Malware Analysis Report

2024-10-23 20:04

Sample ID 240518-h85svahe55
Target https://dropmeafile.com/#4da74a3119
Tags
wannacry defense_evasion execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://dropmeafile.com/#4da74a3119 was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion execution impact persistence ransomware spyware stealer worm

Wannacry

Suspicious use of NtCreateProcessExOtherParentProcess

Deletes shadow copies

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Sets desktop wallpaper using registry

Enumerates physical storage devices

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Modifies registry class

Kills process with taskkill

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 07:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 07:25

Reported

2024-05-18 07:55

Platform

win7-20240221-en

Max time kernel

554s

Max time network

1719s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dropmeafile.com/#4da74a3119

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dropmeafile.com/#4da74a3119

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefba49758,0x7fefba49768,0x7fefba49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=148 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1080 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 dropmeafile.com udp
GB 18.245.218.89:443 dropmeafile.com tcp
GB 18.245.218.89:443 dropmeafile.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 assets.lsdsoftware.com udp
N/A 224.0.0.251:5353 udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
GB 99.84.9.77:443 assets.lsdsoftware.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 18.245.218.89:443 dropmeafile.com tcp
US 8.8.8.8:53 support2.lsdsoftware.com udp
US 23.19.69.193:443 support2.lsdsoftware.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 23.19.69.193:443 support2.lsdsoftware.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 142.250.71.163:443 beacons2.gvt2.com tcp
US 142.250.71.163:443 beacons2.gvt2.com tcp
US 142.250.71.163:443 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2236_LFVYNFAKWKWEIYSV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar6984.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 681e01bd0f3eaa8515b5a3960f8facf2
SHA1 e7b448626193892b56642ce5769baac83daecd0d
SHA256 943577c0908e966ca258409f63a9f48790ac247f08bc6171bd077b6f0e877dee
SHA512 be7e06d031cde945ef4d3bb9a4865eff5f34c4f5427f72489e681f0eba33e55ca47f739ec8d7ca685b0689ff9bd74361171c5ebad21d16c1a6890a8b2efa0bfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e30be239285dd31483128e3eb38f6754
SHA1 5bde520920ce98764d4e069f53f965e00a4d4dd0
SHA256 0699b710a48c3605e4c0f8c2cbd94e015567520f5f9fe4642ff4ab2e799e26f9
SHA512 bb0a18a5d53b394d1176d58921b0a134a809caa22663918dbb40e7406f3e7dd47bbd8159d300e53019b99590e7c68ae8440143cac27867f49b998ff1c55413d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2e8b665b78d4021bb9f5533ba366704
SHA1 9be1e0b01f075162b665478cd9289a79ea1a03f4
SHA256 9f7be3cfd2663874538f689a8e70e23aef91d87f78e70a6dd20c3a000b6214f5
SHA512 4fba0cdbf4671c493d67c40c991a783bc1b11bf3e2ebc8938581f9da08bcce671c21369a070afa6311db4c7cdf5286727b5352479a86fa6892c9a4bbc8a07217

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cc9aca73b93446983640bf50951e85f
SHA1 f5c5e097804298332d044f3a61781a9550654434
SHA256 d5cf3d853efad3132fd41d6354ae9b9f06b4c104a581fc366e1e65e394bcd9e0
SHA512 2f3bff132099801d4fb9a30e595495792be892955fad3491cf9c21d153bce5eeadf62adfc6d03f582cae0c5e6adbce0e6a513eca9c292eb8004ac40f8391ea0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1fb5b6601c318769459327081e3fa6c7
SHA1 7e3e58f33db7807ca52fc227d3b1f35938abbe4b
SHA256 0a09ffaae49ffa18e447901a6d2491459c132b657697bbfe493bf94b2f7e2c14
SHA512 1059080b5c7031c4e59780fc1d1bdcf850a78fbf6a849b7c2bebfe5d0a1ea42f3d8888386966b1267159732ccd60d6acad1132f5ad85222d46b8d70635d18297

