500b9e3f97ddb251f4dfb78f6f12aef05955345db29ca268bd4cffe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
c06eddc08e63aa067450dfbf9eabc4b6

SHA1
6247b865329e5c5bdf6031ed41b2fa368299a3fa

SHA256
35794b67be189046efff7ed409bc24ea06ea12a3b3fdf8d741e27f7282dce822

SHA512
d9a20466bb57447b69d40ad442af66e1bf60777aec08d4617989a01d3178ba34ffc1df63735210793da8c995c6945a58ffef02cb42be3bbac5319eefa4d567d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
46efd1592fcfcc3e457cdfcda813a7c9

SHA1
b8fb6ee2c1aca0dd143bd88eb366223d70b994f2

SHA256
4b13833f02b60627e570d7111dfbc13ad54c13c4b5decb2ace4d4888695d09e7

SHA512
2cb4ff73f52f8e432d49fa4996c81f33db8891c9d99a7cf54aa6c0d36490baf269a3cc2428fe844aa6f9b61327ad1f09c51425e64d1b635c22889fd7fc17b4e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
547d5bbf1649e383164ce8bc37308be7

SHA1
8ef3cf10eab56d76b8448abb2b3fe4f966873d56

SHA256
e6ed7190b0773346122d25c638fe6c75c85875532f66bfc6b02525db052ef776

SHA512
5e777b8077720d14d284baed190e051cdbdcbd47a18c83e35ffcb57bb8532c0a4eae4e66bd076e190a2f66860ade66a8f67925bcda9804cdc8b0b09030a9c7f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
5b26ee6daac5edd99a7130836c3bf2ab

SHA1
2f1f15bcd39ab0e2d6ebe53c2d3b0d02c7e15dd2

SHA256
4f160d98f38f7e4b401a4a538fb0c0547c17e0cc9a5dcb1ef905155862858744

SHA512
b224543e49766a602441f96d8447280e7be79d4a4efb1ac46acc1875d1290020eb40cd8c6ac75f10645cdb66f198299dc05d433f1353fc9e0cca347bea19c907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
86a962f5e149f44eb7b2cc2ddb9d1cb8

SHA1
d874953726de3fbbd08f62cc9962376c7db0a5bf

SHA256
44a1930690714dbebb8a8b259a8ccf10c4bae58c583fcb0be4ca2dc3f1dc1f97

SHA512
0d83d96fe9dfa63a8021645ddfe60e41771c4ed88d3ce9644080f5ee9cae7890c1729ce2324546a3aa88fe2c0595991111fcd7d318487d8bcc2c870056ffc11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
6dddd25bb62f7d15c040c52a72cc0e96

SHA1
f0ceb9915ae50defc8cdf16c53c2e5144c738923

SHA256
72ae65bb406e0be01803cd3e55912858facbcefdb177e97163d21e295f7f424b

SHA512
bc334136af1d53c51e4742fee68538ab8310be9db6358ebee5b57a38993c928b301021f986d00df00fdedf1897e3c8a583428577ff6bbf70b9ae0436c8be05e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
1333c8ad1dc04959b6334d6f3546b5e4

SHA1
d068469efb06be66c17c4ecbbee8b5517ef19cac

SHA256
4946376bef4822c165ecf824235bc042b872d7540de0d82f9d6bd03b425d4174

SHA512
20f6c6431719681b88ef021710efdeafc02dfdc681228d0154c32c7beff981de08b31c9aac932a9a0e3eb25547c4227d76656050b66271c23ab7a364a7d66e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
02e987be74645b098bd2b40dfce088b9

SHA1
b72edd2a06304751f67ed84532274b462490c4ec

SHA256
d3758968c8f32077063eaa4a08ab812285b6f27aef8badaef6e65ac47dd06614

SHA512
e4302db842bd9cbaf0e09e905356576d6ddef031e72b4e4a7d811d315f57b6fa32aa6ff124e340d10ca0e28ab5fdb150b1d2365ab7f12d8e41d5d18f3865862f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a7967.TMP

Filesize
88KB

MD5
01a0bac2a97d008aee4886db983719de

SHA1
79660db28876d0207993cd17ad0cb197b24d4810

SHA256
f4587e302deb65222884dd76604217e29921e7f0de1cccabf38d265c3732cf94

SHA512
c3c020517ef01224eb235ac6c1821b1af431aec0184859a36d1242d49f06dfb23e6fc320a780bd55571a2c5cc5962464bae7c60458d7fb8fae461f0e2a4f0f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1022022d2ace4a31dbe9fc9698b8c72d

SHA1
8a6478c2e426a40bba23f7e9fc92f7a17d5c5248

SHA256
ac7872c861c6ebc3813e868517a036bbb40e2deb3d9cc8a6b2918bcbf2abac5a

SHA512
90bed79100a85912ffcbc6155b9a12ae533f0276e6e9ecf57013b61ff4fb86b74145ad1c395a2ee5cc03cb8af6ed461a8dab3e446396aea7dc09d3cb98edc8f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt