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 94992c17c14c2386edd9196add0e89d0
SHA1 6f27cfa1409b18db1d4fe9dccea7fd7b17e236f4
SHA256 33536fdc57d0804d61050e8ef604da1fe5867833b62394d7779a94092cfe6d11
SHA512 773e716fabb6a290969752ed198999dd9f2533870c6ba107e8251919cf9837b9738f679946227f35a7b3c0f5645a5c0d161c1cd23d74e19734c7d731e52c31e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e5adbed8975d093572e2b8c2293ca974
SHA1 723f56b386135686088ac94cd55ee89a0bbd1b1e
SHA256 f6fe48e68a199ec30b13e7f58b979341afc90d3a41cd047447be2bad167ff36a
SHA512 95db45093589fada8ec532907310a7cc638b029a29367fafc0ef5fb396a4000c90540e66b10f41bebbd3a92a8f8237bab03daf90a49ee96dfc8599ac36c254d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 17de053e106e17e1ecd5197974122a47
SHA1 85e3b32cf686c86ca903756df460c029b34b3c42
SHA256 a85dc5460454ebb5f3ef60021933957d61bad3d4076c68b6c5c49842e1f6d0d9
SHA512 af67de7fe989e5c21c07049cccdfb695d0e003cb354263742b55e268e443b033115d0a0522809bb484bb8e9dfcbfd0d4412d9ec1b52e0a0296f8ee888dee8365

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 07:25

Reported

2024-05-18 07:33

Platform

win10v2004-20240226-en

Max time kernel

443s

Max time network

432s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dropmeafile.com/#4da74a3119

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess

Description Indicator Process Target
PID 4556 created 4424 N/A C:\Windows\system32\taskmgr.exe C:\Users\Admin\Desktop\!WannaDecryptor!.exe
PID 4556 created 4424 N/A C:\Windows\system32\taskmgr.exe C:\Users\Admin\Desktop\!WannaDecryptor!.exe

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDC65C.tmp C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDC672.tmp C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Desktop\\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe\" /r" C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604907536259354" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Desktop\!WannaDecryptor!.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1900 wrote to memory of 3192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 3432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dropmeafile.com/#4da74a3119

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee7ce9758,0x7ffee7ce9768,0x7ffee7ce9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2620 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5536 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4728 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3176 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe

"C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 277271716017239.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!Please Read Me!.txt

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\00ba1acc5588432eb5f91255f3d5d8f3 /t 3892 /p 4424

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\system32\taskkill.exe

taskkill /f be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Desktop\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\system32\taskkill.exe

taskkill /IM be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe /F

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 dropmeafile.com udp
GB 18.245.218.26:443 dropmeafile.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 assets.lsdsoftware.com udp
GB 216.58.201.106:443 ajax.googleapis.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 99.84.9.70:443 assets.lsdsoftware.com tcp
US 8.8.8.8:53 26.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.9.84.99.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 18.245.218.26:443 dropmeafile.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 support2.lsdsoftware.com udp
US 23.19.69.193:443 support2.lsdsoftware.com tcp
US 8.8.8.8:53 193.69.19.23.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 23.19.69.193:443 support2.lsdsoftware.com tcp
US 23.19.69.193:443 support2.lsdsoftware.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 193.98.74.40.in-addr.arpa udp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 92.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_1900_YOKEIVZXOPRNGLIK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6a26d08ef255693260b6f46022976471
SHA1 4fcf4e48df0609f7eb60693a98cb15f80ea9b39d
SHA256 4b4b53944fb121a8fb2319dbfd51b87282a4171b076c45c6a404093cc422450b
SHA512 dd07e7c048c7fcd9f1236e88176e77009203c047cae6fa8befcb58224f1babf60f30dd9400044780faa9267607cc03853ebe927ebe956c1d5392a57e282c86cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03540582246df1f97dbca0ad891bc03f
SHA1 3f0bba1175ffbd00ac357313e17ea33b10d2ad1c
SHA256 27af1df2a1f3423eddc99f9bb83d9e88ceb1ea18b9c23ca0e323bdc6ba8dafcb
SHA512 97d066f82d1d8c6ba6e3f50c5593fd8aa1b146bcea6d48888b016b15299b5f7905e8157fd4f2508ac511846435794ad8f93706e79ec551a2e6d1d613bbbd7f70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3210a113f188445a0ec71a1cdf9a7fe1
SHA1 c12abb56c0bc7b77fd7914d8c0d351abad82cd3c
SHA256 c75a3b598b1372b2fc47d3ce1859fef163b8483729875f6fb501d824572060b7
SHA512 fc87166ea079598451ce40c461fb40a2fad72f04aa7d777fb08f01bde7f099b4cfe7e7a815a1c19f7bf3079b2cb7a1590587e9f945c2a494bc42c2500fd02963

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdd768e4e71ecc776c3ca9142cfe8a96
SHA1 a22522804bc87169fe66499d09b7fd0a9baca3b8
SHA256 0577ebb876f637e752b35c98552fd3a5e695c02eed866ae3dd08bfbc7dd8303b
SHA512 6d487834ac70ffa130f3dc083f47be328af3405c53d10cb38e275a98f3d8185ac1686713d80b8012d9f56567dd3bdd43d360811e0ee2292126c0cf2e25f64a5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 044f964e447589507396b6d051700a01
SHA1 fff91c26e4602a1da446a4acd2dfcdb24d22c435
SHA256 be64bdc41ecc3006c01c0e8778c83418919a41d75f8e7ad616b1dcd9fd96d4d8
SHA512 ba54b17b997fe483fa5a87b3e55699eab1d9f0d61ce4c69b47e3fe5639edc822d0fb4387af6a0918ddd763c72aa8e5f0cb6f37fee4bb991327ef5a9928768f10

C:\Users\Admin\Downloads\Unconfirmed 321285.crdownload

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 763aba1855c007f0e23457ad2d476247
SHA1 b81eb574a3d333bc1ba46f056189af8a6892d864
SHA256 748067a4fdb8f1ad0e8f956ae4e986063abe1b186d7e1c3717e8b319b5d430dd
SHA512 9051ccdbd26ead8238591f63829e0c94bf42847cc125a2c9ec3114fc0adf065595d5fbffb6bfde72f7dc82adf7a0082cb6900ff6958a1bd53091b5110dbec475

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c9c97aa87c071f3d5881de862873a7af
SHA1 1cf37578f0f49eb92017a35cfdceec246e8dd97e
SHA256 9eab53d71733ab8a4a6fb2af4f60d0238a47ff3edf0aad369c29af231820dd3a
SHA512 6dbabf23eb9ea6c57c0878dbe7c84e8febd96fe5f361d9d4d84fd349008fa4db8fc124d8f0b3e63b9db6e5d22acaab8ae3f98202efaa744605c6b15a85ba4e0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9b17ee5b82c75ea274f36eab829eb137
SHA1 320af61debfbfc7c968e55b832121756cb7c9914
SHA256 e10cd56c1146e3210b745a522b7136176b50f7fd0dac980faf08df4d81e0d62e
SHA512 eb2f34ccac29bc02565504092e7d6c9bf4c26f125e967b5fa7911bccc4cff599200504667f37fe0eb1955437f508977f392c6681b4e4cfdb990b6f87a1a899ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d99f705b8b1fc26f960361c3007cce54
SHA1 8d38e702941e00d32a352f0e86da002e2591d790
SHA256 5af1235a35804321783b611838333da2e6158ebf2d7d498f76a97e429948bbf1
SHA512 73944aa8ee06d8df26473f632dbfa94432d20a2a96f75cdfdbd2abf0fd11b22d66978e2c9182be00529a051ad0c3d0384023fd35aead11d89677c1f13d6b3e09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d55fe63a1706f2b4747e08111ea64a4b
SHA1 09b23fd0c36bd16621603ad39e9359fc07463f7e
SHA256 9dcb7cffd6197b4b9d8c172065fd45e23a094b2306aefee9459dde1bb6b4e638
SHA512 bb822cee519cbfe3e10fc237b4a638411424ba41fc7024982cb875291d1ca3ec03a363dc9738fad51835962ab771893cd3cc0d1426d82422d1320e4b3314e2a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 1a18c6516286196cf050a0446033a656
SHA1 c364027fa9114c65e54358cc3fae74a94e7bf4b9
SHA256 23eab7531cc8d808055db1751b0f91f8bf3c105776d47bbd4fd29483725c3e0d
SHA512 53153865b6b2ec59c819bf7b5bc31f6b9b5e6cef6ca9262e8605c8553269aee7f7e84f6c0996fd07d3630663852326b06f9ba2fc778901b63e55b46f15f7b8e5