Filesize
846KB

MD5
766f5efd9efca73b6dfd0fb3d648639f

SHA1
71928a29c3affb9715d92542ef4cf3472e7931fe

SHA256
9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc

SHA512
1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC2B6.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC2B6.tmp\modern-wizard.bmp

Filesize
603KB

MD5
4df53efcaa2c52f39618b2aad77bb552

SHA1
542de62a8a48a3ff57cf7845737803078062e95b

SHA256
ee13539f3d66cc0592942ea1a4c35d8fd9af67b1a7f272d0d791931e6e9ce4eb

SHA512
565a6ba0c9afc916cf62dac617c671f695cd86bd36358e9897f1f0e1a23a59d3019a12349029e05bf91abfb7b213ef02fc5c568a2bfcde0e3896e98cbcfa623a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC2B6.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
9e97ade8cc91003d4f276ea6d687e5ca

SHA1
d3bb8c8f14f466bdb4fff702a736919565993c30

SHA256
d037ddd76ef75f2a3edc4d20088678480157b64a58e89376dd3d475f859fb6b3

SHA512
7a219ab3514c2c453a435aa4540ebed298061790f31174b98408904aaf059f576d0bbb88abe04b8c6cd2137440a46a0a4f1d531376c1dc427a099af5e3c3ed4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
4ebf98630ad68bb85493d3660af78f25

SHA1
b7a36a556127739c0cd838e0549447978800c9cd

SHA256
9aad261204e0d35a1480428ddaad719999c89e3d45e219c6c7e1b9a76e45f2d5

SHA512
5cfcaeb673c4dbd5bc1448170e029e03abdcfb0ff02686880e2d5dda7e0d774cdf866125babe95ce3e76e6b25daf379cde826bb8c6e5c3f8c50947478801fe01

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
19.2MB

MD5
e0f92951bb7904bcf4603188e9188312

SHA1
96dcee6d4560e9d263547d3f99e1cd81aa5d4bca

SHA256
7f393380af5ed2e4e5ed1819593a905d5b25f5e2e9cf00e07174f9d9b425fd47

SHA512
127715b43e3a7f5991f64f86dc2a174372a991b3219f2566e795586da31e5b51774d05309f6100356c0bc5c90b35a583eece01822b3e0a5d95234d51958972bc

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip.crdownload

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_5200_UTZCIVTIHQCBKYFG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1924-2396-0x0000000000210000-0x000000000050E000-memory.dmp

Filesize
3.0MB

Download
memory/1924-2395-0x00000000736B0000-0x0000000073732000-memory.dmp

Filesize
520KB

Download
memory/1924-2416-0x00000000736B0000-0x0000000073732000-memory.dmp

Filesize
520KB

Download
memory/1924-2394-0x0000000000210000-0x000000000050E000-memory.dmp

Filesize
3.0MB

Download
memory/1924-2389-0x0000000073810000-0x0000000073892000-memory.dmp

Filesize
520KB

Download
memory/1924-2390-0x00000000736B0000-0x0000000073732000-memory.dmp

Filesize
520KB

Download
memory/1924-2411-0x0000000000210000-0x000000000050E000-memory.dmp

Filesize
3.0MB

Download
memory/1924-2412-0x0000000073810000-0x0000000073892000-memory.dmp

Filesize
520KB

Download
memory/1924-2417-0x0000000073490000-0x00000000736AC000-memory.dmp

Filesize
2.1MB

Download
memory/1924-2414-0x00000000737C0000-0x00000000737E2000-memory.dmp

Filesize
136KB

Download
memory/1924-2415-0x0000000073740000-0x00000000737B7000-memory.dmp

Filesize
476KB

Download
memory/1924-2393-0x00000000737C0000-0x00000000737E2000-memory.dmp

Filesize
136KB

Download
memory/1924-2413-0x00000000737F0000-0x000000007380C000-memory.dmp

Filesize
112KB

Download
memory/1924-2387-0x0000000073810000-0x0000000073892000-memory.dmp

Filesize
520KB

Download
memory/1924-2434-0x0000000000210000-0x000000000050E000-memory.dmp

Filesize
3.0MB

Download
memory/1924-2441-0x0000000000210000-0x000000000050E000-memory.dmp

Filesize
3.0MB

Download
memory/1924-2391-0x0000000073490000-0x00000000736AC000-memory.dmp

Filesize
2.1MB

Download
memory/1924-2452-0x0000000000210000-0x000000000050E000-memory.dmp

Filesize
3.0MB

Download
memory/1924-2483-0x0000000000210000-0x000000000050E000-memory.dmp

Filesize
3.0MB

Download
memory/1924-2489-0x0000000073490000-0x00000000736AC000-memory.dmp

Filesize
2.1MB

Download
memory/1924-2388-0x0000000073490000-0x00000000736AC000-memory.dmp

Filesize
2.1MB

Download
memory/3380-1046-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download