memory/700-239-0x0000000010000000-0x0000000010012000-memory.dmp

C:\Users\Admin\Desktop\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\Desktop\277271716017239.bat

MD5 a112cca9dc4d4389853960a4090375ee
SHA1 a41ef3b4ca3e316d1bc4095aedf80b07ccc2d045
SHA256 16cc3752392a4575db02c89c72f0808bd7e6b37ed5c69490a248b9309907c7b3
SHA512 470af17cc72848693327b30794a6f6d00ae77693780645259b5ed02256e3b1a9dd895489eca7e6a0dd558ce40e6e18ee3c3666fe0119935e6a1ca1bcb7e0ccd0

C:\Users\Admin\Desktop\c.vbs

MD5 67ac56e98bdb0c90862e8472916f11ab
SHA1 f961a11be9a04743f3e053a2bf46c12b9471fd28
SHA256 6e20336f20c42fc21f30dc362dfea245333b195597a42bb7c87143283be8ea10
SHA512 24267afc873e725d2c07bf51ce5b7e40026966a94919624baeb0d605770b9e64164948f9330b7e1910a913651b58132bffc76ceb4f0f8a5cecb9a56349bbc1da

C:\Users\Admin\Desktop\!WannaDecryptor!.exe.lnk

MD5 1aa901ad6a69456fae0b48130472f749
SHA1 8fa232b17e1c1b8aeb1acfa8e36b79b4aac21899
SHA256 b3b89c00ab6b3adba1c3c01586cb5806ba46613f1fe7f913ca9f40cc2944de56
SHA512 668ab147b1b36c6067931823b978e59e6d3715f5b42c46677804af01eda4618dc6cefb00bd0c8af34d50939612fce52001f2ab53c6e4a4e44c70f329ad8dc7d7

C:\Users\Admin\Desktop\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Users\Admin\Desktop\00000000.res

MD5 cfd185663a2ade86982975dd2bb7b2c3
SHA1 6473b2c8ba090f3360261c785b6e72b978394d1b
SHA256 101c147b9feb4b2e1cef0a5e01d4e24cbf45a8344ac0dcae546f1fcdd469945a
SHA512 c13b8aa235ab03171c2afaadd62073113323dc212a3f9ab007d877634c38d261e7c753abef03657b4a48440748dd41ca8fcdedd51e81806242d4a8a49d595744

C:\Users\Admin\Desktop\c.wry

MD5 aa4575a1cd4c84ab72d60eff429bda90
SHA1 7362da1fb9238f01e056c66552ab480b4acc6d0c
SHA256 73786004072d90fa45d81e23d7ddff9d8f7d5426d490741032a3106f5ebaecd7
SHA512 bbf2b58a5856f9440f9852290972b8ae4784c4212b86f1eee6f7f3f4cb0b3e5ce34279b737cec649bad8fa0d5e2862a0dddb282f26df74bfb9a64b47cf64d3e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

MD5 84b1c5ff6f1b1da82df3ed3a20ff9211
SHA1 1c13a7bf24213cc6919c9a419c792b963457a32d
SHA256 40060faf469d2cf91572b5db3ff8d5b5070bacad30c8fbdc13193901be5bd1a5
SHA512 4ffc3f2ebb4a401f02fc17d4e420e0b87acc3f3f6562282a7eb5fda3fd44b4971586683cc67eedc993f246b97f72b1e503cd92694636e05bd8e3bbed2e6d0dba

C:\Users\Admin\Desktop\00000000.res

MD5 a14808a85d19d10034dad9c96678dc2d
SHA1 92062322d726503943d29494c2358362dd75719c
SHA256 a74ec0734c269c66d8b52ab32e34238b0a70180fbe10790efe805a2b960cd188
SHA512 c84f6c3a23f521d5b51048c8ed302ea2a484ebcb729c5df574948f60694ce2d1f6b2bdbd81fa1350af6a28ea78e94ae2f12c8f2d2329197d3dee816a9d6f4953

C:\Users\Admin\Desktop\00000000.res

MD5 7371dcb9784da7a6b94b966a3501e0f8
SHA1 0ed30a74893e5f98a47de274e35e6355cddb1675
SHA256 df758a687d13f1f033164bbd4e97aec03f7cf61d0e61cc97719cc51c6263fba8
SHA512 8ac05c3a2faaef4e1f48ebe7d03f06cfe12ce8a5f9b83f5dc7fbc48b9fbc2e6a6e649f436fad620a48cf1dab8b7e7370fcaea987bd369ea03d03f88d73230021

C:\Users\Admin\Desktop\m.wry

MD5 980b08bac152aff3f9b0136b616affa5
SHA1 2a9c9601ea038f790cc29379c79407356a3d25a3
SHA256 402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512 100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496

C:\Users\Admin\Desktop\00000000.res

MD5 4172c5d71c5e23883a4c8bb4452f7e5a
SHA1 6d08f2327f38903e7a6b855f6374a557f6ed3afa
SHA256 b72d12e2bca26f87bc35795cfb16ec0bb420fe34f437d66b00bdcaa28ba9a85a
SHA512 7c211f0d05b7c3cfb5ef3b0494df651a305b29e6c26a2beba8d80cf73d19df8af696fb1184ee51f166be4c335074172a7df8a41544126a3b4efbfa0bcd371afc

C:\Users\Admin\Desktop\r.wry

MD5 880e6a619106b3def7e1255f67cb8099
SHA1 8b3a90b2103a92d9facbfb1f64cb0841d97b4de7
SHA256 c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35
SHA512 c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243

C:\Users\Admin\Desktop\t.wry

MD5 5557ee73699322602d9ae8294e64ce10
SHA1 1759643cf8bfd0fb8447fd31c5b616397c27be96
SHA256 a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825
SHA512 77740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e

C:\Users\Admin\Desktop\00000000.pky

MD5 ed63d946db84060a48d779749d5f2d95
SHA1 6889d4adad06bf1383335f1a25a82bd152d4b855
SHA256 4b0034ea9c354826f6432a415f6dcc376940661051fb5a06b9445eb061b98310
SHA512 beb81351f1fd56baa9bd09095512da0ed41862449d5d1e81f8c9eeedd33bf52ea5567f33f7b874544b77f7b96b78c6a3bf796395fb0310a72fd82ffaa23aadc3

C:\Users\Admin\Desktop\DenyBackup.vbs.WCRY

MD5 aaee51e61d322426de330fd4407cc595
SHA1 010ea6644266ab1e89f681e4c169143fc200cf76
SHA256 dcbd6dfaf2fefb2e46f4bc984866581fceb3db062b62302819d43a5358199010
SHA512 90a9eff33a6eb5f0e555461768a1e6e8bbcc81ba302f716ebfc5a734965a4e35de835155291757c3d0ff953416c3551511a1d432747b3b5787b37cbc252a729d

C:\Users\Admin\Desktop\ExitWatch.xls.WCRY

MD5 f6f13a7998be64489c819e97f9c3f201
SHA1 55c0e1a76d4c491c3e064f03019a808d4b30e950
SHA256 f8b4c358c61c4f8543b38f46d04c0663e4d6faa67022d8631785e898aceeedd3
SHA512 5d0f5fc1605783095b56fe9a70047e8e6c621e0bf644acba260e122425dcc9eba5f4de06c4e3e269068f1533872f9df58b47816d92697bd2d591a35d65aebfad

C:\Users\Admin\Desktop\CloseUnprotect.exe

MD5 7db52c773aa4cced07e0e764a525f35a
SHA1 f13f80df32828d69e0c1b48d6015a672d095a795
SHA256 67b8afc36c3a5c452d2d452eacc7d68ee1f4d1f711bba00210f4fbe5e4be2ee1
SHA512 2a60a85cb81607cd961a0e76351b100ba0c74fe899024166f40bd1fad190e87082109fdd0b7f5c8f807b1a0c8c74347ca719ec8686e705d0051d2de612a0164a

C:\Users\Admin\Desktop\LimitConfirm.potm.WCRY

MD5 8475c968a14500a694536378a9a2aa13
SHA1 3c900646b1309a238fe82b51af22b3d36eff69c2
SHA256 5f412070e47609b5e2c9cff0b3f8fa499403c035b82294d362311d556eff16e4
SHA512 564dfda78a11e53f014b1162e15c9ac4136101c767874c41a265d2bcdb08fd380f34d228d0bf6744d83daedb08549111e114ac4724e7c7a55a9f244d11063f70

C:\Users\Admin\Desktop\CopyEnter.3g2.WCRY

MD5 4c0190cdd212673cdebb8fb0c3c74ae9
SHA1 cb19418e4566f1e173ff197bb4354ef5eca9de4d
SHA256 0a3e92eb50af535a977621edb7225bb292137c00b7a0c62ee703c46602184f18
SHA512 b66ee78d75fa34147f180eb5d3b4209bdd9a1dcfce0fc92d11784d89de0404eff1691e6926ef03e0008ab1d4e3ce3f6ad5db4252b4146f8499c07f4ce1f9516b

C:\Users\Admin\Desktop\OpenDisable.mov.WCRY

MD5 480edd8581310724f1cbc0942420e4f0
SHA1 df0ed462f5ca52b7c5873ba65a620b0497c4601c
SHA256 527d1cfb9fa713bb96b31efc4b0de0d77f8f72ede1c8d46d767fe530f2c295b1
SHA512 a72778bfe1aadbc6e67ac179fbc5906f1c08ac0749bb583ea8081b375604ef67bec25d4cc27bd5e02c5cb849d489d3e629310baac5720e5ef1ec357ffb960ee7

C:\Users\Admin\Desktop\InitializeReceive.cfg

MD5 49bc0ae7f7e30447d41e15b0bd765cd6
SHA1 e8e09d2077f9c828422e3572228382b5d6a8aaad
SHA256 99aace32f6285a7ab0d4ef784a774f8c231d105b89da6a492a168c40e281d9ef
SHA512 07b3ed56ba4f03893f40bdeb479e4fe18e8e7bdf4fb2b05f49c044b045447e865b49b703e305586054b3634637b80837cb11020128fc1a801beac30eab3057c1

C:\Users\Admin\Desktop\ResumeClear.sys

MD5 eb46354b0906a7887de4b132912d62be
SHA1 37d63d75a8fd91b691ba69dce107d61dd2d9a802
SHA256 0d0e7e2d528515ac94619d0d8d44adabdac88d534a91063dd363f08bc48707a7
SHA512 b63d921955fd4a3111967829ae4e9b35f456ef2e6eee6a01280decc521b81c99268d950ddb81638754f075b86f365b5e3f2814fd0399436a1b80e344dc8e35e9

C:\Users\Admin\Desktop\TraceMount.wmx

MD5 6e1199455e442fd9bd0dcf997c0faa87
SHA1 89f6dad3bea9aee7f2c9f6306d576d49894cd37c
SHA256 5df1ab6155381ac0d2e7427addccefc6d4451a3815874611be4d5e6ef97dc3ba
SHA512 79fb7daed72b7fe372c45a618b8befc19ee63080d659611209cefa1472775d6f0c77a57c43b95953699c0ad59461116281d275c93b8201602985c55141340b92

C:\Users\Admin\Desktop\UnblockCompare.vbe

MD5 67fce6684d8a241cbf9f44570f4c0247
SHA1 f3e79d9ba322f0a1715da9f694b0efebfbe74d66
SHA256 9ace8ef0573059dcc7cd69e6e6b58afbbe295e9134d0b04aa0b1d48810f350c7
SHA512 db92e14165e46f598eb0a7b0e8a62a838243c14206d0dc2ad3669d64c74caed0f7bd0b72d09a85ab4cbfb3c2d478c264eda7d2696afdfe7bbb012db3101180ed

C:\Users\Admin\Desktop\WatchUninstall.nfo

MD5 44f28bafcc41981ff8154ec14271e06c
SHA1 94b785f8998d2cb90a7947f4ef5f994192617516
SHA256 634412833386740deff1b9275bfa186712522c62b1b2d644923e2032abc41a1f
SHA512 c86eec2f91fd60cb5d844babaea38dc4fc06e2a51d23f882eb15104aa5a83c371991aaafed7ea4f95f005fcbda9c2de267112a225ad4380d823ec784e35a2002

C:\Users\Admin\Desktop\WaitResume.contact

MD5 f7ff424bf42a7ff0324636b977ef6ed9
SHA1 b74f6b8dcb3451a727c32a24a2a28e1096b2c505
SHA256 1c46fa427a9254721eade2361905d67c7774cbb3fda332adb9677cf60334c7d5
SHA512 012c61ed053f81bde8a8627ccd694fafe16fb223d4944c2b80e589fd95e75ebcedd71c237212bd45bf8b6a14ff91c3493e613a5e561f06435b0fd2dc98f0d36a

C:\Users\Admin\Desktop\RenameExit.avi.WCRY

MD5 d3cf7a7619038f7455ca73c1400072c5
SHA1 3161b58437044796c79215802dc9f6d0d8b3c4a5
SHA256 0751e15074712502e989009a00730908f3f5344361c1115a7ae8acede6cdf45b
SHA512 6cd355521f081453b8dc5e329d4e2b5af05864847e66a1799b7fecc63e33209ce0d3766b3fcaa4ac66fea57a4934178502d4f5d4347c249477bec8b6d384d5df

C:\Users\Admin\Desktop\EnableInvoke.dib

MD5 b9e4996c4d5c637960236c93d7184410
SHA1 405a85d6143da74f0ce96f9497e4db9eb5c5c193
SHA256 4df48ed1dad854a2275fe2150cf270e7aa4774be47a812cd51c1671b1a62769f
SHA512 a5bb16c612151845526614d61434f657408dd8be3af87397d6b3f487ff7b1d153c46a36154ed695c4a4328fb1dd849a21b59695e3b200694c9964e55ed883375

C:\Users\Admin\Desktop\FindOut.vdx

MD5 38146d5fdee41c1509300360811f69ec
SHA1 46efabd4d6b4e64e6d19fe6dd5f217879d7a7e95
SHA256 7254e1507c2664ddfe8c64d6dbed56d440f56fc1d7fdcced8ad17b269122ea2c
SHA512 78de66d5f366607913c9b38661bd7d4ecb9b0cefe5880ea86630a28a921031e81924936c4c15ce700db24f29abd39b5718f870600b54160adb34986f56174363

C:\Users\Admin\Desktop\f.wry

MD5 4b35a56a11f9955cd2a2714770a3164e
SHA1 8bfd92fc0c0e690fa2bd005611a63bc29543b8fb
SHA256 31e2f5742018a512938319fde1820127815f57a493aad4eb0a8272dc4bf54713
SHA512 2c941da857b51870c9d5cbdca875eff6f0c9befa2b28806c2ee94e74b2664238e8b05717359436eeaef703d6e5f7ba3f75882b3223c78fab24959f4803b607fb

C:\Users\Admin\Desktop\RedoRename.mht

MD5 f97aaf7cf5ac486573a17b1da5690c86
SHA1 cf2914e5815fec4c47669008cdfcd2477fa0b965
SHA256 d35ca796415ab64b1f824749ffa2bdfadbc7b1d6ec3b13e4d46bb8c84114b051
SHA512 f0dfa6beb05ecdd48463811a79b284b5552263b1d4f37444afba33d3a4e2673f076c818e53ea216b04425669446b0abd10c61db6954af4f6fe91f925648e422a

C:\Users\Admin\Desktop\RegisterTest.m1v

MD5 9e6f3c5b4fe606248b973962b137d175
SHA1 bd60fac173582137ee29ffe95abe36c44d49bc8b
SHA256 4bca27c0bdbf9895edaa84492115226e11a30ea3d22bf9b578bb3853666a3b17
SHA512 8d770307ca7ce52aacc437a74d4ca869be26bbec3729f8ac0fabeb8e67b22c0f9d2e3a4d9d5a720731029d0f0da047529c729555c60940c4a7224627d7edb0a8

C:\Users\Admin\Desktop\ResetLimit.html

MD5 8c60f6f755830c85356a24cb29d6c204
SHA1 a48725171f982f7d7415e7d02b46025a46c4baed
SHA256 848c4a637557643e5f795381752b194d161c0db9bdad61763664897efd3c5da0
SHA512 e54e1c89724538b18187c09afc2c179f559afb676251b7217fada7b36067276fd81aa36d804bb2edf2f574dc6a5095dcbd77f5dcd7c42016934b325abd7edce8

C:\Users\Admin\Desktop\ResizeComplete.mht

MD5 88c94831c7d0e785c38228604630d64b
SHA1 6f8953bb1bca6a2df214eb27add865b7a67684ee
SHA256 29ed4daa91535dbcb7d793199f494931ba2090548ca42a192e730770062d9140
SHA512 83385bd9818433a82935e59fd2b7984333f1f4fb094ba41333f6f314b99d9d1410edc3910a70b78b82d6d077256ff88d496087ee9d3dafdf49c9da587af24f5d

C:\Users\Admin\Desktop\SendInstall.wvx

MD5 faba6fc5af53edd6133a82f2264bfb8d
SHA1 c568216552370cc2c0db4d1de445624c5ca1a03f
SHA256 cfdd4be31efeadc78b7c79a78abc992806eee0d55dbf50ccd47c310ad3b47ca7
SHA512 1240f9df217f0e241402c893790876484e04dd9bf8e57d90e15a1417df2b4069e870be08f9274cfd87930f9222c4c15f42d225f9e803a85b1fe1723ca95a851a

C:\Users\Admin\Desktop\SplitExport.wmf

MD5 e3eea12b51db25db2e71aa9ba0d32026
SHA1 669565c0704c8b7e1799b6efd756357552c7f065
SHA256 864fa6b5b72101706c9697ab9d8d7d1917039945a6a9ab0dd8035c6e114f2162
SHA512 d2b42dad8a68a3e0623a12ae5ca00fa7ae1568c0abf77a2d13c7e6c4ea37be09fff5d8912307078c42fa88340a901902a97d0a7f1ed420305388d91b2aaf47d0

memory/4556-1633-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1635-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1634-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1642-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1645-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1644-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1643-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1641-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1640-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/4556-1639-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp

memory/1828-1660-0x0000015990A00000-0x0000015990B00000-memory.dmp

memory/1828-1665-0x00000161929C0000-0x00000161929E0000-memory.dmp

memory/1828-1662-0x0000015990A00000-0x0000015990B00000-memory.dmp

memory/1828-1661-0x0000015990A00000-0x0000015990B00000-memory.dmp

memory/1828-1691-0x0000016193040000-0x0000016193060000-memory.dmp

memory/1828-1678-0x0000016192980000-0x00000161929A0000-memory.dmp